Privacy Policy 2018-04-14T01:08:27+00:00

Vital4 (Vital4) regards the lawful and proper treatment of Personal Identifiable Information (PII) critical to a strong, successful operation. It is Vital4’s policy to maintain the confidentiality and privacy of any personal data submitted voluntarily to us in writing, electronically, through our online order/delivery system, or while visiting our website.

This Privacy Policy statement outlines how Vital4 collects, uses and transfers personal data for operation, privacy in the performance of our international services, and the rights of consumers and our customers for whom we may maintain personal information on their behalf.

Privacy Principles

  • Vital4 adheres to the following principals that combine domestic and international expectations in privacy regulation.
  • Vital4 complies with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries.
  • Vital4 has certified that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. If there is any conflict between the policies in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/
  • Vital4 complies with the US-Swiss Safe Harbor Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from Switzerland. Vital4 has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. If there is any conflict between the policies in this privacy policy and the Safe Harbor Privacy Principles, the Safe Harbor Privacy Principles shall govern. To learn more about the US-Swiss Safe Harbor and to view our certification page, please visit http://www.export.gov/safeharbor/.

Notice

In every case, our customers have attested to Vital4 that they will provide a disclosure notice to the consumer that a background search will be performed in accordance with this Privacy Policy and that personal data may be collected for the purpose of completing the Background Search Report, as further described within this Privacy Policy.

Vital4 collects highly sensitive and personal information regarding individuals including, but not limited to, full name, previous/alternative names, national identity numbers, date of birth, telephone & facsimile numbers, residential address history, credit information, employment history, education history, and criminal record history.

Our customers provide Vital4 with the applicant’s personal information in order to produce a report (may be referred to by several different names including: Background Check, Consumer Report, Background Screening Report, Background Report Search, etc.). Information is collected as needed to process requested academic, residential, achievement, job performance, attendance, litigation, personal history, credit reports, driving records, criminal history records and other lawful checks. Vital4 only provides international background screening services to businesses with a legitimate and permissible purpose.

Vital4 commits to resolve complaints about your privacy and our collection or use of your personal information. Inquiries or complaints regarding this privacy policy should first contact Vital4 at:

3901 Mary Eliza Trace NW, Suite 202
Marietta, Georgia 30064
770-763-8931
DMarchand@vital4.net
Contact Name: Dawn Marchand

In addition to the data submitted by Vital4 to our customers, Vital4 may collect data from third parties as needed (such as credit agencies, employers, academic institutions, law enforcement agencies, city, state, country, and federal courts and military services) as prior employers, references, or business affiliates may be contacted and the report may include information obtained through personal interviews regarding the applicant’s character, general reputation, personal characteristics and/or mode of living. Information is collected as needed to process requested academic, residential, achievement, job performance, attendance, litigation, personal history, credit reports, driving records, criminal history records and other lawful checks.

All Search Subjects of consumer background screening reports have the right of access to any reports Vital4 produces and maintains on the subject. Search Subjects may contact Vital4, as set out at the end of this Privacy Policy, at any time to determine if we hold any personal information about them and to obtain access to that information. Vital4 allows the Search Subject a reasonable opportunity to correct, amend, or delete information that is inaccurate or incomplete, except where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy, or where the rights of persons other than the individual would be violated.

Vital4 applies the principles of Notice and Choice of EU-PII to third parties (other than Vital4 agents). The EU-PII is only to provide to third parties for purposes described in the Notice section or otherwise disclosed to consumers, and will not be disseminated to a third party where a consumer has “opted-out” or, in the case of “sensitive” information, failed to “opt-in.”

In compliance with the EU-US Privacy Shield Principles, Vital4 commits to resolve complaints about your privacy and our collection or use of your personal information. European Union individuals with inquiries or complaints regarding this privacy policy should first contact Vital4 at:

Dawn Marchand
3901 Mary Eliza Trace NW, Suite 202
Marietta, GA 30064
770-763-8931
dmarchand@vital4.net

Vital4 has further committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.

In compliance with the US-Swiss Safe Harbor Principles, Vital4 commits to resolve complaints about your privacy and our collection or use of your personal information. Swiss citizens with inquiries or complaints regarding this privacy policy should first contact Vital4 at:

Dawn Marchand
3901 Mary Eliza Trace NW, Suite 202
Marietta, GA 30064
770-763-8931
dmarchand@VITAL4.net

Vital4 has further committed to refer unresolved privacy complaints under the US-Swiss Safe Harbor to an independent dispute resolution mechanism operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/us/safe-harbor-complaints for more information and to file a complaint.

