How do we protect personal information?
We have advanced security measures in place to secure and protect your personal information, such as internal and external firewalls, monitoring and alert systems to prevent and detect intrusion attempts, and 128-bit encryption of data both in transit and at rest. Our servers are located within a securely managed infrastructure, and undergo multiple reviews by independent auditors. Our employees access data through secure virtual desktop interfaces, and our online interfaces are encrypted, password protected and monitored.
We employ equally rigorous physical security policies to prevent physical access to our premises. Our servers and offices, including personal information in hard copy form, are kept in access-controlled and monitored environments.
All of our employees have been carefully screened and undergone thorough security and privacy training. We restrict access to your personal information to individuals who need it to perform their work functions. Our marketing, sales, customer service and account management teams may have regular access to your information and employees in other departments may access it occasionally as required to manage our relationship with you and fulfill our legal obligations.
We also enter into contractual agreements with service providers with which we may need to share your personal information, which require them to protect your personal information to the same level as we do, and allow us to audit their compliance with those obligations.
How do we ensure your personal information is accurate?
Much of the personal information we collect comes directly from you, in which case you are in control of its accuracy. Our processes for collecting and transcribing personal information are automated to the greatest extent possible and are subject to rigorous quality controls. Information that is found to be inaccurate, either through our own audits or following your request for correction, is updated.
Do we engage in automated decision-making or profiling using personal information?
We do not make decisions about you, automated or otherwise, and do not attempt to analyze or predict your behavior, preferences, interests, health or other personal characteristics. However, we may carry out automated processing on our client’s instructions. For more information about automated processing of personal information on behalf of a client, please contact the client.
Do we conduct research using personal information?
No. We maintain historical statistical data in anonymized, aggregate format for research and analysis.
How long do we keep personal information?
We keep fingerprints and criminal history information only as long as necessary to fulfill the request and deliver the results, up to a maximum of 29 days. After that, they are securely and permanently destroyed. To destroy data, we de-index it from our databases and overwrite it with new information.
We are required to retain certain information for one to three years for compliance with FBI audit requirements. Beyond that, we keep personal information in active accounts for seven years, after which it is anonymized. If your account is inactive, we anonymize your personal information three years after your last login.
Do we transfer personal information between countries?
No. Data collected by Sterling Identity is only stored and accessed in the United States.