International Screening Solutions (“ISS”) strives to respect the information privacy needs of individuals and clients while providing information services that help those parties realize their mutual goals. Our goal is to preserve the confidentiality of all private Personally Identifiable Information that is submitted to us in writing or electronically and by an individual or client (“PII”), regardless of whether that information is provided to us by an individual or by one of our clients in connection with background screening (including credential verification and credit information), fraud and regulatory risk management or other services.
The ISS Website is a business to business website. The website is not meant to be an interface for individuals exploring the website for personal, family, or household purposes (“consumers”) and is not used to collect consumer PII. The ISS Website is used to provide information about ISS’s services and may also be used to collect business contact information from individuals who, on behalf of their employers, choose to provide their business contact details (e.g., job title, business email address, business phone number, etc.) for the purpose of learning more about ISS’s services.
I. About Cookies
- A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a web page from the server.
- Cookies are either “persistent” cookies or “session” cookies. Persistent cookies are stored by a web browser and remain valid until a set expiration date, unless the user (you) deletes it before the expiration date. Session cookies expire each time the browser is closed.
- Cookies usually do not contain any PII.
II. Our Cookies
III. Third Party Cookies
- The ISS Website does not use third party cookies.
ISS strives to adhere to the following principles, which combine domestic and international expectations in privacy regulation, as much as is reasonable in light of the specific purpose:
- Notice: need to provide clear and accessible language about practices and policies for handling PII.
- Choice: respect for individuals’ ability to grant and revoke express consent to the collection, use, retention, and disclosure of PII for defined purposes as permitted by law.
- Onward Transfer: need to disclose how PII may be transferred to third parties, particularly when information crosses national borders.
- Security: need to maintain safeguards and adequate protection of PII.
- Data Integrity: making commercially reasonable efforts to maintain accurate, complete, relevant, and reliable information.
- Access: respecting individuals’ rights to access and to challenge the accuracy of information relating to them.
- Enforcement: maintaining reasonable procedures to protect and enforce the various rights that individuals have regarding the PII that ISS handles and stores.
This section covers any PII, other than information covered by the EU policy, that ISS has obtained (i) by manually or electronically searching public sources (public websites, official published lists, etc.); or (ii) directly from individuals, clients, or their agents. PII collected may include standard personally identifiable information (e.g., name, address, job title) or sensitive categories of information (i.e., personal information specifying racial or ethnic origin, political opinions, religious or philosophical beliefs, or criminal records). Which data is considered sensitive information may vary depending on jurisdiction.
ISS may gather, transmit, or store the above categories of data about individuals on behalf of its clients or their agents (e.g., recruiters, staffing firms, consulting companies, financial institutions, or background screening companies and consumer reporting agencies). If ISS creates an information product (such as a background report), it may deliver the report to its client for use in making employment-related decisions regarding hiring, retention, promotion or re-assignment; insurance-related decisions; customer-related decisions; or for resale to an entity that is making an employment-, insurance-, or customer-related decision. Generally, ISS’s clients are agents acting on behalf of other companies. ISS does not make decisions on behalf of its clients, nor does it subsequently resell, reuse, or otherwise disclose information gathered on behalf of any such entities to third parties, whether for marketing or other reasons outside the original scope of the data collection.
Below are some examples of ways that client entities might use data collected by ISS:
- to complete background checks on applicants and current employees
- to verify credentials presented by potential customers, job applicants, or current employees
- to investigate reports or suspicion of job-related wrongdoing
- to investigate current or prospective customers’ compliance with applicable anti-corruption/anti-bribery laws and other regulations
Clients may submit PII to ISS when they place orders for services and when providing employee information (e.g., business contact details) needed to fulfill the service contract between ISS and themselves. ISS does not usually have direct contact with individuals, especially consumers; therefore, ISS does not provide individuals with direct notice. If the individual is a consumer and the client’s purpose for requesting services requires consumer authorization, ISS will not process PII unless a client (i) has certified its use of a legally sufficient consumer notice and authorization, or (ii) gives proof of a legitimate reason why such notice and authorization is not required.
Furthermore, ISS indexes public websites in order to provide certain services. These websites may publish information related to many individuals, and the information may or may not be arranged in a manner that makes it easy to identify a specific individual. ISS does not control the form or content of indexed websites, and cannot provide direct notices to the individuals whose information is available through those indexed websites.
