Privacy Policy

Certn (a group of companies: Certn (Canada) Inc., Certn (USA) Inc., Certn Operations Ltd., Certn (Australia) Ltd., hereinafter collectively referred to as “Certn”, “we,” “us,” or “our”) is committed to respecting the privacy rights of everyone whose Personal Information we have received as a result of your use of our Website or as part of the processes of delivering our Website functionalities and its Services thereto. 

This Privacy Policy constitutes an inseparable part of our Terms of Use (“Terms”) which describe the terms under which you can use our Website and our Services. Any capitalized terms in this Privacy Policy shall bear the meaning defined in the Terms of Use. 

This Privacy policy explains how we collect, use, disclose and safeguard your information when you visit our Website, including any other media form, media channel, mobile website or mobile application connected thereto. Unless otherwise specified, this Privacy Policy applies to all Website Visitors, our Clients, and the Consumers subject to any and all of the Services we deliver. By using our Website or our Services, you consent to the collection, use and disclosure of your Personal Information subject to the provisions of this Privacy Policy.

Please make sure that you read, fully understand, and agree to this Privacy Policy before you use our Website or any of our Services. Your Personal Information must be provided at your own free will when you choose to participate in various activities related to our Website, such as, but not limited to, subscribing to our Services or our newsletters and promotional emails. If you do not agree with this Privacy Policy or do not wish to provide your Personal Information to have it processed by us or any of our Clients, please do not use our Website and Services. If you choose to provide us with a more limited scope of your Personal Information, please keep in mind that we may not be able to provide you with the full range of our Services or deliver the best experience of using our Website.  

We reserve the right to modify this Privacy Policy at any time without notice. You are encouraged to periodically review this Privacy Policy to stay informed of updates. The Privacy Policy posted at any time or from time to time via this Website shall be deemed to be the Privacy Policy then in effect.

HOW AND WHY DO WE COLLECT PERSONAL INFORMATION?

We collect technical data from Website Users browsing on own Website, Client profile data for registered users of our Services, Consumer Personal Information for individuals subject to our background screening reports and other data received from you or other third-party sources for the following reasons and purposes:

  • to provide you with a better experience on our Website: for instance, through the collection of anonymized browsing statistical data from the use of Cookies or other technologies; 
  • to provide you with news and general information about our Services that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information;
  • to manage your requests: to process and manage your requests to us; 
  • for the performance of a contract: the development, compliance and undertaking of the contract for the Services we offer; 
  • to manage your account: provide Clients with better assistance and support. To manage your registration as a user of our Services. The Personal Information you provide can give you access to different functionalities of the Services that are available to you as a registered user. 
  • to contact you: to contact our Clients or the Consumers by email, telephone calls, or other equivalent forms of electronic communication, where necessary and related to the processing of their Service requests or their Personal Information; 
  • to facilitate, process and deliver our background screening Services. For instance:
    • you are in the process of applying for a job with us;
    • you are a Client of ours and have requested our background screening Service of a Consumer.
    • you are an applicant subject to our background screening Services;
    • you provide information services to us;
  • for other purposes: we may use your information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our Services, marketing, and your experience. 

WHAT INFORMATION DO WE COLLECT FROM WEBSITE USERS ON OUR WEBSITE?

COOKIES AND OTHER TECHNOLOGIES

Our Website uses Cookies and other similar technologies to provide functionality, analyze traffic and personalize some of your web content. 

Website log data: Certn’s web servers log the following information during visits to our Website: IP addresses, type of operating system, time and duration of visit, web pages visited and browser type. We do not link server log information to any other information in a way that would enable the identification of Website Visitors to our Website. Apart from analyzing such logs to provide you with a better experience on our Website, server logs may be reviewed for security purposes and if necessary, to detect unauthorized activity on our Website. In such cases, server log data, containing IP addresses, would be shared with law enforcement bodies in order that they may identify users in connection with their investigation of the unauthorized activities.

