The Details

While The Basics set out our core commitments and key information about how we handle personal information, there are many other details you might want. We have organized these details into categories below.

Types and sources of personal information

Online tracking
and cookies

Access and disclosure

International data transfers

Requests from public authorities

Types of personal information, sources, and purposes for collection

Each table below tells you the types of personal information we collect, what we do with it, and where we get it from, based on your relationship with us. Remember, you might fit into more than one of these categories. In addition to the ways that each type of personal information is used in these tables, personal information is also used for service improvement and compliance if allowed by law.

Some types of personal information have one or more letters next to them, corresponding with the categories of personal information set out in California law.

You can find more information about the lawful basis for handling your personal information under European data protection laws here.

We do not use your personal information for purposes other than the ones listed in this document or that you have been told about elsewhere, unless you would reasonably expect it or we are allowed or required to do so by law.

Not all types of information are collected. We only collect what we need for the services our client asks for.

Type of information	What we do with it	Where we get it from
Name ^{A, B}	Identify you internally, with our clients, and with third parties involved in performing services	You or our client
Other names you have used ^{A, B}	Look for background information related to your other name If your name has been changed or corrected due to your gender identity, please contact us to help us complete services correctly while protecting your privacy	You or our client Public records Publicly available media or social media Credit/consumer reporting agencies Third parties that we contact in the course of performing services
Date of birth ^{A, B, C}	Identify you internally, with our clients, and with third parties involved in performing services	You or our client
Contact information ^{A, B} (including personal or business phone number, email address, and mailing address)	Communicate with you to complete services about you Comply with our legal obligations to contact you Allow you to exercise your privacy rights Connect you with other work or volunteer opportunities, if you ask us to	You or our client
Address history ^{A, B}	Match you to background records	You or our client Credit/consumer reporting agencies Public records
Documents to prove identity or address ^{A, B}	Verify your identity Request your personal information from sources	You or our client
Sex or gender ^{A, B, C}	Complete services where the source requires us to ask for your sex or gender If your legally recognized sex or gender has been changed or corrected, or if your identity is different from the sex or gender indicated on official documents, you are welcome to contact us to help us complete services correctly while protecting your privacy.	You or our client
Government-issued identity numbers ^{A, B} (examples: Social Security Number, Social Insurance Number, National Insurance Number, driver’s license number)	Verify your identity Verify your right to work or immigration status Get records from sources that use your government identity number to identify you	You or our client
Biometric information ^E (examples: fingerprints, fingerprint geometry, facial geometry, photographs)	Check records that are identified by your fingerprints Verify your identity Create a profile or ID card with your picture	You
Physical attributes ^{B, C, E} (examples: race, weight, eye color, hair color)	Validate that police or court records match your description	You or our client
Criminal history, police records, and court records	Complete criminal, police and court record check or monitoring services	You or our client Law enforcement or other government agencies Courts, court runners, or court data aggregators Credit/consumer reporting agencies Public records
Credit or bankruptcy history ^B	Complete credit or financial history services Verify your identity	Credit/consumer reporting agencies Government agencies Public records
Employment history ^{B, I}	Verify your current or past employment Match you to your social media profiles	You or our client Your current or past employers or their record-keeping service providers Agencies that placed you with your current or past employers Publicly available media or social media References you have provided
