Last revised: September 26, 2022
This Policy is the sole authorized statement of Scherzer International Corporation’s practices with respect to its online and offline collection of personally identifiable information (“PII”) and the usage of such information. Any summary of this Policy generated by third-party software or otherwise (for example, in connection with the “Platform for Privacy Preferences” or “P3P”) shall have no legal effect, is in no way binding upon Scherzer International Corporation, shall not be relied upon in substitute for this Policy, and neither supersede nor modify this Policy.
This Policy applies to both our online and offline information-gathering and dissemination practices in the United States, where we operate exclusively. If we have a need to obtain information from sources outside the United States, we access the sources from within the United States, or contract with trusted independent third parties to obtain the information.
SI reviews its privacy practices on a regular basis and those practices are subject to change. We ask that you periodically review this page to ensure continuing familiarity with the most current version of the Policy. You can determine when this Policy was last revised by checking the “Last Revised” legend at the top. To contact SI about privacy issues, report a violation of the Policy or raise any other issue, email us at firstname.lastname@example.org.
COMPLIANCE WITH LAWS AND REGULATIONS
SI is a leading provider of comprehensive background reports. Our distinct portfolio includes scalable purpose-specific reports for business transaction due diligence, client acceptance or continuation, employment, corporate governance, and regulatory compliance (collectively, the “Search Services”). A complete description of the Search Services is posted on our website.
SI provides its Search Services domestically and internationally, and complies in all material respects with applicable federal, state, and local laws, regulations and orders and any amendments thereto, including, without limitation, and to the extent applicable, the following:
- Fair Credit Reporting Act (the “FCRA”) (15 U.S.C. § 1681, et seq.)
- California Consumer Credit Reporting Agencies Act (California Civil Code § 1785, et seq.)
- Investigative Consumer Reporting Agencies Act (California Civil Code § 1786, et seq.)
- Gramm-Leach-Bliley Act (15 U.S.C. § 6801, et seq.)
- Driver Protection Privacy Act (18 U.S.C. § 2721, et seq.)
- Health Insurance Portability and Accountability Act (42 U.S.C. § 1320d)
- Fair Information Practice Principles published by the United States Federal Trade Commission
- California Consumer Privacy Act (CCPA) (California Civil Code § 1798.100, et seq.)
- European Union General Data Protection Regulation (GDPR)
- United Kingdom General Data Protection Regulation (UK-GDPR) and Data Protection Act of 2018 (DPA)
When the foregoing or other laws and regulations require that we observe privacy restrictions beyond those specifically stated in this Policy, we undertake our activities in compliance with their requirements and, if the privacy restrictions conflict in any way with these provisions, we abide by the stricter requirements of the relevant laws, rules, and regulations.
PREPARATION AND PROCESSING OF CONSUMER REPORTS AND INVESTIGATIVE CONSUMER REPORTS
SI performs Search Services that constitute consumer reports and investigative consumer reports in accordance with the Fair Credit Reporting Act (the “FCRA”) and analogous state and local laws. In connection with these reports, under the FCRA, SI is defined as a consumer reporting agency (“CRA”). In California, SI is considered an Investigative Consumer Reporting Agency (“ICRA”) and has obligations under the California Investigative Consumer Reporting Agencies Act (the “ICRAA”), which is broader in scope than the federal FCRA. SI maintains policies and procedures designed to limit the purposes for, and circumstances under which, it furnishes such reports. SI requires that prospective users of the information identify themselves, certify the purposes for which the report is sought, and that the information will be used for no other purpose, and in compliance with applicable laws and regulations. We perform due diligence on all prospective users (and audit thereafter) and the purpose certified by such users prior to furnishing a consumer report. We will not furnish a consumer report to any person if we have reasonable grounds for believing that the consumer report will not be used for a purpose listed in FCRA section 604. You can review the Consumer Financial Protection Bureau’s notice of legal obligations to users of consumer reports here.
SI follows reasonable procedures to ensure maximum possible accuracy of the information regarding the subject (consumer) of the report and conducts reinvestigations of disputed information at the consumer’s request. SI provides consumers with means, upon proper identification, to request access to information that we have collected about them. Any consumer may exercise their right to inspect any data about themselves, and to dispute any information pursuant to the FCRA and applicable state law.
If you wish to dispute information that SI provided in a consumer report, obtain a copy of the report or view your file, please contact AJ Lawler by phone at 800-3834336, via email at email@example.com or by postal mail at Scherzer International, 21650 Oxnard Street, Suite 300, Woodland Hills, CA 91367.
