What data do we collect, and why?
We may collect your name, contact information, IP address, location and activities on our websites, newsletters, webinars and other marketing materials. We do this to measure traffic patterns, assist us in setting marketing priorities, provide targeted advertising, communicate about our services, either proactively or in response to an inquiry, and communicate about our relationship with a client or about specific transactions.
Who else will receive your data, and why?
Your information may be accessible to social media platforms, ad networks, analytics providers, communications providers, and IT service providers. We use these services to better understand the use of our marketing materials, advertise our services and manage our technical infrastructure.
Privacy Mission Statement
Sterling is committed to the protection of individual privacy rights. We hold ourselves to the highest legal and ethical standard for compliance and strive to be a privacy champion in the human resources technology industry. We value the trust our clients, colleagues and suppliers place in us, and we work to maintain that trust by building privacy protection into everything we do.
Table of Contents
1 Scope of application
This statement applies to the collection and processing of personal information, which means information about an identifiable individual (you) that Sterling (Sterling, we or us) collects while you use our web sites and other marketing resources such as webinars and newsletters, and while you interact with us as a prospective, current or former customer.
This statement does not apply to the collection and processing of personal information in the course of providing background screening or onboarding services to our enterprise clients or consumers. For information about privacy in the context of services provided to our clients, click here. It also does not apply to the collection and processing of personal information about our employees or contractors. For information about privacy in the context of doing work for Sterling, click here.
2 Why do we collect personal information and what types of personal information do we collect?
We collect personal information for the following purposes. Select and expand the section for the activity that applies to you to understand that activity, the personal information we collect for it, how we use that personal information, and our legal basis for doing so.
To track usage and security of our web sites, identify users and respond to web inquiries
Tracking information gathered as you navigate through our marketing web sites, review our email newsletters and other email messages, ‘like’ or share content through social media or our ‘send page by email’ functions, and enter information into our online contact forms, is used to measure traffic patterns, assist us in setting marketing priorities, provide targeted advertising, identify and gather publicly available information about you and your employer to better target marketing and sales activities, and collect your contact information when you ask for more information. We collect and process your personal information through our marketing web sites based on:
- our legitimate interest to market and sell our services
- your consent, which you indicate by choosing to access the sites, provide your personal information, and receive our messages
Most information we collect through your use of our marketing web sites is only collected, kept and used in anonymized, aggregate format, from which you cannot be identified. However, we may collect your internet protocol (IP) address, your location and your navigation activities (like where you click and which pages you view and when), which may be considered personal information in some jurisdictions.
When an advertisement or social media icon appears on one of our web pages, the platform that provides that content may be able to gather limited tracking information, such as your IP address, location, page views and clicking behavior, through processes we don’t control. There is content on our marketing sites from the following providers: AppNexus, DoubleClick by Google, AddThis, Bizo and LinkedIn. You can use tools or plugins in your web browser to block third-party content from your browsing experience.
To establish and manage relationships with clients, prospective clients or consumers.
We collect a limited amount of personal information from our clients and prospective clients. We use this information to communicate about our services in general, either proactively or in response to an inquiry, and to communicate about our relationship with a client or about specific transactions.
Review the list below to understand what types of information are collected about our clients and prospective clients and may constitute personal information.
Figure 1: Types of personal information collected to manage client or consumer relationships
|Type of information||Reason for collection||Source(s)|
|Name||This is how we identify you. If we do not know who you are, we cannot provide services.||
|Job title and company||This helps us understand whether you may need our services and what type of services you may need.||
|Contact information||In most cases, we need to know how to get in touch with you. This may include your mailing address, email address and telephone number.||
|Information shared in casual conversation||We try to maintain friendly personal relationships with our clients. While it is not our standard practice, we may note personal information that you voluntarily share with us in our customer relationship management database to ensure continuity of the relationship and institutional memory.||
|Telephone call recordings||We monitor some phone calls for quality assurance and training purposes.||
|Opinions about our services||To improve our services||
Reuse of personal information for new purposes
We will not reuse personal information for a new purpose other than the original one(s) for which it was collected, unless one or more of the following is true:
- the new use is compatible with the original one, meaning you should reasonably expect it;
- we have notified you of the new use and given you an opportunity to object to it; or
- the new use is otherwise permitted or required by law.
