helloverify privacy policy reference no.: helloverify/om ... poli… · helloverify privacy policy...

Helloverify Privacy Policy

Reference No.: HELLOVERIFY/OM/POL/PP

Version: 3.0

23-May-2019

Public Use Only


Helloverify/Privacy Policy Ver.3.0 23-May-2019

Document Control

Reference No. HELLOVERIFY/PP

Document Name Privacy Policy

Version No. 3.0

Document Status Released

Issue Date 23-May-2019

Compliance Status Mandatory

Review Period One year from the date of release or earlier if required

Security Classification Public Use Only

Distribution Part of HELLOVERIFY Information Security Management System

– Operations Manual

Authored by Kashvi Malhotra-Legal Team

Name Role Signature

Reviewed by Taruna Bhatnagar CISO

Approved by Karan M Director

Released by Khushal Mannan Risk and

Compliance

Document Revision History

Version Release Date Change Description

1.0 20-April-2018 First Issue

2.0 23-May-2018 Document Review & Released

3.0 23-May-2019 Annual Review



Table of Contents

I. POLICY SCOPE .................................................................................................................................... 4 II. POLICY CHANGES ............................................................................................................................... 4 III. POLICY CONTENT ............................................................................................................................... 5 IV. INFORMATION WE COLLECT .............................................................................................................. 5

V. INFORMATION WE SHARE ................................................................................................................... 7

VI. GENERAL EXCEPTIONS ...................................................................................................................... 8 VII. WITHDRAW CONSENT ........................................................................................................................ 9

VIII. UPDATE RECORDS .............................................................................................................................. 9 IX. CHOICES REGARDING ONLINE TRACKING, ANALYTICS AND EMAIL COMMUNICATIONS ................ 10 X. SECURITY AND CONFIDENTIALITY .................................................................................................. 10 XI. COMPLIANCE AND COOPERATION WITH REGULATORY AUTHORITIES ........................................... 10 XII. PROTECTION OF INFORMATION ....................................................................................................... 10

XIII. INFORMATION PROCESSING OR STORED .......................................................................................... 10

XIV. INTERNATIONAL – ONWARD TRANSFER OF PERSONAL IDENTIFIABLE INFORMATION ................. 11 XV. INFORMATION FROM CHILDREN ...................................................................................................... 11

XVI. GRIEVANCE OFFICER/PRIVACY PROTECTION OFFICER ................................................................. 11



PRIVACY POLICY FOR ALL COUNTRIES EXCEPT

THOSE BELOW

I. Policy Scope

Helloverify India Private Limited is dedicated to protecting your personal Information and

will make every reasonable effort to handle collected Information appropriately. This

Privacy Policy (“Policy”) describes how Helloverify India Private Limited ("Helloverify”

or "we" or "our") treats Information collected or provided in connection with an end user’s

(“you” or “user” or “client”) use of Helloverify products and background screening

services (the “Services “). This privacy statement covers the data collected by Helloverify.

By accessing, using or by providing data directly to Helloverify you accept and agree to

Helloverify’s Privacy Policy. We are committed to protecting privacy and information

provided by end users to enable Helloverify to complete its Services. This Privacy Policy

sets forth Helloverify policy with respect to Personally Identifiable Information (“PII”),

Sensitive Personal Information ("SPI") and certain other information that is collected from

users of the site.

This Policy has been drafted in accordance with the provisions of the Information

Technology Act, 2000 and the Rules thereunder, including, without prejudice to the

generality of the foregoing, the Information Technology “Reasonable security practices

and procedures and sensitive personal data or information” Rules 2011. Your use of and

interaction with Helloverify’s online portals constitutes your unconditional acceptance of

the practices described in this privacy policy, as they may be modified from time to time.

If you do not agree with and accept all of the practices described in this privacy policy,

you may refrain from using Helloverify’s website/online portals and/or providing or

submitting Personally Identifiable Information (“PII”) & Sensitive Personal Information

("SPI") by means of or while using Helloverify’s website/online portals. By providing

personal information to us, you consent to our collection, use and disclosure of your

personal information in accordance with this privacy policy.

Helloverify Privacy Policy applies to all of the services offered by Helloverify India

Private Limited including services offered on the websites/online portals. The Policy

applies to all the Clients, Vendors, Employees, CEO, COO and such other stakeholders

who are associated with Helloverify.

II. Policy Changes

We reserve the right to modify Helloverify’s privacy policy at any time which will be

published on our website If we make material changes to this privacy policy, we will notify

the same by means of a notice on our home page. By continuing to use our service after

notice of changes have been published on the website, the Client is deemed to be consenting

to the changes.



III. Policy Content

This policy seeks to answer questions you may have about the Services and Helloverify

information practices.

i. What information we collect and why we collect it

ii. How we share and use that information

iii. General Exceptions

iv. Consent and Update of Records

v. Services regarding tracking, analytics and email communications

vi. Security and Compliance with regulatory authorities

vii. How we protect your information

viii. Where is the information processed or stored?

ix. Who can use the services?

x. Grievance officer

IV. Information we collect

Personally Identifiable Information

Personally Identifying Information (“PII”) of a person means such information that can

potentially identify you, such as your name, date of birth and address. It does not include

anonymized, aggregate or statistical information.

Personally Identifying Information that we collect and hold about an individual will vary

depending upon the background checks required by the Client and the information the

individual supplies to us. Personally Identifiable Information and Sensitive Personal

Information or Data (SPI) shall have the same meaning as defined under The Information

Technology Act, 2000 read with Rules along with the amendments made thereunder.

