Privacy Policy

CHECKR, INC PRIVACY POLICY

Last Updated: 11 September 2024

Effective Date: 9 October 2023

This Privacy Policy (“Policy”) describes how Checkr, Inc., including its affiliates, (“Checkr” or “we” or “our”) collects, uses, discloses, and processes personal information ("Personal Data") in connection with Checkr’s website https://checkr.com (“Website” or “Site”), products and services (the “Services“). Please note that by using Checkr’s Site and Services, you are agreeing that you have read and agree to this Policy.

We believe privacy policies should be transparent, accessible and help you find the information you need. The information we collect and how we use it will depend on how you interact with us. See the definitions below to determine which type of user you are:

  • Consumers: Consumers are individuals Checkr has received information about for the purpose of using the Site or Checkr performing Services. This information may come directly from Consumers or indirectly through Customers or affiliates.
  • Customers: Customers are organizations or individuals that use the Services.
  • Site Visitors: Any individuals, Consumers or Customers accessing our Website are Site Visitors.
  • Workers: Workers are Checkr employees, contractors, directors or officers.

This Privacy Policy applies to our processing of the Personal Data of Consumers, Customers, and Site Visitors. If you are a Worker, please review our separate privacy notice to learn more about how we process your Personal Data. With the type of user in mind, you can navigate our Privacy Policy through the Table of Contents below.

Table of Contents

1. What information does Checkr collect through the Services?
2. How does Checkr collect your information?
3. How does Checkr use the collected information?
4. When does Checkr share collected information?
5. Will you receive notices and disclosures electronically?
6. How can you access, change, or delete information about you?
7. California and other state privacy laws
8. Does this Policy apply to third parties or third party links?
9. What choices do you have about email and text communications from Checkr?
10. How does Checkr protect your information?
11. GDPR and Other International Considerations
12. Changes to the Privacy Policy
13. How can you contact Checkr with more questions?

1. What information does Checkr collect through the Services?

Checkr collects certain information that relates directly to the Consumer. Checkr may also collect limited information related to Customers and Site Visitors. In the past 12 months, Checkr has collected the following categories of Personal Data:

  • Identifiers, such as name, date of birth, online identifiers, phone number, email address, postal address, bank account numbers and other payment information, and government issued identification numbers such as Social Security number, passport number, and drivers license or permit numbers;
  • Characteristics of protected classifications, such as racial or ethnic origin, sexual orientation, and immigration or citizenship status.
  • Commercial Information, such as records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies;
  • Internet or other electronic network activity information, such as, IP address, browser type, device type, operating system and version, browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site;
  • Professional or employment related data, such as, previous employers, roles, employee record information, salary, and benefits;
  • Education information, defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act, and professional training information;
  • Inferences drawn from Personal Data to create a profile about a consumer reflecting the consumer’s preference, characteristics, behavior, abilities, and aptitudes.
  • Communications information, such as support communications (including the content and metadata relating to such communications) to assist Customers, Candidates, and Site Visitors.
  • Additional information or supporting documentation you provide in connection with the Services that is not exempt from applicable privacy laws;
  • Biometrics information of Consumers located in the United Kingdom ("UK") and Canada;
  • Consumer report information, which includes information collected for activities involving the collection, maintenance, disclosure, sale, communication or use of such information regulated by the Fair Credit Reporting Act ("FCRA"), including but not limited to information found in public records, including civil and criminal court records; health records; public media articles; or business filings.

2. How does Checkr collect your information?

In the past 12 months, Checkr collected information from the following categories of sources:

Information You Submit To Us
Checkr collects Personal Data submitted directly to Checkr via our site or by email, such as information needed to produce a background check report; and Personal Data including name, email address and general business information provided in contact requests, in browser chats, and/or with Checkr agents. Checkr may maintain records of communications submitted through the Site.

Third-Party Information
Certain Services require the collection of information from third parties. Third party information may relate to Consumers or Customers and includes both public and private records as described below:

  • Public Records: Checkr may collect public records bearing on an individual or business entity, including civil and criminal court records and documentation, business filings, and public media articles. Public records may be obtained from sources such as government offices, records databases, court systems, and law enforcement organizations.
  • Private Records: Where appropriately authorized, Checkr may obtain private records, including educational, employment, financial, and health records. Private records may be obtained from sources such as schools and educational institutions, professional and licensing organizations, employers, drug testing and other healthcare service providers, and credit agencies.