Cookies: You will be presented with information about our Cookies and an option to accept all Cookies or customize your Cookie preferences when you first visit our Website and occasionally thereafter. You can consent to or refuse all Cookies at any time when browsing on the Website.  See below what Cookies are, how we use Cookies and why.

What are Cookies?

Cookies are small text data files that which are sent to your computer or mobile device by a website while browsing. You can consent to the use of Cookies or refuse them at any time.

Cookies are set to identify your browser, selected information of preferences or settings for the purposes of making websites work, or work more efficiently, differentiate you from other users or provide operational information to us. Session Cookies are deleted automatically after every visit while persistent Cookies remain on your device after the browser has been closed to allow for a more personalized browsing.

We set our own first party Cookies. They are essential for the proper operation of our Website. Our Website also allows for the use of third-party Cookies, which can be read externally by other organizations.  As such, we cannot be responsible for third party Cookies, i.e., Cookies that are not initiated by us.

How do we use Cookies?

Necessary Cookies enable core functionalities such as security and accessibility on our Website. You may disable these by changing your browser settings, but you may be unable to access or fully use certain parts or functionalities. By using our website, you agree that we can store and access necessary Cookies on your device. 

Statistic Cookies are anonymous and cannot be used to identify you. They help us improve our Website functions and collect information on how you used the website (such as how often you visit our Website, the links you clicked on, the pages you prefer most). Consenting to those Cookies will allow us to produce anonymous statistical reports for website improvement purposes.

Preferences Cookies allow our Website to remember the choices you have previously made (such as selected language or saved username and password) to allow for quicker browsing. 

Marketing Cookies may be set across websites by third parties. They do not store Personal Information but identify your browser and your internet device to help advertisers in showing you relevant advertisements.

You can choose and manage all of your Cookies at any time. You can control of most Cookies through the browser settings. To find out more about how to manage your Cookies on popular browsers, you can use the following links Google Chrome, Microsoft Edge, Mozilla Firefox, Microsoft Internet Explorer, Opera, Apple Safari. 

Alternatively, you can manage your Cookie selection from the Cookie banner on our Website by providing or withdrawing your consent for the different types of Cookies we use on the Website.  

FINANCIAL INFORMATION

Financial information, such as data related to your payment method (e.g., valid credit card number, card brand, expiration date) is never collected by us either through our Website or otherwise. Upon processing payments, you are transferred to a secure page on the website or some other reputable payment service provider. That page may be dressed in our “livery”, but it is not managed by us. All financial information is processed by our payment processor and you are encouraged to review their privacy policy and contact them directly for responses to your questions. 

WHAT INFORMATION DO WE RECEIVE, PROCESS AND REPORT UPON DELIVERING OUR SERVICES? LEGAL BASIS OF THE PROCESSING.

We process information on an individual Consumer only upon the request of a Client who has a Permissible Purpose to request information on that Consumer in order to provide consumer reports. All Clients must certify that they have a Permissible Purpose to request a report subject to our Services. We collect, use, and disclose Personal Information when the Consumer is aware of the purposes for which the information will be collected, processed, or disclosed, and has given his or her consent to such use or disclosure, except where collection, processing, or disclosure of Personal Information without consent is permitted or required by law. Subject to regulatory requirements, operating our Services in certain jurisdictions require us or our Clients to obtain additional or specific consents in the form of additional consent form, telephone call, through an online platform or other methods. As stipulated in our binding Terms of Use, where the Consumer does not provide such consent or specific consent directly to us, but to our Clients, we require our Clients to obtain the Consumer’s consent prior to providing us with the Consumer’s Personal Information subject to verification for any of our Services. The Consumer may withdraw such consent previously granted at any time by contacting us. However, withdrawing such consent does not affect the lawfulness of any processing based on the consent before the withdrawal. 