Helloverify does not collect any Sensitive Personal Data or Information, without due

notification to you and without your consent unless it is mandated by law. We recognize the

importance of PII and SPI provided to us with respect to privacy issues and confidentiality of

the PII and SPI. Therefore, we collect and deal with PII and SPI in accordance with the

privacy legislations in India and this Privacy Policy (as amended from time to time).

Personally Identifiable Information about an individual that we may collect and hold includes

name, age, date of birth, employment history, reference information, education, professional

qualifications, residency, sanctions, immigration status, claims, judgments, insolvency,

current and previous directorships, character, personal reputation, and such other checks and

enquiries as the client considers necessary to verify information provided by an individual.

From clients we may collect company address and the name, email and phone number of any

system users.

From clients and individuals, we may collect information related to conducting a background

check, payment details.



From the sources of our background checks we may collect the name and job title of the

person who supplied us with the information.

We recognize the importance of privacy issues and respect the confidentiality of the

Personally Identifying Information individuals or clients provide to us. We will collect and

deal with Personally Identifying Information in accordance with the local laws and this

Privacy Policy (all as amended from time to time).

How do we collect information?

In order to process and verify information for a client’s request, the client and Helloverify

may collect an individual’s Personally Identifying Information directly from the individual.

We may also collect information which the client provides directly through their client portal

access or usage of our applicant portal, wherein clients/applicant upload applicant’s details on

the portal and access is given to Helloverify Users. We collect information to provide better

services to all in the following ways:

a) Information given to us. i. Clients: If client want to use the services to screen applicants we may collect

the following information including, but not limited to:

Account creation information, including client name, email address

Contact information such as address and phone number;

Corporate and individual applicable license information not limited to

Driver license, doctor’s license

If client is an employer, employee identification number

ii. Applicants: If applicant directly provide us details who will be the subject of

a screening or background check, we may collect the following information

including, but not limited to:

Account creation information, including full name, e-mail address;

Contact information, including phone number and address;

Identity verification information, including identity number and date of

birth; and

Additional information or supporting documentation submitted or

upload regarding identity, background, query;

Examples include an uploaded picture, a driver’s license, or education

qualification document

We may use the Personally Identifiable Information (“PII”) & Sensitive Personal

Information ("SPI"), documents and any responses an individual or third party

reference has provided to us for verification of an individual’s personal and other

information, to collect additional Personally Identifiable Information (“PII”) &

Sensitive Personal Information ("SPI"), and to conduct public court record searches.

Example of sources include, but are not limited to, government agencies, law

enforcement bodies, publicly available records, public registries, court or tribunal

records, insolvency registers, educational institutions, current and/or precious

employers, and regulatory and licensing bodies.



b) Information used by Helloverify. We collect information for conduct and delivery of services contracted by our client or

applicants. Helloverify may collect this information via online request through email, this

information includes:

i. Log information:

Helloverify India Private Limited may use (only with permission) this

information to provide its client with background check information &

additional information regarding products and services.

verify applicant identity;

conduct background checks bases upon information provide by client;

conduct quality assurance checks;

investigate disputes; or

provide certain communications, including adverse action notices.

contact client regarding their use of the Services;

send client communications regarding updates or modifications to the

services.

Helloverify obtains client’s consent to use, transfer or store the information only for its

legitimate business purpose. Such information shall be stored, processed and retained in the

Helloverify database to be used only for the legitimate business purposes.

V. Information we share

We do not share Personal Identifiable Information with companies, organizations and

individuals outside of Helloverify unless one of the following circumstances applies:

With client and applicant consent

We will share applicant Information with companies, organizations or individuals

outside of Helloverify for employment services when we have client consent to do so.

For external processing

For conduct of background reports that may arise during the course of the verification

service. Helloverify may use researchers & third party service Providers, whom

Helloverify may provide access to client information to select third parties who

perform services on our behalf. These third parties provide a variety of services to us,

including without limitation conducting components of background checks, billing,

fulfillment, data storage, analysis and processing, identity verification, fraud,

accounting, auditing, and legal services.

For legal reasons

We will share Personally Identifiable Information (“PII”) & Sensitive Personal

Information ("SPI") /data with companies, organizations or individuals outside of

Helloverify if we have a good-faith belief that access, use, preservation or disclosure

of the information is reasonably necessary to:



Meet any applicable law, regulation, legal process or enforceable

governmental request.

Enforce applicable Terms of Service, including investigation of potential

violations.

Detect, prevent, or otherwise address fraud, security or technical issues.

Protect against harm to the rights, property or safety of Helloverify, our

users or the public as required or permitted by law.

If Helloverify is involved in a merger, demerger, acquisition or asset sale or reconstruction

we will continue to ensure the confidentiality of any Personally Identifiable Information

(“PII”) & Sensitive Personal Information ("SPI")/ data and give affected users Notices.

Data Retention: Helloverify retains Personally Identifiable Information (“PII”) & Sensitive

Personal Information ("SPI") as needed to provide services or product information, respond

to inquiries, or as required by contractual obligation such as Client – Helloverify contracts,

statutory or other legal obligations. All Client Information is stored/ Retained digitally.

Data Retention is defined as the maintenance of data in a production or live environment

which can be accessed by an authorized user in the ordinary course of business. For the

avoidance of doubt, data used in staging, development, and testing or draft versions of data

shall not be retained beyond their active use period, nor copied into production or live

environments.

The retention period of Helloverify data shall be an active use period of five years unless an

exception has been obtained from client in a documented/stated expression - permitting a

longer or shorter active use period by the division responsible for creating, using, processing,

disclosing storing and destroying the data or as directed by client contracts.