Vital4 is subjected to the investigatory and enforcement powers of the Federal Trade Commission (FTC) and any other U.S. authorized statutory bodies. If Vital4 should ever become subject to an FTC or court order based on non-
compliance, Vital4 will make public any relevant Privacy Shield-related sections of any compliance or assessment report submitted to the FTC, to the extent consistent with confidentiality requirements.

Vital4 offers individuals the opportunity to choose to “opt-out” or “opt-in” whether their EU Personal Data will be disclosed to a third party (not including Vital4 agents). These options are detailed in CHOICE section of this Policy.

An individual may invoke binding arbitration as the method for dispute resolution in accordance with the requirements and procedures set forth in Annex 1 of the Privacy Shield Framework. As set forth in Annex I, Vital4 recognizes that an arbitration option is available to an individual to determine, for residual claims, whether a Privacy Shield organization has violated its obligations under the Principles as to that individual, and whether any such violation remains fully or partially un-remedied. Annex I provides the terms under which Privacy Shield organizations are obligated to arbitrate claims, pursuant to the Recourse, Enforcement and Liability Principle. This option is available only for these purposes. It can be found in its entirety at the Privacy Choice website URL.

Vital4 is required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

In the context of onward transfers, Vital4 is responsible for the processing of personal information it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf. Vital4 remains liable under the Principles if its agent processes such personal information in a matter inconsistent with the Principles, unless Vital4 proves it is not responsible for the event given rise to the damage.

Choice

Vital4’s customers further attest that they will collect explicit voluntary consent or authorization from a consumer before requesting a Background Search Report. Either our customer or Vital4 will have provided the consumer an international consent or authorization form. If the consumer wishes not to have their personal information made available to Vital4, our customer, they have the choice to “opt-out” or not authorize our customer to procure a Background Search Report. By filling out, signing, and therefore giving explicit consent to the procurement of a Background Search Report, and submitting information to our customer, the consumer agrees (“opts-in”) to allow Vital4 to disclose information about them to our customer and to share that information with our subcontractors in accordance with Vital4 privacy policy.

Vital4 offers individuals the opportunity to choose (opt out) whether their personal information is (i) to be disclosed to a third party or (ii) to be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by the individuals.

Accountability for Onward Transfer

In conjunction with providing services, Vital4 may, in some instances, subcontract other companies and agents to perform searches on our behalf. All such entities are contractually obligated to use and maintain the confidentiality of personal information in a manner consistent with this Privacy Policy, which includes not sharing any such information with any third party, other than Vital4 and its customers. Except as described in this Privacy Policy, or required by law, Vital4 will not use or otherwise disclose any of the personally identifiable information provided or collected from third parties or other sources.

To transfer personal information to a third party acting as a controller, Vital4 complies with the Notice and Choice Principles. Vital4 will also enter into a contract with the third-party controller that provides that such data may only be processed for limited and specified purposes consistent with the consent provided by the individual and that the recipient will provide the same level of protection as the Principles and will notify the organization if it makes a determination that it can no longer meet this obligation. The contract shall provide that when such a determination is made the third party controller ceases processing or takes other reasonable and appropriate steps to remediate.

To transfer personal data to a third party acting as an agent, Vital4: (i) transfers such data only for limited and specified purposes; (ii) ascertain that the agent is obligated to provide at least the same level of privacy protection as is required by the Principles; (iii) take reasonable and appropriate steps to ensure that the agent effectively processes the personal information transferred in a manner consistent with the organization’s obligations under the Principles; (iv) require the agent to notify the organization if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the Principles; (v) upon notice, including under (iv), take reasonable and appropriate steps to stop and remediate unauthorized processing; and (vi) provide a summary or a representative copy of the relevant privacy provisions of its contract with that agent to the Department of Commerce upon request.

Security

Vital4 takes reasonable steps to protect personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction regardless of how it is collected, recorded and used- whether on paper, computer, or recorded on other material. Vital4 will release information via telephone, facsimile, mail, and secure electronic methods only to the individual(s) or business(s) who originally requested the service. Vital4’s safeguards exceed the ethical expectations and lawful regulation worldwide.

When personal information is transmitted to Vital4, it is protected through the use of a strong 256-bit Secure Sockets Layer (SSL) protocol. Email communications also utilize secure encryption technology such as TLS, Escrow, PGP or S/MIME and meet or exceed HIPPA and other communication security regulations and policy standards.

