VITAL4DATA adheres to the following principals that combine domestic and international expectations in privacy regulation.
VITAL4DATA collects highly sensitive and personal information regarding individuals including, but not limited to, full name, previous/alternative names, national identity numbers, date of birth, telephone & facsimile numbers, residential address history, credit information, employment history, education history, and criminal record history.
Our customers provide VITAL4DATA with the applicant’s personal information in order to produce a report (may be referred to by several different names including: Background Check, Consumer Report, Background Screening Report, Background Report Search, etc.). Information is collected as needed to process requested academic, residential, achievement, job performance, attendance, litigation, personal history, credit reports, driving records, criminal history records and other lawful checks. VITAL4DATA only provides international background screening services to businesses with a legitimate and permissible purpose.
3901 Mary Eliza Trace NW, Suite 203
Marietta, Georgia 30064
Contact Name: Dawn Marchand
In addition to the data submitted by VITAL4DATA to our customers, VITAL4DATA may collect data from third parties as needed (such as credit agencies, employers, academic institutions, law enforcement agencies, city, state, country, and federal courts and military services) as prior employers, references, or business affiliates may be contacted and the report may include information obtained through personal interviews regarding the applicant’s character, general reputation, personal characteristics and/or mode of living. Information is collected as needed to process requested academic, residential, achievement, job performance, attendance, litigation, personal history, credit reports, driving records, criminal history records and other lawful checks.
VITAL4DATA applies the principles of Notice and Choice of EU-PII and Swiss-PII to third parties (other than VITAL4DATA agents). The EU-PII and Swiss-PII is only to provide to third parties for purposes described in the Notice section or otherwise disclosed to consumers, and will not be disseminated to a third party where a consumer has “opted-out” or, in the case of “sensitive” information, failed to “opt-in.”
3901 Mary Eliza Trace NW, Suite 203
Marietta, GA 30064
VITAL4DATA has further committed to refer unresolved privacy complaints under the EU-US and Swiss-US Privacy Shield Principles to BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.
Finally, as a last resort and in limited circumstances EU and Swiss individuals with residual complaints may invoke a binding arbitration option before a Privacy Shield Panel.
VITAL4DATA is subjected to the investigatory and enforcement powers of the Federal Trade Commission (FTC). If VITAL4DATA should ever become subject to an FTC or court order based on non-compliance, VITAL4DATA will make public any relevant Privacy Shield-related sections of any compliance or assessment report submitted to the FTC, to the extent consistent with confidentiality requirements.
VITAL4DATA acknowledges the right of EU and Swiss individuals to access their personal data and offers individuals the opportunity to choose to “opt-out” or “opt-in” whether personal data will be disclosed to a third party (not including VITAL4DATA agents). These options are detailed in CHOICE section of this Policy.
An individual may invoke binding arbitration as the method for dispute resolution in accordance with the requirements and procedures set forth in Annex 1 of the Privacy Shield Framework. As set forth in Annex I, VITAL4DATA recognizes that an arbitration option is available to an individual to determine, for residual claims, whether a Privacy Shield organization has violated its obligations under the Principles as to that individual, and whether any such violation remains fully or partially un-remedied. Annex I provides the terms under which Privacy Shield organizations are obligated to arbitrate claims, pursuant to the Recourse, Enforcement and Liability Principle. This option is available only for these purposes. It can be found in its entirety at the Privacy Choice website URL: https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
VITAL4DATA is required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
In the context of onward transfers, VITAL4DATA is responsible for the processing of personal information it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf. VITAL4DATA remains liable under the Principles if its agent processes such personal information in a matter inconsistent with the Principles, unless VITAL4DATA proves it is not responsible for the event given rise to the damage.
VITAL4DATA offers individuals the opportunity to choose (opt out) whether their personal information is (i) to be disclosed to a third party or (ii) to be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by the individuals.