Helloverify data may be classified into paper data such as contracts or hard drives on servers

namely the Oniverify production servers and the Oniverify backup servers. After active use

has expired and according to appropriate exceptions, data shall be archived until the data is

destroyed. For the purposes of enforcing retention in accordance with this policy, each

function is responsible for the data it creates, uses, stores, processes and destroys

VI. General Exceptions

If we are required to intercept, disclose, monitor and/or store client Personally Identifiable

Information (“PII”) & Sensitive Personal Information ("SPI"):

by law;

to conduct our business;

to secure our systems; or

to enforce our own rights, we will do so in the manner as prescribed by law.

Such interception, disclosure, monitoring and storage may take place. In that case, we will

not be liable for any third party damages howsoever arising from such interception,

disclosure, monitoring and storage. In order to ensure that all our users comply with the User

https://www.google.com/policies/privacy/example/legal-process.html

https://www.google.com/policies/privacy/example/legal-process.html



Agreement or Terms of Use of the Helloverify platform or application, we may monitor

Personally Identifiable Information (“PII”) & Sensitive Personal Information ("SPI") to the

extent that this may be required to determine compliance and/or to identify instances of non-

compliance. To ensure that the security and integrity of our Services is safeguarded, we may

monitor Personally Identifiable Information (“PII”) & Sensitive Personal Information

("SPI"). This monitoring may include (without limitation) the filtering of incoming and

outgoing electronic data messages to identify, limit and/or prevent the transmission of spam,

viruses and/or unlawful, defamatory, obscene or otherwise undesirable material or content.

We may under certain circumstances procure an element of the Services from a third party

service provider. To the extent that it may be necessary, and solely for the purposes of

providing the Service to client, Client are deemed to be in agreement of disclosure to such

third party of their Personally Identifiable Information (“PII”) & Sensitive Personal

Information ("SPI") that may be necessary for the procurement of services from the third

party.

VII. Withdraw Consent

Client/candidate may at any time withdraw their consent of PII and SPI stored with

Helloverify. Any withdrawal of will be effective only after a reasonable duration of 15 days

from the date of communication of such withdrawal of consent.

VIII. Update Records

Clients should promptly update their contact information pursuant to a change or inaccuracy

of such information, with their customers/employer or may contact us on their behalf.

Applicants may review, access, and change certain account information such as email

address, phone number and mailing address via the applicant portal on the services. Requests

to change certain other information, such as identity numbers, may require verification before

the change is accepted. Applicants can request deletion of certain information in

Helloverify’s control by directly contacting Helloverify, as set forth at the end of this Policy.

Applicants can dispute background check reports through the applicant portal/ or by directly

contacting their employer/customer (requestor), which is accessible through the Services.

Once a Customer, such as an employer, has received a background check report, Helloverify

India Private Limited does not control the customer’s retention of such information.

Our policy is to retain Personally Identifiable Information (“PII”) & Sensitive Personal

Information ("SPI") only as long as reasonably necessary to provide the Services or as

otherwise required for legal compliance purposes. For instance, we may retain information,

including information from closed accounts, in order to comply with the law, prevent fraud,

collect any fees owed, resolve disputes, troubleshoot problems, assist with any investigations

of any user, enforce our Terms of Use, and/or for any other purposes otherwise permitted by

law that we deem necessary in our sole discretion.

Helloverify will be unable to proceed with the provision of services to Clients in the absence of

necessary permissions or consent from the individual subject to the background check.



IX. Choices regarding online tracking, analytics and email

communications

Helloverify may send periodic promotional or informational emails to its Clients. Clients may

opt out of such communications by connecting with their concerned account manager or

sending an email to Helloverify (please see last section for contact email id). Please note that

it may take up to 15 business days for us to process opt-out requests. If client opts out of

receiving emails about recommendations or other information we think may interest them, we

may still send emails about clients account or any services that have been requested or

received from us.

X. Security and Confidentiality

Helloverify strives to protect Personally Identifiable Information (“PII”) & Sensitive Personal

Information ("SPI") that we collect, maintain and disclose through the use of reasonable

administrative, physical and technical safeguards. Our products and/or services online are

transmitted through a Secure Socket Layer (SSL) transmission, which is a protocol for

establishing a secure connection for transmission of Personally Identifiable Information

(“PII”) & Sensitive Personal Information ("SPI").

Helloverify has also employed security protocols and measures to ensure confidentiality and

protection of Personally Identifiable Information (“PII”) & Sensitive Personal Information

("SPI"), in order to avert unauthorized access or alteration as well as unlawful disclosure of

the collected information. These measures include internal and external firewalls, physical

security and technological security measures, as well as encryption of certain information and

password protection for account information. Ergo, our security program is designed to: (1)

ensure the security and confidentiality of personal identifiable information that may include

Pan Number, Aadhar Card Number etc.;(2) protect against any anticipated threats or hazards

to the security or integrity of the information; and (3) protect against unauthorized access,

use, alteration, or unlawful disclosure of the information that could result in substantial harm

or inconvenience to any individual.

XI. Compliance and cooperation with regulatory authorities

Helloverify ensures We regularly review our compliance with our Policy. We also adhere to

several self-regulatory frameworks, including and not limited to adherence to Information

Technology, Privacy and Data Protection legislations applicable in India.

XII. Protection of Information

Helloverify provides for adequate safeguards to protect/secure Information we maintain about

Client. Helloverify strives to use information security best practices as defined within ISO

27001 and client provided security requirements, such as, encryption, passwords, secure

network, IT hardening and physical security measures to protect Information against

unauthorized access and disclosure.

XIII. Information processing or stored

https://www.google.com/policies/privacy/frameworks/

https://www.google.com/policies/privacy/frameworks/



For the purposes of processing or storing information, Helloverify employs servers installed

in its facility located in Noida, India. Our servers reside in a secure environment protected

from unauthorized access, natural disaster, fire or other compromising conditions.