Personal information may also be collected by Customers, third parties or affiliates and transferred to Checkr for the purpose of performing Services offered on third party marketplace platforms, such as producing a background check report.

Automatically Collected Information
When Consumers, Customers or Site Visitors visit the Site or use the Services, we automatically gather certain Internet or other electronic network activity information, including technical and usage information, which may be associated with your user account. Technical Information also includes “Cookies,” which are small text files containing a string of alphanumeric characters that are downloaded by your web browser when you visit a website. In certain jurisdictions (including the EEA, the UK, Canada, California, and Virginia), we present Site Visitors with a cookies banner which enables you to adjust your cookies settings. For more information about how Checkr uses cookies, please review our Cookie Policy.

3. How does Checkr use the collected information?

In the past 12 months, Checkr used all categories of data described in Section 1 to:

  • To Perform Services and Provide the Site: Checkr uses collected information to perform Services for Consumers and Customers and provide the Site to all users. These services include producing background check reports, providing access to background check reports, providing certain analytics related to background check reports, providing certain product functionality relating to use of background check reports. Checkr may reuse certain personal information when such use is compatible with the context in which the personal information was collected. For example, we may pre-fill certain personal information you previously provided so we can offer you a more convenient experience.
  • To Communicate with You: Checkr uses collected information to communicate with you about the Services, such as by phone, mail, email, in-browser chat, or SMS regarding the status of certain requested Services, to provide updates on changes or modifications to the Services, and to facilitate the delivery of information authorized or required through the Services. Where appropriate, Checkr may send you product announcements and special promotions from Checkr or our business partners, or to administer participation in special events, surveys, contests and sweepstakes.
  • Day-to-Day Business Operations: Checkr uses collected information for its day to day business operations, such as to administer your account, to process billing and payment information, manage preferences and troubleshoot problems, and personalize the content that account Consumers and Customers’ users see based on personal characteristics or preferences.
  • To Meet Legal and Compliance Requirements: Checkr may use the collected information to: i) comply with any applicable procedures, laws, and regulations, subpoenas, governmental requests or legal process; ii)  in connection with a legal investigation, if in our good faith opinion such is required or permitted by law; iii) protect the rights, property or safety of Checkr, our Consumers, our Customers, or third parties; (iv) prevent fraud or abuse of Checkr or our users; or (v) perform a task carried out in the public interest.
  • To Provide Security: Checkr uses collected information to create Consumer and Customer account credentials, to verify identity prior to granting access to account information, to validate against existing information maintained by Checkr, to protect against duplicate or unauthorized account creation, to secure the Site and Services, and to address fraud, abuse or safety concerns of Checkr, our Customers or Consumers , including investigation of complaints or suspected fraud or wrongdoing.
  • To Verify Your Identity: To verify the identity of UK and Canadian Consumers, we work with a third-party service provider, Yoti, which uses a scan of your facial features (“Biometrics Data”) to match them against your photo ID. Yoti is the data controller of this data processing and will ask for your consent before collecting your Biometrics Data. If you do not wish to consent to providing your Biometrics Data, we will offer an alternative solution for identity verification. Checkr does not store or otherwise access your Biometrics Data. We encourage you to visit Yoti’s Privacy Centre to learn more about their privacy practices, including their use and retention of Biometrics Data.
  • To Improve our Systems: Checkr uses collected information to continuously improve system functionality through quality assurance checks and audits,  to troubleshoot problems, and to verify, improve, or maintain the quality or safety of our services.
  • Business Transaction or Reorganization: Checkr may be involved with a transaction such as a merger, acquisition, joint venture, financing, or sale of company assets. In connection with such a transaction, Checkr may disclose personal information to a third party. Personal information may be disclosed as part of an insolvency, bankruptcy, or receivership.
  • To Conduct Research and Marketing: Where permitted by law, we may disclose information to non-affiliated third parties for research and marketing purposes. To help us build a product that best serves our diverse customer and candidate population, we may ask research participants for their voluntary consent to provide demographic information, such as racial or ethnic origin and sexual orientation. To learn more about how Checkr protects sensitive data, see California and Other State Privacy Laws.
  • As otherwise permitted by law. We may use Personal Data for purposed permitted by applicable international, federal, state, and local law, as in effect at any given time.

In using the above categories of data, Checkr strives to adhere to a philosophy of data minimization so as to use only the data necessary to complete any of the above activities.