A summary of your rights under the FCRA can be found here. California Civil Code §1786.22 provides you additional rights, which can be accessed here in English followed by its Spanish translation.
FACT ACT DISCLOSURE
The FACT Act of 2003 that amended the FCRA allows a consumer to obtain a free copy of their consumer file from certain consumer reporting agencies once during a 12-month period. The free annual file disclosure under FCRA § 609(g) is defined as: “…all of the information on [you] recorded and retained by a consumer reporting agency regardless of how the information is stored, at the time of [your] request” and is provided pursuant to the Free Annual File Disclosure Rule, 16 C.F.R. Part 610, as follows:
- Once in a 12-month period from national specialty consumer reporting agencies.
- Within 60 days of receiving an adverse action notification.
- Upon providing written certification that the consumer is unemployed and intends to apply for employment within 60 days.
- Upon providing written certification that the consumer is a recipient of public welfare assistance.
- Upon providing written certification that the consumer has reason to believe that the file contains inaccurate information due to fraud.
SI is not a nationwide consumer reporting agency or a nationwide specialty consumer reporting agency, as defined by §§ 603(p) and 603(w) of the FCRA, 15 U.S.C. 1681a(p) and (w), respectively. SI does not create or maintain commercial databases on consumers.
Even if none of the above situations apply, if we prepared a consumer report on you and you would like to obtain a free copy of your consumer file, contact AJ Lawler by phone at 800-800-383-4336, via email at firstname.lastname@example.org, or by postal mail at: Scherzer International, 21650 Oxnard Street, Suite 300, Woodland Hills, CA 91367. As indicated above, to protect your personal information, we require that you provide certain identification before we release any information.
PERSONAL INFORMATION DISCLOSURE: UNITED STATES OR OVERSEAS
SI is a United States company with no foreign offices or “offshoring” of operations. SI prepares its reports based on information available in the United States. Even if a report requires information from a foreign country, SI will attempt to obtain the information through domestic means and sources. In instances that necessitate an in-country verification or research, SI obtains the information directly from the source or, if applicable, through research by a member of our established network of vetted contractors. Documentation or information such as passport numbers and dates of birth are not sent to anyone overseas other than the actual verification provider (e.g., school registrar) whenever possible and only as necessary to establish positive identification of records with the subject. SI takes reasonable measures to ensure that its handling of personal data on an international basis is safe and secure, which includes requiring its contractors to contractually agree that they will perform SI’s assignments in accordance with applicable laws and regulations and maintain appropriate safeguards with respect to the protection of data privacy and security and the corresponding rights of individuals.
GDPR AND PERSONAL DATA TRANSFERS FROM THE EUROPEAN UNION
The General Data Protection Regulation (GDPR), which became effective May 25, 2018, is designed to harmonize data privacy laws across the European Union (EU) and European Economic Area (EEA) to protect EEA individuals and empower them to control their personal data.
The GDPR applies to any company processing personal data in the EEA and to companies outside the EEA that are processing data of individuals located in the EEA, where the activities relate to the offering of goods or services. (Note: the EU is an economic and political union of 28 countries plus some of their territories. The EU countries are Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, and Sweden. Territories following EU law are Aruba, Azores, Balearic Islands, Bonaire, Ceuta, Curacao, French Guiana, Gibraltar, Madeira, Martinique, Mayotte, Reunion, Saba, Sint Eustatius, Sint Maarten, Saint Barthélemy, Saint Helena, Saint Martin, and Saint Pierre & Miquelon. Countries that are EEA members but not a part of the EU are Iceland, Liechtenstein, and Norway. Switzerland is not an EU or EEA member but is part of the single market.)
As part of its formal risk management program, SI has performed an assessment of GDPR’s requirements, and made the applicable technical, administrative and documentation changes to meet its compliance obligations in all material respects. We have also posted a notice on our website (see https://scherzer.com/gdpr-notice/) that provides an overview of rights regarding your personal data if you are an individual located in the EEA.
For data transfers from the EEA to the United States, SI bases its transfers on the derogations under Article 49 of the GDPR, such as to perform a contract or with the data subject’s explicit consent. Although the EU-US and Swiss-EU Privacy Shield (which is another mechanism for data transfers) was invalidated by the Court of Justice of the European Union in July 2020, SI continues to abide by this privacy framework, in accordance with its compliance certification to the Department of Commerce, which administers the program. To learn more about the Privacy Shield program, and to view our certification, visit https://www.privacyshield.gov/. Our EU-U.S. and Swiss-U.S. Privacy Shield policy is posted on our website at https://scherzer.com/eu-us-privacy-shield-policy/. For questions regarding the GDPR or the Privacy Shield, send an email to email@example.com.
