Backcheck 2.0 Verifications
- About Us
We collect personal information that our client instructs us to collect. For more information about what information is being collected and why, please speak with the organization that requested the services.
We share your personal information with the client that requested it, any third party that we need to contact to collect or validate your personal information, and service providers that we use to complete services and manage our infrastructure.
We don’t sell or disclose your personal information to governments, marketing or advertising services, other clients, or anyone else except as outlined in this statement or required by law.
Sterling Backcheck is committed to the protection of individual privacy rights. We hold ourselves to the highest legal and ethical standard for compliance and strive to be a privacy champion in the human resources technology industry. We value the trust our clients, colleagues and suppliers place in us, and we work to maintain that trust by building privacy protection into everything we do.
Personal information collected from people in the United States may be transferred outside of the United States as follows:
For more information about cross-border transfers of personal information, scroll down to Section 9 below, “Do we transfer personal information between countries?”
This statement applies to the collection and processing of personal information, which means information about an identifiable individual (you) that Sterling Backcheck (Sterling, we or us) collects in the course of providing services to our clients. This statement does not apply to personal information we collect about our clients or users of our marketing web sites. For information about privacy in these contexts, click here. It also does not apply to the collection and processing of personal information about our employees or contractors. For information about privacy in the context of doing work for Sterling, click here.
We collect personal information in the course of several business activities. Select and expand the section for the activity that applies to you to understand that activity, the personal information we collect for it, how we use that personal information, and our legal basis for doing so.
Our primary function is as a service provider to our clients. We conduct the following types of services:
When we provide services to clients, our client is generally responsible for the following aspects of collection and processing of personal information:
And we are generally responsible for the following aspects of collection and processing of personal information:
When we provide services to a client, collection of your personal information is done in accordance with our client’s instructions. For more information, please contact the client.
Review the list below to see the types of personal information we collect from or on behalf of our clients, along with an explanation for why we collect them and where we get them.
|Type of information||Reason for collection||Source(s)|
|Name(s) (current and former)||This is how we identify you. If we do not know who you are, we cannot provide services. Former names may be needed to conduct a complete background check, as old records may be held under a former name.||
|Date of birth*||Along with your name, this serves to identify you as a unique individual, and is often required to perform services.||
|Photograph||If our client asks us to create a profile or ID card for you following a background check, we may collect a photograph. Some services require us to collect a photo ID, which also contains a photograph.||
|Contact information||In most cases, we need to know how to get in touch with you. This may include your mailing address, email address or telephone number. If we collect these while providing services for a client, we will use them only to provide those services and comply with our client’s instructions and our legal obligations. We will not contact you for any other reason.||
|Address history||Some services, especially criminal record and credit checks, require several years of address history to complete.||
|Documents to prove identity or address||We may be asked by our client to verify your identity, or we may be required to do so to complete services. If so, we may collect ID cards or other documents you provide.||
|Sex or gender*||Some services require a sex or gender to complete.||
|Government-issued identity numbers (e.g. Social Security Number, Social Insurance Number, National Insurance Number, driver’s license number)*||Some services require this information, as records we need to retrieve from third parties are often associated to a government identity number. This may include criminal records, credit files, employment history or driving records.||
|Criminal history and police records*||Some clients wish to review criminal history as part of their screening program.||
|Credit or bankruptcy history*||Some clients wish to obtain financial or identity information found in a credit file with a credit bureau or in public record information.||
|Employment history||Some clients wish to verify employment or activity history over a certain period of time.||
|Education history||Some clients wish to verify education or activity history over a certain period of time.||
|Volunteering history*||Some clients wish to verify volunteering or activity history over a certain period of time.||
|Travel history||Some clients wish to verify activity history over a certain period of time.||
|Professional credentials, designations, memberships, sanctions or reprimands||Some clients wish to verify standing as a certain type of professional, participation or completion of professional development courses, or the existence of professional sanctions or reprimands.||
|Opinions about you||Some clients wish to conduct reference interviews. Additionally, opinions may be provided during verifications of employment or volunteering.||
|Appearance on government watch or sanctions lists*||Some clients wish to check for presence on government watch or sanctions lists.||
|Civil court records||Some clients wish to review litigation history in civil court.||
|Health information, including drug test results*||Some clients wish to test for drugs or other health conditions.||
|Eligibility to work||Some clients wish to verify potential employees’ legal status in the jurisdiction where they operate.||
|Tax information*||Some clients wish to use our services to collect tax documents from their employees.||
|Driving records||Some clients wish to check driver’s license validity and driving history.||
|Directorship and corporate governance history||Some clients wish to verify current or past involvement with corporations as a director or officer.||
|Place of birth*||Some services require a place of birth to complete.||
|Other public record information||Some clients wish to search various other public record sources for information.||
|Telephone call recordings||We monitor some phone calls for quality assurance and training purposes.||
|Your opinions about your experience with Sterling||We may occasionally seek your feedback about your interactions with us to improve the quality of our service||
*Items marked with an asterisk may be considered sensitive or may be subject to special protections in some places. They will not be collected in every case. They will not be collected where prohibited by law, and where permitted, they will only be collected and used in accordance with applicable law.