There are different kinds of cookies with different functions:
- Session cookies: these are only stored on your computer during your web session. They are automatically deleted when the browser is closed. They usually store an anonymous session ID allowing you to browse a website without having to log in to each page. They do not collect any information from your computer.
- Persistent cookies: a persistent cookie is one stored as a file on your computer, and it remains there when you close your web browser. The cookie can be read by the website that created it when you visit that website again.
- First-party cookies: the function of this type of cookie is to retain your preferences for a particular website for the entity that owns that website. They are stored and sent between Sterling’s servers and your computer’s hard drive. They are not used for anything other than for personalization as set by you. These cookies may be either Session or Persistent cookies.
- Third-party cookies: the function of this type of cookie is to retain your interaction with a particular website for an entity that does not own that website. They are stored and sent between the Third-party’s server and your computer’s hard drive. These cookies are usually Persistent cookies.
Our sites use session cookies to track your use of the sites and persistent cookies to remember any preferences you select, such as your location.
Our sites place both first-party and third-party cookies. Third-party cookies are placed by AppNexus, DoubleClick by Google, AddThis, Bizo and LinkedIn, and more information about them can be found by consulting these third parties’ privacy policies, which you can access by clicking each third party’s name in this paragraph.
The major browsers have attempted to implement the draft “Do Not Track” (“DNT”) standard of the World Wide Web Consortium (“W3C”) in their latest releases. As this standard has not been finalized, our sites are not compatible with DNT and so do not recognize DNT settings.
Where strictly necessary
These cookies are essential in order to enable you to move around the site and use its features, such as accessing secure areas of the site. Without these cookies, services you have asked for, such as viewing certain areas of the site or using web forms, cannot be provided. These cookies do not gather information about you that could be used for marketing or remembering where you have been on the internet.
These cookies collect information about how visitors use a site, for instance which pages visitors go to most often, and if they get error messages from web pages. They also allow us to record and count the number of visitors to the site, all of which enables us to see how visitors use the site in order to improve the way that our site works. These cookies do not collect information that identifies a person, as all information these cookies collect is anonymous and is used to improve how our site works.
These cookies allow our site to remember choices you make (such as your language or the region you are in) and provide enhanced features. These cookies can also be used to remember changes you have made to text size, font and other parts of web pages that you can customize. They may also be used to provide services you have requested such as viewing or commenting on content on the site. The information these cookies collect is usually anonymized.
Please consult your web browser’s ‘Help’ documentation or visit www.aboutcookies.org for more information about how to turn cookies on and off for your browser.
4 When, why and how do we communicate personal information outside of Sterling?
While most of our work is done by our employees or authorized personnel who access personal information directly from our systems and whose activities are under our direct control, we use third-party service providers for certain specialized tasks. These tasks include storage of data, information technology support and certain marketing activities.
It would be impractical to list all service providers here, so we have listed types of service providers instead of individuals or organizations. To understand which service providers may receive your personal information, contact us.
Expand the list below to see which types of service providers we use, the purposes for which we use them and the types of personal information we may transfer to them.
To track usage and security of our web sites, identify users and respond to web inquiries
|Service provider||Types of information||Purposes for transfer|
|Marketing analytics, communications and data aggregation providers||
|Data storage and delivery providers||All personal information in our custody||Secure data storage and delivery|
|IT support services||Personal information in our custody with which we require technical support||Technical support|
|Survey and polling services||Name and contact information||Gather your opinions about our services|
In exceptional circumstances
We may be asked to communicate personal information to law enforcement agencies, national security agencies, courts or other public bodies in any jurisdiction where we are subject to the law, regardless of where personal information is stored. If we receive a production order, warrant, subpoena or other enforceable demand, we will comply as required by law. If we receive a request to provide information voluntarily, we will consider your interests, our business interests, the interests of our clients, public safety implications and our legal obligations prior to deciding whether to communicate personal information. In any case where the information in question was collected from or on behalf of a client, we will consult with the client before proceeding unless prohibited by law.