UK-GDPR, DPA, AND PERSONAL DATA TRANSFERS FROM THE UNITED KINGDOM
The Data Protection Act (DPA) was passed in 2018 to implement the EU’s GDPR into United Kingdom (UK) law. The DPA was amended on January 1, 2021, by regulations under the European Union (Withdrawal) Act 2018, to reflect the UK’s status outside the EU (commonly referred to as “Brexit”). In anticipation of Brexit, the UK enacted a new domestic data privacy law called the UK-GDPR that took effect on January 31, 2020, which alongside the DPA governs all processing of personal data from individuals located inside the UK (Note: The UK is made up of England, Scotland, Wales, and Northern Ireland.) The UK-GDPR is heavily derived from the EU’s GDPR and generally the terms and core concepts used in the UK-GDPR have the same meaning as they do in the EU’s GDPR.
As part of its formal risk management program, SI has performed an assessment of the DPA and UK-GDPR’s requirements, and made the applicable technical, administrative and documentation changes to meet its compliance obligations in all material respects. We have also posted a Notice on our website (see https://scherzer.com/uk-gdpr-and-dpa-notice/) that provides an overview of rights regarding your personal data if you are an individual located in the UK.
The UK-GDPR also requires a reliable mechanism for personal data transfers from the UK to the US. As noted above regarding EEA data subjects, SI continues to subscribe to the Privacy Shield framework and Privacy Shield Principles of the U.S. Department of Commerce regarding the collection, use, and retention of personal data. SI will follow the same framework and principles regarding UK data subjects. For questions regarding the UK-GDPR, DPA, or the Privacy Shield, send an email to firstname.lastname@example.org.
INFORMATION WE COLLECT
SI collects PII (information from which an individual can be identified, such as full name, email address, physical address, Social Security number, and other data) that both individuals and entities choose to provide to us, only as permitted by law and necessary to perform our Search Services.
We collect some of this data through our password-protected, client-access-only portal. All such transactions are strictly between SI and its registered clients, whose legitimate need for the information and permissible purpose has been verified pursuant to section 607(a) of the FCRA, or for other purposes, as applicable.
We also collect information from our clients and others in the course of the Search Services that we provide, and by conducting research using the Internet and other resources.
We do not knowingly collect PII from children (minors younger than 18 years of age).
USE AND DISCLOSURE OF INFORMATION
We only use the information that we collect for the purposes for which it is provided and to enhance our Search Services, as follows.
- Performance of Search Services
We use information that has been provided to us by the client and/or we have collected concerning entities and individuals, pursuant to their authorizations, if applicable, to research or check their representations on applications / resumes and in other contexts relevant to the particular Search Services. Our collection process includes obtaining information from public or contracted (licensed) databases, court records, and other sources, as permitted by law.We retain reasonably vetted independent contractors or other third parties to obtain certain information for the client-requested Search Services, all of whom are contractually bound or have otherwise certified to us, among other terms, that they will protect all PII and use it only for the purpose for which the information was collected.
- Client Data
We collect information regarding our clients, including business contact information, and retain and use such information in providing our Search Services, or to periodically send informational or promotional emails concerning our Search Services. We do not sell the information to third parties.
- Other Uses of Information
SI does not actively solicit PII. Our Site options allow visitors to send us comments, resumes and other communications. We may keep a record of your contact information and correspondence and use any information in your message to respond to your inquiry. We keep all PII that you voluntarily provide as confidential.Our software development partners also may use such information for purposes of modifying, improving, refining and validating technology in connection with the research and development of our systems.For compliance and emergencies, and subject to applicable laws, we reserve the right to use and release any information that we have collected when we believe in good faith that: the law requires it; that unlawful activity may have taken place; to enforce our other policies or published guidelines; to protect the rights, property, safety or security of SI, our visitors or the public; or to respond to an emergency.
USE OF DATA BY CLIENTS AND OTHERS
We cannot and do not assume any responsibility for the actions or omissions of third parties, such as clients, service providers or strategic partners, including the manner in which they use information received either from SI or from other independent sources.
The Site may contain links to other Internet websites. Unless expressly stated otherwise, we are not responsible for the privacy practices or the content of these websites, including these sites’ use of any information collected through cookies or other technologies when visitors to our Site click through links to those sites.
