EU-U.S. Privacy Shield Policy / Swiss-U.S. Privacy Shield Policy
Effective: September 23, 2016
Last Updated: October 18, 2019
IMPORTANT NOTE: This update corresponds with Pinkerton’s self-certification renewal with the U.S. Department of Commerce’s International Trade Administration under the EU-U.S. and Swiss-U.S. Privacy Shield Programs.
Scope of this Policy
Changes to this Policy
Privacy Shield Principles Applicable to EU, UK and Swiss Data Subjects Whose Data is Transferred into the United States
Pinkerton strives to limit its collection of personal information to that necessary for the offering and administration of our services. Pinkerton’s services include background checks or screening for employment purposes; due diligence investigations for commercial purposes; and tenant screening (collectively, the “Services”).
When we receive personal information for purposes of initiating or conducting the Services, Pinkerton may receive or collect the following information or data: your name; date of birth; address; driver’s license information; Social Security number and national identification number; passport number or work visa information; job title; employer name and employment location; email address; and your mother’s maiden name as applicable to the Services requested.
If Pinkerton receives your personal information in order to conduct a background check in the context of an employment relationship, your personal information may be considered human resources data under Privacy Shield.
Depending on the Services requested, Pinkerton may receive or collect personal information directly from you, from an employing organization, a landlord or leasing agent, or from our third-party vendors in the EU, the UK and Switzerland who assist Pinkerton in fulfilling requests for our Services. This information or data about you may include: employment and educational history and reference information; social media information; court records or certificates related to criminal history, bankruptcies or civil records; address verification; national identification card information; credit history; information related to your role in a directorship; motor vehicle records; and professional licenses and certificates. This information is used to fulfill requests for our Services.
Pinkerton’s use of your personal information is limited to that for which you have given your consent, with the exception of due diligence investigations which are conducted for commercial purposes. Any disclosures of your personal information are for the purpose of fulfilling the Services requested.
You may request Pinkerton stop processing your personal information we have received in order to fulfill the Services requested. Any such request will be communicated to the requestor of the Services.
Accountability for Onward Transfer
Pinkerton has in place written agreements with organizations using the Services, as well as our third-party service providers assisting us in fulfilling requests for the Services, which require, among other things, that both parties safeguard personal information, abide by applicable laws, as well as have a permissible basis for the onward transfer of personal information from the EU, EEA, UK or Switzerland to the United States. Pursuant to Privacy Shield, Pinkerton may be liable for the onward transfer of personal data to third parties unless we demonstrate that we were not a party to the action giving rise to the damages.
Pinkerton strives to protect personal information that we collect, maintain and disclose through the use of reasonable administrative, physical and technical safeguards. We have security protocols and measures in place to ensure confidentiality of personal information and to protect the personal information we maintain about you from unauthorized access or alteration as well as unlawful disclosure. These measures include internal and external firewalls, physical security and technological security measures, as well as encryption of certain information and password protection for account information. Our security program is designed to: (1) ensure the security and confidentiality of personal information; (2) protect against any anticipated threats or hazards to the security or integrity of the information; and (3) protect against loss, misuse and unauthorized access, disclosure, alteration and destruction of the personal information.
Data Integrity and Purpose Limitation
Pinkerton collects personal information for background checks related to our Services consistent with an organization’s request for such and with the consent of the data subject. When conducting background checks to fulfill requests for our Services, Pinkerton may disclose your personal information in order to conduct the check to third parties such as our third party service providers and researchers; courthouses or police stations; public records repositories; educational institutions; credit bureaus; and organizations you have previously worked for, but only for the purpose of completing the Services you authorized. Pinkerton does not use your personal information for any other purpose, including marketing.
Pinkerton retains personal information as required by contractual, statutory or other legal obligations. Statutory and legal obligations include, but are not limited to the U.S. Fair Credit Reporting Act (15 U.S.C. § 1681, et seq.) (“FCRA”), as may be amended from time to time.
Access and Correction
As a consumer reporting agency under the FCRA, you may also have rights under the FCRA with respect to any consumer report(s) Pinkerton provides to your employing organization, landlord or leasing agent. Such rights include the ability to dispute the accuracy or completeness of any information contained in the consumer report(s). Pinkerton complies with its consumer dispute and reinvestigation obligations under the FCRA.
Pursuant to Privacy Shield we are obligated to inform EU, UK and Swiss data subjects that we may be required to disclose their personal data in response to lawful requests by public authorities, including to meet national security and law enforcement requirements.
Point of Contact
- Pinkerton Consulting and Investigations, Inc.
- Attn: Nancy Alt, Director of Global Compliance
- 11019 McCormick Road
- Suite 200
- Hunt Valley, MD 21031
- Email: email@example.com
- Telephone: 1-800-635-1649 - (Choose Option 2 - Consumer Disputes Department)
Independent Recourse Mechanisms
Consumer Data: Pinkerton has further committed to refer unresolved privacy complaints under the EU-U.S. and Swiss-U.S. Privacy Shield Principles to BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please contact or visit BBB for more information or file a complaint at bbb.org. The services of BBB are provided at no cost to you.
Human Resources Data Within the HR Relationship: Pinkerton also commits to cooperate with the panel established by the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by the panel with regard to human resources data transferred from the EU, the UK or Switzerland in the context of the employment relationship. Additional resources are available below:
Please do not register Human Resources complaints with BBB EU Privacy Shield.
If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at privacyshield.gov.
Enforcement and Liability
Pinkerton is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).