Privacy Policy

We are committed to respecting the privacy rights of everyone whose Personal Data we have received as a result of your use of our Website or as part of the processes of delivering our Website functionalities and its
Services thereto. Unless otherwise specified, this Privacy Policy applies to all Website Visitors, our Clients
and the Data Subjects subject to any and all of the Services we deliver.

We strive for data certainty and facilitating the process of pre-employment, employment and tenant background screening whenever such is needed for an employment opportunity or a property listed for rent. Most of our Clients include employers, banks, property managers and other institutions (the “Clients”). By their nature, our Services include Personal Data about our Clients’ potential or existing employees, or tenant applicants (as such, the “Data Subjects”). Accordingly, we receive Personal Data either directly from the Data Subjects or indirectly through our Clients’ requests for background screening of the consenting Data Subjects when they apply for a job or change their landlord. We require our Clients to obtain consent prior to providing Certn with Personal Data, and prior to accessing the Personal Data subject to our data verification Services.

Please make sure that you read, fully understand and agree to this Privacy Policy before you use our Website or any of our Services. Your Personal Data must be provided at your own free will. If you do not agree with this Privacy Policy or do not wish to provide your Personal Data to have it processed by us or any of our Clients, please do not use our Website and Services. If you choose to provide us with a more limited scope of your Personal Data, please keep in mind that we may not be able to provide you with the full range of our Services or deliver the best experience of using our Website.

This Privacy Policy constitutes an inseparable part of our Terms of Use (“Terms”) which describe the terms under which you can use our Website and our Services. Any capitalized terms in this Privacy Policy shall bear the meaning defined in the Terms of Use.

By using our Website or our Services, you consent to the collection, use and disclosure of your Personal Data subject to the provisions of this Privacy Policy.

We reserve the right to modify this Privacy Policy at any time without notice. The Privacy Policy posted at any time or from time to time via this Website shall be deemed to be the Privacy Policy then in effect. To find out more about our privacy practices, click on any of the sections below:

HOW AND WHY DO WE COLLECT PERSONAL DATA?

We collect technical data from Website Users browsing on own Website, Client profile data for registered users of our Services, Data Subject Personal Data for individuals subject to our background screening reports and other data received from you or other third party sources for the following reasons and purposes:

  • to provide you with a better experience on our Website; for instance, through the collection of anonymized browsing statistical data from the use of Cookies or other technologies 
  • to provide Website Visitors and Clients with better assistance and support. For instance: 

    • you are a Client of ours and registered on our Platform or inquired us for our Services
 
  • to contact our Clients or the Data Subjects where necessary and related to the processing of their Service requests or their Personal Data 
  • to authenticate the identity of Data Subjects, and allow them to access our Platform, Services or verify their data subject to our Clients’ requests. 
  • to facilitate, process and deliver our background screening Services. For instance:

    • you are in the process of applying for a job with us
    • you are a Client of ours and have requested our background screening Service of a Data
      Subject
    • you are an employee, or are applying for a new job or a new rented property
    • you provide information services to us
 

WHAT INFORMATION DO WE COLLECT FROM WEBSITE USERS ON OUR WEBSITE? COOKIES AND OTHER TECHNOLOGIES

Our Website uses Cookies and other similar technologies to provide functionality, analyze traffic and personalize some of your web content. 

Website log data: Certn’s web servers log the following information during visits to our Website: IP addresses, type of operating system, time and duration of visit, web pages visited and browser type. We do not link server log information to any other information in a way that would enable the identification of Website Visitors to our Website. Apart from analyzing such logs to provide you with a better experience on our Website, server logs may be reviewed for security purposes and if necessary to detect unauthorized activity on our Website. In such cases, server log data, containing IP addresses, would be shared with law enforcement bodies in order that they may identify users in connection with their investigation of the unauthorized activities.

Cookies: You will be presented with information about our Cookies and an option to accept all Cookies or customize your Cookie preferences when you first visit our Website and occasionally thereafter. You can consent to or refuse all Cookies at any time when browsing on Certn.co.  See below what Cookies are, how we use Cookies and why.

What are Cookies?

Cookies are small text data files that which are sent to your computer or mobile device by a website while browsing. You can consent to the use of Cookies or refuse them at any time.

Cookies are set to identify your browser, selected information of preferences or settings for the purposes of making websites work, or work more efficiently, differentiate you from other users or provide operational information to us. Session Cookies are deleted automatically after every visit while persistent Cookies remain on your device after the browser has been closed to allow for a more personalized browsing.