Education history ^J	Verify your education Match you to your social media profiles	You or our client Educational institutions you have attended or their record-keeping service providers Government education authorities in jurisdictions where you have attended school Publicly available media or social media References you have provided
Volunteering history ^{B, I}	Verify your volunteering history Connect you to new volunteer opportunities, if you ask us to	You or our client Organizations you have volunteered with or their record-keeping service providers Publicly available media or social media References you have provided
Travel history	Verify your activities when you were not working or studying	You or our client References you have provided
Professional credentials, designations, memberships, sanctions or reprimands ^{B, I}	Verify your professional standing, participation or completion of professional development courses Check or monitor for professional sanctions or reprimands	You or our client Professional organizations with which you have been associated, or their record-keeping service providers Public records Publicly available media or social media References you have provided
Opinions about you	Complete reference interviews	You or our client Your current or past employers or their record-keeping service providers Agencies that placed you with your current or past employers References you have provided
Appearance on government watch or sanctions lists	Check or monitor for presence on government watch or sanctions lists	Law enforcement or other government agencies
Health information, including substance test results ^C	Test for substance use or other health conditions	You or our client Substance testing laboratories that have taken a sample for this purpose Medical professionals that have seen you for this purpose
Eligibility to work ^{A, B, C}	Verify that you are allowed to work in a certain country	You or our client Government agencies
Tax information ^{A, B}	Complete employment-related tax forms	You or our client
Driving records	Check your driver’s license validity and driving history	You or our client Government agencies
Directorship and corporate governance history ^{B, I}	Verify your involvement with corporations as a director or officer	You or our client Public records Publicly available media or social media Corporations with which you have had previous involvement
Place of birth ^C	Complete services where the source requires us to ask for your place of birth	You or our client
Publicly available social media activities	Complete services involving social media checks	Social media platforms
Mentions in online or print media	Complete services involving media checks	Online and print media platforms
Other public record information	Complete other public record search or monitoring services	You or our client Government agencies Public records
Telephone call recordings ^H	Ensure quality service, train our employees, and investigate complaints or problems	You
Your opinions about us and our services	Measure and improve the quality of our service	You
Skills and interests ^C,	Help match you with volunteering or other relevant opportunities, if you ask us to	You
Billing and payment card information ^B	Collect payment for services that our client requires you to pay for	You
IP address when you use our candidate platform ^A,F	Maintain your session Determine your location Ensure security on our candidate platform	Your device or internet service provider
Location when you use our candidate platform ^F,G	Provide an experience that is relevant to your location	Your device or internet service provider
Login credentials for our candidate platform ^A,F	Authenticate you when you use our candidate platform	You
Authentication information provided by a social media or cloud services platform ^A,	Authenticate you when you choose to use those platforms to identify yourself to our system	You Social media or cloud services platforms
Dates, times and length of session on our candidate platform ^F	Maintain your session Ensure security on our candidate platform	Your device
Access to and modification of data on our candidate platform ^F	Keep records of what information was provided to us, when, and by whom Ensure security on our candidate platform	You
Device and browser information when you use our candidate platform ^F	Make sure the experience on our candidate platform works for you	Your device
Your behavior on our candidate platform ^F	Look for ways to improve the experience on our candidate platform	You

