Privacy Policy

RiskAware Consumer Information Privacy Policy

Pretext

RiskAware does not “sell” personal information

As a consumer of RiskAware services or user of our website’s information, it is important to establish with you that RiskAware is not a business that “sells” information.  In order to perform our contracted services RiskAware may collect, share, and store information about you as further described and governed by this Policy.

“Opting Out”

RiskAware supports any consumer’s right to “opt out” of our services, or handling of consumer information.  RiskAware Consumers can “opt out” at any time by executing any of the below steps:

Introduction

This policy may change from time to time. Please check the policy each time you use our website for the latest version and most current information.

RiskAware LLC. (“RiskAware”, “we” or “our”) is a recognized national provider of personnel risk solutions that include Background Checks, Drug and Medical Tests, and Social Media Reports, and software for Electronic I-9 & E-Verify right to work authorizations, Incident Reporting Management, and Investigations.  These services help employers improve hiring decisions and respond more quickly to ongoing behaviors that threaten employee, member, or organization safety.

To perform our screening related services, RiskAware collects, supervises, and stores confidential consumer personal information when two conditions are met:

  1. We have expressed our client or end user’s legal business purpose to you when requesting your consumer personal information, and then use your information only for that purpose,
  2. You have voluntarily provided your authorization (opted in)

In handling client and consumers personal information, whether online through our website(s) or in hard copy formats, RiskAware’s policy provides for the accurate, ethical, and responsible use of information, including the protection of individual’s privacy rights and the safeguarding of data.  The overarching covenant of our policy is that all information obtained by RiskAware is collected, stored and used in compliance with applicable law, including but not limited to, the Fair Credit Reporting Act (FCRA), the Fair and Accurate Credit Transactions Act (FACTA), the Driver Protection Policy Act (DPPA), and other state, national, and international applicable laws.

Additionally, RiskAware complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.  RiskAware has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework principles (EU-U.S. DPF principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF.  RiskAware has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework principles (Swiss-U.S. DPF principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF principles, the UK Extension-U.S. DPF principles, and/or the Swiss-U.S. DPF principles, the principles shall govern.  To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000PBS5AAO&status=Active .

 

RiskAware’s Website Privacy Policy

Personal Information Collected When Using Our Website(s)

Use of RiskAware’s public website www.riskaware.com , is anonymous.  In some instances, however, you may be asked to provide personal information to use a feature of our website.  As an example, some RiskAware website pages require an exchange of personal information so RiskAware can assign login and password access codes that permit your use of our website functions.  In all instances when using RiskAware’s websites (www.riskaware.com,  RiskAware’s Background Check system branded site, RiskAware’s Applicant Tracking System, Electronic I9/E-Verify or Red Flag Incident Reporting), our collection of personal identification information from Users is voluntarily, and required only to perform a specific purpose as outlined by our website at the time the request for information is made.

RiskAware’s website contains the following purposes for requesting your personal information (but not limited to):

When performing these functions, RiskAware’s website may ask for personal identification information such as (but not limited to):

RiskAware’s website only collects personal consumer information that you choose to provide so we may perform our stated purpose.  This information allows us to perform our services, communicate and direct information to you, process your transactions, maintain your account, and/or improve our website for your use.  Website Users can always refuse to supply personal information, though this may prevent access to certain website functions or services.

Non-Personal Information Collected When Using Our Website:

As you browse RiskAware’s website, it may collect non-personal technical information that describes your system, session, and interest in our website services.  This happens automatically using tools such as your browser’s log data, cookies (a small data file stored by your browser on your computer’s hard drive), or analytics processes such as Google Analytics which help us measure statistics such as the number of visits, average time spent on the site, pages viewed and similar information.    By evaluating the data collected, we are better able to administrate our website, track movements that signal user interest, and gather directional demographics data. This non-personal information that we collect allows us to improve the effectiveness of our website, its content, and our overall services.

Specifically, your shopping history and use details of the products you have previously purchased is obtained to make suggestions to you for other products which we believe you will also be interested in.  We will retain and evaluate information on your recent visits to our website and how you move around different sections of our website for analytics purposes to understand how people use our website so that we can make it more intuitive; and we will keep a record of the articles on our website that you have clicked on and use that information to target advertising on this website to you that is relevant to your interests, which we have identified based on articles you have read.

Examples of this type of non-personal information collected during a website user session are:

A cookie file can contain additional information such as

At no point is your URL or IP address linked to any personal information entered into the website, unless you have logged into your account.  Additionally, RiskAware does not provide the non-personal information we collect to outside parties, and does not archive personal information stored in cookies.

While most browsers are set to accept cookies, if you would like not to receive cookies, you can choose browser settings to refuse cookies. Note that you may lose access to some website functions if you do so.  Your browser manufacturer has information on how to change the settings for your browser.  RiskAware’s web site does not currently recognize “do not track” signals transmitted by web browsers.

 

Website Links Privacy Policy

RiskAware’s Privacy Policy applies to the content and information contained on our website, that is under the direct control and/or supervision of RiskAware.  In some cases, our website may provide links to third-party websites that are useful to our users but are outside of our control.  These linked sites are not covered by RiskAware’s Consumer Information Privacy Policy.   If you utilize a RiskAware website link and then reach another organization’s website content (as identified by the URL, branding, site name etc.) and subsequently have questions about how another site uses your personal information, then that site’s privacy statement should be consulted, and may differ from our own.