Our servers store personal data in a secure manner. Access is strictly limited to authorized personnel who are trained to protect against loss, misuse, unauthorized access, disclosure, alteration or destruction of personal data under Vital4 control.

Vital4 supports the enforcement and accountability of information industry standards and practices. Vital4 verifies the adherence to this Privacy Policy through in-house verification and internal policies and procedures implemented by the management of our company. Vital4 provides sufficient employee training and procedures for periodic objective reviews for compliance in place. Vital4 also cooperates with the BBB as a means of providing consumers a readily available and affordable resource mechanism by which individual consumer complaints and disputes, if any, will be investigated and remedied.

Cookies

When an individual visits the Vital4 corporate website, we may place a text file, called a cookie, in the browser directory of the individual’s computer hard drive. A cookie is a small piece of information that a website can store on the individual’s web browser and later retrieve. The information that cookies may collect includes the date and time of the visit, registration information and navigational activity. Cookies cannot be used to run programs or deliver viruses to an individual’s computer. Cookies are uniquely assigned to individual users, and can only be read by a web server in the domain that issued the cookie. Most browsers allow an individual to decline cookies, but if elect to do so, these pages may not display properly. An individual is free to delete cookies after their session, and the browser should contain instructions on how to do this.

Data Integrity and Purpose Limitation

Vital4 collects only minimal personal information that is necessary to the requested search. Because Vital4 creates, maintains, uses or disseminates personal information, Vital4 takes reasonable and appropriate measures to protect it from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into due account the risks involved in the processing and the nature of the personal data.

Vital4 will release information via telephone, facsimile, mail, and secure electronic methods only to the individual(s) or business(s) who originally requested the service. Under no circumstances will personal information collected and maintained in our databases ever be sold or provided to an outside entity for any purpose.

Consistent with the Principles, Vital4’s use of personal information is limited to the information that is relevant for the purposes of processing. Vital4 does not process personal information in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by the individual. To the extent necessary for those purposes, Vital4 takes reasonable steps to ensure that personal data is reliable for its intended use, accurate, complete, and current. Vital4 adheres to the Principles for as long as it retains such information.

Information may be retained in a form identifying or making identifiable the individual only for as long as it serves a purpose of processing within the law or regulation. Vital4 takes reasonable and appropriate measures in complying with this provision.

Access

Individuals have the right to access personal information about them that Vital4 holds and be able to correct, amend, or delete that information where it is inaccurate, or has been processed in violation of the Principles, except where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question, or where the rights of persons other than the individual would be violated.

All Search Subjects of consumer background screening reports have the right of access to any reports Vital4 produces and maintains on the subject. Search Subjects may contact Vital4, as set out at the end of this Privacy Policy, at any time to determine if we hold any personal information about them and to obtain access to that information. Vital4 allows the Search Subject a reasonable opportunity to correct, amend, or delete information that is inaccurate or incomplete, except where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy, or where the rights of persons other than the individual would be violated. Before disclosing information and for the Search Subject’s protection, we will require proof of identity, including proper verification and confirmation that they are the individual who is entitled to request access. Vital4 will notify the individual if, for good reason, we are unable to provide access to data or to correct data. If the Search Subject is a U.S. resident, we will mail a copy of the report within 7 days, as well as provide a copy to the current or prospective employer/customer, at no charge (as mandate by the Fair Credit Reporting Act).

Consistent with the fundamental nature of access, Vital4 will always make good faith efforts to provide access. Please contact Vital4 as listed below and view our Dispute Resolution Policy here for more details.

Recourse, Enforcement and Liability

Vital4 fully endorses and complies to all applicable United States and international laws governing the privacy and protection of personal data that is collected, processed, transferred/exported, organized, altered, recorded, used, disclosed, combined, destroyed, or simply being held throughout the globe, including but not limited to the following:

  • EU-US Privacy Shield Principles
  • U.S.-Swiss Safe Harbor Principles
  • European Directive on Data Protection 95/46/EC
  • Data Protection Act 1998
  • EU Employment Practices Data Protection Code
  • Internationally accepted Fair Information Handling Practices
  • Fair Credit Reporting Act (FCRA)
  • APEC Privacy Framework
  • OECD Privacy Guidelines
  • PIPEDA