Type of information	What we do with it	Where we get it from
Name ^{A, B}	Provide information you request Contact you to tell you more about our services	You Companies that can match your behavior on our website to your information elsewhere
Job title and organization ^{B, I}	Provide information you request Contact you to tell you more about our services	You Companies that can match your behavior on our website to your information elsewhere
Contact information ^A,B (examples: phone number, email address, mailing address)	Provide information you request Contact you to tell you more about our services	You Companies that can match your behavior on our website to your information elsewhere
Registration or subscription preferences for webinars, whitepapers, newsletters or other content ^F	Provide information you request Contact you to tell you more about our services	You
IP address ^A,F	Determine your location Ensure security on our websites Identify you or your employer	Your device or internet service provider
Location ^{F, G}	Provide an experience that is relevant to your location	Your device or internet service provider
Your behavior on our websites ^F	Look for ways to improve the experience on our websites Determine what you might be interested in	You
Dates, times and length of session ^F	Look for ways to improve the experience on our websites Ensure security of our websites	Your device
Device and browser information ^F	Make sure the experience on our websites works for you	Your device

Type of information	What we do with it	Where we get it from
Name ^{A, B}	Connect you with the services you order Provide information you request Contact you about services you order Contact you to tell you more about our services	You Another person at your organization
Job title and organization ^{B, I}	Keep track of our different contacts within your organization Manage our relationship with your organization	You Another person at your organization
Contact information ^{A, B} (examples: phone number, email address, mailing address)	Connect you with the services you order Provide information you request Contact you about services you order Tell you more about our services	You Another person at your organization
Telephone call recordings ^H	Ensure quality service Train our employees Investigate complaints or problems	You
Records of your use of our services ^D	Perform services for you Manage our relationship with you	You
Records of email, chat and other communication with you, including whether you have read an email ^F	Perform services for you Manage our relationship with your organization Train our employees Ensure quality service Tell you more about our services	You
Billing and payment card information ^B	Collect payment for services we have provided	You
IP address when you use our client platform ^{A, F}	Maintain your session Determine your location Ensure security on our client platform	Your device or internet service provider
Location when you use our client platform ^{F, G}	Provide an experience that is relevant to your location	Your device or internet service provider
Login credentials for our client platform ^{A, F}	Authenticate you when you use our client platform	You
Authentication information provided by a social media or cloud services platform ^{A, F}	Authenticate you when you choose to use those platforms to identify yourself to our system	You Social media or cloud services platforms
Dates, times and length of session on our client platform ^F	Maintain your session Ensure security on our client platform	Your device
Access to and modification of data on our client platform ^F	Keep records of what information was provided to us, when, and by whom Ensure security on our client platform	You
Device and browser information when you use our client platform ^F	Make sure the experience on our client platform works for you	Your device
Your behavior on our client platform ^F	Look for ways to improve the experience on our client platform Tell you relevant information about our services	You
Your opinions about us and our services	Measure and improve the quality of our service	You

Type of information	What we do with it	Where we get it from
Name ^{A, B}	Provide information you request Contact you to tell you about our services	You Companies that sell lists of professional contact information Your social media profiles Your company’s website Other publicly available sources
Job title and organization ^{B, I}	Provide information you request Contact you to tell you about our services	You Companies that sell lists of professional contact information Your social media profiles Your company’s website Other publicly available sources
Contact information ^{A, B} (examples: phone number, email address, mailing address)	Provide information you request Contact you to tell you about our services	You Companies that sell lists of professional contact information Your social media profiles Your company’s website Other publicly available sources
Telephone call recordings ^H	Ensure quality service Train our employees Investigate complaints or problems	You
Records of email, chat and other communication with you, including whether you have read an email ^F	Manage our relationship with your organization Train our employees Ensure quality service Tell you more about our services	You

Type of information	What we do with it	Where we get it from
Name ^{A, B}	Communicate with you about a candidate Report information you provided to our client	You A candidate who knows you Our client
Job title and organization ^{B, I}	Communicate with you about a candidate Understand your relationship with a candidate Report information you provided to our client	You A candidate who knows you Our client
Contact information ^{A, B} (examples: phone number, email address)	Communicate with you about a candidate	You A candidate who knows you Our client
Your relationship with a candidate ^{B, I}	Put information you provide about a candidate into context	You A candidate who knows you Our client
Your opinions about a candidate	Report information you provided to our client	You
Records of email, chat, and other communication with you ^F	Train our employees Ensure quality service	You
Telephone call recordings ^H	Ensure quality service Train our employees Investigate complaints or problems	You
Your opinions about your experience with us	Measure and improve the quality of our service	You
IP address when you use our platform ^{A, F}	Maintain your session Determine your location Ensure security on our client platform	Your device or internet service provider
Location when you use our platform ^{F, G}	Provide an experience that is relevant to your location	Your device or internet service provider
Dates, times, and length of session on our platform ^F	Maintain your session Ensure security on our client platform	Your device
Access to and modification of data on our platform ^F	Keep records of what information was provided to us, when, and by whom Ensure security on our client platform	You
Device and browser information when you use our platform ^F	Make sure the experience on our client platform works for you	Your device
Your behavior on our platform ^F	Look for ways to improve the experience on our client platform Tell you relevant information about our services	You