RiskAware Use of Consumer Personal Information

 

Notice on Purposes for Collecting Consumer Personal Information

As stated by RiskAware’s Website Privacy Policy, RiskAware collects your personal information so we may serve the following business purposes, for which you are notified:

While our website is our primary method for requesting and obtaining your consumer personal information, we may also collect your information and consent using hard copy forms.

Consumer Personal Information We Collect

After providing you with notice on our business purpose for collecting your information, you decide what personal information you are willing to share with RiskAware in conjunction with our request, so we may fulfill that purpose.  Your exchange of information with us is voluntary, and in strict compliance with FCRA and other applicable laws that protect your consumer information privacy rights.  When personal information is being pursued to perform a Background Check, Electronic I9, or E-Verify verification, you will be notified on the company name that has certified the request, and their permissible purpose – such as for employment.

RiskAware may request the following types of information from you (but not limited to):

When using our websites and applications, we may ask for information such as:

Without the information you agree to provide us RiskAware would be unable to perform our services.  This makes the integrity of our exchange very important to us.

Your Choices When Providing Personal Information

RiskAware only collects and holds information that the consumer has authorized or has provided voluntarily, per the uses described by this policy and stated at the time of the request.

Opting Out

Consumers who wish to opt out from the collection and disclosure of their information can choose not to provide it to RiskAware and/or to our Client, and should not therefore complete any form of Authorization, or further input of data requested.  Any consumer who wishes to withdraw their consent to our services and cancel an Authorization previously given, may do so by notifying RiskAware using any method of contact or as described by this policy in the ‘Contact’ section.  Once you have withdrawn authorization or opted out, RiskAware will no longer use or disclose your personal information and the service for which the information was provided will end.  While in this case RiskAware will no longer use your information, it is not necessarily deleted from our system.  RiskAware will process “Opt Out” requests quickly, using reasonable procedures, and in compliance with applicable laws, including Privacy regulations.

Requests to Delete Your Information / Unsubscribing

Any RiskAware Consumer may request our deletion of your information by contacting us via any prescribed method listed in our “Contact” section to make the request that your records be deleted.  Upon confirming your identity and information exists in our system and unless otherwise prohibited by law, RiskAware will schedule the deletion of your information within our regular deletion cycles, using physical methods that purge your data from our system and render it unretrievable.

You may also unsubscribe from RiskAware notifications at any time.  If you had previously requested our communication, authorized direct contact, or provided us your contact information via trade show attendance, the web, or other online applications, we may use your contact information to connect you to our marketing, so you are informed on RiskAware products, services, or news.  At any point, you may unsubscribe from our mailing lists and email communication by notifying us by any method (See ‘Contact Section’), by following “unsubscribe” instructions included in our emails, or by using your own account settings to prevent further contact.

Reporting Changes to Personal Information

RiskAware recognizes that from time to time, consumer personal information and preferences may change.   RiskAware supports consumer’s rights to review the information we collect about you, as we will describe in more detail later under our ‘Accessing Your Information’ section.  If a consumer wishes to make changes, updates, or modifications to personal information they have submitted to us, including the closure of their Account(s), RiskAware will provide this opportunity to our greatest extent possible.  Or if you are an Account holder, you may log in and use your User Account Settings to initiate changes at will.  To initiate changes to personal information, you may contact us using information found below in the ‘Contact’ section of this policy.   RiskAware will acknowledge all requests and respond within reasonable timeframes.  In all instances, we respond to your change requests as best we are able and in accordance with FCRA and other laws including Privacy regulations.

Onward Transfer of Your Personal Information

Under no circumstance does RiskAware sell, share, trade, rent or otherwise dispose consumer personal information to third parties for their promotional purposes.  There may be times however, when, while performing and completing our services as listed in our ‘Notice on Purposes for Collecting Consumer Personal Information’ section, RiskAware may transfer consumer personal information to a third party to obtain their information about you. These third parties may access or process personal data while providing their services to us.   Any transfer of your consumer personal information to a third party will occur in the context of our performing our contracted services, and is likewise conditional upon these two factors:

  1. You have been informed of our purpose for using your personal information
  2. You have voluntarily provided us your personal information

Please note that before transmitting or acquiring information on you with a third party, RiskAware takes steps to ensure the source is credible, reliable, and manages strong data security practices.   When RiskAware shares information with any third party, it is transmitted and stored in the secure manner that will later be described under the ‘Our Data Security’ section’ of this Consumer Information Privacy Policy.

RiskAware’s Sources

Before we share your information with any third party, where possible and applicable RiskAware performs due diligence.   We verify the provider is a reputable, trusted, and reliable supplier of information, is recognized by our industry or trade organizations such as the Professional Background Screeners Association (PBSA), is acknowledged by credentialing organizations, or has been sponsored and integrated with RiskAware by our technology host(s).  Whenever possible, RiskAware 1) requires legal contracts or certifications with third party sources to obligate confidential and secure handling of consumer personal information, and 2) takes steps to test the organization’s credentials and quality processes.  Before transferring consumer personal information to a source, RiskAware makes the effort to ensure the third party maintains the security of your personal data consistent with our own Consumer Information Privacy Policy (and Data Privacy Framework as it applies).