Subject to the types of Services we provide, the type and scope of collected Personal Information may vary depending on local regulations and the data verification Service request. As such, the Personal Information we receive may include parts or all of the following: 

  • full name including maiden name (where applicable)
  • date of birth
  • an image of your face with your facial biometric identifiers (“biometric data”)
  • and/or applicable photographic proof of identity document (such as identification card, passport, or a driver’s license)  
  • job title
  • phone number
  • email address
  • current and/or past addresses
  • current and past employers
  • social insurance number/ social security number/personal identification number
  • driver’s license number and driving history
  • education history, professional qualifications, and memberships 
  • police or criminal history 
  • records for associated claims and judgments 
  • public records such as directorships, insolvencies, bankruptcies, financial standing,

and any other data requested through our Platform, whereby Personal Information will be strictly related and limited to the scope of Service we are requested to provide. 

The scope of our reported Personal Information subject to the delivery of our Services may contain parts or all of the following information for the Consumer where such is subject to access and disclosure in the applicable jurisdiction and for the consented Permissible Purpose: 

  • Identity verification: name, previous name(s), date of birth, social insurance number (including temporary and/or previous social insurance numbers)/ social security number/ personal identification number, current and previous addresses;
  • Public records verification: court judgments, bankruptcies, as well as, criminal court cases, fraud lists, sex offender registries, and terrorist watch lists;
  • Criminal record check: a list of identified criminal records on file;
  • Address history verification: A list of past residential addresses associated with the Consumer
  • Employment history verification: A list of previous employers as well as the dates of employment and any references associated with the employment;
  • Education history verification: A list of previously attended educational institutions, the dates attended, and any degrees/diplomas/certificates/other obtained;
  • Driving history verification: history of offences recorded against your license; validity of your license;
  • Credit report: a record of how a Consumer has managed his or her credit in the past, including total debt, number of credit lines, and timeliness of payment; 
  • Drug test results for controlled substances issued by drug testing labs (for USA Consumers only)

INFORMATION THAT WE DO NOT COLLECT

We do not collect, process, or disclose any Personal Information related to:

  • race, creed, color, ancestry, religion, ethnicity, sexual preference, family status or political affiliations;
  • We do not knowingly solicit information from children under the age of 13. If you become aware of any data we have collected from children under age 13, please contact us using the contact information provided below.

WHO SEES YOUR PERSONAL INFORMATION AND HOW IS IT DISCLOSED IN-COUNTRY AND ACROSS BORDERS?

We may share your information with third parties that perform services for us or on our behalf, including payment processing, data analysis, email delivery, hosting services, customer service, and marketing assistance.  

With your consent, or with an opportunity for you to withdraw consent, we may share your information with third parties for marketing purposes, as permitted by law.

We may share your information with our affiliates, in which case we will require those affiliates to honor this Privacy Policy. Affiliates include our parent company and any subsidiaries, joint venture partners or other companies that we control or that are under common control with us. 

When we provide Services to a Client, the information is shared with them through our secure portal. The information reported to the Client contains verification of the Consumer’s Personal Information sourced from public or private institutions such as, but not limited to:

  • credit bureaus, collection agencies or other institutions with such status,
  • government agencies,
  • police administration,
  • departments of motor vehicles,
  • public court databases, 
  • governmental and non-governmental databases and repositories,
  • education institutions, 
  • drug testing labs conducting your drug screening (for USA Consumers only)
  • previous employers.

In exceptional circumstances, we may be requested to communicate Personal Information with law enforcement agencies, national security agencies, courts, or other similar institutions as required by law. If in receipt of a production order, subpoena, warrant or other enforceable demand, we will act in compliance as required by the Applicable Laws. We will communicate the request of such information with the Consumer on a best-efforts basis unless prohibited by law. 

Other parties with potential legitimate access to processed Personal Information may be: 

  • auditors for the performance of contracted or statutory compliance audits,
  • contract partners or business partners who are participating in the delivery of our Services.

