Certn (a group of companies: Certn (Canada) Inc., Certn (USA) Inc., Certn Operations Ltd., Certn (Australia) Ltd., hereinafter collectively referred to as “Certn”, “we,” “us,” or “our”) is committed to respecting the privacy rights of everyone whose Personal Information we have received as a result of your use of our Website or as part of the processes of delivering our Website functionalities and its Services thereto.
HOW AND WHY DO WE COLLECT PERSONAL INFORMATION?
We collect technical data from Website Users browsing on own Website, Client profile data for registered users of our Services, Consumer Personal Information for individuals subject to our background screening reports and other data received from you or other third-party sources for the following reasons and purposes:
- to provide you with news and general information about our Services that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information;
- to manage your requests: to process and manage your requests to us;
- for the performance of a contract: the development, compliance and undertaking of the contract for the Services we offer;
- to manage your account: provide Clients with better assistance and support. To manage your registration as a user of our Services. The Personal Information you provide can give you access to different functionalities of the Services that are available to you as a registered user.
- to contact you: to contact our Clients or the Consumers by email, telephone calls, or other equivalent forms of electronic communication, where necessary and related to the processing of their Service requests or their Personal Information;
- to facilitate, process and deliver our background screening Services. For instance:
- you are in the process of applying for a job with us;
- you are a Client of ours and have requested our background screening Service of a Consumer.
- you are an applicant subject to our background screening Services;
- you provide information services to us;
- for other purposes: we may use your information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our Services, marketing, and your experience.
COOKIES AND OTHER TECHNOLOGIES
Website log data: Certn’s web servers log the following information during visits to our Website: IP addresses, type of operating system, time and duration of visit, web pages visited and browser type. We do not link server log information to any other information in a way that would enable the identification of Website Visitors to our Website. Apart from analyzing such logs to provide you with a better experience on our Website, server logs may be reviewed for security purposes and if necessary, to detect unauthorized activity on our Website. In such cases, server log data, containing IP addresses, would be shared with law enforcement bodies in order that they may identify users in connection with their investigation of the unauthorized activities.
What are Cookies?
Cookies are set to identify your browser, selected information of preferences or settings for the purposes of making websites work, or work more efficiently, differentiate you from other users or provide operational information to us. Session Cookies are deleted automatically after every visit while persistent Cookies remain on your device after the browser has been closed to allow for a more personalized browsing.
We set our own first party Cookies. They are essential for the proper operation of our Website. Our Website also allows for the use of third-party Cookies, which can be read externally by other organizations. As such, we cannot be responsible for third party Cookies, i.e., Cookies that are not initiated by us.
Necessary Cookies enable core functionalities such as security and accessibility on our Website. You may disable these by changing your browser settings, but you may be unable to access or fully use certain parts or functionalities. By using our website, you agree that we can store and access necessary Cookies on your device.
Statistic Cookies are anonymous and cannot be used to identify you. They help us improve our Website functions and collect information on how you used the website (such as how often you visit our Website, the links you clicked on, the pages you prefer most). Consenting to those Cookies will allow us to produce anonymous statistical reports for website improvement purposes.
Preferences Cookies allow our Website to remember the choices you have previously made (such as selected language or saved username and password) to allow for quicker browsing.
Marketing Cookies may be set across websites by third parties. They do not store Personal Information but identify your browser and your internet device to help advertisers in showing you relevant advertisements.
You can choose and manage all of your Cookies at any time. You can control of most Cookies through the browser settings. To find out more about how to manage your Cookies on popular browsers, you can use the following links Google Chrome, Microsoft Edge, Mozilla Firefox, Microsoft Internet Explorer, Opera, Apple Safari.
Alternatively, you can manage your Cookie selection from the Cookie banner on our Website by providing or withdrawing your consent for the different types of Cookies we use on the Website.
WHAT INFORMATION DO WE RECEIVE, PROCESS AND REPORT UPON DELIVERING OUR SERVICES? LEGAL BASIS OF THE PROCESSING.
Subject to the types of Services we provide, the type and scope of collected Personal Information may vary depending on local regulations and the data verification Service request. As such, the Personal Information we receive may include parts or all of the following:
- full name including maiden name (where applicable)
- date of birth
- an image of your face with your facial biometric identifiers (“biometric data”)
- and/or applicable photographic proof of identity document (such as identification card, passport, or a driver’s license)
- job title
- phone number
- email address
- current and/or past addresses
- current and past employers
- social insurance number/ social security number/personal identification number
- driver’s license number and driving history
- education history, professional qualifications, and memberships
- police or criminal history
- records for associated claims and judgments
- public records such as directorships, insolvencies, bankruptcies, financial standing,
and any other data requested through our Platform, whereby Personal Information will be strictly related and limited to the scope of Service we are requested to provide.