 Transferring Data to Third Parties

Below are types of third parties with whom RiskAware may transfer consumer personal information (but not limited to):

Once RiskAware has vetted its applicable source for onward transfer of consumer personal information, RiskAware takes additional steps during the transaction to protect consumer personal information including but not limited to these steps:

When RiskAware transfers a consumer’s personal information to any third party, it is electronically transmitted and stored in a secure and confidential manner, as will be further described by our ‘Data and Information Security’ section of this policy, below.

Data and Information Security

RiskAware recognizes the highly confidential nature of the information we collect, transfer, store, and dispose.  To protect the security of this information, RiskAware continually invests in its robust network architecture to guard against unintended access, malicious intrusion, and natural disasters.  Additionally, we maintain strict adherence to internal Information Security Policies that apply to the use of our technologies, and to all members of our organization.

RiskAware Personnel Security Measures:

RiskAware’s security practices begins at the date of hire.  RiskAware employees undergo comprehensive background investigation, repeated for most employees every two years.  All employees are trained on RiskAware’s Information Security Policies and certify confidentiality and ethics statements that require compliance to our internal Policies.  Only RiskAware employees who require access to consumer personal information are permitted logins and passwords to view client and consumer data.

RiskAware Network Security:

RiskAware’s technology and wired infrastructure protects against data loss, mishandling, unintended access, or threat to security due to the many installed features and protocols that guard the safety of our networks.

Important attributes are (but not limited to):

Access Security features:

Intrusion Security Features:

Protocols for Change Management

Fully Redundant Network

Physical Building Security and Environmental Controls

Data Storage and Retention:

RiskAware retains secure possession and access to information we collect in compliance with applicable laws; to prevent fraud, or to be used in the event of legal action.  Safe data storage is built-in to both our network architecture and supported by strong data protection practices.  Data Storage security features include but aren’t limited to:

Though not frequently obtained or stored, Personal Information we receive in hard copy is kept safely in locked file cabinets accessible only to authorized RiskAware team members.   Data stored in electronic databases or formats are protected with multi-tiered security and role-based access.

Personal Identification Number Protection – Social Security Numbers

RiskAware’s system takes added precaution when safe-handling consumer’s sensitive personal identifier information, such as Social Security and dates of birth.   When possible and/or under our control, RiskAware’s systems and practices promote automatic redaction, and/or electronic de-identification of this information from both hard copy printed and online view.  Only authorized viewers who perform operations that require access to this information are permitted to view this data.

Retention of Information

RiskAware can retain information for lengths of time as specified by our Client, or by our own internal policy and practice, whichever is shortest in duration.  Unless otherwise requested in writing by our contracted Client, RiskAware policy is to retain information for a period no less than two (2) years and no greater than seven (7).  Exceptions to this policy may apply when retention is specified to comply with laws or matters of law enforcement, or as may be required by our company contracts (when not in violation of laws).  Per our above ‘Requests to Delete Your Information / Unsubscribing’ policy, Consumers may also request deletion of their information resulting in full removal of information from our systems.

Disposal of Information

RiskAware follows FCRA and Federal Trade Commission guidelines when disposing of personal consumer information, taking care in our methods to destroy information in a manner that renders it inaccessible, unreadable and/or unrecoverable. In compliance with current Federal Trade Commission guidelines, this may include:

In addition to all Data Security methods referenced above, RiskAware performs in-depth security audits and penetration testing, maintains evidence of required data security practices, and rated Cyber Liability Insurance. While no method of transmission or storage can be guaranteed to be 100% secure, RiskAware follows acceptable industry-standard Data Security practices to ensure information entrusted with us remains protected and kept confidential.

Data Integrity, Accuracy, and Disputes

RiskAware clients and consumers depend on the quality of our processes and services that ensure the accuracy of our information.  In some instances, our “smart system” technology safeguards against non-conforming data inputs that don’t meet formatting or other requirements.  Additionally, our research method utilizes an intensive 7-point quality process to promote thorough investigation and data research so our information is accurate, complete, and up to date.  While RiskAware makes every effort to provide fully accurate data, we cannot ever guarantee that information we receive from our sources may not contain errors.  If upon your inspection of your information, you find that our information is inaccurate or incomplete, of if you wish to make changes, you may dispute RiskAware’s information, request an update to our records, or report incorrect information by contacting us using any method listed by our ‘Contact’ section below.  Our research team will acknowledge your request and will reinvestigate and correct any inaccurate information at the source when able, updating our statements or reports with the corrected data. In addition, RiskAware’s software systems help promote accuracy by highlighting when information seems incorrect or needs client attention.

Accessing Your Information

Whether you are an applicant, employee, volunteer, or other subject of a consumer report, or a client or prospective client of our organization, you have rights and protections under The Fair Credit Reporting Act (FCRA) and other consumer privacy laws.  At RiskAware, we honor these protections and view you as an important customer and priority of our process.   RiskAware is committed to delivering you exceptional and professional support and services that ensures you the following:

Any individual for whom RiskAware has collected information by any method, including through our website, or as a result of our services (such as a final background check report) and who seeks a copy of our information has the right to request access to their personal information at any time, subject to proof of identity.  This request may be sent to us by contacting our Applicant Services either by phone, email, website “Contact Us” forms, or by using any method described by the ‘Contact’ section of this policy.  Once RiskAware has received your request, to the greatest extent possible and as is permitted by law, we will share full disclosure of our information openly, at no charge, and with respect for the individual.