Some of the recipients referred to above are located in or process Personal Information outside Canada and the USA. In some cases, it may also be necessary to collect and release such information across borders be it because you have worked or studied overseas, and background and reference checking is required to be undertaken in a different jurisdiction. In cases where the Consumer/Client have resided/are based in the state of California, USA or the EU and EEA, some specific requirements may apply to the transfer of Personal Information. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to such transfer.

Subject to the consideration that we occasionally process Personal Information of EEA and EU residents, we have taken measures to comply to the established EU Commission standards and ensure that all recipients of any such Personal Information provide an adequate level of data protection based on, but not limited to, commitments in Standard Contractual Clauses. 

We take all steps reasonably necessary to ensure that your Personal Information is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Information will take place to an organization or a country unless there are adequate controls in place to ensure the security of your data. If you have any questions as to whether your information will be disclosed overseas, and/or if you have any restrictions or conditions regarding the release of your information across borders, please contact us as soon as possible so we may discuss your specific requirements.

YOU CONTROL THE USE OF YOUR PERSONAL INFORMATION. REVIEWING, CHANGING AND DELETING YOUR PERSONAL INFORMATION

Consumers have the right to request from us:

  • information about how their Personal Information is processed
  • a copy of that Personal Information
  • that anything inaccurate in the processed Personal Information is corrected 

You can also:

  • raise an objection about how your Personal Information is processed
  • request that your Personal Information is erased if there is no longer a justification for it
  • ask that the processing of your Personal Information is restricted in certain circumstances.  

We will provide you with such Personal Information at no charge upon written request.  Please contact us with any requests or questions for exercising your rights.

OPTIONS REGARDING YOUR INFORMATION, RETENTION AND DESTRUCTION OF PERSONAL INFORMATION

Unless otherwise required from a compliance perspective, Client records will be retained a minimum of seven (7) years after conclusion of the contract. Data required to establish proof of a right or a contract will be stored for the duration provided by enforceable law. Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, some information may be retained in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our Terms of Use and/or compliance with legal requirements.

Depending on the type of Personal Information, data verification results shall be retained for as long as required under the Applicable Laws yet no more than three (3) years. Unless the Consumer has withdrawn their consent or asked us to delete their data, we retain information as long as it is necessary for the provision of our Services or as long as required by law and in accordance with our data retention compliance obligations. Where we are required to, we will keep some information as a log. Occasionally this information is anonymized so the Consumer cannot be identified.

SPECIFIC DATA PROTECTION PRACTICES. SPECIFIC TYPES OF DATA. SPECIFIC JURISDICTIONS.

Biometric Data and facial recognition and identity verification: We use a biometric system based on facial recognition technology to verify and confirm your identity by matching a real-time picture of your face to the photo on your identification document. For data protection reasons, we need your permission to use your facial image (selfie) when confirming the two photos match. If you agree to use our Services with biometric facial recognition identity verification, your picture will be collected and processed on behalf of Certn to identify you in photographs for the purposes of verifying identity.

USA

We are located and deliver our Services primarily within the jurisdictions of Canada and the USA. Subject to the consideration that Consumers background verifications often require inquiries outside those jurisdictions, we may also use sources and verify information in such locations, as related to the relative background of the Consumer. As such, we shall process such Personal Information in consideration of the applicable Data Protection Legislation. 

Adverse action considerations 

  • When a Client bases their decision to deny a benefit or to increase a rental charge to the Consumer, in part on information contained in the background screening report, the Client has an obligation to inform the Consumer that they obtained information from us and provide our contact details for any further information, amendments or deletions. We do not play a role in the decisions of our Clients. Consumers should deal directly with the Client for more information on any adverse action consequent to their application and screening.
  • If, in the rare event, any reported information is proven as inaccurate, we will: 
    • reinvestigate and correct (or request the correction) of the sourced Personal Information as soon as reasonably possible, and
    • where applicable: send the corrected Personal Information to each organization to which the Personal Information was disclosed by Certn during the year before the date the correction was made.
  • If no correction is made, Certn will create a note in your file that the correction was requested but not made.
  • The Client must correct the Personal Information under their control if we send a notification of a correction of Consumer’s Personal Information.