Data Retention
Checkr will retain collected information in accordance with applicable laws and agreements between Checkr and its Customers and affiliates. See Section 6 below for instructions on how to request deletion of your Personal Data.

Anonymized Information
We may use and share anonymized information without limitation, including sharing with third parties. This includes anonymized, pseudonymized, aggregated, or de-identified information about Consumers, Customers, Site Visitors, and information collected from third parties, including public records.

4. When does Checkr share collected information?

Checkr shares Personal Data with authorization from a Consumer, a Customer or other data controller, or when otherwise permitted by law. Checkr shares Personal Data with the following categories of third parties:

  • Checkr affiliates and partners;
  • Service Providers;
  • Government Entities; and
  • Checkr Customers, with authorization from a Consumer

In the past 12 months, Checkr has shared the categories of data described in Section 1 with the above third parties with consent, for a legitimate business purpose, or as required by law.

To learn more about how Checkr respects the "Do Not Share" right of California residents, see California and Other State Privacy Laws.

5. Will you receive notices and disclosures electronically?

Yes. The Services are offered through Checkr’s website, mobile site, and application. To obtain Services from Checkr, you must create an online account and (1) be able to access Services on a computer or other device that is capable of accessing the Internet, (2) have an active email account, and (3) consent to our use of our website, application, or email to provide you any written information that we may be required to send you in connection with the Services, your account, and/or background checks and reports. However, you may still exercise your rights under the FCRA by contacting us through non-electronic means such as mail. See How can you contact Checkr with more questions? below.

Method of Providing Communications to You in Electronic Form
All Communications that we provide to you in electronic form will be provided either (1) via email, telephone or text, (2) by making it available online and accessible via the Services, or (3) by requesting you download a PDF file containing the Communication.

Your Consent to Electronic Disclosures
By creating an account and/or authorizing a background check or other Services, you acknowledge and agree that:

  • You can access and read the information we post on our website or mobile app;
  • To provide an email address that is active and effective for receiving emails from us;
  • To receive electronically on our website, app, or via email notices and disclosures, required by law related to your account and the Services; and
  • You have received the following disclosures as required by the federal Electronic Signatures in Global and National Commerce Act (“ESIGN”).

Please read this Federal ESIGN disclosure and consent carefully and keep a copy for your records. Your consent is voluntary, but we cannot provide the Services to you if you do not consent. If you are unwilling to receive these disclosures and notices electronically, you may terminate the creation of your account by closing your browser at any time before you create an account and/or authorize a background check.

Accurate Contact Information
It is your responsibility to provide us with true, accurate, and complete contact information, such as email address, and other information related to your account, and to maintain and update promptly any changes in this information. If you give us an incorrect email address or fail to update or correct your email address, an electronic communication will be deemed provided to you if we use the email address in our records for the electronic communication.

Scope of Communications to Be Provided in Electronic Form
Your consent to receive electronic communications and transactions includes, but is not limited to, all legal and regulatory notices or disclosures and communications associated with your account, the Services, your request for a background check, and any product or service we agree to provide you (each, a “Communication”).

How to Withdraw Consent
You may at any time withdraw your consent to receive Communications in electronic form. To begin receiving Communications in paper form, please contact us at the following address: One Montgomery Street, Suite 2400, San Francisco, CA 94104. Please specify the information you wish to receive in paper form. Be sure to state that you are requesting a copy of the disclosures, notices, etc., and include your name and mailing address. Your request will apply only to those specific items you designate. We will not impose any fee to process the withdrawal of your consent to receive electronic Communications. Any withdrawal of your consent to receive electronic Communications will be effective only after we have a reasonable period of time to process your withdrawal.

Required Equipment
In order to use the Services and to view and retain a copy of this Policy and certain Communications, you understand that you must have a computer or device equipped with at least: a browser with 128-bit encryption, a current version of a software that can open and display PDF files (e.g., Adobe), and either a printer or other electronic storage device.

Retaining Copies of the Communications
To retain a copy of any Communication we provide electronically, you can download an electronic copy to your computer or a storage device (such as a disk or USB storage device), request a copy by email, or print copies on a printer attached to your computer. You will not be charged for a downloaded or emailed copy.

