This policy may change from time to time. Please check the policy each time you use our website for the latest version and most current information.
RiskAware LLC. (RiskAware) is a recognized national provider of personnel risk management solutions that include Background Checks, Drug Screening, Social Media Reporting, Incident Management and Investigations. These services help employers improve hiring decisions and respond more quickly to ongoing behaviors that threaten employee, member, or organization safety.
To perform these services, RiskAware collects, supervises, and stores confidential consumer personal information when two conditions are met:
In handling client and consumers personal information, whether online through our website(s) or in hard copy formats, RiskAware’s policy provides for the accurate, ethical, and responsible use of information, including the protection of individual’s privacy rights and the safeguarding of data. The overarching covenant of our policy, it is our commitment that all information obtained by RiskAware is collected, stored and used in compliance with applicable law, including but not limited to, the Fair Credit Reporting Act (FCRA), the Fair and Accurate Credit Transactions Act (FACTA), the Driver Protection Policy Act (DPPA), and other state, national, and international applicable laws. Additionally, RiskAware has certified to the U.S. Department of Commerce, our compliance and participation with Privacy Shield Principals that protects consumer personal information when it is transacted between the US and European Union countries. For additional information about Privacy Shield and to view our Privacy Shield Certificate please visit Privacy Shield. RiskAware’s compliance with EU/ US Privacy Shield framework applies globally whenever we collect, use, and retain consumers personal data in any overseas country.
Personal Information Collected When Using Our Website(s)
Use of RiskAware’s public website www.riskaware.com , is anonymous. In some instances, however, you may be asked to provide personal information to use a feature of our website. As an example, some RiskAware website pages require an exchange of personal information so RiskAware can assign login and password access codes that permit your access to other website functions. In all instances when using RiskAware’s websites (www.riskaware.com, RiskAware’s Background Check system branded site, or Red Flag Incident Reporting), our collection of personal identification information from Users is voluntarily, and required only to perform a specific purpose as outlined by our website at the time the request for information is made.
RiskAware’s website contains the following purposes for requesting your personal information (but not limited to):
When performing these functions, RiskAware’s website may ask for personal identification information such as (but not limited to):
RiskAware’s website only collects personal consumer information that you choose to provide so we may perform our stated purpose. This information allows us to perform our services, communicate and direct information to you, process your transactions, maintain your account, and/or improve our website for your use. Website Users can always refuse to supply personal information, though this may prevent access to certain website functions or services.
Non-Personal Information Collected When Using Our Website:
As you browse RiskAware’s website, it may collect non-personal technical information that describes your system, session, and interest in our website services. This happens automatically using tools such as your browser’s log data, cookies (a small data file stored by your browser on your computer’s hard drive), or analytics processes such as Google Analytics which help us measure statistics such as the number of visits, average time spent on the site, pages viewed and similar information. By evaluating the data collected,, we are better able to administrate our website, track movements that signal user interest, and gather directional demographics data. This non-personal information that we collect allows us to improve the effectiveness of our website, its content, and our overall services.
Specific examples of non-personal information that may be collected during a website user session are:
A cookie file can contain additional information such as
At no point is your URL or IP address linked to any personal information entered into the website, unless you have logged into your account. Additionally, RiskAware does not provide the non-personal information we collect to outside parties, and does not archive personal information stored in cookies.
RiskAware Use of Consumer Personal Information
RiskAware Notice on Purposes for Collecting Consumer Personal Information
While our website is our primary method for requesting and obtaining your consumer personal information, we may also collect your information and consent using hard copy forms.
Consumer Personal Information We Collect
After providing you with notice on our business purpose for collecting your information, you decide what personal information you are willing to share with RiskAware in conjunction with our request, so we may fulfill that purpose. Your exchange of information with us is voluntary, and in strict compliance with FCRA and other applicable laws that protect your consumer information privacy rights. When personal information is being pursued to perform a Background Check, you will be notified on the company name that has certified the request, and their permissible purpose – such as for employment.