CALIFORNIA PRIVACY RIGHTS

For purposes of the California Consumer Privacy Act (“CCPA”), we do not “sell” personal information (herein also referred to as Personal Information).

California residents may have the following rights under the CCPA: right to access your Personal Information, right to deletion, right to disclosure, right to opt out of sales, and right to be free from discrimination. If you are a Californian resident, you can contact us to exercise your rights. For compliance purposes, we may require additional information from you in order to honor your request and we may decline your request as permitted under the Applicable Laws. 

EU RESIDENTS

EU Consumers have certain rights regarding their Personal Information. These include the following: 

  • the right to request details of the Personal Information we have about you;
  • the right to ask that we update your information if it is inaccurate or incomplete;
  • the right to ask that we delete your information in certain circumstances; 
  • the right to withdraw your consent to the use of your information where we are relying on that consent;  
  • in some circumstances, you have the right to receive some of your information in a usable format and/or request we transmit that data to a third party where this is technically feasible; 
  • the right to request that we restrict the processing of your Personal Information in certain circumstances; 
  • the right to lodge a complaint with your local data protection authority if you think we have not been able to assist you. 

Please note that we may still be entitled to process your Personal Information if we have another legitimate reason (other than consent) for doing so. There may be circumstances where you ask us to erase your information, but we are legally entitled to keep or process some of it as a log or for compliance purposes.

If you would like to exercise such rights, please contact us at the details below. We will contact you if we need additional information from you in order to deliver the applicable information or undertake specific actions to honor your request in exercising your rights. 

DECISION MAKING ASSOCIATED WITH PERSONAL INFORMATION

We do not take part in the decision-making process following a delivered report subject to the provision of our Services. Our reports do not make a recommendation to our Clients whether positive or negative about the Consumer. The way reported information is weighted or used for decision-making is entirely at the discretion of our Client and their discussions with the Consumer. No incentive exists for Certn to provide an opinion or alter information contained on the report and we have no vested interest in the outcome between Clients and the Consumer.

HOW DO WE KEEP YOUR DATA SAFE?

We are SOC II certified and have implemented advanced technical, administrative, and physical control procedures to protect Personal Information from unauthorized access, loss, misuse, interference or alteration during its collection, use, disclosure, and storage.  We limit access to Personal Information to individuals with a legitimate business need consistent with the reason and purpose the information was provided.  

We encrypt processed information both in transit and at rest.  We perform security audits, vulnerability scans, and penetration tests on a regular basis to ensure compliance with industry security practices and standards.  

All our staff, suppliers and contractors are security vetted prior to taking up employment. All staff are data protection trained and are aware of their responsibilities. Such trainings are conducted repeatedly on a regular or random basis, but at least once on an annual basis. 

We perform regular security checks on all our materials, including Software, hardware, and telecommunications equipment. 

In addition, our Clients have obligations to Consumers when accessing Personal Information delivered from us or providing Personal Information to us. We have processes in place to encourage our Clients to comply with Applicable Laws and obtain all necessary consents in advance. Such processes include but are not limited to entering into binding agreements with our Clients and conducting mutual random audits of each other’s internal procedures and practices to ensure that regulatory standards are mutually met and exceeded at all times. 

CONTACTING US

Please contact us using the contact information below. Our support center is staffed by trained personnel who can assist with your inquiries and your requests for exercising rights. You may also direct your inquiry or request directly to our privacy officer. Subject to regulatory requirements, we may request that you put any request for access, correction, or deletion of your Personal Information in writing.

If you have any questions about this Privacy Policy, you can contact by:

 
 
 
 
Last Updated: April 12, 2021.