Amendments  

From time to time, this RiskAware’s Consumer Information Privacy Policy, including those affecting it’s Onward Transfer of Consumer Information may change.  Consistent with Data Privacy Framework requirements, we will post our current policy to our www.riskaware.com website, and keep it updated with any revisions.

Children

RiskAware’s website(s) and services are not intended for the use of children under the age of 13.  We do not set up accounts for children, provide login or password access to children.  Neither do we intend or knowingly perform services for or collect information from or about children.  It is noted that RiskAware’s Red Flag system can be configured by clients to accept Incident Reports from anyone using an internet enabled device without restriction.  Clients may use Red Flag to gather important information on safety issues that may intentionally name or include reports describing children.  Red Flag reported incident data is not RiskAware data, but rather is the property of the client and subject to each client’s own Privacy Policies.

Privacy Notice for California Residents

RiskAware takes seriously the protection of Consumer Information and our compliance with consumer laws that affect our handling of our Consumer’s data.  While RiskAware’s services are primarily governed by protections afforded the Consumer by the Fair Credit Reporting Act, we recognize and support protections established by California legislation including the California Consumer Privacy Act (CCPA) and it’s Amendment, California Privacy Rights Act (CPRA).

Important to note and understand as California residents, is that RiskAware is primarily a Credit Reporting Agency (CRA) offering products and services obligated under the FCRA.  Because of the Consumer protections already in place under the Fair Credit Reporting Act, RiskAware is exempted by the CCPA and CPRA for FCRA covered services.  Nonetheless, our full compliance with the FCRA and Data Privacy Frameworks, ensures that essential CCPA/CPRA requirements such as the consumer’s rights to disclosures, authorizations, opt outs, disputes, and corrections, are observed and supported by our policies and processes.

CA Note On Investigative Consumer Reports   

The Fair Credit Reporting Act defines an “Investigative Consumer Report” as a consumer report which provides “information on a consumer’s character, general reputation, personal characteristics, or mode of living obtained through personal interviews with neighbors, friends, or associates of the consumer reported on or with others with whom he is acquainted or who may have knowledge concerning any such items of information”.

RiskAware provides Investigative Consumer Reports in compliance with the Fair Credit Reporting Act (15 U.S.C. § 1681 et seq., as amended) and the California Investigative Consumer Reporting Agencies Act (Cal. Civ. Code § 1786 et seq.) and applies this Consumer Personal Information Privacy Policy to our practices.

RiskAware’s Transfer of California Consumer Personal Information: United States or Overseas

In the course of providing or completing investigative consumer reports, subject to our business purposes that have been disclosed to you, and your authorization to provide personal information for such purpose, RiskAware may be required to transfer your consumer personal information to third parties and in some cases, outside the United States.  Overseas onward transfer of consumer personal information will follow all practices as outlined by this policy and in accordance with all applicable laws and regulations.

California’s ‘Do Not Track’ Law-

Our website does not currently respond to “Do Not Track” browser settings.

California ‘Do Not Sell’ Privacy Rights
RiskAware does not share, sell, rent, trade, or otherwise dispose any California consumer personal information with third parties for their promotional use.  Additionally, RiskAware only uses California Consumer Personal Information to perform our services as defined previously in this policy, as expressed at the time of data collection, and only once we have received the California consumer’s voluntarily consent to perform such outlined services.

California Privacy Rights under CCPA / CPRA

Though the California Consumer Privacy Act (CCPA) and it’s amendment the California Consumer Privacy Act (CPRA) do not apply to our FCRA governed background screening business because of protections already in place under the FCRA, RiskAware’s Consumer Protection Privacy Policy does support California Consumer’s privacy rights outlined by these legislations in the following important ways:

California Children’s Information

RiskAware’s website(s) and services are not intended for the use of children under the age of 13.  We do not set up accounts for children, provide login or password access to children, or intend or knowingly perform services for, or collect information from or about children.

For more information on RiskAware’s Consumer Personal Information Privacy Policies as they relate to California Laws, please contact RiskAware using any method described in the below “Contact” section.

 

For EU, UK Extension, and Swiss Individuals: Data Privacy Framework Notice for Personal Data Transfers to the United States

RiskAware always protects the privacy of consumer information.  In accordance with this policy, RiskAware fully discloses its legal purposes for collecting personal information from consumers, and only obtains personal information that is volunteered by the consumer.  At times, and in conjunction with our purposes and authorization, personal information may be gathered and transferred into and out of the United States with overseas sources, so we can complete our services.  When this occurs, there is deliberate attention to confidentiality and security.  No matter where RiskAware transfers consumer personal information, we take steps to maintain confidentiality and privacy.  Information is transmitted and stored overseas in the same and secure manner that has been outlined by RiskAware’s Consumer Information Privacy Policy, and in compliance with the Data Privacy Frameworks described below.

RiskAware complies with the EU-US Data Privacy Framework, the UK Extension, and the Swiss-US Data Privacy Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union and UK Extension member countries (including Iceland, Liechtenstein, and Norway) and Switzerland transferred to the United States pursuant to Data Privacy Framework principles.  RiskAware has certified that it adheres to the Data Privacy Framework principles with respect to such data. If there is any conflict between the policies in this privacy policy and data subject rights under the Data Privacy Framework principles, the Data Privacy Framework principles shall govern. To learn more about the Data Privacy Framework  program, and to view our certification page, please visit https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000PBS5AAO&status=Active .

