Services Privacy Policy

Summary

What personal information we collect and why

We collect personal information to conduct fingerprint-based background checks. These include your name, date of birth, place of birth, social security number, contact information, physical attributes, fingerprint images, signature and, in some cases, professional license information.

Who we share your personal information with and why

We share your personal information with our client, which may be the company that requested the background check or an intermediary like a background screening firm; the channeling entity that is designated to process the fingerprint check; federal oversight bodies and channeling entities; and service providers we use to complete services and manage our infrastructure.

What we don’t do with your personal information

We don’t sell or disclose your personal information to marketing or advertising services, other clients, or anyone else except as outlined in this statement or required by law.

Privacy Mission Statement

Sterling Identity is committed to the protection of individual privacy rights. We hold ourselves to the highest legal and ethical standard for compliance and strive to be a privacy champion in the human resources technology industry. We value the trust our clients, colleagues and suppliers place in us, and we work to maintain that trust by building privacy protection into everything we do.

Privacy Policy Details

This statement applies to the collection and processing of personal information, which means information about an identifiable individual (you) that Sterling Identity (we or us) collects in the course of providing services. This statement does not apply to personal information we collect about our clients, users of our marketing web sites, or our employees or contractors.

We collect personal information in the course of several business activities. Review the section for the activity that applies to you to understand that activity, the personal information we collect for it, how we use that personal information, and our legal basis for doing so.

To provide fingerprint background check services

We conduct fingerprint background checks for individuals and organizations that need them. To understand why the background check is required, please speak with the organization requesting it.

Review the list below to see the types of personal information we collect in the course of conducting fingerprint background checks, along with an explanation for why we collect them and where we get them.

 

Type of information Reason for collection Source(s)
Name This is how we identify you. If we do not know who you are, we cannot provide services. You or our client
Date of birth* Along with your name, this serves to identify you as a unique individual, and is often required to perform services. You or our client
Contact information In most cases, we need to know how to get in touch with you. This may include your mailing address, email address or telephone number. If we collect these while providing services for a client, we will use them only to provide those services and comply with our client’s instructions and our legal obligations. We will not contact you for any other reason. You or our client
Documents to prove identity or address We may be required to verify your identity to complete services. If so, we may review ID cards or other documents you provide. You or our client
Sex or gender* Some services require this information You or our client
Government-issued identity numbers (e.g. Social Security Number)*  Some services require this information You or our client
Identity numbers issued by a professional regulatory body If the background check is required for a regulated profession, the regulatory body may require that we collect this information. You or our client
Place of birth* Some services require this information You or our client
Physical attributes, including race, weight, eye color or hair color* Some services require this information You or our client
Fingerprint images and geometry* Fingerprints are the primary basis by which a fingerprint-based background check is completed You
FBI Criminal History Record Information Some of our customers have arrangements whereby we receive and transfer this information back to them. Only authorized Sterling Identity employees have access to this information. The FBI
Citizenship information* Some services require this information. You or our client
Reasons for a request for services Some services require this information. You or our client
Payment information We need this to collect payment for services, if you are paying directly. We do not collect or store full payment card numbers; this is done by our card processing service provider. You

*Items marked with an asterisk may be considered sensitive or may be subject to special protections in some places. They will not be collected in every case. They will not be collected where prohibited by law, and where permitted, they will only be collected and used in accordance with applicable law.

To track usage and security of our secure platforms

Our sites use cookies. For more information on cookies, please see the section entitled ‘How we use cookies.’

Information about your activity on our secure platforms is collected to ensure the integrity and security of our systems and data in our custody, and is used to audit system access and investigate suspicious activity.

The following types of information, some of which may be personal information, are logged when you access our secure platforms:

  • IP address;
  • location;
  • login credentials for our systems;
  • dates, times, and length of session;
  • access to and modification of data;
  • browser type and version.

Reuse of personal information for new purposes

We will not reuse personal information for a new purpose other than the original one(s) for which it was collected, unless one or more of the following is true:

  • the new use is compatible with the original one, meaning you should reasonably expect it;
  • we have notified you of the new use and given you an opportunity to object to it, or you have consented to it; or
  • the new use is otherwise permitted or required by law.

Cookies are pieces of information shared between your web browser and a website. Cookies enable the website to collect information about your activities and provide you with a faster and easier experience for the user. When you access our site, you consent to use cookies.