Type of information	What we do with it	Where we get it from
Name ^{A, B}	Identify you	You Someone you know who refers you to us
Contact information ^{A, B} (examples: phone number, email address, mailing address, residential address)	Communicate with you about working for Sterling	You Someone you know who refers you to us
Interests and other personal characteristics you share with us ^C	Decide what kind of job you might want to do Associate you with other similar people who work for Sterling Provide support to you if you need it	You
Professional background information ^{A, B, I, J} (examples: skills, education history, employment history, professional credentials, professional sanctions, other people’s opinions about your work)	Decide if you have the right skills and background to work for us	You Your current and former employers or their record-keeping service providers Educational institutions where you have studied or their record-keeping service providers Professional organizations or regulatory bodies or their record-keeping service providers References you provide
Personal background and identity information ^{A, B, C, I, J} (examples: date of birth, place of birth, sex or gender, address history, criminal history, police and court records, credit history, substance or health testing results, public social media activity, identity documents or numbers, appearance on government watch or sanctions lists, nationality, citizenship, or immigration status)	Decide if your background or activities create any risks for the company or our clients Make sure you are allowed to work in the country where you are applying	You Police, courts, and government agencies Credit/consumer reporting agencies Substance testing labs or medical professionals that you have gone to as part of your work for Sterling Social media platforms Other publicly available sources
Information about protected class or characteristics, if you tell us about them ^C (examples: sex or gender, gender identity, race, ethnicity, sexual orientation, disability or health status, and others)	Run diversity and inclusion programs and affinity groups for workers Manage accommodations for different needs	You
Attendance information ^I (examples: hours worked, reasons for leave or tardiness, information about a medical condition, information about your family, information about a disability)	Manage staffing, hours and attendance Manage accommodations for different needs	You Medical professionals you ask to speak with us Family members or other representatives you ask to speak with us
Information about workplace benefits, support, and health ^{A, B, C} (examples: medical information, substance test results, disability information, marital status, family information, transportation records, vehicle information, charitable donation information, professional development and education information, personal concerns or problems)	Manage benefits Provide support services to workers Maintain a healthy and substance-free workplace	You Substance testing labs or medical professionals that you have gone to as part of your work for Sterling or that you have asked to speak to us Family members or other representatives you ask to speak with us Benefits providers
Tax and payroll information ^{A, B, C} (examples: identity documents, date of birth, government ID numbers, loan information, wage garnishment information, banking information, marital status, family information)	Make sure you get paid Report payroll and tax information to government authorities Pay taxes	You Government agencies Courts
Network and equipment use information ^F (examples: access logs, IP address, login credentials, data access, internet browsing activities, email records, chat records, telephone calls, information about your home office, information about your mobile device, voicemails)	Make sure our systems are secure Investigate unusual or suspicious behavior Investigate suspected violations of company policy or the law	You Your device
Information about your job performance, quality, and productivity ^I (examples: computer and network activity, telephone call recordings, email and chat logs, performance appraisals, training records, corrective action records, assessments of quality and quantity of work done)	Manage individual, team and company performance, quality, and productivity	You Monitoring of activities on our systems Your supervisor Other workers
Emergency contact information ^{A, B}	Communicate with you, your family or your friends in an emergency	You
Your opinions and feedback about Sterling, your job, and other workers	Measure our performance as a workplace Improve the experience for our workers	You
Biometric information ^E (examples: fingerprints, fingerprint geometry, hand geometry, face geometry, photographs)	Allow you to access our offices Allow you to track your working hours Provide you with a company ID card	You
Information about your personal belongings in our offices (examples: contents of bags or storage lockers)	Make sure our offices are secure	You
Information about your activities in our offices ^H (examples: entry and exit records, security video and audio recordings)	Ensure our offices are secure Investigate unusual or suspicious behavior Investigate suspected violations of company policy or the law	You Recording devices
Information collected as part of an investigation ^{D, F, G, H, I} (examples: activity on social media, in the news, or in public; information about interpersonal relationships; complaints or concerns voiced by others; internal and external communications)	Investigate suspected violations of company policy or the law	You Social media platforms News outlets Remote monitoring Other workers, clients, or other relevant people

Service improvement and compliance

We constantly analyze our systems and services to make sure they work as well as possible. Whenever we can, we do this analysis with anonymous information, meaning identifiable information (for example, your name, date of birth, and government-issued identification numbers) is removed, but we also need to analyze identifiable information. Also, we have some legal obligations to ensure our systems are secure and our results are accurate. Finally, some sources audit us to make sure we are using information properly.