Helloverify uses servers located in facility in Noida, India. Additionally, Helloverify may

engage with its partners or affiliates located in India in order to store and process information

for the purposes of backup or retention, as the case may be. By using our services, Clients

consent to transmit data to sources for verification that may be within India or outside India.

Helloverify ensures safe data transmission and handling.

XIV. International – Onward Transfer of Personal Identifiable

Information

We may disclose Personally Identifiable Information (“PII”) & Sensitive Personal

Information ("SPI") for the purposes of conducting our services to overseas recipients. The

circumstances of disclosure may be as follows: -

We may need to disclose an individual’s Personally Identifiable Information overseas in

order to carry out background checks. For example, if an individual lived, studied or worked

overseas, we may need to disclose that individuals Personally Identifiable Information (“PII”)

& Sensitive Personal Information ("SPI") to obtain data from sources, employers, third party

reference or education institutes. Disclosures of this kind may be to any country in the world,

depending upon the nature and scope of work to be carried, and where the candidate’s data

resides.

We may also disclose an individual’s Personally Identifiable Information (“PII”) & Sensitive

Personal Information ("SPI") to related bodies for purposes including operations, processing

of background report or make it accessible to law enforcement and national security

authorities in India, upon receipt of authorization letter, notice, warrants or legal mandate

XV. Information from Children

Helloverify background verification is not directed to children under the age of 13 and we do

not knowingly collect personally identifiable information from children under the age of 13.

If we learn that we have collected personally identifiable information of a child under the age

13, we will take reasonable steps to delete such information from our files as soon as is

practicable.

Please contact us at [email protected] if you believe we have any information from or

about a child under the age of 13.

XVI. Grievance Officer/Privacy protection officer

As required under The Information Technology Act of India, the name and contact details of

the grievance officer are as provided below:

mailto:[email protected]



Vinod Mamgai, Legal Department, at

Email: [email protected]

Phone Number: +91 011 30441084

The Grievance Officer/Privacy protection officer is designated exclusively for addressing

discrepancies and grievances of data providers with respect to processing of information in a

time bound manner. Please do NOT use the contact information for login issues for any portal

of Helloverify®. XVII. EUROPEAN UNION PRIVACY SHIELD PRIVACY POLICY

Helloverify Corporation and its U.S. subsidiaries (“Helloverify”) have committed to handling

EU Personal Data received in accordance with the EU-US Privacy Shield Principles set forth

in the EU-US Privacy Shield Framework administered by the Department of Commerce

regarding the collection, use and retention of EU Personal Data. “EU Personal Data” is data

pertaining to an identified or identifiable individual that is received by Helloverify from the

European Union (including Iceland, Norway and Liechtenstein).

Helloverify has certified that it adheres to the Privacy Shield Principles of Notice, Choice,

and Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation,

Access, and Recourse, Enforcement and Liability. Our Privacy Shield certification can be

found at www.privacyshield.gov/list.

In compliance with the EU-US Privacy Shield Principles, Helloverify commits to resolve

complaints about our collection or use of your personal information. Individuals in the

European Union with inquiries or complaints regarding this policy should first contact

Helloverify at [email protected] or at one of the contacts provided below. If such a

complaint goes unresolved, Helloverify further commits to comply with the advice of a panel

of EU Data Protection Authorities established to investigate and resolve Privacy Shield

complaints (“EU DPA Panel”). Contact details for the EU data protection authorities can be

found at http://ec.europa.eu/. Finally, Helloverify agrees to participate in binding arbitration

for any complaints unresolved by the EU DPA Panel that meet the conditions set forth in

Annex I of the Privacy Shield requirements. For more information about binding arbitration

please visit: www.privacyshield.gov. All of the above described recourse mechanisms are

available at no cost to you.

In cases where Helloverify transfers EU Personal Data received pursuant to the EU-US

Privacy Shield onward to third party agents, Helloverify is potentially liable under the

Privacy Shield Principles if its agents process that EU Personal Data in a manner inconsistent

with the Principles, unless Helloverify is not responsible for the event giving rise to the

damage. In the event of a conflict between this policy and the Privacy Shield Principles, the

Privacy Shield Principles shall govern.

Helloverify is subject to the investigatory and enforcement powers of the Federal Trade

Commission. Helloverify may be required to disclose personal information in response to a

lawful request by public authorities, including to meet national security or law enforcement

requirements.

http://www.privacyshield.gov/list


http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm

http://www.privacyshield.gov/



1. Notice Helloverify receives certain EU Personal Data at the request of clients and other third parties

for investigative, credential verification, and employment related purposes, as well as credit

and fraud risk mitigation related purposes.

Where permissible, Helloverify gathers and maintains consumer and other data which it

provides to its clients (employers or their agents, such as recruiters or staffing firms) for use

in making employment-related decisions, such as who to hire, retain, promote, or re-assign.

Helloverify also gathers and maintains consumer and other data which it provides to entities

including lenders, credit reference agencies and fraud prevention agencies. Provided below is

an illustrative list of common ways in which employers use the data provided by this

service:

Performance of applicant and employee background checks

Verification of the credentials of job applicants and current employees

Investigation into a suspicion of work-related misconduct or wrongdoing

Investigation into matters of employee compliance with employer policies, or

Investigation into matters of employee compliance with Federal, State, or local laws

and regulations.