RiskAware may request the following types of information from you (but not limited to):
When using our websites and applications, we may ask for information such as:
Without the information, you agree to provide us, RiskAware would be unable to perform our services. This makes the integrity of our exchange very important to us.
Your Choices When Providing Personal Information
RiskAware only collects and holds information that the consumer has authorized or has provided voluntarily, per the uses described by this policy and stated at the time of the request.
Consumers who wish to opt out from the collection and disclosure of their information can choose not to provide it to RiskAware and/or to our Client, and should not therefore complete any form of Authorization requested. Any consumer who wishes to withdraw their consent to our services and cancel an Authorization previously given, may do so by notifying RiskAware using any method of contact or as described by this policy in the ‘Contact’ section. Once you have withdrawn authorization or opted out, RiskAware will no longer use or disclose your personal information and the service for which the information was provided will end. While in this case RiskAware will no longer use your information, it is not necessarily deleted from our system so that we remain compliant with laws, including Privacy regulations.
If you had previously requested our communication, authorized direct contact, or provided us your contact information via trade show attendance, the web, or other applications, we may use your contact information to connect you to our marketing so you are informed on RiskAware products, services, or news. At any point, you may unsubscribe from our mailing lists and email communication by notifying us by any method (See ‘Contact Section’), by following “unsubscribe” instructions included in our emails, or by using your own account settings to prevent further contact.
Reporting Changes to Personal Information
RiskAware recognizes that from time to time, consumer personal information and preferences may change. RiskAware supports consumer’s rights to review the information we collect about you, as we will describe in more detail later under our ‘Accessing Your Information’ section. If a consumer wishes to make changes, updates, or modifications to personal information they have submitted to us, including the closure of their Account(s), RiskAware will provide this opportunity to our greatest extent possible. Or if you are an Account holder, you may log in and use your User Account Settings to initiate changes at will. To initiate changes to personal information, you may contact us using information found below in the ‘Contact’ section of this policy. RiskAware will acknowledge all requests and respond within reasonable timeframes. In all instances, we respond to your change requests as best we are able and in accordance with FCRA and other laws including Privacy regulations.
Onward Transfer of Your Personal Information
Under no circumstance does RiskAware sell, share, trade, rent or otherwise dispose consumer personal information to third parties for their promotional purposes. There may be times however, when, while performing and completing our services as listed in our Notices section, RiskAware may transfer consumer personal information to a third party to obtain their information. These third parties may access or process personal data while providing their services to us. Any transfer of your consumer personal information to a third party will occur in the context of our performing our contracted services, and is likewise conditional upon these two factors:
Transferring Data to Third Parties
Below are types of third parties with whom RiskAware may transfer consumer personal information (but not limited to):
RiskAware is subject to the investigatory and enforcement powers of the Federal Trade Commission and may be required to share personal information in response to lawful requests by public authorities (subpoenas, court orders, regulations)in representing our own legal rights; or in matters of national security.
Once RiskAware has vetted its applicable source for onward transfer of consumer personal information, RiskAware takes additional steps during the transaction to protect consumer personal information including but not limited to these steps:
When RiskAware transfers a consumer’s personal information to any third party, it is electronically transmitted and stored in a secure and confidential manner, as will be further described by our ‘Data and Information Security’ section of this policy, below.
Data and Information Security
RiskAware recognizes the highly confidential nature of the information we collect, transfer, store, and dispose. To protect the security of this information, RiskAware continually invests in its robust network architecture to guard against unintended access, malicious intrusion, and natural disasters. Additionally, we maintain strict adherence to internal Information Security Policies that apply to the use of our technologies, and to all members of our organization.
RiskAware Personnel Security Measures:
RiskAware’s security practices begins at the date of hire. RiskAware employees undergo comprehensive background investigation, repeated for most employees every two years. All employees are trained on RiskAware’s Information Security Policies and certify confidentiality and ethics statements that require compliance to our internal Policies. Only RiskAware employees who require access to consumer personal information are permitted logins and passwords to view client and consumer data.
RiskAware Network Security:
RiskAware’s technology and wired infrastructure protects against data loss, mishandling, unintended access, or threat to security due to the many installed features and protocols that guard the safety of our networks.
Important attributes are (but not limited to):
Access Security features:
Intrusion Security Features:
Protocols for Change Management
Fully Redundant Network
Physical Building Security and Environmental Controls
Data Storage and Retention:
RiskAware retains secure possession and access to information we collect in compliance with applicable laws; to prevent fraud, or to be used in the event of legal action. Safe data storage is built-in to both our network architecture and supported by strong data protection practices. Data Storage security features include but aren’t limited to:
Personal Information we receive in hard copy is stored in locked file cabinets accessible only to authorized RiskAware team members. Data stored in electronic databases or formats are protected with multi-tiered security and role based access.
Personal Identification Number Protection – Social Security Numbers
RiskAware’s system takes added precaution when safe-handling consumer’s sensitive personal identifier information, such as Social Security and dates of birth. When possible and/or under our control, RiskAware’s systems and practices promote automatic redaction, and/or electronic de-identification of this information from both hard copy printed and online view. Only authorized viewers who perform operations that require access to this information are permitted to view this data.
Disposal of Information
RiskAware follows FCRA and Federal Trade Commission guidelines when disposing of personal consumer information, taking care in our methods to destroy information in a manner that renders it inaccessible, unreadable and/or unrecoverable. In compliance with current Federal Trade Commission guidelines, this may include:
In addition to all Data Security methods referenced above, RiskAware performs in-depth security audits and penetration testing, and is required to maintain evidence of required data security practices as a condition of our Cyber Liability Insurance Policy. While no method of transmission or storage can be guaranteed to be 100% secure, RiskAware follows acceptable industry-standard Data Security practices to ensure information entrusted with us remains protected and kept confidential.
Data Integrity and Accuracy
RiskAware clients and consumers depend on the quality of our processes and services that ensure the accuracy of our information. To that point, , we utilize an intensive 7-point quality process to promote thorough investigation and data research so our information is accurate, complete, and up to date. While RiskAware makes every effort to provide fully accurate data, we cannot ever guarantee that information we receive from our sources may not contain errors. If upon your inspection of your information, you find that our information is inaccurate or incomplete, of if you wish to make changes, you may utilize RiskAware’s Dispute process to update our records or report information by contacting us using any method listed by our ‘Contact’ section below. Our research team will acknowledge your request and will reinvestigate and correct any inaccurate information at the source when able, updating our statements or reports with the corrected data.
Accessing Your Information
Whether you are an applicant, employee, volunteer, or other subject of a consumer report,or a client or prospective client of our organization, you have rights and protections under The Fair Credit Reporting Act (FCRA) and other consumer privacy laws. At RiskAware, we honor these protections and view you as an important customer and priority of our process. RiskAware is committed to delivering you exceptional and professional support and services that ensures you the following:
Any individual for whom RiskAware has collected information by any method, including through our website, or as a result of our services (such as a final background check report) and who seeks a copy of our information has the right to request access to their personal information at any time, subject to proof of identity. This request may be sent to us by contacting our Applicant Services either by phone, email, website “Contact Us” forms, or by using any method described by the ‘Contact’ section of this policy. Once RiskAware has received your request, to the greatest extent possible and as is permitted by law, we will share full disclosure of our information openly, at no charge, and with respect for the individual.
From time to time, this RiskAware’s Policy for Overseas Transfer of Consumer Information may change. Consistent with Privacy Shield requirements, we will post our current policy to our www.riskaware.com website, and keep it updated with any revisions.
RiskAware’s website(s) and services are not intended for the use of children under the age of 13. We do not set up accounts for children, provide login or password access to children. Neither do we intend or knowingly perform services for, or collect information from or about children. It is noted that RiskAware’s Red Flag system can be configured by clients to accept Incident Reports from anyone using an internet enabled device without restriction. Clients may use Red Flag to gather important information on safety issues that may intentionally name or include reports describing children. Red Flag reported incident data is not RiskAware data, but rather is the property of the client and subject to each client’s own Privacy Policies.