6. How can you access, change, or delete information about you?

We offer certain privacy resources regardless of where you are located, as described below. Please note that if you reside in certain jurisdictions, you may have additional rights. If you reside in California, Colorado, Connecticut, or Virginia, see California and other state privacy laws; you reside in the European Economic Area ("EEA") or UK, see GDPR and Other International Considerations.

For Consumers
Consumers may request access, download, correction, and deletion of their information as described below:

  • Accessing and Downloading Your Information: Consumers may access and review their account, download a PDF of their report, or request a copy of their consumer file by visiting Checkr’s Candidate Portal and using their personal information to log in.
  • Disputing Incorrect Information: If at any time you believe Checkr possesses or has communicated incorrect information about you to Customers, you should contact Checkr. You can contact Checkr through our Candidate Portal or by reaching out to our Candidate Experience Team.
  • Deleting your Information: You may request deletion of your data using our Candidate Portal. After we process your request, you will no longer have access to our Candidate Portal.

For Customers:
Requests to update Customer account information or make other requests about your data should be directed to your account representative or via the customer service portal at https://help.checkr.com/hc/en-us/requests/new.

7. California and other state privacy laws

If you reside in California or certain other states (including those listed below), you may have rights under applicable state privacy laws, such as the California Consumer Privacy Act and the California Privacy Rights Act (collectively, "CPRA"), the Colorado Privacy Act ("CPA"), the Connecticut Data Privacy Act ("CTDPA"), or the Virginia Consumer Data Protection Act (“VCDPA”) (collectively, "State Privacy Law" or "State Privacy Laws").

Please note that State Privacy Laws generally do not apply to Personal Data which is processed pursuant to the FCRA, the federal law which protects background check information. When Checkr processes Personal Data about residents for the purposes of performing a background check pursuant to the FCRA, such processing is generally exempt from State Privacy Laws. In such cases, we process your Personal Data in accordance with the FCRA and its applicable protections.

In addition, we often act as a “service provider” or "processor" with regard to Personal Data we receive and process through our Services. In such cases, we conduct our data processing in accordance with the restrictions set forth in the data processing agreements with our Customers, who act as the "business" or "controller" under State Privacy Laws. The privacy practices of our Customers are subject to their privacy policies, which we encourage you to review. Checkr is not responsible for our Customers' privacy practices or policies.

California, Colorado, Connecticut, and Virginia residents may learn more about their rights below:

  • Right to know: California, Colorado, Connecticut, and Virginia residents have the right to know what categories of Personal Data have been collected about them, and whether such Personal Data has been disclosed or sold for a business purpose in the past 12 months.
    • For a description of the categories of Personal Data that Checkr has collected in the past 12 month, see the section above entitled, What information does Checkr collect through the Services? Checkr retains this Personal Data in accordance with applicable laws and agreements between Checkr and its Customers and affiliates.
    • For a description of the categories of Personal Data that Checkr has disclosed for a business purpose in the past 12 month, see the section above entitled, What information does Checkr collect through the Services? Checkr does not sell your Personal Data. However, Checkr may share Site Visitors' cookies data for the purposes of cross-contextual behavioral advertising. When required by applicable State Privacy Law, we present a banner which enables Site Visitors to exercise their applicable opt out rights relating to such processing, including "Do Not Share" in California. Please click on the opt out button if you would like to opt out of such processing.
    • For a description of the categories of third parties with whom Checkr has disclosed Personal Data for a business purpose in the past 12 month, see the section above entitled, When does Checkr share collected information?
  • Access: California, Colorado, Connecticut, and Virginia residents have the right to request access to their Personal Data.
  • Deletion: California, Colorado, Connecticut, and Virginia residents have the right to request the deletion of certain Personal Data.
  • Right to Non-Discrimination: Checkr enforces a strict non-discrimination policy when you exercise your rights.
  • Rights relating to sensitive personal information. Prior to processing the sensitive personal information of Colorado, Connecticut, or Virginia Consumers, Checkr obtains Consumer consent, except for in circumstances where an exemption applies under the applicable State Privacy Law. Checkr may process the sensitive personal information of Colorado, Connecticut, or Virginia Consumers, including the following categories: racial or ethnic origin, health, sexual orientation, and citizenship or immigration status.
  • California residents have the right to limit processing of sensitive personal information under the CPRA. Checkr may process the sensitive personal information of California Consumers as defined under California law, including the following categories: (1) racial or ethnic origin, (2) health, (3) sexual orientation, (4) social security number, driver’s license, state identification card, or passport number and (5) account log-in in combination with the credentials allowing access to an account. Checkr uses such sensitive personal information only for the following purposes:
    • To the extent it is necessary to perform the services reasonably expected by the average Consumer who requested them;
    • To help ensure security and integrity to the extent the use of the Consumer's personal information is reasonably necessary and proportionate for these purposes; and
    • Performing services on behalf of the business, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, or providing similar services on behalf of the business.