Provided below is an illustrative list of common ways in which lenders, credit

reference agencies and fraud prevention agencies use the data provided by this service

(where available):

Authentication of consumer applicants for loans or other credit services

Prevention or detection of fraud by consumer applicants for loans or other credit

services

Determination of credit worthiness or capacity of consumer applicants for loans or

other credit services

Location of absconded borrowers

Helloverify uses a limited number of third party service providers to assist us in providing

our services to customers. These third party providers perform reference and credential

verifications and complete portions of services requested by our customers, such as by

obtaining records from data sources. These third parties may access or process personal data

in the course of providing their services. Helloverify maintains contracts with these third

parties restricting their access, use and disclosure of personal data in compliance with our

Privacy Shield obligations.

The scope of this notice also covers consumer report data that Helloverify has obtained on

behalf of employers and other businesses by manually or electronically contacting the

appropriate sources of the data (court records, education and employment references,

licensing bureaus, etc.). Helloverify also performs services related to corporate litigation and

investigative services as requested by our clients.



More information regarding the nature and scope of consumer data inquiries is available by

contacting Helloverify in writing or by e-mail at the addresses listed on the Contact Us

page or by writing to the contacts listed below.

2. Choice Helloverify or its clients will offer individuals the opportunity to choose (opt-out) whether

their EU Personal Data will be disclosed to a third party (not including our agents) or will be

used for a purpose other than the purpose for which it was originally collected or

subsequently authorized by the individual. With respect to sensitive information, however, an

individual must "opt-in" to the disclosure of the information to a non-agent third party or to

the use of this information for a purpose other than its original purpose or that purpose

authorized subsequently by the individual. Helloverify or its clients will provide individuals

with a readily-available mechanism to exercise their choices should circumstances arise that

require opt-out or opt-in. In addition, Helloverify will treat as sensitive any EU Personal Data

received from a third party where the third party identifies and treats it as sensitive.

3. Onward Transfer (Transfers to Third Parties) With respect to the transfer of EU Personal Data to third parties (other than our agents), the

principles of "Notice" and "Choice" apply. Accordingly, EU Personal Data is only provided

to these types of third parties for purposes described in the "Notice" section or otherwise

disclosed to consumers, and will not be disseminated to such a third party where a consumer

has "opted-out" or, in the case of sensitive information, failed to "opt-in."

Non-agent third parties to whom we transfer EU Personal Data will be obligated to provide

the same level of protection as the Privacy Shield Principles.

Helloverify may disclose EU Personal Data to clients and third parties acting as agents. We

will transfer such data only for limited and specified purposes and ascertain that agents are

obligated to provide at least the same level of privacy protection as is required by the Privacy

Shield Principles.

4. Security

Helloverify takes reasonable and appropriate measures to protect EU Personal Data from

loss, misuse and unauthorized access, disclosure, alteration and destruction.

5. Data Integrity and Purpose Limitation Helloverify collects EU Personal Data that is relevant for the purpose(s) for which it is to be

used, consistent with the Privacy Shield Principles. We process EU Personal Data in ways

that are compatible with the purpose(s) for which it has been collected (as identified in the

Notice section above, or as subsequently authorized by the individual). To the extent

necessary for those purposes, Helloverify takes reasonable steps to ensure that EU Personal

Data collected is accurate, complete, current, and reliable for its intended use. Helloverify

retains EU Personal Data only for as long as it serves a purpose of processing.

6. Access A consumer may request, in writing, access to EU Personal Data collected and maintained

about him or her, which Helloverify will make a good faith effort to provide. Helloverify

https://www.fadv.com/contact-us.aspx




affords the consumer a reasonable opportunity to correct, amend, or delete information that is

inaccurate or incomplete, except where the burden or expense of providing access would be

disproportionate to the risks to the individual's privacy, or where the rights of persons other

than the individual would be violated.

Helloverify reserves the right to engage in reasonable efforts to confirm the identity of the

individual requesting EU Personal Data to ensure the information is provided only to the

subject of the data.

To request information relating to his or her EU Personal Data, a consumer may contact

Helloverify in writing or by e-mail at the following email address: [email protected]; or by

writing to the contacts listed below. In addition, the consumer will be asked to provide

sufficient evidence of his or her identity so we may ensure that information is being released

to the correct individual. If we are unable to provide the consumer with access to his or her

EU Personal Data or to correct the data, we will notify the consumer.

7. Recourse, Enforcement and Liability

Helloverify will verify that its attestations and assertions about its privacy practices with

respect to Privacy Shield are true and that those privacy practices have been implemented as

presented via in-house verification and internal policies and procedures implemented by

Helloverify management. Helloverify will take reasonable and appropriate steps to remediate

any issue that comes to its attention with respect to compliance with the Privacy Shield

Principles.

As described above, Helloverify will cooperate with the EU DPA Panel as an independent,

readily available recourse mechanism by which individual consumer complaints and disputes

that cannot be resolved between the consumer and Helloverify can be investigated and

remedied at no cost to the individual and by reference to the Privacy Shield Principles.

Helloverify will respond promptly to inquiries and requests by the Department of Commerce

for information related to the Privacy Shield, as well as to complaints regarding compliance

with the Privacy Shield Principles referred by the EU Data Protection Authorities through the

Department of Commerce.

Helloverify will arbitrate claims and follow the terms set forth in Annex I of the Privacy

Shield requirements, provided that an individual has properly invoked binding arbitration and

delivered notice to Helloverify in accordance with the appropriate procedures and conditions.

8. Amendments

From time to time, this policy may be amended to reflect new products and services, or as

necessary to reflect a new business practice. Consistent with the Privacy Shield

requirements, we will post any revised policy on this website.

CONTACT INFORMATION

To request information relating to your EU Personal Data, please

contact: [email protected].




If you have questions regarding this European Union Privacy Shield Privacy Policy,

contact:

Helloverify® Corporation

Angeli C. Heyne, Esq.