Notice

When RiskAware transfers consumer personal information from EU, UK Extension, and/or Swiss sources to the United States, you will be advised on our business purposes for collecting your information.  While a comprehensive description on RiskAware’s business purposes for collecting consumer information is described in RiskAware’s Consumer Information Privacy Policy section “RiskAware Notice on Purposes for Collecting Consumer Personal Information”, they can be summarized again as follows related to overseas requirements:

If you have lived overseas, you may be asked to provide the following types of consumer personal information (but not limited to) and that may be transferred overseas:

Or when using our websites and applications, we may collect additional information that helps improve our services to you such as:

RiskAware informs the consumer on our purpose for requesting personal information at the time of collection, and in strict compliance with FCRA and other applicable U.S. and international laws that protect consumer’s information privacy rights.

RiskAware treats any and all information as sensitive when transferred overseas or to any third party.

Choice

Whenever consumer personal information is obtained to perform services described in RiskAware’s Consumer Information Privacy Policy’s ‘Notice’ section, our clients and consumers both in the U.S. and overseas, have a choice whether to submit the information.  RiskAware only collects and holds consumer personal information that you have authorized or provided voluntarily (opting in), for the purposes described by our Consumer Information Privacy Policy.

Consumers who wish to opt out from the collection and disclosure of their EU, UK Extension, and/or Swiss Personal Information should not provide it to RiskAware and/or to our Client; and should not complete any form of Authorization requested.  Any consumer who wishes to withdraw their consent to our services and cancel their Authorization, may do so by notifying RiskAware using any method of contact, or as described by RiskAware’s Consumer Information Privacy Policy’s “Contact” section.  Once you have cancelled your authorization, RiskAware will not use or disclose your information further.

If you had previously requested or authorized our communication, or you have provided us your contact information via the web or other applications, we may use your contact information to connect with you through our marketing that informs on products, services, or news.  At any point, you may unsubscribe from our mailing lists and email communication by notifying us by any method (See ‘Contact Section’), by following “unsubscribe” instructions included in our emails, or by using your own account settings.

RiskAware recognizes that sometimes consumer personal information and preferences may change.  If a consumer wishes to make changes, updates, or modifications to personal information they have submitted to us, including the closure of their Account(s), RiskAware will provide this opportunity when and where possible, including in some cases the use of your Account Settings to initiate changes at will.  You may request changes by contacting us using information found in the ‘Contact’ section of this policy.   RiskAware will acknowledge all requests for changes to EU, UK Extension, Swiss, or other overseas consumer personal data per our Privacy Policy and commitment to the Data Privacy Framework principles and respond within reasonable timeframes.  In all instances, we will facilitate correction requests to the maximum extent, and in accordance with FCRA and other laws including Privacy Legislation.

RiskAware will provide an EU, UK Extension, or Swiss individual opt-out choice, or alternative choice to authorize and opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized.  To request to limit the use and disclosure of your personal information, please submit a written request to riskawareprivacy@riskaware.com.

Onward Transfer

Under no circumstance does RiskAware sell, share, sell, supply, or trade EU, UK Extension, Swiss, or other country consumer personal information with US or overseas third parties for promotional purposes.

In the course of performing and completing our services, and in support of the permitted and legal purposes you have already authorized, RiskAware may share personal EU, UK Extension, Swiss, and overseas consumer information with an overseas third-party source.  When doing so, RiskAware observes Data Privacy Frameworks and/or those that apply for the country with whom we are transacting with the third party.

RiskAware will not transfer any EU, UK Extension, or Swiss consumer information to a third-party without first ensuring, via written contract when applicable, that the third-party handles the data under the same level of protection as set forth in this policy.

RiskAware’s accountability for personal data that it receives in the United States under the Data Privacy Framework and subsequently transfers to a third party is described in the Data Privacy Framework principles. In particular, RiskAware remains responsible and liable under the Data Privacy Framework if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the principles, unless RiskAware proves that it is not responsible for the event giving rise to the damage.

 Transferring Data to Third Parties

Below are types of overseas third parties with whom RiskAware may transfer consumer personal information (but not limited to).  We have also shared a more extensive overview of these sources in RiskAware’s Consumer Information Privacy Policy, “Onward Transfer of Your Personal Information” section:

In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Once RiskAware has vetted it’s applicable overseas, EU, UK Extension, or Swiss, source for onward transfer of consumer personal information, RiskAware takes additional steps to protect consumer personal information during the transfer process including but not limited to these steps:

When RiskAware transfers a consumer’s personal information to any third party, it is electronically transmitted and stored in a secure and confidential manner.

Access

Whether you are an applicant, employee, volunteer, or other subject of a consumer report, or a client or prospective client of our organization; and regardless of your country of origin, our services provide you with rights and protections under The Fair Credit Reporting Act (FCRA) and other U.S. and international consumer privacy laws when applicable.  At RiskAware, we honor these protections and view you as an important customer and priority of our process.   As such, RiskAware is committed to delivering you exceptional and professional support and services that ensure the following:

Pursuant to the Data Privacy Framework, any individual for whom RiskAware has collected EU, UK Extension, or Swiss personal information by any method including through our website(s), or as a result of our services (such as a final background check report) and who seeks a copy of our information has the right to request access to their personal information at any time, subject to providing proof of identity.  An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under the Data Privacy Framework should submit their request by contacting our Applicant Services either by phone, email, website “contact us” forms, or by using any method described by the ‘Contact’ section of this policy.  Once RiskAware has received your request, to the greatest extent possible and as is permitted by law, we will share full disclosure of our information openly, at no charge, and with respect for the individual.