The scope of our reported Personal Information subject to the delivery of our Services may contain parts or all of the following information for the Consumer where such is subject to access and disclosure in the applicable jurisdiction and for the consented Permissible Purpose:
- Identity verification: name, previous name(s), date of birth, social insurance number (including temporary and/or previous social insurance numbers)/ social security number/ personal identification number, current and previous addresses;
- Public records verification: court judgments, bankruptcies, as well as, criminal court cases, fraud lists, sex offender registries, and terrorist watch lists;
- Criminal record check: a list of identified criminal records on file;
- Address history verification: A list of past residential addresses associated with the Consumer
- Employment history verification: A list of previous employers as well as the dates of employment and any references associated with the employment;
- Education history verification: A list of previously attended educational institutions, the dates attended, and any degrees/diplomas/certificates/other obtained;
- Driving history verification: history of offences recorded against your license; validity of your license;
- Credit report: a record of how a Consumer has managed his or her credit in the past, including total debt, number of credit lines, and timeliness of payment;
- Drug test results for controlled substances issued by drug testing labs (for USA Consumers only)
INFORMATION THAT WE DO NOT COLLECT
We do not collect, process, or disclose any Personal Information related to:
- race, creed, color, ancestry, religion, ethnicity, sexual preference, family status or political affiliations;
- We do not knowingly solicit information from children under the age of 13. If you become aware of any data we have collected from children under age 13, please contact us using the contact information provided below.
WHO SEES YOUR PERSONAL INFORMATION AND HOW IS IT DISCLOSED IN-COUNTRY AND ACROSS BORDERS?
We may share your information with third parties that perform services for us or on our behalf, including payment processing, data analysis, email delivery, hosting services, customer service, and marketing assistance.
With your consent, or with an opportunity for you to withdraw consent, we may share your information with third parties for marketing purposes, as permitted by law.
When we provide Services to a Client, the information is shared with them through our secure portal. The information reported to the Client contains verification of the Consumer’s Personal Information sourced from public or private institutions such as, but not limited to:
- credit bureaus, collection agencies or other institutions with such status,
- government agencies,
- police administration,
- departments of motor vehicles,
- public court databases,
- governmental and non-governmental databases and repositories,
- education institutions,
- drug testing labs conducting your drug screening (for USA Consumers only)
- previous employers.
In exceptional circumstances, we may be requested to communicate Personal Information with law enforcement agencies, national security agencies, courts, or other similar institutions as required by law. If in receipt of a production order, subpoena, warrant or other enforceable demand, we will act in compliance as required by the Applicable Laws. We will communicate the request of such information with the Consumer on a best-efforts basis unless prohibited by law.
Other parties with potential legitimate access to processed Personal Information may be:
- auditors for the performance of contracted or statutory compliance audits,
- contract partners or business partners who are participating in the delivery of our Services.
Subject to the consideration that we occasionally process Personal Information of EEA and EU residents, we have taken measures to comply to the established EU Commission standards and ensure that all recipients of any such Personal Information provide an adequate level of data protection based on, but not limited to, commitments in Standard Contractual Clauses.
YOU CONTROL THE USE OF YOUR PERSONAL INFORMATION. REVIEWING, CHANGING AND DELETING YOUR PERSONAL INFORMATION
Consumers have the right to request from us:
- information about how their Personal Information is processed
- a copy of that Personal Information
- that anything inaccurate in the processed Personal Information is corrected
You can also:
- raise an objection about how your Personal Information is processed
- request that your Personal Information is erased if there is no longer a justification for it
- ask that the processing of your Personal Information is restricted in certain circumstances.
We will provide you with such Personal Information at no charge upon written request. Please contact us with any requests or questions for exercising your rights.
OPTIONS REGARDING YOUR INFOMRAITON. RETENTION AND DESTRUCTION OF PERSONAL INFORMATION
Depending on the type of Personal Information, data verification results shall be retained for as long as required under the Applicable Laws yet no more than three (3) years. Unless the Consumer has withdrawn their consent or asked us to delete their data, we retain information as long as it is necessary for the provision of our Services or as long as required by law and in accordance with our data retention compliance obligations. Where we are required to, we will keep some information as a log. Occasionally this information is anonymized so the Consumer cannot be identified.
SPECIFIC DATA PROTECTION PRACTICES. SPECIFIC TYPES OF DATA. SPECIFIC JURISDICTIONS.
Biometric Data and facial recognition and identity verification: We use a biometric system based on facial recognition technology to verify and confirm your identity by matching a real-time picture of your face to the photo on your identification document. For data protection reasons, we need your permission to use your facial image (selfie) when confirming the two photos match. If you agree to use our Services with biometric facial recognition identity verification, your picture will be collected and processed on behalf of Certn to identify you in photographs for the purposes of verifying identity.