Information about your activity on our secure platforms, including SterlingONE, Screening Direct, Workforce Direct, BackCheck, eConsent, Verified Volunteers, myBackCheck.com and others, is collected to ensure the integrity and security of our systems and data in our custody, and is used to audit system access and investigate suspicious activity.
Collection of personal information for security purposes is done based on our legitimate interest and legal obligation to ensure personal information in our custody is protected.
The following types of information, some of which may be personal information, are logged when you access our secure platforms:
We will not reuse personal information for a new purpose other than the original one(s) for which it was collected, unless one or more of the following is true:
There are different kinds of cookies with different functions:
Our service platforms, which we use to collect information from you and our clients, do not use third-party cookies. They may use first-party session cookies to track your use of the sites and first-party persistent cookies to remember any preferences you select, such as your location.
The major browsers have attempted to implement the draft “Do Not Track” (“DNT”) standard of the World Wide Web Consortium (“W3C”) in their latest releases. As this standard has not been finalized, our sites are not compatible with DNT and so do not recognize DNT settings.
These cookies are essential in order to enable you to move around the site and use its features, such as accessing secure areas of the site. Without these cookies, services such as viewing certain areas of the site or using web forms cannot be provided. These cookies do not gather information about you that could be used for marketing or remembering where you have been on the internet.
These cookies collect information about how visitors use a site, for instance which pages visitors go to and if they get error messages from web pages. These cookies do not collect information that identifies a person, as all information these cookies collect is anonymous and is used to improve how our site works.
These cookies allow our site to remember choices you make (such as your language or the region you are in) and provide enhanced features. These cookies can also be used to remember changes you have made to text size, font and other parts of web pages that you can customize. They may also be used to provide services you have requested such as viewing or commenting on content on the site. The information these cookies collect is usually anonymized.
Please consult your web browser’s ‘Help’ documentation or visit www.aboutcookies.org for more information about how to turn cookies on and off for your browser.
The services we provide frequently require us to find or validate personal information with third party sources. To do so, we need to provide your personal information to allow the third party to find records about you. We generally provide the information that is required by the third party in the format and through the transmission method of the third party’s choosing. This may involve transmitting information through a web site, phone call, email, fax, letter or in person.
When we provide services to a client, communication of your personal information is done in accordance with our client’s instructions. For more information, please contact the client.
When we provide services to a client, we transmit personal information back to that client. This is done through our secure web platforms and occasionally by phone, email, fax or mail.
While most of our work is done by our employees or authorized personnel who access personal information directly from our systems and whose activities are under our direct control, we use third-party service providers for certain specialized tasks. These tasks include storage of data, information technology support, and some services we perform for our clients.
It would be impractical to list all service providers here, so we have listed types of service providers instead of individuals or organizations. To understand which service providers may receive your personal information, contact us.
When we provide services to a client, use of service providers is done in accordance with our client’s instructions. For more information, please contact the client.
