Privacy at Sterling

Sterling is built on privacy and trust.

Organizations and individuals around the world trust us to collect, verify, and protect millions of people’s background and identity information. We need to earn and keep that trust for our business to work.

This website helps us do that by telling you what we do with your personal information, which is any information that can identify you. This website is divided into three parts: The Basics, The Details, and The Legal and Technical Stuff. This way we can include all the information that the law says we should, without making the important parts too hard to understand.

The Basics

How we use your personal information depends on why we have it. We might have your personal information for more than one reason. In this document, we use the following words to describe our relationships with different people:

  • If we are doing services for you or our client to check your background or identity, you are a candidate
  • If you are accessing one of our publicly available websites, you are a website visitor
  • If you can order our services as an individual or as part of an organization, to get background or identity information about yourself or someone else, you are a client
  • If we think you might want to be our client because of your job, your online behavior, or because you contacted us, you are a prospect
  • If we ask you for information to help complete background or identity services (for example to verify someone’s past employment, provide a reference, or witness a form), you are a source
  • If you work for Sterling as an employee, contractor, vendor, or volunteer, you are applying to do work for us, or you used to do work for us, you are a worker
Important things to know about how we handle personal information:
  • Our clients pay us to collect and compile candidates’ personal information, but we do not sell it.
  • We use personal information about clients, prospects, sources, workers, and website visitors to market and sell our services, operate our business, and provide background screening and identity services, but we do not sell it to other people or organizations.
  • There are many laws around the world that apply to us. They set different rules about privacy. Some of the things we talk about in this document are only allowed in certain places. When we are not allowed to do something, we do not do it
  • Sometimes, the law that applies to your personal information is the law where you live. Sometimes, it is the law where you work, where our client is located, or where we are located. If you want to know which laws we apply to your personal information, contact us
  • The General Data Protection Regulation (GDPR) and other European privacy laws set unique standards for privacy, including the need to have a “lawful basis” before collecting or handling personal information. For more information about how European privacy laws apply to us, click here
  • The California Consumer Privacy Act (CCPA) also has special requirements. For more information about those, click here
  • We are an APP entity and we therefore follow the Australian Privacy Principles, which set out certain requirements for handling personal information in Australia
  • If the law requires us to have a ‘privacy policy’ or otherwise provide information about how we handle personal information, this document is intended for that purpose
  • A significant part of our business is conducting criminal record checks or police checks, which we do in most countries around the world. When we conduct a police check, it is either because you asked us to, because our client asked us to, or because you are (or want to become) one of our workers
  • When our client asks us for a police check, they determine the purposes for the check. When you ask us for a police check, our purpose is to provide you a service that you have freely chosen to use. When we do police checks on our workers, our purpose is to protect our company and other workers and comply with our legal and contractual obligations
  • In Canada, local police services do police checks by searching the Canadian Police Information Centre (CPIC), a part of the Royal Canadian Mounted Police (RCMP). We have RCMP-approved contracts with our local police partners and always follow RCMP policy and Canadian laws when conducting police checks in Canada
  • In the United Kingdom, each constituent country has its own service for conducting police checks, and there are different levels of check depending on the purpose. We work as a registered body with the Disclosure and Barring Service in England and Wales, and we have similar relationships with Disclosure Scotland and AccessNI. We conduct these checks according to each disclosure service’s code of practice and UK law
  • In Australia, we conduct national coordinated criminal history checks as an accredited body with the Australian Criminal Intelligence Commission (ACIC). We follow all ACIC rules around how those checks are done, which include the Australian Crime Commission Act 2002 and the Australian Privacy Principles
  • In the United States, we are an FBI-approved channeler for forwarding fingerprints to the FBI and delivering FBI background check results. We conduct those checks strictly in accordance with FBI rules and guidelines
  • In other countries, if we are required to be registered or licensed to conduct police or criminal record checks, we either become registered, or we work with a partner or service provider that is registered
  • Results of police checks have no set expiry date. They are point-in-time checks, meaning that the results only reflect police records on the date they are released by each police agency. Decision makers are responsible for determining how long police checks are to be accepted as ‘valid,’ based on their own risk management strategy and assessments
  • We offer a lot of services which involve many types of personal information. Our client decides which services to order, so you should ask them what services are being done in your case