We may proactively communicate personal information to law enforcement or other third parties if necessary to investigate or report a violation of the law or a contractual agreement, or if otherwise appropriate and permitted by law.
5 How do we ensure your personal information is accurate?
Much of the personal information we collect comes directly from you, in which case you are in control of its accuracy. Our processes for collecting and transcribing personal information are automated to the greatest extent possible and are subject to rigorous quality controls. Information that is found to be inaccurate, either through our own audits or following your request for correction, is updated.
6 Do we engage in automated decision-making or profiling using personal information?
We do not make decisions about you, automated or otherwise, and do not attempt to analyze or predict your behavior, preferences, interests, health or other personal characteristics.
7 Do we conduct research using personal information?
No. We maintain historical statistical data in anonymized, aggregate format for research and analysis.
8 How long do we keep personal information?
We keep personal information as long as we need it to satisfy our business requirements. This is dependent on why we collected the information in the first place. Once we no longer need it, it is deleted or anonymized. For information on how long your personal information may be retained, please contact us.
9 Do we transfer personal information between countries?
Yes. We store personal information in the United States. Our employees and contractors access personal information through virtual desktop or web interfaces in the United States, Canada, the United Kingdom, India and the Philippines.
If your personal information is subject to European Union (EU) or Swiss law, it may be transferred outside of the EU or Switzerland based on one or more of the following legal mechanisms:
- Relevant authorities have issued a decision that personal information will benefit from an adequate level of protection in the country to which it is transferred. This is the case for Canada and, under the EU-U.S. and Swiss-U.S. Privacy Shield Framework, to Sterling entities located in the United States. This is not the case for India or the Philippines.
- We have signed contractual clauses with our client that are deemed by the relevant authority to ensure adequate protection of personal information.
- You have provided your consent for us to transfer data outside of the EU or Switzerland to allow us to carry out services for you or on behalf of a client.
In all cases, we ensure that appropriate safeguards are in place to ensure the protection of your personal information. For more information about these safeguards, please contact us.
10 Do we participate in the EU-U.S. and Swiss-U.S. Privacy Shield Framework?
Yes. Sterling Infosystems Inc. and its U.S. affiliates and subsidiaries operating under the brand name of Sterling (listed below under “Privacy Shield Covered Entities”) comply with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal information transferred from the EU and Switzerland to the United States. Sterling has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. Sterling remains responsible for personal information that is communicated to third parties for processing as described in Section 6 (When, why and how do we communicate personal information outside of Sterling?). If there is any conflict between the terms in this statement and the Privacy Shield Principles, the Privacy Shield Principles will prevail. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov. The Federal Trade Commission has jurisdiction over Sterling’s compliance with Privacy Shield.
Privacy Shield Covered Entities
- Abso, Inc.
- American Background Information Services, Inc.
- Bishops Services, Inc.
- Data Quick Direct, Inc.
- EmployeeScreen IQ, Inc.
- Screening International LLC
- Sterling Credit Screening, Inc.
- Sterling Infosystems Ohio, Inc.
- Sterling Protective Systems, Inc.
- Talentwise, Inc.
- The Premier Company, dba Tandem Select
- Unisource Screening & Information, Inc.
- Verified Person, Inc.
11 How do we protect personal information?
We have advanced security measures in place to secure and protect your personal information, such as internal and external firewalls, monitoring and alert systems to prevent and detect intrusion attempts, and 128-bit encryption of data both in transit and at rest. Our servers are located within a securely managed infrastructure, and undergo multiple reviews by independent auditors. Our employees access data through secure virtual desktop interfaces, and our online interfaces are encrypted, password protected and monitored.
We employ equally rigorous physical security policies to prevent physical access to our premises. Our servers and offices, including personal information in hard copy form, are kept in access-controlled and monitored environments.
All of our employees have been carefully screened and undergone thorough security and privacy training. We restrict access to your personal information to individuals who need it to perform their work functions. Our marketing, sales, customer service and account management teams may have regular access to your information and employees in other departments may access it occasionally as required to manage our relationship with you and fulfill our legal obligations.
We also enter into contractual agreements with service providers with which we may need to share your personal information, which require them to protect your personal information to the same level as we do, and allow us to audit their compliance with those obligations.