We set our own first party Cookies on Certn.co. They are essential for the proper operation of our Website. Certn.co also allows for the use of third-party Cookies, which can be read externally by other organizations.  As such, we cannot be responsible for third party Cookies, i.e. Cookies that are not initiated by us.

How do we use Cookies?

Necessary Cookies enable core functionalities such as security and accessibility on our Website. You may disable these by changing your browser settings, but you may be unable to access or fully use certain parts or functionalities. By using our website, you agree that we can store and access necessary Cookies on your device. 

Statistic Cookies are anonymous and cannot be used to identify you. They help us improve our Website functions and collect information on how you used the website (such as how often you visit our Website, the links you clicked on, the pages you prefer most). Consenting to those Cookies will allow us to produce anonymous statistical reports for website improvement purposes.

Preferences Cookies allow our Website to remember the choices you have previously made (such as selected language or saved username and password) to allow for quicker browsing. 

Marketing Cookies may be set across websites by third parties. They do not store Personal Data, but identify your browser and your internet device to help advertisers in showing you relevant advertisements.

You can choose and manage all of your Cookies at any time. 

You can control of most Cookies through the browser settings. To find out more about how to manage your Cookies on popular browsers, you can use the following links Google Chrome, Microsoft Edge, Mozilla Firefox, Microsoft Internet Explorer, Opera, Apple Safari. 

Alternatively, you can manage your Cookie selection from the Cookie banner on our Website by providing or withdrawing your consent for the different types of Cookies we use on certn.co.  

WHAT INFORMATION DO WE RECEIVE, PROCESS AND REPORT UPON DELIVERING OUR SERVICES? LEGAL BASIS OF THE PROCESSING.

We collect, use and disclose Personal Data when the Data Subject is aware of the purposes for which the information will be collected, processed or disclosed, and has given his or her consent to such use or disclosure, except where collection, processing or disclosure of Personal Data without consent is permitted or required by law. Subject to regulatory requirements, operating our Services in certain jurisdictions require us or our Clients to obtain additional or specific consents in the form of additional consent form, telephone call, through an online platform or other methods. The Data Subject may withdraw such consent previously granted at any time by contacting us. However, withdrawing such consent does not affect the lawfulness of any processing based on the consent before the withdrawal.

As stipulated in our binding Terms of Use, where the Data Subjects does not provide such consent or specific consent directly to us, but to our Clients, we require our Clients to obtain the Data Subject’s consent prior to providing us with the Data Subject’s Personal Data subject to verification for any of our Services. 

As part of our privacy practices, we do not sell the Personal Data you provide us with to third parties, nor share Personal Data with third parties for marketing purposes. 

Subject to the types of Services we provide, the type and scope of collected Personal Data may vary depending on local regulations and the particular data verification Service request. As such, the Personal Data we receive may include part or and all of the following: 

  • full name including maiden name (where applicable)
  • date of birth
  • an image of your face with your facial biometric identifiers (“biometric data”)
  • and/or applicable photographic proof of identity document (such as identification card, passport or a driver’s license)  
  • job title
  • phone number
  • email address
  • current and past addresses
  • current and past employers
  • social insurance number
  • social security number
  • personal identification number
  • driver’s license number and driving history
  • education history, professional qualifications and memberships, 
  • police or criminal history 
  • records for associated claims and judgments 
  • public records such as directorships, insolvencies, bankruptcies, financial standing,

and any other data provided on our Platform, whereby any collected Personal Data will be strictly related and limited to the scope of Service we are requested to provide. 

The scope of our reported data may contain parts or all of the following information for the Data Subject where such is subject to access and disclosure in the applicable jurisdiction and for the consented purpose:

  • Identity verification: name, previous name(s), date of birth, social insurance number (including temporary and/or previous social insurance numbers), current and previous addresses and telephone numbers, and current and previous employers;
  • Public records verification: court judgments, bankruptcies, as well as, criminal court cases, fraud lists, sex offender registries, and terrorist watch lists;
  • Criminal record check: a list of identified criminal records on file;
  • Address history verification: A list of past residential addresses associated with the Data Subject;
  • Employment history verification: A list of previous employers as well as the dates of employment and any references associated with the employment;
  • Education history verification: A list of previously attended educational institutions, the dates attended, and any degrees/diplomas/certificates/other obtained;
  • Driving history verification: history of offences recorded against your license; validity of your license;
  • Credit history check: a record of how a Data Subject has managed his or her credit in the past, including total debt load, number of credit lines, and timeliness of payment; 
  • Drug test results for controlled substances issued by drug testing labs (for USA Data Subjects only)

INFORMATION THAT WE DO NOT COLLECT

We do not collect, process or disclose any Personal Data related to:

  • information about purchases paid in full with cash or cheques;
  • race, creed, color, ancestry, religion, ethnicity, sexual preference, family status or political affiliations.

