U.S. – European Union (EU) Safe Harbor Privacy Policy

Protecting consumer privacy is important to us. Pinkerton is committed to handling personal information in accordance with the Safe Harbor Principles.

Pinkerton Corporate Risk Management (Pinkerton) will act as the Consumer Reporting Agency on behalf of its clients. Pinkerton serves employers who have certified to have a permissible purpose for consumer reports, which is verified by Pinkerton.

Pinkerton and its affiliated United States subsidiaries (hereinafter collectively referred to as the “Company,” “we,” “us” or “our”) adhere to the Safe Harbor Agreement concerning the transfer of personal data from the European Union (“EU”) to the United States of America. Accordingly, we follow the Safe Harbor Principles published by the U.S. Department of Commerce (the “Principles”) with respect to all such data. If there is any conflict between the policies in this privacy policy and the Principles, the Principles shall govern. This privacy policy outlines our general policy and practices for implementing the Principles, including the types of information we gather, how we use it and the notice and choice affected individuals have regarding our use of and their ability to correct that information. This privacy policy applies to all personal information received by Pinkerton whether in electronic, paper or verbal format.

“Sensitive Personal Information” means personal information that reveals race, ethnic origin, sexual orientation, political opinions, religious or philosophical beliefs, trade union membership or that concerns an individual’s health.

“Personal Information” or “Information” means information that (1) is transferred from the EU to the United States; (2) is recorded in any form; (3) is about, or pertains to a specific individual; and (4) can be linked to that individual.

Notice: Pinkerton shall inform an individual of the purpose for which it collects and uses the Personal Information by having a completed Disclosure and Authorization Form completed by the individual. The information collected will be used or disclosed only for a purpose in which it was originally collected which will limit the use and disclosure of the individual’s Personal Information.

Choice: Pinkerton is required by the FCRA to always obtain a Disclosure and Authorization Form signed by the individual before a consumer report for employment purposes can be procured. The Company will offer individuals the opportunity to choose (opt out) whether their Personal Information is (1) to be disclosed to a third party or (2) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual.

Pinkerton will not disclose the information collected for a purpose other than the purpose for which it was originally collected or subsequently authorized by the candidate. Pinkerton shall treat Sensitive Personal Information received from a candidate the same as the individual would treat and identify it as Sensitive Personal Information.

Onward Transfers (Third Parties): In accordance to disclosing Personal Information to a third party, Pinkerton shall do so by remaining in compliant with the requirements of the FCRA and as stated in the Disclosure and Authorization Form signed by the individual. Pinkerton shall ensure that any third party for which Personal Information may be disclosed subscribes to the Principles or are subject to law providing the same level of privacy protection as is required by the Principles and agree in writing to provide an adequate level of privacy protection.

Access: Pinkerton allows the individuals the right to access to their Personal Information and allow the individual to correct, amend or delete inaccurate information, except where the burden or expense of providing access would be disproportionate to the risks to the privacy of the individual in the case in question or where the rights of persons other than the individual would be violated. Pinkerton will grant access to an individual’s consumer individual report after confirmation of the identity of the individual requesting the information to ensure that the information is provided only to the subject of the report.

Security: Pinkerton takes reasonable steps to protect the Personal Data Information from loss, misuse and unauthorized access, disclosure, alteration and destruction. Pinkerton’s website and any data transmitted to or from it are protected. Pinkerton has put in place appropriate measure to assure the personal data is secure by strictly limiting access to the servers by authorized personnel of Pinkerton. We take pride in our technology and our security policies, however cannot guarantee the security of Information on or transmitted via the Internet outside of our website.

Data Integrity: Pinkerton shall only process Personal Information in a way that is compatible with and relevant for the purpose for which it was collected or authorized by the individual. To the extent necessary for those purposes, Pinkerton shall take reasonable steps to ensure that Personal Information is accurate, complete, current and reliable for its intended use. Pinkerton does not vouch for, and is not responsible for, the accuracy of data about you that may be supplied by our clients or any other third-party sources of information.

As provided in this Privacy Policy, you may have access to personal data about you, including for the purpose of correcting any inaccuracies, pursuant to the FCRA and/or the European Union Data Protection Directive.

Enforcement: Pinkerton uses a self-assessment approach to assure compliance with this privacy policy and periodically verifies that the policy is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented and accessible and in conformity with the Safe Harbor Principles. We encourage interested persons to raise any concerns using the contact information provided and we will investigate and attempt to resolve any complaints and disputes regarding use and disclosure of Personal Information in accordance with the Safe Harbor Principles.

If a complaint or dispute cannot be resolved through our internal process, we agree to dispute resolution using (an independent resource mechanism) as a third party resolution provider.  For more information visit the Department of Commerce’s Safe Harbor website http://export.gov/safeharbor/.

Amendments: From time to time, this Privacy Policy may be amended and remain consistent with the requirements of the European Union Safe Harbor Privacy Policy. We will post any revised policy on this website.

Contact Information: In compliance with the US-EU and US-Swiss Safe Harbor Principles, Pinkerton Corporate Risk Management commits to resolve complaints about your privacy and our collection or use of your personal information. European Union or Swiss citizens with inquiries or complaints regarding this privacy policy should first contact Pinkerton.

Questions, comments or complaints regarding our EU Safe Harbor Policy or data collection and processing practices can be addressed to the contact information below: 

Pinkerton Corporate Risk Management
Attn: Compliance Office
11019 McCormick Road, Suite 200
Hunt Valley, Maryland 21031
Email: Pinkerton.Disputes@pinkerton.com

Unresolved Privacy Complaints: Pinkerton Corporate Risk Management has further committed to refer unresolved privacy complaints under the US-EU and US-Swiss Safe Harbor Principles to an independent dispute resolution mechanism, the BBB EU SAFE HARBOR, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed by Pinkerton, please visit BBB EU SAFE HARBOR for more information and to file a complaint.

Additional Resources

• Pinkerton’s Safe Harbor Certification
  
• More information about the Safe Harbor Principles from U.S. Department of Commerce

(This policy was last updated 01/03/2013)