If the law and contracts with our clients allow it, we use personal information for these purposes:

Watching system activity and data movement to make sure your personal information is secure
Reviewing service fulfillment and results to make sure they have been done correctly
Testing systems to make sure they work right and to find coding mistakes
Making sure sources are providing us with consistent and accurate information
Checking that our workers, service providers, and other people or organizations that help us operate are doing their work properly
Looking for patterns, analyzing manual and automated business activities, and gathering other business information to help our people and our systems work faster, more accurately, and more efficiently in the future
Allowing sources (like consumer and credit reporting agencies, courts, police services, government agencies, and others) to check that we are collecting and using information from them properly

Mergers and acquisitions

Like many industries, our industry undergoes a lot of changes. This means that we might buy other companies, or we might be bought by another company. We might also join together with other companies to create a new partnership or joint venture. When we do this, personal information from different companies might be mixed together. However, the commitments in this privacy statement remain the same. Any new company that has access to your personal information through merger, acquisition or joint venture activity will not use it for any new purposes.

Online tracking and cookies

When you use websites and read emails, information is created about your activities. This can be as simple as a log of your IP address accessing the website or an indication of whether you read an email, or it can be more complex, like step-by-step records of everywhere you have clicked and how long you have stayed on each page. Many websites save small files called “cookies” on your computer, so that the same website can recognize you as you move around the website and when you come back in the future. There are a few websites that you can refer to for more information about how cookies work. We recommend http://aboutcookies.org.

To keep things easy to understand, we call cookies and other internet tracking technologies “trackers” throughout this section.

Sterling and other organizations we work with use trackers when you use our websites and read our emails. Depending on how you interact with us, these trackers serve different functions. When you access one of our websites for the first time, we show you a banner that allows you to see what kinds of trackers will be used on that website and what they do. Some trackers need to be on for functional reasons, but you might be able to turn off others. If you have choices about trackers, you can to make those choices through that banner. Our websites have trackers for the following reasons:

Our websites are complex and use a full range of technological capabilities, including security protocols. For these capabilities to operate correctly, the websites need to use trackers to maintain a secure connection with your computer. If these trackers are not in place, some parts of the website do not work, and we cannot secure your connection.

You can make certain choices when you use our websites, like your country, your language, the size of the text on the screen, or other customizations. Our websites will also automatically adjust based on information provided by your device, like the type of device you are using, your browser, and your location. Sometimes, you can ask a secure login page to remember who you are to make it easier to log in the next time you visit. Sometimes we are required to gather and maintain this information to ensure our website is usable and comply with local laws where you are.

Our electronic communications are only useful if they give our website visitors, clients, candidates, sources, and workers what they are looking for. To be sure of that, we use trackers to see how many people look at our websites or emails, which parts they look at most (and least), how much time they spend on average on each page, and what they are doing when they get stuck or stop using the website. We use this information in aggregate form (meaning we cannot tell who you are) to understand trends that help us improve our online interactions with people. We might also use it to improve our interactions with you. For example, if we can tell that you never open our emails, we might stop sending them to you, Also, if you are a client, candidate, source, or worker and you report a technical problem, we might look at a log of what you have done to help us solve the problem.

If you are a website visitor or a client, we (along with our social media and advertising partners) use trackers to attempt to identify you or the organization you work for using publicly available information, or associate you with your profiles on social media and advertising platforms. This helps us and our partners better understand who you are to ensure that sales, marketing, and advertising efforts are relevant, targeted, and effective. If you interact with us as a candidate or a source, we do not use trackers for this purpose and will not use your personal information for sales, marketing, or advertising.

Access and disclosure

Each table below tells you the people and organizations that might have access to your personal information (or to whom we might disclose your information) based on your relationship with us. Remember, you might fit into more than one of these categories.

When a person or an organization works on our behalf to store data, maintain our systems, or help us perform services, we only choose people or organizations that will protect your personal information appropriately and use it only the way we ask them to. We require these partners and service providers to make that commitment through a contract.

