IMPORTANT NOTE: This update corresponds with our self-certification under the EU-U.S. Privacy Shield Program (hereinafter “Privacy Shield”) due to invalidation of the Safe Harbor program pursuant to the European Court of Justice’s decision in Maximillian Schrems v. Data Protection Commissioner.
Scope of this Policy
Changes to this Policy
Privacy Shield Principles
Pinkerton enters into agreements with organizations that provide us with individual’s personal information in order for us to provide the Services in a manner consistent with, and limited to the purpose for which the data subject provided consent for the processing of their personal information. Pinkerton initiates background checks and fulfills such requests for services from organizations based on their instructions and with the data subject’s consent, with the exception of due diligence investigations which are conducted for commercial purposes. The organizations who request services from Pinkerton (our clients) are the data controllers over the personal information we process.
Pinkerton strives to limit its collection of personal information to that necessary for the offering and administration of our services. Pinkerton’s services include background checks or screening for employment purposes; due diligence investigations for commercial purposes; and tenant screening (collectively, the “Services”).
When we receive personal information for purposes of initiating or conducting the Services, Pinkerton may receive or collect the following information or data: your name; date of birth; address; driver’s license information; Social Security number and national identification number; passport number or work visa information; job title; employer name and employment location; email address; and your mother’s maiden name as applicable to the Services requested.
If Pinkerton receives your personal information in order to conduct a background check in the context of an employment relationship, your personal information may be considered human resources data under Privacy Shield.
Depending on the Services requested, Pinkerton may receive or collect personal information directly from you, from an employing organization, a landlord or leasing agent, or from our third party vendors in the EU who assist Pinkerton in fulfilling requests for our Services. This information or data about you may include: employment and educational history and reference information; social media information; court records or certificates related to criminal history, bankruptcies or civil records; address verification; national identification card information; credit history; information related to your role in a directorship; motor vehicle records; and professional licenses and certificates. This information is used to fulfill requests for our Services.
Pinkerton’s use of your personal information is limited to that for which you have given your consent, with the exception of due diligence investigations which are conducted for commercial purposes. Any disclosures of your personal information are for the purpose of fulfilling the Services requested by our client who is the data controller.
You may request Pinkerton stop processing your personal information we have received in order to fulfill the Services requested. Any such request will be communicated to the client who requested the Services.
Accountability for Onward Transfer
Pinkerton has in place written agreements with organizations using the Services, as well as our third-party service providers assisting us in fulfilling requests for the Services, which require, among other things, that both parties safeguard personal information, abide by applicable laws, as well as have a permissible basis for the onward transfer of personal information from the EU, EEA or Switzerland to the United States. Pinkerton may be liable for appropriate onward transfer of personal information to third parties.
Pinkerton strives to protect personal information that we collect, maintain and disclose through the use of reasonable administrative, physical and technical safeguards. We have security protocols and measures in place to ensure confidentiality of personal information and to protect the personal information we maintain about you from unauthorized access or alteration as well as unlawful disclosure. These measures include internal and external firewalls, physical security and technological security measures, as well as encryption of certain information and password protection for account information. Our security program is designed to: (1) ensure the security and confidentiality of personal information; (2) protect against any anticipated threats or hazards to the security or integrity of the information; and (3) protect against loss, misuse and unauthorized access, disclosure, alteration and destruction of the personal information.
Data Integrity and Purpose Limitation
Pinkerton collects personal information for background checks related to our Services consistent with an organization’s request for such and with the consent of the data subject. When conducting background checks to fulfill requests for our Services, Pinkerton may disclose your personal information in order to conduct the check to third parties such as our third party service providers and researchers; courthouses or police stations; public records repositories; educational institutions; credit bureaus; and organizations you have previously worked for, but only for the purpose of completing the Services you authorized. Pinkerton does not use your personal information for any other purpose, including marketing.
When your information is transferred to the United States, Pinkerton may need to disclose personal information we receive from you in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Pinkerton retains personal information as required by contractual, statutory or other legal obligations. Statutory and legal obligations include, but are not limited to the U.S. Fair Credit Reporting Act (15 U.S.C. § 1681, et seq.) (“FCRA”), as may be amended from time to time.
Access and Correction
As a consumer reporting agency under the FCRA, you may also have rights under the FCRA with respect to any consumer report(s) Pinkerton provides to your employing organization, landlord or leasing agent. Such rights include the ability to dispute the accuracy or completeness of any information contained in the consumer report(s). Pinkerton complies with its consumer dispute and reinvestigation obligations under the FCRA.
Point of Contact
Pinkerton Consulting and Investigations, Inc.
Attn: Nancy Alt, Director of Global Compliance
1333 Butterfield Road
Downers Grove, IL 60515
Independent Recourse Mechanisms
Pinkerton has further committed to refer unresolved privacy complaints under the EU-U.S. Privacy Shield Principles to BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus (“BBB”). If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please contact or visit BBB for more information or to file a complaint at www.bbb.org/EU-privacy-shield/for-eu-consumers/. The services of BBB are provided at no cost to you.
Under certain conditions, if the above recourse mechanisms have not resolved your complaint, you may invoke binding arbitration before the Privacy Shield panel to be created by the U.S. Department of Commerce and the European Commission.
Pinkerton also commits to cooperate with the panel established by the EU data protection authorities (DPAs) and comply with the advice given by the panel with regard to human resources data transferred from the EU in the context of the employment relationship.
Enforcement and Liability
Pinkerton is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
(This policy was last updated 09/23/2016)