Vital4’s privacy protection includes robust mechanisms for assuring compliance with the Principles, recourse for individuals who are affected by non-compliance with the Principles, and consequences for Vital4 when the Principles are not followed. Vital4 uses the following mechanisms:

  • Vital4 and the BBB will respond promptly to inquiries and requests by the Department of Commerce for information relating to the Privacy Shield. Vital4 responds expeditiously to complaints regarding compliance with the Principles referred by EU Member State authorities through the Department of Commerce. Vital4 is a company that processes human resources data and has chosen to cooperate with DPAs, will respond directly to such authorities with regard to the investigation and resolution of complaints.
  • follow-up procedures for verifying that the attestations and assertions organizations make about their privacy practices are true and that privacy practices have been implemented as presented and, in particular, with regard to cases of non-compliance; and
  • Vital4 accepts its obligation to arbitrate claims and follow the terms as set forth in Annex I, provided that an individual has invoked binding arbitration by delivering notice to the organization at issue and following the procedures and subject to conditions set forth in Annex I.

In the context of an onward transfer, Vital4 is responsible for the processing of personal information it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf. The Privacy Shield organization shall remain liable under the Principles if its agent processes such personal information in a manner inconsistent with the Principles, unless Vital4 proves that it is not responsible for the event giving rise to the damage.

Human Resources Data

Vital4 uses EU-PII human resources related data transferred from the EU and commits to cooperating with the DPAs with regard to such data.

Where an organization in the EU transfers personal information about its employees (past or present) collected in the context of the employment relationship to Vital4, the transfer enjoys the benefits of the Privacy Shield.

Vital4 wishes its Privacy Shield benefits to cover human resources information transferred from the EU for use in the context of the employment relationship, and the Federal Trade Commission (FTC) is the statutory listed in Principles or a further annex to the Principles that has jurisdiction to hear claims against Vital4 arising out of the processing of human resources information. In addition, Vital4 affirms this in its self-certification submission and declare its commitment to cooperate with the EU authority or authorities concerned in conformity with the Supplemental Principles on Human Resources Data and the Role of the Data Protection Authorities as applicable and that it will comply with the advice given by such authorities. Vital4 must also provide the Department of Commerce with a copy of its human resources privacy policy and provide information where the privacy policy is available for viewing by its affected employees.

Vital4 commits to cooperate with EU data protection authorities (DPAs) and comply with the advice given by such authorities with regard to human resources data transferred from the EU in the context of the employment relationship.

Verification

Vital4’s follow up procedures for verifying that the attestations and assertions they make about their Privacy Shield privacy practices are true and those privacy practices have been implemented as represented and in accordance with the Privacy Shield Principles.

Vital4 verifies such attestations and assertions either through self-assessment or outside compliance reviews to meet the verification requirements of the Recourse, Enforcement and Liability Principle.

Vital4 verifies that personal information received from the EU is accurate, comprehensive, prominently displayed, completely implemented and accessible. Vital4’s privacy policy conforms to the Privacy Shield Principles; that individuals are informed of any in-house arrangements for handling complaints and of the independent mechanisms through which they may pursue complaints. Vital4 has in place procedures for training employees in its implementation, and disciplining them for failure to follow it; and that it has in place internal procedures for periodically conducting objective reviews of compliance with the above. Vital4 verifies the self-assessment statement and is signed by a corporate officer or other authorized representative of the organization at least once a year and made available upon request by individuals or in the context of an investigation or a complaint about non-compliance.

Vital4 retains their records on the implementation of their Privacy Shield privacy practices and are available upon request in the context of an investigation or a complaint about noncompliance to the independent body responsible for investigating complaints or to the agency with unfair and deceptive practices jurisdiction. Vital4 responds promptly to inquiries and other requests for information from the Department of Commerce relating to the organization’s adherence to the Principles.

Content on Vital4’s website and links

Although we believe that each external link that we may provide is suitable at the time of publishing, please review the respective privacy policy for each subsequently visited link or website. Vital4 may also collect email correspondence from visitors to this site who send email to Vital4.

Amendments

This Privacy Policy may be amended to reflect new products and services, or as necessary to reflect a new business practice. Consistent with the EU/US Privacy Shield and US/Swiss Safe Harbor requirements, we will post any revised policy on the Vital4 website.

For dispute resolution or questions about Vital4s’ privacy policy please contact:

Dawn Marchand
3901 Mary Eliza Trace NW Suite 202
Marietta, GA 30064
770-763-8931
dmarchand@vital4.net