While RiskAware utilizes an intensive 7-point quality process that deepens investigation and data research to ensure quality and accuracy, if upon your inspection of your information, you find that our information is inaccurate or incomplete, or if you wish to make changes, RiskAware affords you a reasonable opportunity to dispute our information as false.  This is done by contacting us to correct, update, or delete our records.   Our research team will reinvestigate your claim, and correct any found inaccurate information, then altering and updating the inaccuracy in our records, statements or reports.   We will notify any consumer if we are unable to correct or access EU, UK Extension, Swiss, or overseas personal consumer information to direct a change.

Security

RiskAware recognizes the highly confidential nature of the information we collect, transfer, store, and dispose.  To protect the security of this information, including overseas, EU, UK Extension, and Swiss consumer personal information; RiskAware continually invests in robust network architecture to guard against unintended access, malicious intrusion, and natural disasters.  Additionally, we maintain strict adherence to internal Information Security Policies and practices that apply to use of our technologies and all members of our organization.  A more comprehensive overview of RiskAware’s Data Security practices may be found in RiskAware’s Consumer Information Privacy Policy’s “Data and Information Security” section.

RiskAware Personnel Security Measures:

Before RiskAware employees are permitted access to EU, UK Extension, Swiss, or overseas consumer personal information, they undergo comprehensive background check screening, are trained on RiskAware’s Information Security Policies, and certify confidentiality and ethics statements that require compliance to our internal Policies.  Only RiskAware employees who require access to consumer personal information are permitted logins and passwords to view client and consumer data.

RiskAware Network Security:

RiskAware’s technology and wired infrastructure protects overseas information against data loss, mishandling, unintended access, or threat to security. Important network security attributes are (but not limited to):

Access Security features:

Intrusion Security Features:

Protocols for Change Management

Fully Redundant Network

Physical Building Security and Environmental Controls

Managed and Secure Data Storage – Back Up and Retention systems

EU, UK Extension, Swiss, or overseas consumer personal information we receive in hard copy is stored in locked file cabinets accessible only to authorized RiskAware team members.   Data stored in electronic databases or formats are protected by multi-tiered security and role-based access.

Protection of Social Security Numbers

RiskAware’s system takes added precaution when safe-handling consumer’s sensitive personal identifier information, such as social security number and date of birth.   When possible and under our control, RiskAware’s systems promote the automatic and electronic de-identification and/or redaction of this information when transferred with EU, UK Extension, Swiss, or overseas countries.  This occurs in both hard copy printed and online view.  Only authorized viewers who perform operations that require access to this information are permitted to view this data.

Disposal

RiskAware follows FCRA and Federal Trade Commission guidelines when disposing of personal consumer information which include:

In addition to all Data Security methods referenced above, RiskAware performs security audits and penetration testing. While no method of transmission or storage can be guaranteed 100% secure, RiskAware follows acceptable industry-standard Data Security practices to ensure EU, UK Extension, Swiss, and overseas consumer personal information entrusted with us remains protected and confidential, in compliance with Data Privacy Framework principles.

Data Integrity

RiskAware clients and consumers depend on the quality of our processes and services to ensure the accuracy of information gathered or transferred to and from U.S, EU, UK Extension, Swiss, or overseas countries.  We utilize an intensive 7-point quality process to provide thorough investigation and data research so that consistent with Data Privacy Framework principles, EU, UK Extension, Swiss, and overseas consumer personal information is accurate, complete, and up to date.  While RiskAware makes every effort to provide fully accurate data, we cannot ever guarantee that information we receive from our U.S., overseas, and EU, UK Extension, or Swiss sources may not contain errors.  If upon your inspection of your information, you find that our information is inaccurate or incomplete, of if you wish to make changes, you may utilize RiskAware’s Dispute Process to update our records or report our information as false by contacting us using any method listed by our ‘Contact’ section below.  Subject to confirming your identity, our research team will acknowledge your request, will reinvestigate, and correct any found wrong information, updating our statements or reports with the corrected data.  If we are unable to correct EU, UK Extension, Swiss, or overseas data, or are otherwise prevented from access, RiskAware will inform the consumer of such.   RiskAware will acknowledge all requests for changes to EU, UK Extension, Swiss, or other overseas consumer personal data per Data Privacy Framework principles, and respond within reasonable timeframes.  In all instances, we will facilitate correction requests to the maximum extent, and in accordance with FCRA and other laws including Privacy Legislation.

RiskAware retains U.S., EU, UK Extension, Swiss, and overseas consumer personal data we have been authorized to collect for the tenure of our services to our Client.  This is as required per our contracts, applicable laws or legal requirements, and to help resolve disputes.

Enforcement / Data Privacy Framework Complaints

RiskAware takes seriously any privacy related question, concern, or compliant and will make every reasonable effort to quickly resolve any issue related to our handling and use of consumer personal information in full compliance with EU-U.S., UK Extension-U.S., and Swiss-U.S. Data Privacy Framework principles.