Checkr will help you exercise these rights free of charge, where applicable. Submitting a request via our support portal is the best way to contact us; you may also submit a request via email at hello@checkr.com. If you make a request under a State Privacy Law, we may need to take additional steps to verify your identity.  If you designate an authorized agent to make a request on your behalf, we may require you to provide the authorized agent written permission to do so and to verify your own identity directly with us.

Regardless of where you are located, you may use the tools described above in How can you access, change, or delete information about you? to request access, correction, and deletion of your information.

8. Does this Policy apply to third parties or third-party links?

No. Site and Services may contain links to third-party websites, but this Policy does not apply to information that you may provide to or that may be collected by such third parties. We encourage you to review such third parties’ privacy policies and terms and conditions before engaging with such third parties.

9. What choices do you have about email and text communications from Checkr?

Promotional Emails: Subject to any restrictions under applicable laws, we may send periodic promotional or informational emails to you. You may opt-out of such communications by clicking the unsubscribe link in the email. Please note that it may take up to 10 business days for us to process opt-out requests. If you opt-out of receiving emails about recommendations or other information we think may interest you, we may still send you emails about your account or any services you have requested or received from us.

Opting Out of Checkr Text Messages: The number of text messages you receive may depend upon factors, including how you use our Services and whether you take steps to generate additional text messages from us (such as by sending a HELP request). If you no longer want to receive Checkr text messages, you may reply STOP to our messages at any time. After doing so, we will send you confirmation of your opt-out via text message. If you have revoked consent and want to re-enroll in our text message program, you can re-enroll by submitting a request via our support portal.

Chatbots and Similar Technology: Checkr might use chatbots or other communication tools at certain locations on the Site to facilitate interactions between you and Checkr. Because Checkr uses outside vendors to provide these services, those vendors will record and store any information you disclose through those services. Therefore, that information is subject to those outside vendors’ privacy policies. Checkr is not responsible for those outside vendors’ privacy policies or practices.

10. How does Checkr protect your information?

Checkr maintains industry standard physical, technological, and administrative safeguards to help protect the security and privacy of the information we maintain about you. We may use such safeguards as encryption, multi-factor authentication, and other proactive security measures to help protect your information against unauthorized access and disclosure. However, no security measures are 100% effective. You should take steps to protect against unauthorized access to your information, passwords, accounts, phones, computers, and other devices.

11. GDPR and Other International Considerations

GDPR and UK GDPR

In the EEA and UK, we present Site Visitors with a cookies banner asking for your affirmative consent to non-essential cookies. For more information about how Checkr uses cookies, please review our Cookie Policy.

If you reside in the EEA or UK, you have the right to submit a data subject access request ("DSAR") under the General Data Protection Regulation or UK General Data Protection Regulation ("GDPR"), including requests to access, correct, delete, download, and object to certain processing of your information. You can exercise many of these rights by visiting the links described above in How can you access, change, or delete information about you? In addition, you may submit a DSAR request via our support portal.

Data Storage

Checkr uses infrastructure primarily located and operated in the United States. Checkr may also use partners or affiliates located in countries outside the US to store, process, and transmit your information. If you are located in the EEA, the UK, Canada (including Quebec), or another region with comparable data protection laws, your personal information may be transferred to a jurisdiction that does not have the same level of legal protections.

Personal Information Disclosure: United States or Overseas

When Checkr acts as an Investigative Consumer Reporting Agency under California state law, personal information collected from Consumers in the United States may be transferred outside of the United States as follows:

  • To third parties from which we must collect or verify personal information to provide  Services requested by a Customer. For example, if a Customer requests a background check in Canada, personal information may be transferred to the organization that provides such information.
  • To service providers that help provide the Services outside of the United States, where the Customer has requested such Services. For example, if the Customer requests employment verification in Australia, personal information may be transferred to a service provider with expertise in performing such a verification in Australia.
  • To affiliates, service providers, and contractors from time to time to  help provide the Services.

For more information on how Checkr handles cross-border transfers of personal information, please read the remainder of this section below.