WHO SEES YOUR PERSONAL DATA AND IS IT DOSCLOSED IN-COUNTRY AND ACROSS BORDERS?

When we provides Services to a Client, the information is shared with them through our secure Portal. The information reported to the Client contains verification of the Data Subject’s Personal Data sourced from public or private institutions such as, but not limited to:

  • credit bureaus, collection agencies or other institutions with such status
  • government agencies,
  • police administration,
  • departments of motor vehicles
  • public court databases, 
  • governmental and non-governmental databases and repositories,
  • education institutions, 
  • drug testing labs conducting your drug screening (for USA Data Subjects only)
  • previous employers

In exceptional circumstances, we may be requested to communicate Personal Data with law enforcement agencies, national security agencies, courts, or other similar institutions as required by law. If in receipt of a production order, subpoena, warrant or other enforceable demand, we will act in compliance as required by the Applicable Laws. We will communicate the request of such information with the Data Subject on a best efforts basis unless prohibited by law. 

Other parties with potential legitimate access to processed Personal Data may be: 

  • auditors for the performance of contracted or statutory compliance audits
  • contract partners or business partners who are participating in the delivery of our Services

Some of the recipients referred to above are located in or process Personal Data outside Canada and the USA. In addition to processing your Personal Data in Canada, in some cases, it may also be necessary to collect and release such information outside of Canada be it because you have worked or studied overseas and background and reference checking is required to be undertaken in a different jurisdiction. In cases where the Data Subject or our Client have resided or are based in the state of California, USA or the EU and EEA, some specific requirements may apply to the transfer of Personal Data. Subject to the consideration that we occasionally process Personal Data of EEA and EU residents, we have taken measures to comply to the established EU Commission standards and ensure that all recipients of any such Personal Data provide an adequate level of data protection based on, but not limited to, commitments in Standard Contractual Clauses. 

If you have any questions as to whether your information will be disclosed overseas, and/or if you have any restrictions or conditions regarding the release of your information across borders, please contact us as soon as possible so we may discuss your specific requirements.

YOU CONTROL THE USE OF YOUR PERSONAL DATA. REVIEWING, CHANGING AND DELETING YOUR PERSONAL DATA

Data Subjects have the right to request from us:

  • information about how their Personal Data is processed
  • a copy of that Personal Data
  • that anything inaccurate in the processed Personal Data is corrected

    You can also:

  • raise an objection about how your Personal Data is processed
  • request that your Personal Data is erased if there is no longer a justification for it
  • ask that the processing of your Personal Data is restricted in certain circumstances

We will provide you with such Personal Data at no charge upon written request.  Please contact us with any requests or questions for exercising your rights.

RETENTION AND DESTRUCTION OF PERSONAL DATA

Unless the Data Subject has withdrawn their consent or asked us to delete their data, we retain information as long as it is necessary for the provision of our Services or as long as required by law and in accordance to our data retention compliance obligations. Where we are required to, we will keep some information as a log. Occasionally this information is anonymized so the Data Subject cannot be identified.

Depending on the type of Personal Data, data verification results shall be retained for as long as required under the Applicable Laws yet no more than three (3) years. 

Unless otherwise required from a compliance perspective, Client records will be retained a minimum of seven (7) years after conclusion of the contract. Data required to establish proof of a right or a contract will be stored for the duration provided by enforceable law.

SPECIFIC DATA PROTECTION PRACTICES. SPECIFIC TYPES OF DATA. SPECIFIC JURISDICTIONS.

Biometric Data and facial recognition and identity verification: We use a biometric system based on facial recognition technology to verify and confirm your identity by matching a real-time picture of your face to the photo on your identification document. For data protection reasons, we need your permission to use your facial image (selfie) when confirming the two photos match. If you agree to use our with biometric facial recognition identity verification Service, your picture will be collected and processed on behalf of Certn to identify you in photographs for the purposes of verifying your identity as part of your application.

USA

We are located and deliver our Services primarily within the jurisdictions of Canada and the USA. Subject to the consideration that Data Subjects background verifications often require inquiries outside those jurisdictions, we may also use sources and verify information in such locations, as related to the relative background of the Data Subject. As such, we shall process such Personal Data in consideration of the applicable Data Protection Legislation. 