Expand the list below to see which types of service providers we use, the purposes for which we use them and the types of personal information we may transfer to them.
|Service provider||Types of information||Purposes for transfer|
|Data storage and delivery providers||All personal information in our custody||Secure data storage and delivery|
|IT support services||Personal information in our custody with which we require technical support||Technical support|
|Other companies that provide services similar to ours||Personal information required to complete services||Provision of services in locations where we do not operate and overflow support when necessary|
|Court runners||Personal information required to conduct court record searches||Provision of court record services|
|Drug testing labs||Personal information required to set up and carry out drug screening||Provision of drug screening services|
|Police services||Personal information required to conduct police record searches||Provision of police record services|
|Translation services||Personal information we have received in a language other than that which is used to provide the services for which it was collected||Provision of services in the language required by our client|
|Survey services||Your opinions about our services||Conducting surveys|
We may be asked to communicate personal information to law enforcement agencies, national security agencies, courts or other public bodies in any jurisdiction where we are subject to the law, regardless of where personal information is stored. If we receive a production order, warrant, subpoena or other enforceable demand, we will comply as required by law. If we receive a request to provide information voluntarily, we will consider your interests, our business interests, the interests of our clients, public safety implications and our legal obligations prior to deciding whether to communicate personal information. In any case where the information in question was collected from or on behalf of a client, we will consult with the client before proceeding unless prohibited by law.
We may proactively communicate personal information to law enforcement or other third parties if necessary to investigate or report a violation of the law or a contractual agreement, or if otherwise appropriate and permitted by law.
Much of the personal information we collect comes directly from you, in which case you are in control of its accuracy. Our processes for collecting and transcribing personal information are automated to the greatest extent possible and are subject to rigorous quality controls. Information that is found to be inaccurate, either through our own audits or following your request for correction, is updated.
We do not make decisions about you, automated or otherwise, and do not attempt to analyze or predict your behavior, preferences, interests, health or other personal characteristics. However, we may carry out automated processing on our client’s instructions. For more information about automated processing of personal information on behalf of a client, please contact the client.
No. We maintain historical statistical data in anonymized, aggregate format for research and analysis.
We keep personal information that was collected from or on behalf of a client for as long as the client asks us to keep it, or as long as we need to keep it to comply with our legal obligations. To understand how long we will store your personal information, please contact us or the client on whose behalf we collected it. We do not delete personal information unless instructed to do so by our client.
Yes. We store personal information in Canada (for data on our BackCheck, eConsent, SterlingONE Canada and myBackCheck.com platforms) and in the United States (for data on all other platforms, including third-party providers). Our employees and contractors access personal information through virtual desktop interfaces in the United States, Canada, the United Kingdom, India and the Philippines. We also use service providers in various other countries, usually to collect or translate information from that service provider’s country or region that we require to provide services.
If your personal information is subject to European Union (EU) or Swiss law, it may be transferred outside of the EU or Switzerland based on one or more of the following legal mechanisms:
In all cases, we ensure that appropriate safeguards are in place to ensure the protection of your personal information. For more information about these safeguards, please contact us.
Yes. Sterling Infosystems Inc. and its U.S. affiliates and subsidiaries operating under the brand name of Sterling Backcheck (listed below under “Privacy Shield Covered Entities”) comply with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal information transferred from the EU and Switzerland to the United States. Sterling has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. Sterling remains responsible for personal information that is communicated to third parties for processing as described in the section entitled “When, why and how do we communicate personal information outside of Sterling?” If there is any conflict between the terms in this statement and the Privacy Shield Principles, the Privacy Shield Principles will prevail. To learn more about the Privacy Shield program and to view our certification, please visit https://www.privacyshield.gov. The Federal Trade Commission has jurisdiction over Sterling’s compliance with Privacy Shield.
We have advanced security measures in place to secure and protect your personal information, such as internal and external firewalls, monitoring and alert systems to prevent and detect intrusion attempts, and 128-bit encryption of data both in transit and at rest. Our servers are located within a securely managed infrastructure, and undergo multiple reviews by independent auditors. Our employees access data through secure virtual desktop interfaces, and our online interfaces are encrypted, password protected and monitored.
We employ equally rigorous physical security policies to prevent physical access to our premises. Our servers and offices, including personal information in hard copy form, are kept in access-controlled and monitored environments.
All of our employees have been carefully screened and undergone thorough security and privacy training. We restrict access to your personal information to individuals who need it to perform their work functions. Our operations, customer service, account management, finance, quality, vendor management and compliance teams may have regular access to your information and employees in other departments may access it occasionally as required to provide services, communicate with you and fulfill our legal obligations.
We also enter into contractual agreements with service providers with which we may need to share your personal information, which require them to protect your personal information to the same level as we do, and allow us to audit their compliance with those obligations.
Providing your information to us is voluntary. The list below explains how to make choices about the collection and use of your personal information for various purposes, and the consequences of your choice not to provide your personal information.
Whenever our legitimate basis for collecting and using personal information is your consent, you can withdraw or modify your consent for future collection or use of your personal information at any time, and we will explain the consequences of doing so.
If we use your personal information for sales or marketing purposes, you can ask us to stop at any time and we will do so.
|Purpose for collection||How to exercise choice||Consequences|
|Providing services to a client||Do not provide your personal information to us directly, and speak with the client to understand your options. If we have already collected your personal information, contact us.||We will not complete services about you on behalf of our client, or we will stop completing them if we have already started.|
|Our own tracking on our web sites||Do not use our web sites.||You will not view our web content or be able to provide your personal information through a web interface.|
At any time, you can request access to your personal information, request that any inaccuracies be corrected, and request that comments or explanations be added to records about you.
You can also ask about:
Finally, you can ask us not to collect or use your personal information for certain purposes, you can ask us to delete your personal information, or you can ask us to provide your personal information to a third party.
We may refer any of these requests to our client if your personal information was collected on behalf of that client.
Depending on which laws apply to your personal information, we or our client may only be able to do some of these things for you. If you request one of these things and we refuse to do it, we will explain your legal rights, the reason for our refusal and any recourse you may have.
We commit to investigating and resolving complaints about our collection or use of your personal information. To make a complaint, contact us.
If you are in Europe, you should contact our UK office to resolve your complaint, regardless of which of our companies the complaint is about. If you are not satisfied with our resolution of your complaint, you may complain to the Information Commissioner’s Office. We commit to cooperating with the panel established by the EU data protection authorities (DPAs) or the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by the panel or the FDPIC with regard to personal information transferred from the EU or Switzerland. For the purposes of the Privacy Shield, we are subject to the investigatory and enforcement powers of the Federal Trade Commission. In some conditions, you may be able to invoke binding arbitration to resolve your complaint where your personal information has been transferred to and processed in the United States.
If you are not satisfied with our resolution of your complaint, you can make a privacy complaint to the Federal Trade Commission or you can make a consumer reporting complaint to the Consumer Financial Protection Bureau. You may also be able to make a complaint to your state’s Attorney General or similar office.
If you are not satisfied with our resolution of your complaint, you may be able to make a complaint to one of the following regulatory agencies. Upon resolution of your complaint, we will let you know which of these, if any, may apply to your situation.
Head of Privacy
Head of Privacy
Data Protection Officer
Head of Privacy
Anonymized means that sufficient information has been removed from personal information so that it can no longer be associated with an identifiable individual.
Client means an organization that contracts with us to perform background screening or onboarding services.
Consumer means an individual acting in his or her personal capacity.
Individual or you means the individual that personal information is about.
Personal information means information about an identifiable individual.
Processing, handling or use means anything we do with personal information.
Profiling means automated use of your personal information to analyze or predict things like your performance at work, creditworthiness, reliability and conduct.
Sterling Backcheck, Sterling, we or us means Sterling Infosystems, Inc. and all of its subsidiaries and affiliates.
Services means the human resources technology services we provide to our clients and consumers, including background screening and onboarding services.
Service provider means a company engaged to process personal information on behalf of another company.
Third party means a person or organization that is neither you nor us.
Published: September 18th, 2017
|Revision Date||Available Statement|
|April 23, 2018||Current version|
|September 8, 2017||Click to download this version|
|August 10, 2017||Click to download this version|