Data Transfer and Standard Contractual Clauses

Checkr may transfer, store, or process your Personal Data in a country outside your jurisdiction, including countries outside the EEA and UK. We take appropriate safeguards with respect to such cross-border data transfers. For example, if we transfer Personal Data from the EEA or UK to another country, such as the United States, we will implement an appropriate data transfer solution such as entering into “standard contractual clauses” approved by the European Commission or competent UK authority (as applicable) with the data importer, or take other measures to provide an adequate level of data protection under EEA and UK law. Checkr may also rely on the active consent of EEA based data subjects. Data from EEA based data subjects is processed with consent, to fulfill our legitimate interests to produce a data subject’s requested background check, and to fulfill our contractual obligations. We may retain data for compliance with our legal obligations under applicable law, including the FCRA.

Additional Information for Canadian Users

This Policy applies to Customers, Consumers and Site Visitors in Canada. However, to the extent that this Policy is inconsistent with any applicable Canadian laws, Checkr will comply with the applicable law for Customers, Consumers and Site Visitors in Canada. For example, Checkr will only send commercial electronic messages to persons located in Canada with explicit, opt-in consent, unless otherwise permitted pursuant to Canadian legislation that is applicable to such activities.

Consumers who are located in Canada should also understand that the nature of the Services will involve Checkr obtaining potentially sensitive personal information about them, including consumer reports, criminal records, driving records, as well as education and employment records, from third parties such as consumer reporting agencies, police services, and government agencies (e.g., provincial transportation ministries).

Checkr will also share Consumers’ personal information with a third party service provider in Canada, for the purpose of completing or facilitating the background checks described in this Policy.

In addition, Personal Data that is collected in the course of providing the Services will be transferred outside Canada. Therefore, such information may be accessible to law enforcement and national security authorities in the jurisdiction(s) where it is stored or processed.

Canadian Customers and Consumers will be notified of any material changes to this Policy, where such a change would result in use or disclosure of their personal information by Checkr in a manner not contemplated by this Policy or reasonably expected by the individual.

Privacy Shield

Checkr complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.  Checkr has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF.  Checkr has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

At Customers’ request, Checkr may collect from third-party sources Personal Data about EEA and Swiss residents who are applicants for positions with Customers, who are otherwise seeking a business relationship with Customers or who are the Customers’ employees, to compile a background report on the EEA or Swiss resident.  The information collected may include, at the Customer’s election and to the extent permitted by applicable law, an EEA or Swiss resident’s criminal history, employment history, work eligibility, educational background, civil litigation history, residence history, and/or driving history.  Checkr receives this Personal Data for investigative, credential verification, and employment screening purposes. Customers (employers or their agents) may use this Personal Data for their own employment-related decisions, such as whether to hire, retain, promote, or re-assign an employee.

Checkr may disclose the Personal Data of EEA and Swiss residents to the Customer who requested the collection of that Personal Data for employment screening and/or business-related purposes.  Checkr may disclose Personal Data of EEA and Swiss residents, subject to written agreement, to authorized third-party service providers who assist Checkr in providing services to Customers. These third-party service providers may, for example, perform reference and credential verifications or collect information from public or private records sources in connection with the preparation of a background report. Upon notice, Checkr will act promptly to stop and remediate unauthorized processing of Personal Data by a recipient.

Checkr is accountable for Personal Data that it receives in the United States under the Privacy Shield and subsequently transfers to a third party as described in the Privacy Shield Principles.  In particular, Checkr remains liable under the Privacy Shield Principles if third-party service providers engaged by Checkr to process Personal Data on its behalf do so in a manner inconsistent with the Privacy Shield Principles, unless Checkr is not responsible for the event giving rise to the damages.

In certain situations, Checkr may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

When Checkr collects and uses Personal Data of EEA and Swiss residents for the purpose of providing services in accordance with its Customer’s instructions, Checkr acts as a processor of such Personal Data. Accordingly, Checkr relies on Customers to provide EEA and Swiss residents with respect to whom the Customer requests a background report with clear, conspicuous, and readily available mechanisms to opt out from: (a) the disclosure of their Personal Data to a non-agent third party; and (b) the use of their Personal Data for purpose(s) that are materially different from the purpose(s) for which the Personal Data was originally collected or subsequently authorized by the individual.  Checkr will follow Customers’ instructions regarding the choices made by individuals.