With respect to personal data received or transferred pursuant to the Data Privacy Framework, RiskAware is subject to the regulatory and enforcement powers of the U.S. Federal Trade Commission.

In compliance with the Data Privacy Framework principles, RiskAware commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Data Privacy Framework. European Union, UK Extension, and Swiss individuals with Data Privacy Framework inquiries or complaints should first contact RiskAware by email at riskawareprivacy@riskaware.com or via post at:

RiskAware

Attn: Privacy Policy Coordinator

8170 Corporate Park Drive, #144

Cincinnati, OH 45242

(877) 552-8907

RiskAwarePrivacy@riskaware.com

We will promptly investigate and make best efforts to resolve any complaint.

RiskAware has further committed to refer unresolved privacy complaints under the Data Privacy Framework principles to an independent dispute resolution mechanism, the BBB National Programs Data Privacy Framework Services, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers for more information and to file a complaint. This service is provided free of charge to you.

If your Data Privacy Framework complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms.  See Data Privacy Framework Annex 1 at https://www.dataprivacyframework.gov/s/ .

We take all complaints seriously and will respond with urgency to all matters per our commitment to Data Privacy Framework principles.

 

For EU Individuals: Your Rights under the General Data Protection Regulation (GDPR)

 

Although RiskAware’s operations and clients are currently US based only, for EU applicants or any applicant for whom GDPR is applicable, RiskAware offers applicants (data subjects) appropriate safeguards that protect information to ensure your rights are not undermined.  For improved clarity and compliance purposes with GDPR and relevant data privacy laws, our clients are the Data Controllers in our screening transactions and RiskAware is the Data Processor.

While some GDPR decisions are still underway and may change, RiskAware’s commitment is to ensure GDPR requirements are enforced when RiskAware transfers data, and that our services provide for the fundamental rights you are entitled to when we are processing transferred data.

RiskAware processes information on behalf of our employer clients, who use this information to control decisions, most often related to employment or hiring.  RiskAware complies with GDPR regulations by providing for the following Privacy Policies that are reinforced by our business practices:

Explicit Consent:

RiskAware will not transfer data on you to or from overseas EU sources regulated by GDPR, unless you have freely given your explicit, informed, and unambiguous consent to do so, specific to the stated permissible purpose for the particular data transfer/set of data transfers.  Your consent is important to RiskAware to ensure not only that you are offered a degree of control and transparency in instances when your data is transferred, but also so that you remain informed of all data recipients or categories of recipients, or countries to which your personal data is being transferred to.  In compliance with GDPR framework, we provide this information to improve your understanding in the event the third-party country to which the data will be transferred does not provide for an adequate level of data protection and/or presents possible risk in the event that country does not have adequate protection as determined by GDPR.  The provision of this information enables you to consent to transfers with full knowledge of any specific facts we can supply on any transfer of your data.

Requests for Disclosure: 

When obtaining your consent to collect information on you from EU GDPR regulated countries, you will be informed on the name of our client (data controller) requesting our services; as well as the legitimate purpose for which the information is being gathered. Once we have completed our services, RiskAware’s final consumer report will document information we have gathered and list the specific sources who have provided us this information.   At any time, you may request a copy of all information RiskAware has obtained during our research process including the sources we have used and all relevant aspects of the data transfer.  We will also disclose the name of any individual recipients to whom we have provided our final report.

Withdrawal of consent:

Your approval for Consumer Reporting provided by RiskAware may be withdrawn at any time.   To withdraw consent, you may contact RiskAware:

By Phone: 877-552-8907

Website “Contact Us” Form:  www.riskaware.com

By email:   customerservice@riskaware.com

Data we may process:

The personal data processed by RiskAware is determined by and relates directly to our client’s request for our services.  RiskAware collects personal information that you choose to provide so we may perform services per our client’s request and stated purpose.   These purposes may be:

As we have already described, when performing our services functions, RiskAware may ask for personal identification information such as (but not limited to):

The personal information we collect allows us to perform our services and for the purpose identified to you at the time your information is requested.  While our website is our primary method for requesting and obtaining your personal information, we may also collect your information and consent using hard copy forms.

Necessity:

Subject to your consent, RiskAware will only transfer information to or from a GDPR regulated country if it is necessary to the performance of our contracted services.  It is the underlying assumption when performing our services, that your consent is based upon an agreement and understanding between you and our client (the data controller), that our pursuit of this information and subsequent final report, serves both your interests.  When obtaining your information from an overseas GDPR regulated EU country, RiskAware is open to any request from you that may improve the safe handling and privacy of your information and will seek to implement your requests to the maximum extent reasonably and legally possible, when performing any data transfer. RiskAware further asserts that the transfer of applicant personal data is only necessary for the conclusion or performance of our contracted services and so we may conclude the services that serve both our clients and your interests as a data subject (most often so you may obtain a benefit, such as a job or position).

Public Interest: 

RiskAware will not request the transfer of your applicant personal data from any EU country regulated by GDPR unless our clients (data controllers) have certified their purpose for utilizing this information.  Most often our clients specify their use of our reporting is for Employment Reasons, or another reason that has been specified to you and for which you have then given us your consent and in writing before RiskAware commences services for which the requested information is being obtained.   It is an expectation of any permissible purpose for which RiskAware’s services are provided that the information we have obtained on you, and that we compile into our Consumer Report will be provided to our client per our contract and is necessary for reasons important to our clients own public interest, most notably the safety of you and others who are presently members of the client organization or community.