There are different kinds of cookies with different functions:

  • Session cookies: these are only stored on your computer during your web session. They are automatically deleted when the browser is closed. They usually store an anonymous session ID allowing you to browse a website without having to log in to each page. They do not collect any information from your computer.
  • Persistent cookies: a persistent cookie is one stored as a file on your computer, and it remains there when you close your web browser. The cookie can be read by the website that created it when you visit that website again.
  • First-party cookies: the function of this type of cookie is to retain your preferences for a particular website for the entity that owns that website. They are stored and sent between Sterling’s servers and your computer’s hard drive. They are not used for anything other than for personalization as set by you. These cookies may be either Session or Persistent cookies.
  • Third-party cookies: the function of this type of cookie is to retain your interaction with a particular website for an entity that does not own that website. They are stored and sent between the Third-party’s server and your computer’s hard drive. These cookies are usually Persistent cookies.

Our service platforms, which we use to collect information from you and our clients, do not use third-party cookies. They may use first-party session cookies to track your use of the sites and first-party persistent cookies to remember any preferences you select, such as your location.

The major browsers have attempted to implement the draft “Do Not Track” (“DNT”) standard of the World Wide Web Consortium (“W3C”) in their latest releases. As this standard has not been finalized, our sites are not compatible with DNT and so do not recognize DNT settings.

We use cookies for the following purposes:

Where strictly necessary

These cookies are essential in order to enable you to move around the site and use its features, such as accessing secure areas of the site. Without these cookies, services such as viewing certain areas of the site or using web forms cannot be provided. These cookies do not gather information about you that could be used for marketing or remembering where you have been on the internet.

Performance

These cookies collect information about how visitors use a site, for instance which pages visitors go to most often, and if they get error messages from web pages. These cookies do not collect information that identifies a person, as all information these cookies collect is anonymous and is used to improve how our site works.

Functionality

These cookies allow our site to remember choices you make (such as your language or the region you are in) and provide enhanced features. These cookies can also be used to remember changes you have made to text size, font and other parts of web pages that you can customize. They may also be used to provide services you have requested such as viewing or commenting on content on the site. The information these cookies collect is usually anonymized.

Please consult your web browser’s ‘Help’ documentation or visit aboutcookies.org for more information about how to turn cookies on and off for your browser.

To complete fingerprint background check services

The services we provide require us to forward personal information to organizations that facilitate fingerprint-based background checks, such as federal oversight bodies and channeling entities. We provide the information that is required by the third party according to that third party’s data transmission channels.

When we provide services on behalf of a client, we may communicate some or all of your personal information to that client.

To engage service providers

We use third-party service providers for certain specialized tasks. These tasks include storage of data, information technology support, and some services we perform for our clients.

It would be impractical to list all service providers here, so we have listed types of service providers instead of individuals or organizations. To understand which service providers may receive your personal information, contact us.

Figure 2: Service providers

Service provider Types of information Purposes for transfer
Data storage and delivery providers All personal information in our custody Secure data storage and delivery
IT support services Personal information in our custody with which we require technical support Technical support
Survey services Your opinions about our services Conducting surveys
Payment card processor Payment information Payment processing

In exceptional circumstances

We may be asked to communicate personal information to law enforcement agencies, national security agencies, courts or other public bodies in any jurisdiction where we are subject to the law, regardless of where personal information is stored. If we receive a production order, warrant, subpoena or other enforceable demand, we will comply as required by law. If we receive a request to provide information voluntarily, we will consider your interests, our business interests, the interests of our clients, public safety implications and our legal obligations prior to deciding whether to communicate personal information. In any case where the information in question was collected from or on behalf of a client, we will consult with the client before proceeding unless prohibited by law.

We may proactively communicate personal information to law enforcement or other third parties if necessary to investigate or report a violation of the law or a contractual agreement, or if otherwise appropriate and permitted by law.

Providing your information to us is voluntary. The list below explains how to make choices about the collection and use of your personal information for various purposes, and the consequences of your choice not to provide your personal information.

Whenever our legitimate basis for collecting and using personal information is your consent, you can withdraw or modify your consent for future collection or use of your personal information at any time, and we will explain the consequences of doing so.

If we use your personal information for sales or marketing purposes, you can ask us to stop at any time and we will do so.

Figure 3: Choices about collection and use of personal information

Purpose for collection How to exercise choice Consequences
Providing services to a client Do not provide your personal information to us directly, and speak with the client to understand your options.  If we have already collected your personal information, contact us. We will not complete services about you on behalf of our client, or we will stop completing them if we have already started.
Our own tracking on our web sites Do not use our web sites You will not view our web content or be able to provide your personal information through a web interface.

How can you access or correct your personal information, request that it be deleted, or ask for it to be transferred to another organization?

