Vital4 (Vital4) regards the lawful and proper treatment of Personal Identifiable Information (PII) critical to a strong, successful operation. It is Vital4’s policy to maintain the confidentiality and privacy of any personal data submitted voluntarily to us in writing, electronically, through our online order/delivery system, or while visiting our website.
- Vital4 adheres to the following principals that combine domestic and international expectations in privacy regulation.
- Vital4 complies with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries.
Vital4 collects highly sensitive and personal information regarding individuals including, but not limited to, full name, previous/alternative names, national identity numbers, date of birth, telephone & facsimile numbers, residential address history, credit information, employment history, education history, and criminal record history.
Our customers provide Vital4 with the applicant’s personal information in order to produce a report (may be referred to by several different names including: Background Check, Consumer Report, Background Screening Report, Background Report Search, etc.). Information is collected as needed to process requested academic, residential, achievement, job performance, attendance, litigation, personal history, credit reports, driving records, criminal history records and other lawful checks. Vital4 only provides international background screening services to businesses with a legitimate and permissible purpose.
3901 Mary Eliza Trace NW, Suite 202
Marietta, Georgia 30064
Contact Name: Dawn Marchand
In addition to the data submitted by Vital4 to our customers, Vital4 may collect data from third parties as needed (such as credit agencies, employers, academic institutions, law enforcement agencies, city, state, country, and federal courts and military services) as prior employers, references, or business affiliates may be contacted and the report may include information obtained through personal interviews regarding the applicant’s character, general reputation, personal characteristics and/or mode of living. Information is collected as needed to process requested academic, residential, achievement, job performance, attendance, litigation, personal history, credit reports, driving records, criminal history records and other lawful checks.
Vital4 applies the principles of Notice and Choice of EU-PII to third parties (other than Vital4 agents). The EU-PII is only to provide to third parties for purposes described in the Notice section or otherwise disclosed to consumers, and will not be disseminated to a third party where a consumer has “opted-out” or, in the case of “sensitive” information, failed to “opt-in.”
3901 Mary Eliza Trace NW, Suite 202
Marietta, GA 30064
Vital4 has further committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.
3901 Mary Eliza Trace NW, Suite 202
Marietta, GA 30064
Vital4 has further committed to refer unresolved privacy complaints under the US-Swiss Safe Harbor to an independent dispute resolution mechanism operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/us/safe-harbor-complaints for more information and to file a complaint.
Vital4 is subjected to the investigatory and enforcement powers of the Federal Trade Commission (FTC) and any other U.S. authorized statutory bodies. If Vital4 should ever become subject to an FTC or court order based on non-
compliance, Vital4 will make public any relevant Privacy Shield-related sections of any compliance or assessment report submitted to the FTC, to the extent consistent with confidentiality requirements.
Vital4 offers individuals the opportunity to choose to “opt-out” or “opt-in” whether their EU Personal Data will be disclosed to a third party (not including Vital4 agents). These options are detailed in CHOICE section of this Policy.
An individual may invoke binding arbitration as the method for dispute resolution in accordance with the requirements and procedures set forth in Annex 1 of the Privacy Shield Framework. As set forth in Annex I, Vital4 recognizes that an arbitration option is available to an individual to determine, for residual claims, whether a Privacy Shield organization has violated its obligations under the Principles as to that individual, and whether any such violation remains fully or partially un-remedied. Annex I provides the terms under which Privacy Shield organizations are obligated to arbitrate claims, pursuant to the Recourse, Enforcement and Liability Principle. This option is available only for these purposes. It can be found in its entirety at the Privacy Choice website URL.
Vital4 is required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
In the context of onward transfers, Vital4 is responsible for the processing of personal information it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf. Vital4 remains liable under the Principles if its agent processes such personal information in a matter inconsistent with the Principles, unless Vital4 proves it is not responsible for the event given rise to the damage.
Vital4 offers individuals the opportunity to choose (opt out) whether their personal information is (i) to be disclosed to a third party or (ii) to be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by the individuals.
Accountability for Onward Transfer
To transfer personal information to a third party acting as a controller, Vital4 complies with the Notice and Choice Principles. Vital4 will also enter into a contract with the third-party controller that provides that such data may only be processed for limited and specified purposes consistent with the consent provided by the individual and that the recipient will provide the same level of protection as the Principles and will notify the organization if it makes a determination that it can no longer meet this obligation. The contract shall provide that when such a determination is made the third party controller ceases processing or takes other reasonable and appropriate steps to remediate.
To transfer personal data to a third party acting as an agent, Vital4: (i) transfers such data only for limited and specified purposes; (ii) ascertain that the agent is obligated to provide at least the same level of privacy protection as is required by the Principles; (iii) take reasonable and appropriate steps to ensure that the agent effectively processes the personal information transferred in a manner consistent with the organization’s obligations under the Principles; (iv) require the agent to notify the organization if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the Principles; (v) upon notice, including under (iv), take reasonable and appropriate steps to stop and remediate unauthorized processing; and (vi) provide a summary or a representative copy of the relevant privacy provisions of its contract with that agent to the Department of Commerce upon request.
Vital4 takes reasonable steps to protect personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction regardless of how it is collected, recorded and used- whether on paper, computer, or recorded on other material. Vital4 will release information via telephone, facsimile, mail, and secure electronic methods only to the individual(s) or business(s) who originally requested the service. Vital4’s safeguards exceed the ethical expectations and lawful regulation worldwide.