Senior Attorney, Regional Compliance Officer EMEA & Dubai

100 Carillon Parkway, Suite 350

St. Petersburg, FL 33716

United States

Telephone: +1.813.682.3664


XIX. Switzerland Privacy Shield Privacy Policy

Helloverify Corporation and its U.S. subsidiaries (“Helloverify”) complies with the Swiss-

U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding

the collection, use, and retention of personal information transferred from the Switzerland to

the United States. Helloverify has certified to the Department of Commerce that it adheres to

the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy

and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more

about the Privacy Shield program, and to view our certification, please visit

https://www.privacyshield.gov/.

“Swiss Personal Data” is data pertaining to an identified or identifiable individual that is

received by Helloverify from Switzerland.

In compliance with the Swiss-U.S. Privacy Shield Principles, Helloverify commits to resolve

complaints about our collection or use of your personal information. Individuals in

Switzerland with inquiries or complaints regarding this policy should first contact Helloverify

at [email protected] or at one of the contacts provided below. If such a complaint goes

unresolved, Helloverify further commits to comply with the advice of the Swiss Federal Data

Protection and Information Commissioner’s authority established to investigate and resolve

Privacy Shield complaints (“FDPIC”). Contact details for the FDPIC can be found at

https://www.edoeb.admin.ch. All of the above described recourse mechanisms are available

at no cost to you.

In cases where Helloverify transfers Swiss Personal Data received pursuant to the Swiss-U.S.

Privacy Shield onward to third party agents, Helloverify is potentially liable under the

Privacy Shield Principles if its agents process that Swiss Personal Data in a manner

inconsistent with the Principles, unless Helloverify is not responsible for the event giving rise

to the damage. In the event of a conflict between this policy and the Privacy Shield

Principles, the Privacy Shield Principles shall govern.

Helloverify is subject to the investigatory and enforcement powers of the Federal Trade

Commission. Helloverify may be required to disclose personal information in response to a

lawful request by public authorities, including to meet national security or law enforcement

requirements.

1. Notice


https://www.privacyshield.gov/


https://www.edoeb.admin.ch/org/00926/index.html?lang=en



Helloverify receives certain Swiss Personal Data at the request of customers and other third

parties for investigative, credential verification, and employment related purposes, as well as

credit and fraud risk mitigation related purposes.

Where permissible, Helloverify gathers and maintains consumer and other data which it

provides to its clients (employers or their agents, such as recruiters or staffing firms) for use

in making employment-related decisions, such as who to hire, retain, promote, or re-assign.

Helloverify also gathers and maintains consumer and other data which it provides to entities

including lenders, credit reference agencies and fraud prevention agencies. Provided below is

an illustrative list of common ways in which employers use the data provided by this

service:

Performance of applicant and employee background checks

Verification of the credentials of job applicants and current employees

Investigation into a suspicion of work-related misconduct or wrongdoing

Investigation into matters of employee compliance with employer policies, or

Investigation into matters of employee compliance with Federal, State, or local laws

and regulations

Provided below is an illustrative list of common ways in which lenders, credit

reference agencies and fraud prevention agencies use the data provided by this service

(where available):

Authentication of consumer applicants for loans or other credit services

Prevention or detection of fraud by consumer applicants for loans or other credit

services

Determination of credit worthiness or capacity of consumer applicants for loans or

other credit services

Location of absconded borrowers

Helloverify uses a limited number of third party service providers to assist us in providing

our services to customers. These third party providers perform reference and credential

verifications and complete portions of services requested by our customers, such as by

obtaining records from data sources. These third parties may access or process personal data

in the course of providing their services. Helloverify maintains contracts with these third

parties restricting their access, use and disclosure of personal data in compliance with our

Privacy Shield obligations.

The scope of this notice also covers consumer report data that Helloverify has obtained on

behalf of employers and other businesses by manually or electronically contacting the

appropriate sources of the data (court records, education and employment references,

licensing bureaus, etc.). Helloverify also performs services related to corporate litigation and

investigative services as requested by our clients.



More information regarding the nature and scope of consumer data inquiries is available by

contacting Helloverify in writing or by e-mail at the addresses listed on the Contact Us

page or by writing to the contacts listed below.

2. Choice

Helloverify or its clients will offer individuals the opportunity to choose (opt-out) whether

their Swiss Personal Data will be disclosed to a third party (not including our agents) or will

be used for a purpose other than the purpose for which it was originally collected or

subsequently authorized by the individual. With respect to sensitive information, however, an

individual must "opt-in" to the disclosure of the information to a non-agent third party or to

the use of this information for a purpose other than its original purpose or that purpose

authorized subsequently by the individual. Helloverify or its customers will provide

individuals with a readily-available mechanism to exercise their choices should

circumstances arise that require opt-out or opt-in. In addition, Helloverify will treat as

sensitive any Swiss Personal Data received from a third party where the third party identifies

and treats it as sensitive.

3. Onward Transfer (Transfers to Third Parties)

With respect to the transfer of Swiss Personal Data to third parties (other than our agents), the

principles of "Notice" and "Choice" apply. Accordingly, Swiss Personal Data is only

provided to these types of third parties for purposes described in the "Notice" section or

otherwise disclosed to consumers, and will not be disseminated to such a third party where a

consumer has "opted-out" or, in the case of sensitive information, failed to "opt-in."

Non-agent third parties to whom we transfer Swiss Personal Data will be obligated to provide

the same level of protection as the Privacy Shield Principles.

Helloverify may disclose Swiss Personal Data to clients and third parties acting as agents. We

will transfer such data only for limited and specified purposes and ascertain that agents are

obligated to provide at least the same level of privacy protection as is required by the Privacy

Shield Principles.

