Last Updated: January 19, 2021
Effective: January 19, 2021
This policy represents our commitment to your privacy and the respectful use of your data.
While we’ve tried to make this policy easy to follow and read, we understand that you may still have questions. If you do, you can contact us at firstname.lastname@example.org. We’re here to help.
- What This Policy Covers
- Our Data Collection Practices
- Your Opt-Out and Communication Choices
- Other Privacy Information
- Data Security and Retention
- California’s ‘Do Not Track’ Law
- California Personal Information Disclosure: United States or Overseas
- California Information-Sharing Disclosure
- California Consumer Privacy Act Disclosure
- Nevada Resident Rights
- Children’s Information
- Our Privacy Commitment to Individuals in the EU, the United Kingdom, or Switzerland
- Changes to this Policy
- Contact Information
What This Policy Covers
We offer a wide range of Services to employers, businesses, and individuals, including background check and identity verification services. For example, we provide:
- Criminal record, education, motor vehicle record, and credit screening services to employers for current and prospective employee background checks.
- Services for individuals to run employment background checks on themselves.
- Non-employment background checks and identity verification services for businesses that want to screen current or prospective users.
Depending on the Service you use, we may collect different information about you, and additional privacy terms, notices, and/or disclosures may apply to your use of the Services. This policy does not cover data collected by or through third-party websites or services.
Our Data Collection Practices
Information We Collect
In order to provide the Services, we collect personal information directly from our users, from our customers as part of providing our Services, from visitors to our Services, and from public records.
Collection Directly From Our Users
We collect information about users who create accounts with us:
- Creating an account. If you create an account, we ask you to provide some basic registration information such as your name and email address. If you’re registering on behalf of a company, we may also ask you to provide some details about that company as well.
- Making a purchase. If you choose to make a purchase from us, we ask you to provide billing details such as credit card or ACH information.
- Commenting on a report. If you choose to add annotations to your personal background report, your comment may be made available to anyone that you authorize to receive a copy of that report. When you write your comment, you can select whether you’d like for your comment to be visible only to a particular employer or to all future employers who view your report.
- Contacting us. If you contact our customer service team, we will collect your contact information, such as phone number or email address, as well as the contents of your communication. We may also ask for additional information to help us better assist you, such as technical information about your browser or information about your account with us.
Collection When We Provide Services To Our Business Customers
We may need to collect personal information from you in order to provide Services to our business customers, which may include employers and other companies or organizations that purchase our Services. For example, if you are the subject of a background check, or if a business customer requests that you verify your identity with us, we may collect some identifying information about you to provide the Services to our business customers.
- Authorizing a background check. When you authorize one of our business customers to run a background check on you, we ask for your legal name, date of birth, and other identifying details such as your Social Security number, residential address, or past employment or educational history (depending on the type of background check requested). If the background check is authorized electronically, we also collect your email address and/or phone number.
- Verifying your identity. We may collect personal information from you so that we can confirm that you are who you say you are. This personal information could include your legal name, address, phone number, email address, Social Security number, financial or utility account information, or a government-issued photo ID document.
Collection From Third Party Sources
If you authorize one of our business customers to run a background check on you, we’ll collect public records and other information from reliable third-party sources to assemble the report. We may also verify your information against authoritative government databases or information providers.
Collection When You Visit Our Website
- If you visit our website, we will collect technical information from your browser, whether you have an account with us or not. This includes log data, which is automatically generated by your browser every time you request a webpage, and includes your IP address, browser User Agent, Referer, and the requested webpage. We may also make use of trusted third-party analytics tools such as Google Analytics. These third parties may collect information about your activity on our Services in order to help us to better understand how users interact with our Services. To prevent Google Analytics from using your information for analytics, you may install the Google Analytics Opt-Out Browser by clicking here.
How We Use The Information We Collect From You
Your information is used to provide and improve the Services. That includes:
- Operating, evaluating, maintaining, improving, and developing the Services, including remembering your preferences and customizing the Services to user needs;
- Conducting in-house research and development to help improve and further develop the Services;
- Preventing, managing, and investigating fraud or abuse;
- Marketing products or services offered by us, our parent company, or by selected partners to you; and
- Communicating with you about your use of the Services.
When We Share Your Information
In limited circumstances, we share the information we collect from you.
- With your consent. We may share your information when you give us permission – for example, if you authorize us to share your background report with a platform or employer.
- De-identified and aggregated data. We may share or disclose information we collect after de-identifying and aggregating it so it cannot be linked back to an individual person. We contractually require third parties to respect this practice.
- Fraud and abuse prevention. We partner with certain third party vendors to prevent fraud and abuse. When you make a purchase, we may analyze your payment information and unique device identifiers (including, but not limited to, IP address, MAC address, browser and operating system settings) to identify suspected fraudulent activity and block it. We may share information associated with activity flagged as fraudulent (including, but not limited to, payment information, email addresses, and unique device identifiers) with our security partners or law enforcement.
For legal process and emergency situations. We may be required to disclose or preserve for future disclosure your personal information if we believe, after due consideration, that doing so is reasonably necessary to protect Inflection’s rights or property or to comply with a law, regulation, valid legal process, or to prevent imminent and serious bodily harm to a person, and in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you are a law enforcement officer seeking information from Inflection about one of our users, please reference our Law Enforcement Guidelines for further information.