Checkr does not review data processing notices provided by Customers to EEA and Swiss residents, or authorizations to the Customer from EEA and Swiss residents who are the subject of a background check requested by a Customer to determine whether the notices or authorizations are in compliance with, or conflict with, applicable law or any policy or notice published by the Customer.  Customers are responsible for providing all legally required notices and for obtaining all legally required authorizations and for ensuring that the notices and authorizations are consistent with the Customers’ policies and comply with applicable laws.

If, and to the extent, Checkr collects any sensitive Personal Data as expressly delineated by Privacy Shield Principles, Checkr obtains (directly or through Customers) affirmative express consent, i.e., opt-in consent, from the relevant EEA or Swiss resident, subject to certain exceptions permitted by the Privacy Shield Principles, before such information is to be (i) disclosed to a third party, or (ii) used for a purpose other than those for which the sensitive Personal Data was originally collected or subsequently authorized by the EEA or Swiss resident.

Pursuant to the Privacy Shield Frameworks, EEA and Swiss individuals have the right to obtain our confirmation of whether Checkr maintains personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, should direct their request to our support portal. If requested to remove data, we will respond within a reasonable timeframe.

Checkr is responsible for the processing of Personal Data we receive and subsequent transfers to a third party acting as an agent on our behalf, under the Privacy Shield Frameworks. Checkr complies with the Privacy Shield Principles for all onward transfers of personal data from the EEA and Switzerland, including the onward transfer liability provisions.

With respect to Personal Data received or transferred pursuant to the Privacy Shield Framework, Checkr is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.

In compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF), Checkr commits to resolve complaints about our collection or use of your personal information transferred to the U.S. pursuant to the EU-U.S. DPF, the UK extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. EU, UK, and Swiss individuals with inquiries or complaints should first contact Checkr.

Checkr has further committed to refer unresolved DPF Principles-related complaints to a U.S.-based independent dispute resolution mechanism, BBB NATIONAL PROGRAMS. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbbprograms.org/dpf-complaints for more information and to file a complaint. This service is provided free of charge to you.

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf

Our Legal Bases for Processing Your Information

Laws in certain jurisdictions, such as the GDPR in the EEA, require the controller to identify their legal bases for processing Personal Data. Checkr is sometimes a controller and sometimes a processor. When we collect and use the Personal Data of Site Visitors, we are always a controller. When we collect and use the Personal Data of Consumers and Customers, we are sometimes a controller and sometimes a processor.

In many cases, such as when Checkr processes Personal Data to provide services requested by a Customer, Checkr acts as the processor and our customer acts as the controller for that processing purpose. In such cases, our Customer (the controller) is responsible for identifying their legal basis for that processing purpose. As the processor for that particular processing purpose, Checkr is not responsible for identifying a legal basis, and instead conducts our data processing in accordance with the restrictions set forth in the data processing agreement with the applicable Customer.

In other cases, Checkr acts as a controller, and is therefore responsible for identifying a legal basis for each processing purpose. We rely on different legal bases to process your information for the various purposes described in this Privacy Policy.

For each legal basis below, we describe the purposes of our processing (why we process your information) and our processing operations (how we process your information to achieve each purpose). We also list the categories of your information that we may process for each purpose.

You also have particular rights available to you depending on which legal basis we use. No matter what legal basis applies, you always have the right to request access to, correction of, and erasure of your information. To exercise your rights, see
How can you access, change, or delete information about you?.

Processing necessary to perform our contract with you

We process information as necessary to conclude and perform our contract(s) with you, including but not limited to our Terms. The categories of information used and why and how they are processed is set out below:

Why And How We Process Your InformationInformation Categories We May Use  
Providing requested services to Customers and/or Consumers; contacting Customers and/or Consumers on changes to how services are performedIdentifiers
Commercial information (such as billing and payments information)
Communications information (such as support communications)
Consumer report information (including but not limited to public record data, education information, and employment information)
Internet or other electronic network activity information

Your Consent

We process information for the purposes described below when you have given us your consent to enable particular product features in your device-based settings. The categories of information used and why and how it’s processed are set out below:

Why And How We Process Your InformationInformation Categories We May Use  
Contacting you to provide information you have requested
Marketing Communications
Product Notifications  
Identifiers
Communications information (such as support communications)
Cookies                  
Collecting feedback about servicesIdentifiers
Communications information (such as Consumer feedback)
Conducting user experience research Characteristics of protected classifications (such as racial or ethnic origin or sexual orientation, and immigration or citizenship status)

Compliance With A Legal Obligation

We process information to comply with a legal obligation including, for example, to access, preserve or disclose certain information if there is a valid legal request. New laws may be enacted or other obligations may become binding on our processing and we will update the list of laws from time to time.