Legal Claims:

When necessary, RiskAware may transfer your information if we are required by legal authorities, and/or if the transfer is necessary for the establishment, exercise or defense of legal claims, regardless of whether or not these claims take place in a judicial procedure, an administrative or any out-of-court procedure, or procedures before regulatory bodies. However, any transfer of your information to address a legal claim will require a close and substantial connection between the data in question and the specific establishment, exercise or defense of the legal position. The information will only be transferred if there is a necessity in relationship to the particular legal claim.

Personal Interest:

RiskAware expects that the information we are contracted to provide our client (the data controller) about you (the data subject) will be used by them to determine a benefit to you (most often employment or a position).  When providing us with your consent to obtain information about you that is transferred to or from within a GDPR regulated EU country, RiskAware also expects that your consent means that the transfer of this information is necessary to your own interests and forms the basis upon which you have provided us with your consent.

Public Register Information:

The type of information RiskAware expects may be gathered from EU overseas sources subject to regulations under GDPR, may include primarily public register data that could be, for example: registers of criminal convictions, personal residence, or public vehicles.  Transferred information obtained from these registers may only take place if and to the extent that, in each specific case, the conditions for research/investigation/consultation as set forth by the Union or Member State law are fulfilled.  RiskAware will not transfer the entirety of the personal data or entire categories of the personal data contained in the register, but only the portions that are necessary to the services we are contracted to provide by our client. Where a transfer is made from a register established by law and where it is to be researched/investigated/consulted by persons having a legitimate interest, the transfer can only be made to fulfill the request of the intended client recipients specified by your consent, taking into account your interests and fundamental rights and on a case-by-case basis.  Further use of personal data from such registers as stated above may only take place in compliance with applicable data protection law.

Occasional Transfer:

In performing our contracted RiskAware services, any transfer of your information is occasional and necessary only for the fulfillment of our requested services for which we have been contracted; and though it may happen more than once, it will not happen randomly, arbitrarily, or regularly, but rather is only requested to fulfill our contract, subject to which your consent has been properly obtained.

RiskAware Consent Certification

In order to transfer and/or obtain information on you to an EU country regulated by GDPR, RiskAware will require formal certification of your consent.  RiskAware consent documents will explain at minimum:

No Warranties

RiskAware’s website, and its products and services may change without notice.  RiskAware makes no warranties or representations as to the accuracy or timeliness of information on this website and does not assumes liability for errors or omissions in our content, which may also contain technical inaccuracies or typographical errors.

RiskAware makes no warranties or representations as to the accuracy or timeliness of any information on any third-party sites that are linked to this site.

Limitation of Liability

RISKAWARE IS NOT LIABLE UNDER ANY CIRCUMSTANCES FOR DAMAGES THAT OCCUR AS A RESULT OF CLIENT OR CONSUMER’S USE OF OUR WEBSITE; INCLUDING THOSE RESULTING FROM ACCESS, OR INABILITY TO ACCESS RISKAWARE WEBSITE OR ITS WEBSITE INFORMATION OR FAILURE OR BREACH OF TRANSMISSIONS.  THIS INCLUDES WITHOUT LIMIT, ANY LOST PROFITS OR DAMAGES FOR BUSINESS INTERRUPTION, LOSS OF INFORMATION, PROGRAMS OR OTHER DATA.

Compliance with Laws

RiskAware is subject to enforcement actions of the US Federal Trade Commission (FTC) and the Consumer Financial Protection Bureau (CFPB).  RiskAware’s intent is to fully comply with applicable U.S.  and international laws and regulations, to our fullest extent, including but not limited to:

For a more comprehensive listing on Website Links, as well as additional Laws and Regulations that require RiskAware compliance please visit our website Resources page at : http://riskaware.com/resources/understanding-the-laws/additional-federal-regulations/

Right to Change our Policy

This policy applies to all consumer information received by RiskAware no matter the method of data entry, whether in electronic, paper, or verbal form, received via our website (riskaware.com), or using our applications and software.  Any change to our policy will be updated to our website, which at all times contains our most current version of this policy.  We encourage your periodic review this Consumer Personal Information Privacy Policy to check for any changes that may be applicable to your current use of our website(s) and systems.  When Consumer Personal Information Privacy Policy updates are made the date the new policy takes affect is posted at the bottom of our policy document.

Contact

By Phone: 877-552-8907

Website “Contact Us” Form:  www.riskaware.com

By email:   customerservice@riskaware.com

Applicant Services:  Report Requests and Disputes:

If you would like a copy of your RiskAware background check report(s); or access to your active RiskAware database files; or to dispute the accuracy of the information in your background report or database file, please email RiskAware Applicant Services at applicantservices@riskaware.com or by calling 877-552-8907 and selecting option 3.

Privacy Policy questions:

If you have any questions specifically regarding our privacy policy, you may contact us at:

RiskAware

Attn: Privacy Policy Coordinator

8170 Corporate Park Drive, #144

Cincinnati, OH 45212

(877) 552-8907

RiskAwarePrivacy@riskaware.com

Consumer Information Privacy Policy Effective Date:

Original Policy Effective Date: June 1, 2017

Last Revision: November 7, 2023

Close