When personal information is transmitted to Vital4, it is protected through the use of a strong 256-bit Secure Sockets Layer (SSL) protocol. Email communications also utilize secure encryption technology such as TLS, Escrow, PGP or S/MIME and meet or exceed HIPPA and other communication security regulations and policy standards.
Our servers store personal data in a secure manner. Access is strictly limited to authorized personnel who are trained to protect against loss, misuse, unauthorized access, disclosure, alteration or destruction of personal data under Vital4 control.
When an individual visits the Vital4 corporate website, we may place a text file, called a cookie, in the browser directory of the individual’s computer hard drive. A cookie is a small piece of information that a website can store on the individual’s web browser and later retrieve. The information that cookies may collect includes the date and time of the visit, registration information and navigational activity. Cookies cannot be used to run programs or deliver viruses to an individual’s computer. Cookies are uniquely assigned to individual users, and can only be read by a web server in the domain that issued the cookie. Most browsers allow an individual to decline cookies, but if elect to do so, these pages may not display properly. An individual is free to delete cookies after their session, and the browser should contain instructions on how to do this.
Data Integrity and Purpose Limitation
Vital4 collects only minimal personal information that is necessary to the requested search. Because Vital4 creates, maintains, uses or disseminates personal information, Vital4 takes reasonable and appropriate measures to protect it from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into due account the risks involved in the processing and the nature of the personal data.
Vital4 will release information via telephone, facsimile, mail, and secure electronic methods only to the individual(s) or business(s) who originally requested the service. Under no circumstances will personal information collected and maintained in our databases ever be sold or provided to an outside entity for any purpose.
Consistent with the Principles, Vital4’s use of personal information is limited to the information that is relevant for the purposes of processing. Vital4 does not process personal information in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by the individual. To the extent necessary for those purposes, Vital4 takes reasonable steps to ensure that personal data is reliable for its intended use, accurate, complete, and current. Vital4 adheres to the Principles for as long as it retains such information.
Information may be retained in a form identifying or making identifiable the individual only for as long as it serves a purpose of processing within the law or regulation. Vital4 takes reasonable and appropriate measures in complying with this provision.
Individuals have the right to access personal information about them that Vital4 holds and be able to correct, amend, or delete that information where it is inaccurate, or has been processed in violation of the Principles, except where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question, or where the rights of persons other than the individual would be violated.
Consistent with the fundamental nature of access, Vital4 will always make good faith efforts to provide access. Please contact Vital4 as listed below and view our Dispute Resolution Policy here for more details.
Recourse, Enforcement and Liability
Vital4 fully endorses and complies to all applicable United States and international laws governing the privacy and protection of personal data that is collected, processed, transferred/exported, organized, altered, recorded, used, disclosed, combined, destroyed, or simply being held throughout the globe, including but not limited to the following:
- EU-US Privacy Shield Principles
- U.S.-Swiss Safe Harbor Principles
- European Directive on Data Protection 95/46/EC
- Data Protection Act 1998
- EU Employment Practices Data Protection Code
- Internationally accepted Fair Information Handling Practices
- Fair Credit Reporting Act (FCRA)
- APEC Privacy Framework
- OECD Privacy Guidelines
Vital4’s privacy protection includes robust mechanisms for assuring compliance with the Principles, recourse for individuals who are affected by non-compliance with the Principles, and consequences for Vital4 when the Principles are not followed. Vital4 uses the following mechanisms:
- Vital4 and the BBB will respond promptly to inquiries and requests by the Department of Commerce for information relating to the Privacy Shield. Vital4 responds expeditiously to complaints regarding compliance with the Principles referred by EU Member State authorities through the Department of Commerce. Vital4 is a company that processes human resources data and has chosen to cooperate with DPAs, will respond directly to such authorities with regard to the investigation and resolution of complaints.
- follow-up procedures for verifying that the attestations and assertions organizations make about their privacy practices are true and that privacy practices have been implemented as presented and, in particular, with regard to cases of non-compliance; and
- Vital4 accepts its obligation to arbitrate claims and follow the terms as set forth in Annex I, provided that an individual has invoked binding arbitration by delivering notice to the organization at issue and following the procedures and subject to conditions set forth in Annex I.
In the context of an onward transfer, Vital4 is responsible for the processing of personal information it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf. The Privacy Shield organization shall remain liable under the Principles if its agent processes such personal information in a manner inconsistent with the Principles, unless Vital4 proves that it is not responsible for the event giving rise to the damage.
Human Resources Data
Vital4 uses EU-PII human resources related data transferred from the EU and commits to cooperating with the DPAs with regard to such data.
Where an organization in the EU transfers personal information about its employees (past or present) collected in the context of the employment relationship to Vital4, the transfer enjoys the benefits of the Privacy Shield.
Vital4 commits to cooperate with EU data protection authorities (DPAs) and comply with the advice given by such authorities with regard to human resources data transferred from the EU in the context of the employment relationship.
Vital4’s follow up procedures for verifying that the attestations and assertions they make about their Privacy Shield privacy practices are true and those privacy practices have been implemented as represented and in accordance with the Privacy Shield Principles.
Vital4 verifies such attestations and assertions either through self-assessment or outside compliance reviews to meet the verification requirements of the Recourse, Enforcement and Liability Principle.
Vital4 retains their records on the implementation of their Privacy Shield privacy practices and are available upon request in the context of an investigation or a complaint about noncompliance to the independent body responsible for investigating complaints or to the agency with unfair and deceptive practices jurisdiction. Vital4 responds promptly to inquiries and other requests for information from the Department of Commerce relating to the organization’s adherence to the Principles.
Content on Vital4’s website and links
3901 Mary Eliza Trace NW Suite 202
Marietta, GA 30064