It is important to note that, by design, ISS rarely has direct contact with consumers. However, if ISS deliberately collects PII directly from consumers, they are informed about the purposes for which the information is being collected and used, how to contact ISS with inquiries or complaints, the types of third parties to which it discloses the information, and any mechanisms in place to allow them to exercise choice for limiting use or disclosure outside the original scope and purpose of collection, among other things. Notice is provided in clear and conspicuous language either when ISS first asks the consumer to provide PII or as soon thereafter as is practicable, but in any event before ISS uses the information for a purpose other than that for which it was originally collected, or discloses it to a third party other than an agent acting under ISS’s instructions (“non-agent third party”).
If an individual’s PII was released to ISS or one of its clients on the basis of informed consent, the individual should have an opportunity to “opt-out” of having his or her PII disclosed to non-agent third parties or used for a purpose that is different than the original purpose of collection. Except to the extent required by law or reasonably necessary to mount a legal defense, ISS will not processes or disclose any PII if it becomes aware that the individual has revoked his or her consent.
As a reminder, ISS rarely has direct contact with consumers and, in most cases, simply acts as a processor or agent of another company. Therefore, ISS’s clients are responsible for managing individuals’ consent.
III. Onward Transfer to Third Parties
PII is only provided to third parties for purposes described in the “Notice” section above or as otherwise disclosed to consumers. As a matter of policy, ISS does not disclose data to third parties unless a written agreement is in place and/or the individual has given consent to the disclosure. The written agreement must bind both parties to follow information handling practices that are (i) reasonable in light of the nature, scope, and purpose of the information processing and (ii) consistent with applicable law. If required to do so by law, ISS will obtain consumer consent before disclosing PII to a third party.
ISS may disclose PII, with or without an individual’s consent, in response to a lawful request by public authorities if required to do so by laws regarding national security or law enforcement, or in good faith belief that such disclosure is required by law.
ISS takes reasonable steps to protect PII from loss, misuse, and unauthorized access, disclosure, alteration and destruction.
Access to information maintained in our systems is restricted to authorized personnel who have a need to access that information in order to complete their jobs. If we transmit PII through the website or ISS controlled networks, we utilize industry standard encryptions, including 256-bit Secure Sockets Layer (SSL) protocol.
PII is destroyed by shredding or electronic erasure that is done in a manner such that the information cannot be practicably read or recovered.
V. Data Integrity and Limited Purpose
ISS processes information, including PII, in ways that are compatible with the purposes for which it has been collected (as identified in the Notice section above) or as otherwise authorized by the consumer, and for no other purposes. To the extent necessary for those purposes, ISS takes reasonable steps to ensure that information is reliable for its intended use, and that it is accurate, complete, and current. ISS does not use consumer PII for marketing purposes nor does it sell PII to third parties.
An individual may make a written request for access to any PII that ISS maintains about him or her. ISS will give individuals reasonable opportunity to correct, amend, or delete incomplete or inaccurate information, as well as information that is proven to have been processed in violation of applicable laws, unless (i) the burden or expense of providing access would be disproportionately high compared to the risks to the individual’s privacy, or (ii) the rights of persons other than the individual would be violated.
ISS has the right to request and obtain sufficient information to allow it to confirm that the identity of the person making the access request matches the identity of the subject of the information. ISS will make reasonable efforts to confirm the identity of the requestor to ensure that information is only provided to the subject of the information.
To request information relating to their PII, individuals may contact ISS in writing by submitting a letter or an Access Request Form to the address identified in the section of this policy called “ISS Contact Information”.
If an individual’s initial writing does not provide sufficient evidence of identity, he or she will be asked to provide sufficient evidence of his or her identity to ensure that information is only released to the correct person. If ISS is unable to grant access to the individual’s PII or correct information, it will notify him or her.
ISS is committed to addressing problems arising out of an identified failure to comply with this policy and applicable laws. We will verify that assertions made in this document are true and implemented via annual self-assessment of our policies and procedures. Individuals who have a complaint or dispute related to our handling of their PII are encouraged to first contact ISS by submitting a letter or Notice of Consumer Dispute Form to the address identified in the section of this policy called “ISS Contact Information.”
Our Contact Information
International Screening Solutions, Inc.
4255 Wade Green Road, Suite 520
Kennesaw, GA 30144
Effective: November 17, 2017