Accountability for Onward Transfer
To transfer personal information to a third party acting as a controller, VITAL4DATA complies with the Notice and Choice Principles. VITAL4DATA will also enter into a contract with the third-party controller that provides that such data may only be processed for limited and specified purposes consistent with the consent provided by the individual and that the recipient will provide the same level of protection as the Principles and will notify the organization if it makes a determination that it can no longer meet this obligation. The contract shall provide that when such a determination is made the third party controller ceases processing or takes other reasonable and appropriate steps to remediate.
To transfer personal data to a third party acting as an agent, VITAL4DATA: (i) transfers such data only for limited and specified purposes; (ii) ascertain that the agent is obligated to provide at least the same level of privacy protection as is required by the Principles; (iii) take reasonable and appropriate steps to ensure that the agent effectively processes the personal information transferred in a manner consistent with the organization’s obligations under the Principles; (iv) require the agent to notify the organization if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the Principles; (v) upon notice, including under (iv), take reasonable and appropriate steps to stop and remediate unauthorized processing; and (vi) provide a summary or a representative copy of the relevant privacy provisions of its contract with that agent to the Department of Commerce upon request.
VITAL4DATA takes reasonable steps to protect personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction regardless of how it is collected, recorded and used- whether on paper, computer, or recorded on other material. VITAL4DATA will release information via telephone, facsimile, mail, and secure electronic methods only to the individual(s) or business(s) who originally requested the service. VITAL4DATA’s safeguards exceed the ethical expectations and lawful regulation worldwide.
When personal information is transmitted to VITAL4DATA, it is protected through the use of a strong 256-bit Secure Sockets Layer (SSL) protocol. Email communications also utilize secure encryption technology such as TLS, Escrow, PGP or S/MIME and meet or exceed HIPPA and other communication security regulations and policy standards.
Our servers store personal data in a secure manner. Access is strictly limited to authorized personnel who are trained to protect against loss, misuse, unauthorized access, disclosure, alteration or destruction of personal data under VITAL4DATA control.
When an individual visits the VITAL4DATA corporate website, we may place a text file, called a cookie, in the browser directory of the individual’s computer hard drive. A cookie is a small piece of information that a website can store on the individual’s web browser and later retrieve. The information that cookies may collect includes the date and time of the visit, registration information and navigational activity. Cookies cannot be used to run programs or deliver viruses to an individual’s computer. Cookies are uniquely assigned to individual users, and can only be read by a web server in the domain that issued the cookie. Most browsers allow an individual to decline cookies, but if elect to do so, these pages may not display properly. An individual is free to delete cookies after their session, and the browser should contain instructions on how to do this.
Data Integrity and Purpose Limitation
VITAL4DATA collects only minimal personal information that is necessary to the requested search. Because VITAL4DATA creates, maintains, uses or disseminates personal information, VITAL4DATA takes reasonable and appropriate measures to protect it from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into due account the risks involved in the processing and the nature of the personal data.
VITAL4DATA will release information via telephone, facsimile, mail, and secure electronic methods only to the individual(s) or business(s) who originally requested the service. Under no circumstances will personal information collected and maintained in our databases ever be sold or provided to an outside entity for any purpose.
Consistent with the Principles, VITAL4DATA’s use of personal information is limited to the information that is relevant for the purposes of processing. VITAL4DATA does not process personal information in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by the individual. To the extent necessary for those purposes, VITAL4DATA takes reasonable steps to ensure that personal data is reliable for its intended use, accurate, complete, and current. VITAL4DATA adheres to the Principles for as long as it retains such information.
Information may be retained in a form identifying or making identifiable the individual only for as long as it serves a purpose of processing within the law or regulation. VITAL4DATA takes reasonable and appropriate measures in complying with this provision.
Individuals have the right to access personal information about them that VITAL4DATA holds and be able to correct, amend, or delete that information where it is inaccurate, or has been processed in violation of the Principles, except where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question, or where the rights of persons other than the individual would be violated.
Consistent with the fundamental nature of access, VITAL4DATA will always make good faith efforts to provide access. Please contact VITAL4DATA as listed below and view our Dispute Resolution Policy here for more details.