Adverse action considerations 

  • When a Client bases their decision to deny a benefit or to increase a rental charge to the Data Subject, in part on information contained in the background screening report, the Client has an obligation to inform the Data Subject that they obtained information from us and provide our contact details for any further information, amendments or deletions. We do not play a role in the decisions of our Clients. Data Subjects should deal directly with the Client for more information on any adverse actions consequent to their application and screening.
  • If, in the rare event, any reported information is proven as inaccurate, we will 
    • Correct or request the correction of the sourced Personal Data as soon as reasonably possible, and
    • send the corrected Personal Data to each organization to which the personal information was disclosed by Certn during the year before the date the correction was made.
  • If no correction is made, Certn will create a note in your file that the correction was requested but not made.
  • The Client must correct the Personal Data under their control if we send a notificaiton of a correction of Data Subject’s Personal Data.

CALIFORNIA PRIVACY RIGHTS

For purposes of the California Consumer Privacy Act (“CCPA”), we do not “sell” personal information (herein also referred to as Personal Data).

California residents may have the following rights under the CCPA: right to access your personal information, right to deletion, right to disclosure, right to opt out of sales, and right to be free from discrimination. If you are a Californian resident, you can contact us to exercise your rights. For compliance purposes, we may require additional information from you in order to honor your request and we may decline your request as permitted under the Applicable Laws. 

EU RESIDENTS

EU Data Subjects have certain rights regarding their Personal Data. These include the following rights to: 

  • The right to request details of the Personal Data we have about you.
  • The right to ask that we update your information if it is inaccurate or incomplete.
  • The right to ask that we delete your information in certain circumstances. 
  • The right to withdraw your consent to the use of your information where we are relying on that consent  
  • In some circumstances, you have the right to receive some of your information in a usable format and/or request we transmit that data to a third party where this is technically feasible. 
  • The right to request that we restrict the processing of your Personal Data in certain circumstances. 
  • The right to lodge a complaint with your local data protection authority if you think we have not been able to assist you. 

Please note that we may still be entitled to process your Personal Data if we have another legitimate reason (other than consent) for doing so. There may be circumstances where you ask us to erase your information but we are legally entitled to keep or process some of it as a log or for compliance purposes.

If you would like to exercise such rights, please contact us at the details below. We will contact you if we need additional information from you in order to deliver the applicable information or undertake specific actions to honor your request in exercising your rights. 

DECISION MAKING ASSOCIATED WITH PERSONAL DATA

We do not take part in the decision-making process following a delivered report subject to the provision of our Services. Our reports do not make a recommendation to our Clients whether positive or negative about the Data Subject. The way reported information is weighted or used for decision-making is entirely at the discretion of our Client and their discussions with the Data Subject. No incentive exists for Certn to provide an opinion or alter information contained on the report and we have no vested interest in the outcome between Clients and the Data Subject.

HOW DO WE KEEP YOUR DATA SAFE?

We have implemented and maintain advanced technical, administrative and physical control procedures to protect Personal Data from unauthorised access, loss, misuse, interference or alteration during its collection, use, disclosure and storage.  We limit access to Personal Data to individuals with a legitimate business need consistent with the reason and purpose the information was provided. 

We encrypt processed information both in transit and at rest.  We perform security audits, vulnerability scans, and penetration tests on a regular basis to ensure compliance with industry security practices and standards.  

All our staff, suppliers and contractors are security vetted prior to taking up employment. All staff are data protection trained and are aware of their responsibilities. Such trainings are conducted repeatedly on a regular or random basis, but at least once on an annual basis. 

We perform regular security checks on all our materials, including Software, hardware and telecommunications equipment. 

In addition, our Clients have obligations to Data Subjects when accessing Personal Data delivered from us or providing Personal Data to us. We have processes in place to encourage our Clients to comply with Applicable Laws and obtain any and all necessary consents in advance. Such processes include, but are not limited to entering into binding agreements with our Clients and conducting mutual random audits of each other’s internal procedures and practices to ensure that regulatory standards are mutually met and exceeded at all times. 

CONTACTING US

Please contact us using the contact information below. Our support centre is staffed by trained personnel who can assist with your inquiries and your requests for exercising particular rights. You may also direct your inquiry or request directly to our privacy officer. Subject to regulatory requirements, we may request that you put any request for access, correction or deletion of your Personal Data in writing.

Consumers can also contact us through our: