Overseas Transfer of Information

RiskAware protects the privacy of consumer information at all times.  In accordance with this policy, RiskAware fully discloses its legal purposes for collecting personal information from consumers, and only obtains personal information that is volunteered by the consumer.  At times, and in conjunction with our purposes and authorization, personal information may be gathered and transferred into and out of the United States with overseas sources, so we can complete our services.  When this occurs, there is deliberate attention to confidentiality and security.

RiskAware subscribes to Privacy Shield Framework principles whenever we transfer consumer personal information overseas.  Although the Privacy Shield term is valid for U.S. and European Union and Swiss transfers only, and our Privacy Shield certificate is specific to European Union countries; it represents a high standard for protection of consumer personal information regardless of where information is transferred.  RiskAware applies Privacy Shield principals as our standard when transacting with any overseas third party.

RiskAware Overseas Sources

In performing and completing our services, RiskAware may from time to time require information from third party sources that are located overseas. Before transmitting or acquiring personal information from an overseas third party, RiskAware takes steps to ensure our source is credible, reliable, and manages strong data security practices.   When possible and practical, our due diligence includes Agreements or certifications with overseas third parties.  To learn more about RiskAware’s vetting process for third parties please refer to RiskAware’s Consumer Information Privacy Policy section ‘Onward Transfer of Your Personal Information’.

U.S /European Union & Swiss Privacy Shield

When required to complete our authorized services, RiskAware may transfer consumer personal information between European Union counties and the U.S.

The EU-U.S. and Swiss-U.S. Privacy Shield Policies, have been developed respectively by the U.S. Department of Commerce and the European Commission and Swiss Administration, to provide framework for protecting personal data when it is transferred between the U.S, and European Union countries and/or Switzerland. The Privacy Shield program is administered by the International Trade Administration (ITA) within the U.S. Department of Commerce.

RiskAware has certified to the Department of Commerce that we handle overseas transfer of personal data in accordance with Privacy Shield principals found under the EU-US Privacy Shield program.  To view our certificate and learn more about Privacy Shield please visit https://www.privacyshield.gov/In support of our certification, we apply Privacy Shield framework and principals widely when transacting with third parties both in the U.S. and overseas.  However, our ‘Transfer of Overseas Information’ Policy covers specific practices that address Privacy Shield frameworks for key principals such as:  Notice, Choice, Onward Transfer, Access, Security, Data Integrity, and Enforcement.  As it relates to overseas transfer of consumer personal information with European Union countries, any conflict in terms between our Consumer Information Privacy Policy, and Privacy Shield Principals are governed by Privacy Shield.

In cases where RiskAware transfers EU consumer personal information to third parties as governed by our EU-U.S. Privacy Shield certificate, RiskAware may be potentially liable if EU Personal Data is processed in a manner inconsistent with the Principles.  RiskAware is subject to Federal Trade Commission regulation and may be asked to share consumer personal information in conjunction with legal action and enforcement, including matters of national security.

In summary, RiskAware transacts information with overseas third parties to complete our services for which we are contracted. When sharing information overseas, we subscribe to Privacy Shield Framework standards, even though Privacy Shied specifically refers to U.S. and European Union and/or Swiss onward data transfers. No matter where RiskAware transfers consumer personal information, we take steps to maintain confidentiality and privacy.  Information is transmitted and stored overseas in the same and secure manner that has been outlined by RiskAware’s Consumer Information Privacy Policy, and in compliance with Privacy Shield.  RiskAware releases information in accordance with law, and to only authorized overseas third-party representatives after authenticating identity using reasonable means.   Under no circumstances will consumer personal information be sold, or otherwise provided to an overseas third party for other purposes besides that which relates to our providing our services.

Notice on Overseas Transfer

When RiskAware transfers consumer personal information per the Privacy Shield to EU sources, or to any overseas source, you will be advised on our business purposes for collecting your information.  While a comprehensive description on RiskAware’s business purposes for collecting consumer information is described in RiskAware’s Consumer Information Privacy Policy section “RiskAware Notice on Purposes for Collecting Consumer Personal Information”, they can be summarized again as follows related to overseas requirements:

If you have lived overseas, you may be asked to provide the following types of consumer personal information (but not limited to) and that may be transferred overseas:

Or when using our websites and applications, we may collect additional information that helps improve our services to you such as:

RiskAware informs the consumer on our purpose for requesting personal information at the time of collection, and in strict compliance with FCRA and other applicable U.S. and international laws that protect consumer’s information privacy rights.

RiskAware treats any and all information as sensitive when transferred overseas or to any third party.

Choice

Whenever consumer personal information is obtained to perform services described in RiskAware’s Consumer Information Privacy Policy’s “Notice on Overseas Transfer” section, our clients and consumers both in the U.S. and overseas, have a choice whether to submit the information.  RiskAware only collects and holds consumer personal information that you have authorized or provided voluntarily, for the purposes described by our Consumer Information Privacy Policy.

Consumers who wish to opt out from the collection and disclosure of their EU Personal Information should not provide it to RiskAware and/or to our Client, and should not complete any form of Authorization requested.  Any consumer who wishes to withdraw their consent to our services and cancel their Authorization, may do so by notifying RiskAware using any method of contact, or as described by RiskAware’s Consumer Information Privacy Policy’s “Contact” section.  Once you have cancelled your authorization, RiskAware will not use or disclose your information further.

If you had previously requested or authorized our communication, or you have provided us your contact information via the web or other applications, we may use your contact information to connect with you through our marketing that informs on products, services, or news.  At any point, you may unsubscribe from our mailing lists and email communication by notifying us by any method (See ‘Contact Section’), by following “unsubscribe” instructions included in our emails, or by using your own account settings.

RiskAware recognizes that sometimes consumer personal information and preferences may change.  If a consumer wishes to make changes, updates, or modifications to personal information they have submitted to us, including the closure of their Account(s), RiskAware will provide this opportunity when and where possible, including in some cases the use of your Account Settings to initiate changes at will.  You may request changes by contacting us using information found in the ‘Contact’ section of this policy.   RiskAware will acknowledge all requests for changes to EU or other overseas consumer personal data per Policy Shield principles and respond within reasonable timeframes.  In all instances, we will facilitate correction requests to the maximum extent, and in accordance with FCRA and other laws including Privacy Legislation.

Onward Transfer

Under no circumstance does RiskAware sell, share, sell, supply, or trade EU consumer personal information with US or overseas third parties for promotional purposes.

In the course of performing and completing our services, and in support of the permitted and legal purposes you have already authorized, RiskAware may share personal EU and overseas consumer information with an overseas third-party source.  When doing so, RiskAware observes Privacy Shield frameworks and/or those that apply for the country with whom we are transacting with the third party.  Whenever RiskAware shares information overseas, there is appropriate RiskAware process to obtain legal certifications, provide organizational due diligence, and qualify data security protections in place with the overseas third party.  As referenced above, we afford that only vetted and authorized third parties gain access to RiskAware’s shared personal data, and protect that information is used only to gather the required information and for no other purpose.

 Transferring Data to Third Parties

Below are types of overseas third parties with whom RiskAware may transfer consumer personal information (but not limited to).  We have also shared a more extensive overview of these sources in RiskAware’s Consumer Information Privacy Policy,  “Onward Transfer of Your Personal Information” section:

Once RiskAware has vetted it’s applicable overseas or EU source for onward transfer of consumer personal information, RiskAware takes additional steps to protect consumer personal information during the transfer process including but not limited to these steps:

When RiskAware transfers a consumer’s personal information to any third party, it is electronically transmitted and stored in a secure and confidential manner.

Access

Whether you are an applicant, employee, volunteer, or other subject of a consumer report,or a client or prospective client of our organization; and regardless of your country of origin, our services provide you with rights and protections under The Fair Credit Reporting Act (FCRA) and other U.S. and international consumer privacy laws when applicable.  At RiskAware, we honor these protections and view you as an important customer and priority of our process.   As such, RiskAware is committed to delivering you exceptional and professional support and services that ensure the following:

Any individual for whom RiskAware has collected EU personal information by any method including through our website(s), or as a result of our services (such as a final background check report)and who seeks a copy of our information has the right to request access to their personal information at any time, subject to providing proof of identity.  This request may be sent to us by contacting our Applicant Services either by phone, email, website “contact us” forms, or by using any method described by the ‘Contact’ section of this policy.  Once RiskAware has received your request, to the greatest extent possible and as is permitted by law, we will share full disclosure of our information openly, at no charge, and with respect for the individual.

While RiskAware utilizes an intensive 7-point quality process that deepens investigation and data research to ensure quality and accuracy, if upon your inspection of your information, you find that our information is inaccurate  or incomplete, or if you wish to make changes, RiskAware affords you a reasonable opportunity to dispute our information as false.  This is done by contacting us to correct, update, or delete our records.   Our research team will reinvestigate your claim, and correct any found inaccurate  information, then altering and updating the inaccuracy in our records, statements or reports.   We will notify any consumer if we are unable to correct or access EU or overseas personal consumer information to direct a change.

Security

RiskAware recognizes the highly confidential nature of the information we collect, transfer, store, and dispose.  To protect the security of this information, including overseas and EU consumer personal information; RiskAware continually invests in robust network architecture to guard against unintended access, malicious intrusion, and natural disasters.  Additionally, we maintain strict adherence to internal Information Security Policies and practices that apply to use of our technologies and all members of our organization.  A more comprehensive overview of RiskAware’s Data Security practices may be found in RiskAware’s Consumer Information Privacy Policy’s  “Data and Information Security” section.

RiskAware Personnel Security Measures:

Before RiskAware employees are permitted access to EU or overseas consumer personal information, they undergo comprehensive background check screening, are trained on RiskAware’s Information Security Policies, and certify confidentiality and ethics statements that require compliance to our internal Policies.  Only RiskAware employees who require access to consumer personal information are permitted logins and passwords to view client and consumer data.

RiskAware Network Security:

RiskAware’s technology and wired infrastructure protects overseas information against data loss, mishandling, unintended access, or threat to security. Important network security attributes are (but not limited to):

Access Security features:

Intrusion Security Features:

Protocols for Change Management

Fully Redundant Network

Physical Building Security and Environmental Controls

Managed and Secure Data Storage – Back Up and Retention systems

EU or overseas consumer personal information we receive in hard copy is stored in locked file cabinets accessible only to authorized RiskAware team members.   Data stored in electronic databases or formats are protected by multi-tiered security and role based access.

Protection of Social Security Numbers

RiskAware’s system takes added precaution when safe-handling consumer’s sensitive personal identifier information, such as social security number and date of birth.   When possible and under our control, RiskAware’s systems promote the automatic and electronic de-identification and/or redaction of this information when transferred with EU or overseas countries.  This occurs in both hard copy printed and online view.  Only authorized viewers who perform operations that require access to this information are permitted to view this data.

Disposal

RiskAware follows FCRA and Federal Trade Commission guidelines when disposing of personal consumer information which include:

In addition to all Data Security methods referenced above, RiskAware performs security audits and penetration testing. While no method of transmission or storage can be guaranteed 100% secure, RiskAware follows acceptable industry-standard Data Security practices to ensure EU and overseas consumer personal information entrusted with us remains protected and confidential, in compliance with Privacy Shield principles.

Data Integrity

RiskAware clients and consumers depend on the quality of our processes and services to ensure the accuracy of information gathered or transferred to and from U.S, EU, or overseas countries.  We utilize an intensive 7-point quality process to provide thorough investigation and data research so that consistent with Privacy Shield Principles, EU and overseas consumer personal information is accurate, complete, and up to date.  While RiskAware makes every effort to provide fully accurate data, we cannot ever guarantee that information we receive from our U.S., overseas, and EU sources may not contain errors.  If upon your inspection of your information, you find that our information is inaccurate or incomplete, of if you wish to make changes, you may utilize RiskAware’s Dispute Process to update our records or report our information as false by contacting us using any method listed by our ‘Contact’ section below.  Subject to confirming your identity, our research team will acknowledge your request, will reinvestigate, and correct any found wrong information, updating our statements or reports with the corrected data.  If we are unable to correct EU or overseas data, or are otherwise prevented from access, RiskAware will inform the consumer of such.   RiskAware will acknowledge all requests for changes to EU or other overseas consumer personal data per Policy Shield principles, and respond within reasonable timeframes.  In all instances, we will facilitate correction requests to the maximum extent, and in accordance with FCRA and other laws including Privacy Legislation.

RiskAware retains U.S., EU, and overseas consumer personal data we have been authorized to collect for the tenure of our services to our Client.  This is as required per our contracts, applicable laws or legal requirements, and to help resolve disputes.

Enforcement / Complaints

RiskAware takes seriously any privacy related question, concern, or compliant and will make every reasonable effort to quickly resolve any issue related to our handling and use of consumer personal information in full compliance with EU-US Privacy Shield Principles.  EU or overseas consumers with inquiries or complaints, or anyone who would like to discuss RiskAware’s Consumer Information Privacy Policy should first contact RiskAware using any method found below in our “Contact Us” Section, or at:

RiskAware

Attn: Privacy Policy Coordinator

1776 Mentor Ave, 315

(877) 552-8907

RiskAwarePrivacy@riskaware.com

We will promptly investigate and make best efforts to resolve any complaint.

If we are unable to successfully address your concern, or if you are unsatisfied with our response, you may engage next step arbitration methods listed below.  RiskAware agrees to participate and comply the process with any below listed organization, and without cost to the consumer:

We take all complaints seriously, and will respond with urgency to all matters per our commitment to Privacy Shield Principles.

 

Contact

Overseas Transferred Consumer Personal Information:  To request information relating to your EU or overseas transferred Consumer Personal Information, please contact: RiskAwarePrivacy@riskaware.com

If you have questions regarding this European Union Privacy Shield Privacy Policy, contact:

RiskAware

Attn: Privacy Policy Coordinator

1776 Mentor Ave, 315

(877) 552-8907

RiskAwarePrivacy@riskaware.com

Close