We are located and deliver our Services primarily within the jurisdictions of Canada and the USA. Subject to the consideration that Consumers background verifications often require inquiries outside those jurisdictions, we may also use sources and verify information in such locations, as related to the relative background of the Consumer. As such, we shall process such Personal Information in consideration of the applicable Data Protection Legislation.
Adverse action considerations
- When a Client bases their decision to deny a benefit or to increase a rental charge to the Consumer, in part on information contained in the background screening report, the Client has an obligation to inform the Consumer that they obtained information from us and provide our contact details for any further information, amendments or deletions. We do not play a role in the decisions of our Clients. Consumers should deal directly with the Client for more information on any adverse action consequent to their application and screening.
- If, in the rare event, any reported information is proven as inaccurate, we will:
- reinvestigate and correct (or request the correction) of the sourced Personal Information as soon as reasonably possible, and
- where applicable: send the corrected Personal Information to each organization to which the Personal Information was disclosed by Certn during the year before the date the correction was made.
- If no correction is made, Certn will create a note in your file that the correction was requested but not made.
- The Client must correct the Personal Information under their control if we send a notification of a correction of Consumer’s Personal Information.
CALIFORNIA PRIVACY RIGHTS
For purposes of the California Consumer Privacy Act (“CCPA”), we do not “sell” personal information (herein also referred to as Personal Information).
California residents may have the following rights under the CCPA: right to access your Personal Information, right to deletion, right to disclosure, right to opt out of sales, and right to be free from discrimination. If you are a Californian resident, you can contact us to exercise your rights. For compliance purposes, we may require additional information from you in order to honor your request and we may decline your request as permitted under the Applicable Laws.
EU Consumers have certain rights regarding their Personal Information. These include the following:
- the right to request details of the Personal Information we have about you;
- the right to ask that we update your information if it is inaccurate or incomplete;
- the right to ask that we delete your information in certain circumstances;
- the right to withdraw your consent to the use of your information where we are relying on that consent;
- in some circumstances, you have the right to receive some of your information in a usable format and/or request we transmit that data to a third party where this is technically feasible;
- the right to request that we restrict the processing of your Personal Information in certain circumstances;
- the right to lodge a complaint with your local data protection authority if you think we have not been able to assist you.
Please note that we may still be entitled to process your Personal Information if we have another legitimate reason (other than consent) for doing so. There may be circumstances where you ask us to erase your information, but we are legally entitled to keep or process some of it as a log or for compliance purposes.
If you would like to exercise such rights, please contact us at the details below. We will contact you if we need additional information from you in order to deliver the applicable information or undertake specific actions to honor your request in exercising your rights.
DECISION MAKING ASSOCIATED WITH PERSONAL INFORMATION
We do not take part in the decision-making process following a delivered report subject to the provision of our Services. Our reports do not make a recommendation to our Clients whether positive or negative about the Consumer. The way reported information is weighted or used for decision-making is entirely at the discretion of our Client and their discussions with the Consumer. No incentive exists for Certn to provide an opinion or alter information contained on the report and we have no vested interest in the outcome between Clients and the Consumer.
HOW DO WE KEEP YOUR DATA SAFE?
We are SOC II certified and have implemented advanced technical, administrative, and physical control procedures to protect Personal Information from unauthorized access, loss, misuse, interference or alteration during its collection, use, disclosure, and storage. We limit access to Personal Information to individuals with a legitimate business need consistent with the reason and purpose the information was provided.
We encrypt processed information both in transit and at rest. We perform security audits, vulnerability scans, and penetration tests on a regular basis to ensure compliance with industry security practices and standards.
All our staff, suppliers and contractors are security vetted prior to taking up employment. All staff are data protection trained and are aware of their responsibilities. Such trainings are conducted repeatedly on a regular or random basis, but at least once on an annual basis.
We perform regular security checks on all our materials, including Software, hardware, and telecommunications equipment.
In addition, our Clients have obligations to Consumers when accessing Personal Information delivered from us or providing Personal Information to us. We have processes in place to encourage our Clients to comply with Applicable Laws and obtain all necessary consents in advance. Such processes include but are not limited to entering into binding agreements with our Clients and conducting mutual random audits of each other’s internal procedures and practices to ensure that regulatory standards are mutually met and exceeded at all times.
Please contact us using the contact information below. Our support center is staffed by trained personnel who can assist with your inquiries and your requests for exercising rights. You may also direct your inquiry or request directly to our privacy officer. Subject to regulatory requirements, we may request that you put any request for access, correction, or deletion of your Personal Information in writing.
- chat via our Website: https://certn.co
- Phone +1 (844) 987 0690
- Email: firstname.lastname@example.org
- Email: email@example.com