Privacy Shield

Privacy Shield

EU-U.S. Privacy Shield Policy / Swiss-U.S. Privacy Shield Policy

Effective: September 23, 2016

Last Updated: November 1, 2020

IMPORTANT NOTE: This update corresponds with Pinkerton’s self-certification renewal with the U.S. Department of Commerce’s International Trade Administration under the EU-U.S. and Swiss-U.S. Privacy Shield Programs.

Scope of this Policy

This policy (hereinafter “Privacy Shield privacy policy”) describes Pinkerton Consulting and Investigations, Inc. (“Pinkerton”) use and treatment of personal information it receives from data subjects in the European Union (“EU”) and European Economic Area (“EEA”) member countries as well as Switzerland and the United Kingdom (“UK”) in reliance on the EU-U.S. and Swiss-U.S. Privacy Shield programs.

To learn more about how Pinkerton collects, uses, and discloses personal information collected through our website, see Pinkerton’s privacy policy.

Changes to this Policy

Pinkerton may revise this Privacy Shield privacy policy from time to time. If we make material changes, we will notify you by posting a notice on our website.

Privacy Shield Principles Applicable to EU, UK and Swiss Data Subjects Whose Data is Transferred into the United States

Pinkerton complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework (collectively “Privacy Shield”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the EU, UK and Switzerland to the United States, respectively. Pinkerton has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this Privacy Shield privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certifications, please visit privacyshield.gov.

Notice

Pinkerton strives to limit its collection of personal information to that necessary for the offering and administration of our services. Pinkerton’s services include background checks or screening for employment purposes; due diligence investigations for commercial purposes; and tenant screening (collectively, the “Services”).

When we receive personal information for purposes of initiating or conducting the Services, Pinkerton may receive or collect the following information or data: your name; date of birth; address; driver’s license information; Social Security number and national identification number; passport number or work visa information; job title; employer name and employment location; email address; and your mother’s maiden name as applicable to the Services requested.

If Pinkerton receives your personal information in order to conduct a background check in the context of an employment relationship, your personal information may be considered human resources data under Privacy Shield.

Depending on the Services requested, Pinkerton may receive or collect personal information directly from you, from an employing organization, a landlord or leasing agent, or from our third-party vendors in the EU, the UK and Switzerland who assist Pinkerton in fulfilling requests for our Services. This information or data about you may include: employment and educational history and reference information; social media information; court records or certificates related to criminal history, bankruptcies or civil records; address verification; national identification card information; credit history; information related to your role in a directorship; motor vehicle records; and professional licenses and certificates. This information is used to fulfill requests for our Services.

Choice

Pinkerton’s use of your personal information is limited to that for which you have given your consent, with the exception of due diligence investigations which are conducted for commercial purposes. Any disclosures of your personal information are for the purpose of fulfilling the Services requested.

You may request Pinkerton stop processing your personal information we have received in order to fulfill the Services requested. Any such request will be communicated to the requestor of the Services.

Accountability for Onward Transfer

Pinkerton enters into agreements with organizations that provide us with individual’s personal information in order for us to provide the Services in a manner consistent with, and limited to the purpose for which the data subject provided consent for the processing of their personal information. Pinkerton initiates background checks and fulfills such requests for our Services from organizations based on their instructions and with the data subject’s consent. Other than as described in this Privacy Shield privacy policy or our general Privacy Policy, Pinkerton does not transfer any data to non-agent third parties. If this practice should change in the future, we will update this policy to identify those entities and provide individuals with opt-in or opt-out choice (as required) prior to any data sharing.

Pinkerton has in place written agreements with organizations using the Services, as well as our third-party service providers assisting us in fulfilling requests for the Services, which require, among other things, that both parties safeguard personal information, abide by applicable laws, as well as have a permissible basis for the onward transfer of personal information from the EU, EEA, UK or Switzerland to the United States. Pursuant to Privacy Shield, Pinkerton may be liable for the onward transfer of personal data to third parties unless we demonstrate that we were not a party to the action giving rise to the damages.

Security

Pinkerton strives to protect personal information that we collect, maintain and disclose through the use of reasonable administrative, physical and technical safeguards. We have security protocols and measures in place to ensure confidentiality of personal information and to protect the personal information we maintain about you from unauthorized access or alteration as well as unlawful disclosure. These measures include internal and external firewalls, physical security and technological security measures, as well as encryption of certain information and password protection for account information. Our security program is designed to: (1) ensure the security and confidentiality of personal information; (2) protect against any anticipated threats or hazards to the security or integrity of the information; and (3) protect against loss, misuse and unauthorized access, disclosure, alteration and destruction of the personal information.

Data Integrity and Purpose Limitation

Pinkerton collects personal information for background checks related to our Services consistent with an organization’s request for such and with the consent of the data subject. When conducting background checks to fulfill requests for our Services, Pinkerton may disclose your personal information in order to conduct the check to third parties such as our third party service providers and researchers; courthouses or police stations; public records repositories; educational institutions; credit bureaus; and organizations you have previously worked for, but only for the purpose of completing the Services you authorized. Pinkerton does not use your personal information for any other purpose, including marketing.

Pinkerton retains personal information as required by contractual, statutory or other legal obligations. Statutory and legal obligations include, but are not limited to the U.S. Fair Credit Reporting Act (15 U.S.C. § 1681, et seq.) (“FCRA”), as may be amended from time to time.

Access and Correction

Pinkerton acknowledges the right of EU, UK and Swiss individuals to access their personal data. You may use the Point of Contact listed in this Privacy Shield privacy policy to contact Pinkerton about any questions, complaints, access requests or other issues arising under Privacy Shield or our Privacy Shield privacy policy. Please note that if you submit a complaint Pinkerton must respond to you within 45 days of receiving a complaint.

As a consumer reporting agency under the FCRA, you may also have rights under the FCRA with respect to any consumer report(s) Pinkerton provides to your employing organization, landlord or leasing agent. Such rights include the ability to dispute the accuracy or completeness of any information contained in the consumer report(s). Pinkerton complies with its consumer dispute and reinvestigation obligations under the FCRA.

Pursuant to Privacy Shield we are obligated to inform EU, UK and Swiss data subjects that we may be required to disclose their personal data in response to lawful requests by public authorities, including to meet national security and law enforcement requirements.

Point of Contact

If you have any questions, complaints, access requests or any other issues arising under Privacy Shield or this Privacy Shield privacy policy, please contact:

Independent Recourse Mechanisms

In compliance with the Privacy Shield Principles, Pinkerton commits to resolve complaints about our collection or use of your personal information. European Union, United Kingdom and Swiss individuals with inquiries or complaints regarding our Privacy Shield privacy policy should first contact Pinkerton using the Point of Contact information provided in this Privacy Shield privacy policy.

Consumer Data: Pinkerton has further committed to refer unresolved privacy complaints under the EU-U.S. and Swiss-U.S. Privacy Shield Principles to BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please contact or visit BBB for more information or file a complaint at bbb.org. The services of BBB are provided at no cost to you.

Human Resources Data Within the HR Relationship: Pinkerton also commits to cooperate with the panel established by the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by the panel with regard to human resources data transferred from the EU, the UK or Switzerland in the context of the employment relationship. Additional resources are available below:

• List of all DPAs
• Information on the UK Information Commissioner's Office
• List of the FDPICs

Please do not register Human Resources complaints with BBB EU Privacy Shield.

If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at privacyshield.gov.

Enforcement and Liability

Pinkerton is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).