Unless prohibited from doing so by law or court order, we will do our best to provide subjects – including candidates and applicants – of law enforcement requests with advance notice before we disclose their information to law enforcement, if we have contact information for that customer. We reserve the right to withhold advance notice where it would impede an investigation of identity theft, or in situations involving imminent physical harm or harm to minors.
Your Opt-Out And Communication Choices
We may send you information about our products, notices regarding your account, and other messages related to Inflection services, including marketing emails. You can unsubscribe by clicking on the unsubscribe link in those emails, emailing email@example.com with the email address you wish to unsubscribe, or calling 1-888-906-4284. Please note that you may still receive account and billing notices from us, if applicable.
Other Privacy Information
We maintain reasonable, industry-standard security procedures and practices to protect your personal information. Inflection does not collect information from children under the age of 13, and does not share your information with third parties for their own marketing purposes. We also abide by Privacy Shield principles for transferring data to and from the EU, the United Kingdom, and Switzerland.
Data Security And Retention
Inflection retains all of the information we collect or that you submit for as long as your account is active, or is needed to provide you services, or for purposes including fraud prevention, legal compliance, dispute resolution, as well as for the enforcement of our agreements.
Your information is stored on secure servers in the United States. We maintain reasonable, industry-standard security procedures and practices to protect your information. Here are a few other steps we take to protect your information:
- We implement technical measures to prevent unauthorized access, and keep security patches and software up-to-date
- Employee access to your information is restricted and audited
- Sensitive personal information is stored in encrypted form
- All personal information is encrypted during transfer
California’s ‘Do Not Track’ Law
While you may manage cookie preferences using your browser settings, this website does not currently respond to browser settings such as Do Not Track.
California Personal Information Disclosure: United States Or Overseas
We do not transfer personal information to third parties outside of the United States or its territories during the preparation or processing of consumer reports, except to the extent that queries for public records are submitted to non-US government agencies and data providers.
California Information-Sharing Disclosure
We do not share your personal information with third parties for direct marketing purposes without your permission.
California Consumer Privacy Act
California residents, as defined in the California Code of Regulations, have certain rights under the California Consumer Privacy Act (CCPA). The vast majority of personal information collected and stored by Inflection is exempt from the CCPA under Section 1798.145(d) (Fair Credit Reporting Act exemption) or under Section 1798.145(l)(1) (which exempts personal information collected in the context of a business to business transaction). Additionally, for much of Inflection’s non-FCRA Services, Inflection acts as a service provider rather than a business as defined by the CCPA. Nonetheless, Inflection may be considered a business subject to the CCPA in regards to a small percentage of the personal information that Inflection collects. In the following paragraphs, we describe this information and outline the legal rights of California residents.
Inflection does not and will not “sell” personal information as this term is defined by the CCPA, including information collected from minors under 16 years of age.
CATEGORIES OF PERSONAL INFORMATION WE COLLECT/DISCLOSE FOR A BUSINESS PURPOSE:
1. Personal identifiers such as your name, postal address, Internet Protocol (IP) address, and/or email address. This information is collected directly from you or your device (IP address only) when you interact with Inflection, such as when you create an account or when you visit our website. This information may be collected in order to create your account and/or to identify you as a unique visitor to our website. This information may be disclosed to our payment processors and fraud detection vendors.
2. Categories of personal information described in California Civil Code Section 1798.80(e). This may include but is not limited to your address, telephone number, credit card number, debit card number, or any other financial information. This information is collected directly from you when you make a purchase on one of Inflection’s Services. This information is collected in order to process your purchase. This information may be disclosed to our payment processors and fraud detection vendors.
3. Commercial information, including records of products or services purchased. This information is collected directly from you when you make a purchase on one of Inflection’s Services. This information is collected in order to facilitate your transaction and for our internal business purposes, such as financial record-keeping. This information is not sold or disclosed for a business purpose.
4. Biometric Information. As defined by the CCPA, “biometric information” may include voice recordings. If you speak with a representative of Inflection over the phone, your call may be recorded for quality assurance purposes. Inflection will inform you that the call will be recorded. Inflection does not collect any other biometric information. This information is not sold or disclosed for a business purpose.
5. Internet or other electronic network activity information, including browsing history, search history, and information regarding your interaction with our website. This information is collected directly from your device when you interact with our Services. This information is used for security and internal user analytics purposes. This information may be disclosed to our fraud detection vendors.
YOUR RIGHTS UNDER THE CALIFORNIA CONSUMER PRIVACY ACT:
PLEASE NOTE THAT ANY BACKGROUND CHECK DATA REGULATED BY THE FAIR CREDIT REPORTING ACT IS EXEMPT FROM CCPA DATA RIGHTS REQUESTS.
You have the right to request that we disclose the categories and specific pieces of personal information that we have collected about you, where we are acting as a business as defined by the CCPA and where the data collected is not otherwise exempt.