  • We collect some information from you, some from our client, and some from other sources that have information about you
  • We do not keep an ongoing file about you and provide that file to clients who ask for it. Instead, we create a new file each time one of our clients asks us to complete services about you. Each file is only accessible to one client
  • We offer some services that involve ongoing monitoring of arrest records, professional licenses, government watch lists, or other publicly available information. This monitoring is only done for the client that requests it, and any information we found is only provided to that client.
  • We sometimes use information from services we performed previously to allow us, or other similar companies we partner with, to complete new services about you faster and more accurately. For example:
    • If we already verified your education, we or our partner might not verify it again. Instead, we might check the information we received from you or the educational institution and bring that information into a new background check; or
    • If you disputed past background check results and that caused a correction to your information, we or our partner might bring that corrected information into a new background check; or
    • If we already found out where to look for background information about you, we or our partner might use that knowledge to check in the same place again if we do a new background check
  • We or our client tell you before we collect your personal information to complete services, and have you sign a form to say it is OK. There are some exceptions, but they are rare and only when the law allows it
  • We may also need to use your personal information to make sure our systems and services are efficient, accurate and secure, comply with the law, and comply with our contractual obligations with sources
  • We use cookies and other tracking tools to watch what you do on our websites. This helps us make sure the websites are secure and working properly and helps us look for ways to make them better
  • We might try to find out your location and other information about you to give you information that will be useful to you
  • Like most companies, we work with other organizations to make the information on our websites interactive, exciting and relevant
  • Our public websites have advertisements and social media buttons. These allow advertising providers and social media platforms to see what you do, because when your computer downloads those buttons or advertisements, it communicates directly with those other organizations’ servers
  • We use contact information from the internet or from companies that sell professional contact lists to contact people who might want to use our services
  • We use information about people who look at our websites and buy our services to target advertising
  • We ask social media platforms and advertisers to target ads to the kinds of people that might need our services
  • We do not use your personal information for marketing and sales if you ask us not to
  • We collect a few kinds of personal information from you and others to decide if you are the right person for the job and to protect our company
  • Where permitted by law, we monitor your activities in our offices and on our computer and phone systems to ensure safety, security, quality of work, productivity, and compliance with company policies
  • We collect personal information and share it with other organizations or government bodies if necessary to comply with the law, pay you, and provide benefits
  • We do not track your activities when you are not in our offices or connected to our computer equipment or systems, or look into your activities outside of work. The only exception is if we suspect illegal activity or other serious misconduct and the law allows us to investigate further
  • We encrypt personal information when it sits in our systems and transits between our systems
  • We use firewalls, data loss prevention tools, and other barriers and alerts to watch out for hackers, viruses, and other threats
  • We and independent third parties and clients do audits and tests to make sure our security systems are working
  • We do our best to reduce the amount of information we process and transfer to the bare minimum
  • We collect and communicate personal information outside of Sterling through secure channels whenever possible
  • We lock paper documents in secure places
  • We make sure only approved people come into our offices
  • We only work with service providers that also have a high standard for protecting your personal information
  • For more information about information security, keep reading here
  • If you are a candidate and services were requested by our client, we keep your personal information until our client asks us to delete it, but usually no more than seven years
  • Sometimes, the law or a source requires us to keep information for a minimum amount of time
  • If you are a candidate having fingerprint collection or screening done in the United States, we do not keep your fingerprints for more than 29 days
  • If you are a candidate having a national coordinated criminal history check done in Australia, we keep the results of that check for no more than 12 months, and we keep the information you submitted for us to complete the check for no less than 12 months and no more than 18 months
  • If you are a candidate and we receive a UK criminal disclosure certificate about you, we keep it for no more than six months
  • If you are a client, we keep your personal information at least as long as you are using our services
  • If you are a worker, we keep your personal information as long as you work for us, and for a certain amount of time afterwards based on local rules and customs. We might delete some things sooner if we do not need them anymore
  • For more information about retention of personal information, keep reading here
  • When we provide services, we work with other companies around the world to support our activities