At any time, you can request access to your personal information, request that any inaccuracies will be corrected, and request that comments or explanations be added to records about you.

You can also ask about:

  • whether and why we have your personal information;
  • how we got your personal information;
  • what we have done with your personal information;
  • to whom we have communicated your personal information;
  • where your personal information has been stored, processed or transferred;
  • how long we will retain your personal information, or how that retention period will be determined; and
  • the safeguards in place to protect your information when it is transferred to third parties or third countries.

Finally, you can ask us not to collect or use your personal information for certain purposes, you can ask us to delete your personal information, or you can ask us to provide your personal information to a third party.

We may refer any of these requests to our client if your personal information was collected on behalf of that client.

Under United States law and our agreements with clients, channeling entities and the FBI, we or our client may only be able to do some of these things for you. If you request one of these things and we refuse to do it, we will explain your legal rights, the reason for our refusal and any recourse you may have.

How can you make a complaint about how we have handled your personal information or responded to a request to exercise your rights?

We commit to investigating and resolving complaints about our collection or use of your personal information. To make a complaint, contact us.

If you are not satisfied with our resolution of your complaint, you can make a privacy complaint to the Federal Trade Commission. You may also be able to make a complaint to your state’s Attorney General or similar office.

Contact Information

Sterling Identity Support

support@sterlingidentity.com

844.787.3431 (9 AM to 9 PM Pacific, Monday – Saturday)

Sterling Head of Privacy

1 State Street Plaza New York, NY 10004 USA
privacy@sterlingts.com

If we are unable to assist with your inquiry, we may refer you to other parties that are involved in the fingerprint background check process.

How do we protect personal information?

We have advanced security measures in place to secure and protect your personal information, such as internal and external firewalls, monitoring and alert systems to prevent and detect intrusion attempts, and 128-bit encryption of data both in transit and at rest. Our servers are located within a securely managed infrastructure, and undergo multiple reviews by independent auditors. Our employees access data through secure virtual desktop interfaces, and our online interfaces are encrypted, password protected and monitored.

We employ equally rigorous physical security policies to prevent physical access to our premises. Our servers and offices, including personal information in hard copy form, are kept in access-controlled and monitored environments.

All of our employees have been carefully screened and undergone thorough security and privacy training. We restrict access to your personal information to individuals who need it to perform their work functions. Our marketing, sales, customer service and account management teams may have regular access to your information and employees in other departments may access it occasionally as required to manage our relationship with you and fulfill our legal obligations.

We also enter into contractual agreements with service providers with which we may need to share your personal information, which require them to protect your personal information to the same level as we do, and allow us to audit their compliance with those obligations.

How do we ensure your personal information is accurate?

Much of the personal information we collect comes directly from you, in which case you are in control of its accuracy. Our processes for collecting and transcribing personal information are automated to the greatest extent possible and are subject to rigorous quality controls. Information that is found to be inaccurate, either through our own audits or following your request for correction, is updated.

Do we engage in automated decision-making or profiling using personal information?

We do not make decisions about you, automated or otherwise, and do not attempt to analyze or predict your behavior, preferences, interests, health or other personal characteristics. However, we may carry out automated processing on our client’s instructions. For more information about automated processing of personal information on behalf of a client, please contact the client.

Do we conduct research using personal information?

No. We maintain historical statistical data in anonymized, aggregate format for research and analysis.

How long do we keep personal information?

We keep fingerprints and criminal history information only as long as necessary to fulfill the request and deliver the results, up to a maximum of 29 days. After that, they are securely and permanently destroyed. To destroy data, we de-index it from our databases and overwrite it with new information.

We are required to retain certain information for one to three years for compliance with FBI audit requirements. Beyond that, we keep personal information in active accounts for seven years, after which it is anonymized. If your account is inactive, we anonymize your personal information three years after your last login.

Do we transfer personal information between countries?

No. Data collected by Sterling Identity is only stored and accessed in the United States.

Anonymized means that sufficient information has been removed from personal information so that it can no longer be associated with an identifiable individual.

Client means an organization that contracts with us to perform background screening or onboarding services.

Consumer means an individual acting on his or her personal capacity.

Individual or you means the individual that personal information is about.

Personal information means information about an identifiable individual.

Processinghandling or use means anything we do with personal information.

Profiling means automated use of your personal information to analyze or predict things like your performance at work, creditworthiness, reliability and conduct.

Sterling means Sterling, Sterling Identity’s parent company.

Services means the human resources technology services we provide to our clients and consumers, including background screening and onboarding services.

Service provider means a company engaged to process personal information on behalf of another company.

Third party means a person or organization that is neither you nor us.