4. Security Helloverify takes reasonable and appropriate measures to protect Swiss Personal Data from

loss, misuse and unauthorized access, disclosure, alteration and destruction.

5. Data Integrity and Purpose Limitation Helloverify collects Swiss Personal Data that is relevant for the purpose(s) for which it is to

be used, consistent with the Privacy Shield Principles. We process Swiss Personal Data in

ways that are compatible with the purpose(s) for which it has been collected (as identified in

the Notice section above, or as subsequently authorized by the individual). To the extent

necessary for those purposes, Helloverify takes reasonable steps to ensure that Swiss Personal

Data collected is accurate, complete, current, and reliable for its intended use. Helloverify

retains Swiss Personal Data only for as long as it serves a purpose of processing.

6. Access A consumer may request, in writing, access to Swiss Personal Data collected and maintained

about him or her, which Helloverify will make a good faith effort to provide. Helloverify

affords the consumer a reasonable opportunity to correct, amend, or delete information that is





inaccurate or incomplete, except where the burden or expense of providing access would be

disproportionate to the risks to the individual's privacy, or where the rights of persons other

than the individual would be violated.

Helloverify reserves the right to engage in reasonable efforts to confirm the identity of the

individual requesting Swiss Personal Data to ensure the information is provided only to the

subject of the data.

To request information relating to his or her Swiss Personal Data, a consumer may contact

Helloverify in writing or by e-mail at the following email address: [email protected]; or by

writing to the contacts listed below. In addition, the consumer will be asked to provide

sufficient evidence of his or her identity so we may ensure that information is being released

to the correct individual. If we are unable to provide the consumer with access to his or her

Swiss Personal Data or to correct the data, we will notify the consumer.

7. Recourse, Enforcement and Liability Helloverify will verify that its attestations and assertions about its privacy practices with

respect to Privacy Shield are true and that those privacy practices have been implemented as

presented via in-house verification and internal policies and procedures implemented by

Helloverify management. Helloverify will take reasonable and appropriate steps to remediate

any issue that comes to its attention with respect to compliance with the Privacy Shield

Principles.

As described above, Helloverify will cooperate with the FDPIC as an independent, readily

available recourse mechanism by which individual consumer complaints and disputes that

cannot be resolved between the consumer and Helloverify can be investigated and remedied

at no cost to the individual and by reference to the Privacy Shield Principles.

Helloverify will respond promptly to inquiries and requests by the Department of Commerce

for information related to the Privacy Shield, as well as to complaints regarding compliance

with the Privacy Shield Principles referred by the FDPIC through the Department of

Commerce.

8. Amendments

From time to time, this policy may be amended to reflect new products and services, or as

necessary to reflect a new business practice. Consistent with the Privacy Shield

requirements, we will post any revised policy on this website.

XX. PRIVACY POLICY FOR AUSTRALIA AND NEW ZEALAND

INTRODUCTION

Helloverify® Australia Pty Ltd ABN 67 101 863 209 and Helloverify® New Zealand

Limited [NZBN 9429034295540] ("Helloverify®", "we", "us" or "our") provides a

background screening service for its clients ("Client"), to assist them in considering

individuals for employment, change in the level of responsibility, other circumstances where

an individual's background is relevant (including but not limited to insurance and claims

review), or to determine if further verification or investigation is necessary. This is achieved

by preparing an employment, investigative, or due diligence report for the Client.



This policy may change from time to time. Please check the policy each time you use our

Web site for the most current information.

In this Privacy Policy for Australia and New Zealand, the following definitions apply:

Privacy Legislation means:

- for Australia, the Privacy Act 1988 including the Australian Privacy Principles; and

- for New Zealand, the Privacy Act 1993 including the Information Privacy Principles

Personal Information has the same meaning as in the Privacy Legislation; ie:

- for Australia, "information or an opinion about an identified individual, or an individual

who is reasonably identifiable: (a) whether the information or opinion is true or not; and (b)

whether the information or opinion is recorded in a material form or not; and

- for New Zealand, "information about an identifiable individual; and includes information

relating to a death that is maintained by the Registrar-General".

THE INFORMATION WE COLLECT AND HOLD

As part of our services, we receive information about individuals for the purposes of

conducting our checks.

Personal Information that we collect and hold about an individual will vary depending upon

the background checks required by the Client and the information the individual supplies to

us. Personal Information about an individual that we may collect and hold includes name,

age, date of birth, employment history, reference information, education, professional

qualifications, residency, sanctions, immigration status, claims, judgments, insolvency,

current and previous directorships, character, personal reputation, and such other checks and

enquiries as the Client considers necessary to verify information provided by an individual.

From Clients we may collect company address and the name, email and phone number of any

system users.

From Clients and individuals, we may collect credit card payment details.

From the sources of our background checks we may collect the name and job title of the

person who supplied us with the information.

We may also collect other Personal Information which is "sensitive information". Sensitive

information is given a greater level of protection under the Privacy Legislation. The Privacy

Legislation imposes greater obligations on us regarding any collection, use or disclosure we

make of an individual's sensitive information.

Sensitive information about an individual that we may collect and hold includes criminal

records, and membership of a professional or trade association.

We recognise the importance of privacy issues and respect the confidentiality of the Personal

Information and sensitive information individuals provide to us. We will collect and deal with

Personal Information and sensitive information in accordance with the Privacy Legislation,

and our Privacy Statement and this Privacy Policy (all as amended from time to time).