  • We work with technology companies to build and manage our computer systems. While they do not usually have a reason to use your personal information, they might have it in their custody or need to access it to do their work
  • We work with other companies that do the same kind of services that we do, to perform services that our workers cannot because we do not have an office in a certain place, we do not know a certain language, or we need another kind of help
  • If you are a worker, we work with other companies to help us train you, monitor your work and improve efficiency, pay you, and provide benefits
  • We have offices all over the world. Some of these mostly do work for their own countries or regions. Others, such as our offices in India and the Philippines, support everything we do around the world
  • Where we do not have offices, we work with local partners and service providers that help with local services
  • We do not transfer personal information across borders if the law, or our contract with our client or source, says we cannot
  • Our information security is the same everywhere, so your information stays secure no matter where it goes
  • In any country where personal information is handled, that country’s government, police or courts can sometimes demand access. It is not easy for governments or courts to do that, and it is very rare. If that happens, we will carefully consider our response with your interests in mind
  • If you are candidate undergoing fingerprint collection or screening in the United States, we do not transfer your personal information outside the United States
  • If you are a candidate undergoing a national coordinated criminal history check in Australia, transfers of your personal information are limited to specific countries
  • There are rules about transferring personal information from Europe. We follow these rules carefully, including by signing special contracts within our organization and with our service providers. Sometimes, we or our client might need your consent to transfer personal information outside of Europe
  • If you live in California, please read our Personal Information Disclosure: United States or Overseas
  • Our websites and our services are designed for adult business professionals, not for children. If you are a child, please do not use our websites or services
  • We do not perform background or identity services on young people. In the US, that means people under 18 years old. In other countries the age can be younger, but we do not normally perform any services anywhere, on children under 13 years old. If you are a candidate under 13 years old or if you are asked to give us information about a child, please contact us so we can review your case
  • We do not employ children as workers
  • You can make choices about your personal information. Sometimes you also have certain rights under the law. You can contact us to make choices and exercise your rights, but we cannot always do what you ask us to do. Sometimes we have to do something different to follow a law, a contract or our own policy. Sometimes we have to ask our client what to do
  • If we are using your information based on your consent, you can contact us to withdraw your consent at any time. If we are using your information based on something other than your consent, like a legal or contractual obligation, then we might still need to use your personal information even if you want to withdraw your consent
  • If you think information we have about you is incorrect, contact us and we will investigate and, if necessary, correct it. If we received your personal information from another party, like a credit bureau or police service (including ACIC, the RCMP, the DBS or the FBI), we may be able to re-check the information directly with the source, or we may need to refer you to the source to ask for a review
  • If you ask to exercise any rights or make any choices, we will either do what you ask, tell you why we cannot, or help you find the right person or organization to ask. You can ask us:
    • for information about your personal information. You can ask if we have it, who we get it from, how we use it, where we store and access it, who we share it with, how long we keep it, and how we protect it when we share it across borders or between organizations
    • for a copy of your personal information
    • to correct your personal information if it is incorrect
    • To add a comment to your personal information if you want it to be clarified or if you disagree with us about whether it is correct
    • to stop using your personal information, either temporarily or permanently, for some or all purposes.
    • to delete your personal information
    • to share your personal information with another organization
  • We do not discriminate against people when they make choices or exercise their rights, but certain choices might mean we cannot do something else you want us to do, like provide information or a perform service. We will explain the consequences of any choice you make
  • If you are not happy with how your personal information has been collected, used, disclosed, or otherwise handled, you can make a complaint to us or to a regulatory or supervisory body

Need more info?

If you still have questions that we have not answered above, please continue to The Details.

Version History

Revision Date Relevant brand and activity Version
August 1, 2020 All Current version
April 23, 2018 Sterling – services for clients Click to download this version
September 8, 2017 Sterling – services for clients Click to download this version
August 10, 2017 Sterling – services for clients Click to download this version
September 13, 2017 Sterling – marketing Click to download this version
August 10, 2017 Sterling – marketing Click to download this version
August 10, 2017 Sterling – workers Click to download this version
August 18, 2018 Sterling Identity - marketing Click to download this version
August 18, 2018 Sterling Identity – services Click to download this version
August 1, 2020 Sterling RISQ Click to download this version
August 1, 2020 National Crime Check Click to download this version