Why And How We Process Your InformationInformation Categories We May Use  
Sending legally mandated notices about our services and your personal informationIdentifiers
Communications information 
Complying with audit, retention and other obligations imposed by the third-party source of personal informationInternet or other electronic network activity information (such as user information API logs)
Communications information 
Consumer report information (including but not limited to public record data, education information, and employment information)

Legitimate Interests

We rely on our legitimate interests or the legitimate interests of a third-party, such as our users, where they are not outweighed by your interests or fundamental rights and freedoms ("legitimate interests"):

Why And How We Process Your InformationLegitimate Interests Relied OnInformation Categories We May Use 
Securing Checkr systems and protecting against abuse, including but not limited to security investigations, audits, and ongoing monitoring It is in our interest and interests of users to secure Checkr systems, detect and respond to abuse, and promote safety and security of our services. It is also in our interests to ensure our services are used in accordance with the Terms of Service. Identifiers
Communications
Internet or other electronic network activity information (such as usage information, logs, and device and connection information)
Recording and reviewing communicationsIt is in our interests to retain personal information for investigations or regulatory inquiries and litigation or other disputes, to continuously improve and develop the customer and candidate support services we provide, and improve and develop the products we provide.Identifiers
Communications information (such as call and email logs)
Determining whether a prospect is interested in our services, and contacting them to market or sell our servicesIt is in our interest and interests of users to provide prospects information regarding Checkr’s services. Identifiers
Communications information (such as call and email logs)
Internet or other electronic network activity information (such as device and connection information)
Cookies         
Performing services requested by Consumers, including but not limited to providing Consumer support services, conducting reinvestigation of consumer report information (disputes), and responding to data subject requests (including deletion and access requests)It is in our interest and interests of users to provide support services to candidates and users.Identifiers
Communications information (such as call and email logs)
Consumer report information (including but not limited to public record data, education information, and employment information)
Performing and collecting payment for services requested by Customers, including but not limited to processing background checks, identity verification, and providing Customer support servicesIt is in our interest to perform the services requested and paid for by our customers. Identifiers
Commercial information (such as billing and payments information)
Communications information (such as Customer support communications)
Consumer report information (including but not limited to public record data, education information, and employment information)
Complying with audit, retention and other obligations imposed by the third-party source of personal informationIt is in our interests to retain personal information for investigations or regulatory inquiries and litigation or other disputes.Identifiers
Internet or other electronic network activity information (such as user information API logs)
Customer and Candidate Communications
Consumer report information (including but not limited to public record data, education information, and employment information)
Performing analytics to provide better candidate services, including but not limited to
performing quality assurance checks and candidate satisfaction feedback surveys 
It is in our interests and the interests of users to continuously improve and develop the candidate support services we provide.  Internet or other electronic network activity information (such as user information API logs) Communications information (such as feedback and support communications with Customers and Candidates)
Consumer report information (including but not limited to public record data, education information, and employment information)
Improving our services and technologies It is in our interests and the interests of users to continuously improve and develop the products we provide.  Communications information (such as feedback and support communications with Customers and Candidates)
Internet or other electronic network activity information (such as user information API logs)
Consumer report information (including but not limited to public record data, education information, and employment information)

11. Changes to the Privacy Policy

Checkr reserves the right to change this Policy at any time. Please check this page periodically for changes. Your continued use of our Site and Services following the posting of changes to this Policy will mean you agree with, and consent to be bound by, the new revised Privacy Policy.

12. How can you contact Checkr with more questions?

If you have any questions, concerns or complaints about our Policy or Checkr’s handling of your personal information, or if you would like to access or update personal information that is not available via the Candidate portal, submitting a request via our support portal is the best way to contact us. You may also contact us via the following methods:

Checkr, Inc.
Attn: Privacy Questions
One Montgomery Street, Suite 2400
San Francisco, CA 94104
hello@checkr.com

In addition to those rights, you have the right to contact your relevant supervisory authority. However, we encourage you to contact us first, and we will do our very best to resolve your concern.