MAIN PURPOSES FOR WHICH WE COLLECT, HOLD, USE AND DISCLOSE

PERSONAL INFORMATION



When engaged by a Client, Helloverify® verifies an individual's information, documentation

and any responses by carrying out verification checks for the purposes of preparing an

employment, investigative, or due diligence report. This is done at the Client's request to

enable them to assess an individual's suitability for employment, promotion, provision of

services, or other purposes in accordance with their legal obligations and internal risk

management policy (including but not limited to insurance and claims review).

In certain circumstances, Helloverify® may be engaged by a Client to prepare an

employment or investigative report because they are required by law to determine a

candidate's suitability for a position of employment.

HOW WE COLLECT PERSONAL INFORMATION

In order to process and verify information for a Client's request, the Client and Helloverify®

may collect an individual's Personal Information directly from the individual. We may also

collect information about an individual from a third party a candidate refers us to. In these

circumstances, we will assume that the individual has referred Helloverify® to them and

informed them of the purposes involved in the collection, use and disclosure of the relevant

personal or other information.

We may use the Personal Information, documentation and any responses an individual or

third party reference has provided to us to apply to various other entities ("Sources") for

verification of an individual's personal and other information, to collect additional Personal

Information, and to conduct public record searches. Examples of Sources include, but are not

limited to, government agencies, law enforcement bodies, publicly available records, public

registries, court or tribunal records, insolvency registers, educational institutions, current

and/or previous employers, and regulatory and licensing bodies.

HOW WE HOLD PERSONAL INFORMATION

The Personal Information provided to us by an individual, third party references, and any

other Personal Information provided by the Sources, will be processed by us.

Helloverify® will then use the Personal Information to prepare a report outlining the findings

of its investigations and provide the report to the Client via a secure means. The Client may

then use that information to consider an individual's suitability for employment, change in the

level of responsibility, or other circumstances where an individual's background is relevant,

or to determine if further verification or investigation is necessary. If a Fit and Proper report

was requested, the Client may use this to determine whether an individual meets the

requirements as a Fit and Proper Person. If the report was requested for insurance purposes, it

may be used by the client to determine eligibility for insurance or for claims payments.

We store the Personal Information we receive in hard copy files and/or in electronic format in

a database.

We take steps to protect against the loss, misuse, or unauthorized alteration of Personal

Information collected and subject to this policy. We recognize the importance of security for

all Personal Information collected by Helloverify®. Once we receive Personal Information,

we take steps to protect its security on our systems. In the event we request or transmit

sensitive information, we use industry standard, secure socket layer (SSL) encryption.

We limit access to personally-identifiable information to those employees who need this

access in order to carry out their job responsibilities.



When we dispose of personally identifiable information, we use procedures to dispose of

Personal Information by means such as shredding documents and erasure of electronic media

that information cannot be practicably read or reconstructed.

We may need to retain Personal Information collected from an individual, third party

references, or Sources to comply with our contractual, statutory or other legal obligations

even after the employment or other application process is completed or terminated.

IDENTIFIERS

An "identifier" is a unique identification number assigned to a candidate by the Australian

Government or an Australian Government Agency. Examples of identifiers include a Tax

File Number (TFN) or a Medicare number. Helloverify® does not use identifiers to identify a

candidate's personal information in our systems.

OVERSEAS TRANSFERS OF PERSONAL INFORMATION

We may disclose Personal Information to overseas recipients. The circumstances of

disclosure may be as follows:

We may need to disclose an individual's Personal Information overseas in order to carry out

our checks. For example, if an individual lived, studied or worked overseas, we may need to

disclose that individual's Personal Information overseas to liaise with Sources, employers,

third party references, or educational institutions. Disclosures of this kind may be to any

country in the world, depending upon the circumstances of the individual.

We may also disclose an individual's Personal Information to our related bodies corporate

located overseas, most likely in Australia, India, Canada, New Zealand, the U.S. or the U.K.

Personal Information may be disclosed to related bodies corporate located overseas for

purposes including data storage, administrative purposes (creating internal and external

reports, invoicing and trends in data), and operational and/or processing purposes in

connection with the preparation of an employment or investigative report to the Client.

ACCESS AND CORRECTION OF INFORMATION

An individual has a right to request access to their Personal Information which is held by us.

An individual may apply for that information by contacting the Privacy Officer at the contact

details set out below. We will acknowledge receipt of a request for access. Where reasonable

and practicable, we will provide access to Personal Information in the form requested by an

individual. A moderate fee may be charged for this information. Proof of identity may be

required.

We will handle requests for access to Personal Information in accordance with the Privacy

Legislation. However, in some circumstances permitted under the Privacy Legislation we

may not be required to give an individual access to the information we hold about them.

It is also important to us that the information we hold about an individual is accurate,

complete and up to date. An individual has a right to request the correction of the Personal

Information that Helloverify® holds about them. The Individual may do so by lodging a



correction request with the Privacy Officer at the contact details listed below. Helloverify®

will handle correction requests in accordance with the Privacy Legislation.

Please note that the Privacy Officer listed below handles requests from Australia and New

Zealand.

XXI. PRIVACY POLICY FOR JAPAN Please go to http://www.HV.com/japan-privacy.htm

XXII. DATA PROTECTION CONTACT FOR CANADA

Our Data Protection Officer for Canada is Bret Jardine, Esq.

To request information or receive help with data protection issues, contact our Data

Protection Officer at:

Vinod Mamgai

Telephone: [email protected]

XXIII. DATA PROTECTION CONTACT FOR SINGAPORE

Our Data Protection Officer for Singapore is Taruna Bhatnagar.

To request information or receive help with data protection issues, contact our Data

Protection Officer at:

Taruna Bhatnagar, CISO


http://www.fadv.com/japan-privacy.htm



helloverify privacy policy reference no.: helloverify/om ... poli… · helloverify privacy policy...

Documents