You should review the privacy policies associated with these other sites to understand how their operators collect and use information. THIS POLICY DOES NOT ADDRESS THE PRIVACY OR INFORMATION PRACTICES OF ANY THIRD PARTIES.
SI monitors visitor traffic patterns throughout the Site by logging tracking data, which is collected automatically from each Site visitor. Tracking data may include information such as the IP address of the visitor’s computer, its browser type and operating system, the referring site, and which pages of the Site were visited, the order in which they were visited and which hyperlinks were clicked. SI uses tracking data and other non-personally identifiable information in aggregate form to perform statistical analyses of the collective characteristics and behavior of our visitors, and to measure demographics and interests regarding specific areas of the Site.
We do not use “cookies” (small text files placed on a visitor’s computer hard drive) or other technologies on the Site to determine PII.
“Sensitive data,” for the purposes of our Search Services is defined as data regarding health conditions, racial or ethnic status, political opinions, religious or philosophical beliefs, trade union membership, or sexual orientation and activity, and is generally not collected, used and/or retained by SI.
CERTAIN PUBLIC RECORDS
From time to time, we encounter various forms of certain public records that may or may not be relevant to the searches we perform. For example, while searching for court records, we may find divorce, custody, or probate records. We treat this information on a case-by-case basis. Absent a specific request from a client, it is our general policy not to include these records in our reports because they are either irrelevant to the purpose of our report or ambiguous as to a personal involvement, fault or culpability. If a client requests the information, then we will deliver it, if we are legally permitted to do so.
SI may occasionally implement special features on the Site and additional privacy information may be posted. That privacy information, to the extent it conflicts with this Policy, will govern that particular feature.
SECURITY AND DISPOSAL OF INFORMATION
We take all reasonable administrative, technical, physical and managerial procedures to protect personally identifiable information from loss, misuse, unauthorized access, disclosure, alteration and destruction. Any personal data transmitted to or from our website is protected by a secure socket layer (SSL) key which encrypts the transmitted data. We maintain strong privacy and data security policies and practices, including password controls based on length, complexity and unpredictability.
The information we collect is stored on a secure server network, protected by firewalls and other security measures. All SI employees have signed confidentiality agreements, among other agreements, and are regularly trained in security-related practices and procedures. SI has a formal risk management program, which is reviewed at least annually by our audit and ethics committee appointed by the board of directors.
In the event that SI destroys any documents containing PII during the course of its relevant Search Services, such destruction is accomplished in accordance with the approved document disposal rules formulated by the FTC. Any documents containing PII are deposited in secure containers for shredding and disposal by a vetted and bonded commercial shredding company. Unless legally required otherwise, it is SI’s policy to retain information in connection with our Search Services for a minimum of seven years.
DATA BREACH NOTIFICATION
In the event of a data breach, we will respond in accordance with the particular circumstances that trigger a notice requirement under federal, state and international laws, taking into consideration that different and sometimes conflicting laws may apply to the same data security incident depending on factors such as the industry sector involved and the residency of the affected individuals. If we have an obligation under the GLBA, we will conduct a reasonable investigation to promptly determine the likelihood that the information has been or will be misused. If we determine that misuse has occurred or is reasonably possible, we will notify the affected consumer(s) as soon as possible. However, a consumer notice may be delayed if an appropriate law enforcement agency determines that notification will interfere with criminal investigation and provides to us a written request for the delay. We then will notify the consumers as soon as notification will no longer interfere with the investigation.
OUR CONTACT INFORMATION
- For policy questions or to obtain copy of this policy, please contact us by email at email@example.com or by postal mail at:
Scherzer International Corporation
Attn: Privacy Coordinator
21650 Oxnard Street, Suite 300
Woodland Hills, CA 91367
- To dispute information
If you are a consumer who wants to dispute the accuracy or completeness of information contained in a consumer report/investigative consumer report prepared by SI, please contact AJ Lawler at 800-383-4336, via email at firstname.lastname@example.org or by postal mail at the address noted above indicating which part(s) of the report you are contesting, the reasons you believe the information is incorrect or incomplete, and any other information you deem relevant to your dispute. We will promptly investigate your dispute and advise you of the results within 30 days of receipt.
- To obtain a free copy of your consumer report or consumer file
If you know or believe that SI has prepared a consumer report on you, and you would like to receive a free copy of the report or your consumer file from SI, please also contact AJ Lawler at 800-383-4336, via email at email@example.com or by postal mail at the address noted above.
In order for us to release any information, “proper identification” is required. Proper identification includes documents such as a valid driver’s license, Social Security number, military identification card and credit cards.