You have the right to request that we delete any personal information about you that we have collected, where we are acting as a business as defined by the CCPA and where the data collected is not otherwise exempt. Please note that the right to delete under the CCPA is subject to a number of exceptions including where retention of the information is necessary to do the following:
- Complete your transaction;
- Provide a good or service to you;
- Perform a contract between us and you;
- Protect user security;
- Fix technical issues;
- Protect free speech rights;
- Comply with applicable law or legal obligation; or
- Use the information for internal purposes compatible with the context in which it was provided.
You have the right to request that we disclose the following:
- (1) The categories of personal information we have collected about you.
- (2) The categories of sources from which the personal information is collected.
- (3) The business or commercial purpose for collecting personal information.
- (4) The categories of third parties with whom we share personal information.
- (5) The specific pieces of personal information we have collected about you.
- (6) The categories of personal information that we have disclosed about you for a business purpose.
- (7) The categories of personal information that we have sold about you and the categories of third parties to whom the personal information was sold. While you may nonetheless request this information, please note that Inflection does NOT “sell” personal information as this term is defined by the CCPA.
Inflection will not discriminate against you because of your decision to exercise your rights under the CCPA. Inflection will not deny you services, charge you different prices, provide a different level or quality of services, or suggest that you will receive a different price, level, or quality of services as a result of your decision to exercise your rights.
Nevada Resident Rights
We do not sell your covered information, as defined by Section 1.6 of Chapter 603A of the Nevada Revised Statutes. If you reside in Nevada, you may submit a request to firstname.lastname@example.org in regards to the sale of covered information.
Our Services are not directed to individuals under the age of 18 and we do not knowingly collect personal information from children under the age of 13. If we discover that we have collected personal information on a child under the age of 13 via the Services, we will promptly remove it from our systems.
Our Privacy Commitment to Individuals in the EU, the United Kingdom, or Switzerland
If your personal information is transferred outside the EU, UK, or Switzerland to Inflection or third-party service providers, we will take steps to ensure your personal information receives the same level of protection as if it remained within the EU, UK, or Switzerland. The European Commission has approved the use of standard contractual clauses as a means of ensuring adequate protection when transferring data outside of the European Economic Area (EEA). By incorporating standard contractual clauses into a contract established between the parties transferring data, personal data is considered protected when transferred outside the EEA or the UK to countries which are not covered by an adequacy decision. We rely on these standard contractual clauses for data transfers.
Inflection Risk Solutions, LLC
Attn: Privacy Team
P.O. Box 391403
Omaha, NE 68139
Inflection Risk Solutions, LLC has further committed to refer unresolved privacy complaints under the EU-US and Swiss-US Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.
Under certain limited conditions, individuals may invoke binding arbitration before the Privacy Shield Panel, to be created by the U.S. Department of Commerce and the European Commission.
You also have the right to lodge a complaint with the supervisory authority of your habitual residence, place of work, or place of alleged infringement, if you believe that the processing of your personal data infringes applicable law.
Onward Transfer Of Data
In cases of onward transfer to third parties of data of EU, United Kingdom, or Swiss individuals received pursuant to the EU-US Privacy Shield or Swiss-US Privacy Shield, Inflection is potentially liable.
Inflection is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
Legal Bases for Processing Personal Information from the EU
We describe how we process the personal information we collect from you in the “HOW WE USE THE INFORMATION WE COLLECT FROM YOU” section above.
We may process your information:
- If you consent to the processing;
- To satisfy our legal obligations;
- If necessary to fulfill our obligations arising from any contracts we entered with you or to take steps at your request prior to entering into a contract with you;
- For our legitimate interests, subject to your interests and fundamental rights, to conduct and develop our business activities, and manage and protect the rights and safety of Inflection or its customers.
Your Privacy Rights
In accordance with GDPR and subject to applicable laws, European data subjects have certain rights with respect to their personal data. Upon receipt of a request at email@example.com, we may need to verify your identity and will subsequently handle your request under applicable law.
- Right to access, rectify, and erase your data: You have the right to request access to and obtain a copy of any of your personal data held by Inflection, to request that any incorrect information be corrected, to request that any incomplete information be completed, and under certain circumstances, to request that your personal data be deleted.
- Right to data portability: If we process your personal data based on your consent, a contract to which you are party, or to take steps at your request prior to entering a contract and the personal data is processed by automated means, you may request your personal data in a structured, commonly used, and machine-readable format. You may also request that your personal data be transmitted to another controller where this is technically feasible.
- Right to object to or restrict processing: You have the right to object to or restrict the processing of your personal data under certain circumstances.
- Right to withdraw consent: To the extent that Inflection requests and you provide consent to the processing of your personal data, you may withdraw your consent at any time.
EU-US and Swiss-US Privacy Shield Point of Contact
Elizabeth McLean, General Counsel, GoodHire
Changes To This Policy
If you have any questions about this Policy, please contact us at 1-888-906-4284, firstname.lastname@example.org, or at the following mailing address:
Inflection Risk Solutions, LLC
Attn: Privacy Team
P.O. Box 391403
Omaha, NE 68139
Inflection Risk Solutions maintains offices at:
555 Twin Dolphin Drive, Suite 630
Redwood City, CA 94065