12 How can you choose how and whether we collect and use your personal information?
Providing your information to us is voluntary. The list below explains how to make choices about the collection and use of your personal information for various purposes, and the consequences of your choice not to provide your personal information.
Whenever our legitimate basis for collecting and using personal information is your consent, you can withdraw or modify your consent for future collection or use of your personal information at any time, and we will explain the consequences of doing so.
If we use your personal information for sales or marketing purposes, you can ask us to stop at any time and we will do so.
Figure 3: Choices about collection and use of personal information
|Purpose for collection||How to exercise choice||Consequences|
|Our own tracking on our web sites||Do not use our web sites.||You will not view our web content.|
|Third-party tracking on our web sites||Activate ad blocking functionality in your browser.||You will not receive advertising that is tailored to your interests and activities.|
|Sales and marketing||Ask us not to contact you or opt out of certain mailing lists. If you are unsure of how to do so, contact us.||You will not receive proactive sales and marketing communication from us, or those communications will be limited to those you have selected.|
13 How can you access or correct your personal information, request that it be deleted, or ask for it to be transferred to another organization?
At any time, you can request access to your personal information, request that any inaccuracies will be corrected, and request that comments or explanations be added to records about you.
You can also ask about:
- whether and why we have your personal information;
- how we got your personal information;
- what we have done with your personal information;
- to whom we have communicated your personal information;
- where your personal information has been stored, processed or transferred;
- how long we will retain your personal information, or how that retention period will be determined; and
- the safeguards in place to protect your information when it is transferred to third parties or third countries.
Finally, you can ask us not to collect or use your personal information for certain purposes, you can ask us to delete your personal information, or you can ask us to provide your personal information to a third party.
Depending on which laws apply to your personal information, we may only be able to do some of these things for you. If you request one of these things and we refuse to do it, we will explain your legal rights, the reason for our refusal and any recourse you may have.
14 How can you make a complaint about how we have handled your personal information or responded to a request to exercise your rights?
We commit to investigating and resolving complaints about our collection or use of your personal information. To make a complaint, contact us.
For European Union residents
If you are in the EU, you should contact our UK office to resolve your complaint, regardless of which of our companies the complaint is about. If you are not satisfied with our resolution of your complaint, you may complain to the Information Commissioner’s Office. We commit to cooperating with the panel established by the EU data protection authorities (DPAs) or the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by the panel or the FDPIC with regard to personal information transferred from the EU or Switzerland. For the purposes of the Privacy Shield, we are subject to the investigatory and enforcement powers of the Federal Trade Commission. In some conditions, you may be able to invoke binding arbitration to resolve your complaint where your personal information has been transferred to and processed in the United States.
For Canadian residents
If you are not satisfied with our resolution of your complaint, you may be able to make a complaint to one of the following regulatory agencies. Upon resolution of your complaint, we will let you know which of these, if any, may apply to your situation.
For residents of other countries
Please contact us at firstname.lastname@example.org to understand how to make a complaint.
15 Contact Information
United States and all other countries
1 State Street Plaza New York, NY 10004 USA
Suite 200-19433 96th Avenue Surrey, BC V4N 4C4 CANADA
8th Floor, Alexandra House 1 Alexandra Road
Swansea SA1 5ED UK
Information Commissioner’s Office Registration Number: Z9745943
Anonymized means that sufficient information has been removed from personal information so that it can no longer be associated with an identifiable individual.
Client means an organization that contracts with us to perform background screening or onboarding services.
Consumer means an individual acting on his or her personal capacity.
Individual or you means the individual that personal information is about.
Personal information means information about an identifiable individual.
Processing, handling or use means anything we do with personal information.
Profiling means automated use of your personal information to analyze or predict things like your performance at work, creditworthiness, reliability and conduct.
Sterling, Sterling, we or us means Sterling Infosystems, Inc. and all of its subsidiaries and affiliates.
Services means the human resources technology services we provide to our clients and consumers, including background screening and onboarding services.
Service provider means a company engaged to process personal information on behalf of another company.
Third party means a person or organization that is neither you nor us.
Published: September 18th, 2017
|Revision Date||Available Statement|
|September 8||Current version|
|10 August 2017||Click to download this version|