Recourse, Enforcement and Liability
VITAL4DATA fully endorses and complies to all applicable United States and international laws governing the privacy and protection of personal data that is collected, processed, transferred/exported, organized, altered, recorded, used, disclosed, combined, destroyed, or simply being held throughout the globe, including but not limited to the following:
- EU-US Privacy Shield Principles
- Swiss-U.S. Privacy Shield Framework Principles and The Swiss Federal Data Protection and Information Commissioner’s authority substitutes for that of the EU DPAs’ authority throughout the Swiss-U.S. Privacy Shield compared to the EU-U.S. Privacy Shield. For instance, under the Swiss-U.S. Privacy Shield, an organization may satisfy points (a)(i) and (a)(iii) of the Recourse, Enforcement and Liability Principle by committing to cooperate with the Swiss Federal Data Protection and Information Commissioner.
- Foreign Corruption Practices Act (FCPA)
- European Directive on Data Protection 95/46/EC
- Data Protection Act 1998
- EU Employment Practices Data Protection Code
- Internationally accepted Fair Information Handling Practices
- Fair Credit Reporting Act (FCRA)
- APEC Privacy Framework
- OECD Privacy Guidelines
VITAL4DATA’s privacy protection includes robust mechanisms for assuring compliance with the Principles, recourse for individuals who are affected by non-compliance with the Principles, and consequences for VITAL4DATA when the Principles are not followed. VITAL4DATA uses the following mechanisms:
- VITAL4DATA and the BBB will respond promptly to inquiries and requests by the Department of Commerce for information relating to the EU-US and Swiss-US Privacy Shield. VITAL4DATA responds expeditiously to complaints regarding compliance with the Principles referred by EU or Swiss Member State authorities through the Department of Commerce. VITAL4DATA is a company that processes human resources data and has chosen to cooperate with DPAs, will respond directly to such authorities with regard to the investigation and resolution of complaints.
- Follow-up procedures for verifying that the attestations and assertions organizations make about their privacy practices are true and that privacy practices have been implemented as presented and, in particular, with regard to cases of non-compliance; and
- VITAL4DATA accepts its obligation to arbitrate claims and follow the terms as set forth in Annex I, provided that an individual has invoked binding arbitration by delivering notice to the organization at issue and following the procedures and subject to conditions set forth in Annex I.
In the context of an onward transfer, VITAL4DATA is responsible for the processing of personal information it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf. The Privacy Shield organization shall remain liable under the Principles if its agent processes such personal information in a manner inconsistent with the Principles, unless VITAL4DATA proves that it is not responsible for the event giving rise to the damage.
Human Resources Data
VITAL4DATA uses EU-PII human resources related data transferred from the EU and Switzerland and commits to cooperating with the DPAs with regard to such data.
Where an organization in the EU and Swiss transfers personal information about its employees (past or present) collected in the context of the employment relationship to VITAL4DATA, the transfer enjoys the benefits of the EU-US or Swiss-US Privacy Shield.
VITAL4DATA commits to cooperate with EU and Swiss data protection authorities (DPAs) and comply with the advice given by such authorities with regard to human resources data transferred from the EU in the context of the employment relationship.
VITAL4DATA’s follow up procedures for verifying that the attestations and assertions they make about their Privacy Shield privacy practices are true and those privacy practices have been implemented as represented and in accordance with the Privacy Shield Principles.
VITAL4DATA verifies such attestations and assertions either through self-assessment or outside compliance reviews to meet the verification requirements of the Recourse, Enforcement and Liability Principle.
VITAL4DATA retains their records on the implementation of their Privacy Shield privacy practices and are available upon request in the context of an investigation or a complaint about noncompliance to the independent body responsible for investigating complaints or to the agency with unfair and deceptive practices jurisdiction. VITAL4DATA responds promptly to inquiries and other requests for information from the Department of Commerce relating to the organization’s adherence to the Principles.
Content on VITAL4DATA’s website and links
3901 Mary Eliza Trace NW Suite 203
Marietta, GA 30064