Privacy Notice for California Residents
Investigative Consumer Reports
The Fair Credit Reporting Act defines an “Investigative Consumer Report” as a consumer report which provides “information on a consumer’s character, general reputation, personal characteristics, or mode of living obtained through personal interviews with neighbors, friends, or associates of the consumer reported on or with others with whom he is acquainted or who may have knowledge concerning any such items of information”.
RiskAware’s Transfer of California Consumer Personal Information: United States or Overseas
In the course of providing or completing investigative consumer reports, subject to our business purposes that have been disclosed to you, and your authorization to provide personal information for such purpose, RiskAware may be required to transfer your consumer personal information to third parties outside the United States. Overseas onward transfer of consumer personal information will follow all policies as outlined by this policy and in accordance with all applicable laws and regulations.
For more information on RiskAware’s Consumer Personal Information Privacy Policies as they relate to California Laws, please contact RiskAware using any method described in the below “Contact” section.
California’s ‘Do Not Track’ Law-
Our website does not currently respond to “Do Not Track” browser settings.
California Privacy Rights
RiskAware does not share, sell, rent, trade, or otherwise dispose any California consumer personal information with third parties for their promotional use. Additionally, RiskAware only uses California Consumer Personal Information to perform our services as defined previously in this policy, and as expressed at the time of data collection, and only once we have received the California consumers voluntarily consent to perform such outlined services.
RiskAware’s website(s) and services are not intended for the use of children under the age of 13. We do not set up accounts for children, provide login or password access to children, or intend or knowingly perform services for, or collect information from or about children.
RiskAware’s website, and its products and services may change without notice. RiskAware makes no warranties or representations as to the accuracy or timeliness of information on this website, and does not assumes liability for errors or omissions in our content, which may also contain technical inaccuracies or typographical errors.
RiskAware makes no warranties or representations as to the accuracy or timeliness of any information on any third-party sites that are linked to this site.
Limitation of Liability
RISKAWARE IS NOT LIABLE UNDER ANY CIRCUMSTANCES FOR DAMAGES THAT OCCUR AS A RESULT OF CLIENT OR CONSUMER’S USE OF OUR WEBSITE; INCLUDING THOSE RESULTING FROM ACCESS, OR INABILITY TO ACCESS RISKAWARE WEBSITE OR ITS WEBSITE INFORMATION OR FAILURE OR BREACH OF TRANSMISSIONS. THIS INCLUDES WITHOUT LIMIT, ANY LOST PROFITS OR DAMAGES FOR BUSINESS INTERRUPTION, LOSS OF INFORMATION, PROGRAMS OR OTHER DATA.
Compliance with Laws
RiskAware is subject to enforcement actions of the US Federal Trade Commission (FTC) and the Consumer Financial Protection Bureau (CFPB). RiskAware’s intent is to fully comply with applicable U.S. and international laws and regulations, to our fullest extent, including but not limited to:
For a more comprehensive listing on Website Links, as well as additional Laws and Regulations that require RiskAware compliance please visit our website Resources page at : http://riskaware.com/resources/understanding-the-laws/additional-federal-regulations/
Right to Change our Policy
By Phone: 877-552-8907
Website “Contact Us” Form: www.riskaware.com
By email: firstname.lastname@example.org
Applicant Services: Report Requests and Disputes:
If you would like a copy of your RiskAware background check report(s); or access to your active RiskAware database files; or to dispute the accuracy of the information in your background report or database file, please email RiskAware Applicant Services at email@example.com or by calling 877-552-8907 and selecting option 3.
1776 Mentor Ave, 315
Overseas Transferred Consumer Personal Information: To request information relating to your EU or overseas transferred Consumer Personal Information, please contact: RiskAwarePrivacy@riskaware.com
1776 Mentor Ave, 315
Original Policy Effective Date: June 1, 2017
Last Revision: September 5, 2017