Who has access?	What information do they get?	What do they do with it?
Sterling’s client support, service fulfillment, finance, compliance, privacy, information technology, and data analytics teams	All personal information	Communicate with you and our client about our services Fulfill and collect payment for services Maintain our systems Analyze our business activities Comply with our legal obligations
Our client	All personal information collected when we provide services to that client	Determined by our client
Organizations you ask us to share your information with	The information you ask us to share	Determined by the recipient organization
Data storage and processing providers	All personal information in our custody	Store, carry out automated tasks on, and provide access to, data
Technology support providers	Personal information in our custody with which we require technical support	Provide technical assistance in developing and using our systems
Other companies that provide services similar to ours	Personal information required to complete services	Provide services we cannot complete due to geographic, linguistic, or technical limitations Provide services when we need help to handle overflow volume
Court researchers	Name Date of birth Government-issued identifiers Address history Other information required to complete court research Court records	Retrieve and report court records
Drug and health testing sites and labs	Name Date of birth Government-issued identifiers Other information required to complete drug and health testing Health information, including test results	Collect and test biological specimens for drugs or other health-related purposes
Local police services and national criminal record checking authorities like the Australian Criminal Intelligence Commission, the UK Disclosure and Barring Service, the Royal Canadian Mounted Police, or the Federal Bureau of Investigation	Name Date of birth Government-issued identifiers Address history Other information required to complete police record searches Police records Fingerprints or other biometric identifiers (images or geometry)	Conduct police record checks Conduct law enforcement duties
Biometric collection or transmission services	Fingerprints or other biometric identifiers (images or geometry) Name Address Date of birth Government-issued identifiers Professional license numbers Physical characteristics Reasons for a request for services	Conduct fingerprint-based public record checks
Translation services	Personal information we have received in a language our workers cannot understand	Translate documents or information Provide services in the language required by our client
Survey services	Name Contact information Opinions about our services	Conduct surveys
Credit card processing services	Billing and payment card information	Process payment for services

Who has access?	What information do they get?	What do they do with it?
Sterling’s marketing and sales teams	All personal information	Develop and carry out our marketing and sales activities
Marketing analytics, communications, and data aggregation providers	IP address and location Web browsing behavior Information entered in contact forms on marketing websites	Analyze the use of our marketing websites to provide a better and more relevant user experience Identify users to target marketing and sales activities Manage marketing communications
Advertising and social media partners	Name Job title and employer Contact information	Deliver targeted marketing and advertising to you
Data storage and processing providers	All personal information	Store, carry out automated tasks on, and provide access to, data
Technology support providers	Personal information with which we need technical support	Provide technical assistance in developing and using our systems
Survey services	Name Contact information Opinions about our services	Conduct surveys

Who has access?	What information do they get?	What do they do with it?
Sterling’s human resources, finance, and executive teams, and your direct and indirect supervisors	All personal information	Manage all aspects of Sterling’s relationship with you
Recruiting companies	Name Contact information Employment, education and other professional background information	Help you become a Sterling worker
Payroll providers	Name Government identifiers Tax information Banking information Hours worked Wage/salary Other payroll- and tax-related information	Ensure payment of wages/salary and related taxes and fees
Data storage and delivery providers, including data centers/cloud providers, applicant tracking systems, recruiting systems, human resources information systems, and others	All personal information	Store, carry out automated tasks on, and provide access to, data
Technology support providers	Personal information with which we need technical support	Provide technical support
Organizations involved in background screening (see the table for “candidates” above)	Personal information required to complete background checks (see the table for “candidates” here)	Background screening
Benefits providers, including healthcare providers, financial institutions, and others	Identifying information Health information Information about family members Financial information Other information required to provide benefits	Provision of benefits, including health plans, retirement plans, and support services
Survey services	Name Department Job title Contact information Opinions about Sterling	Conduct surveys

Notice and consent

When we collect and use your personal information, you are almost always notified beforehand. There might be a brief notice provided to you right when your information is collected, or you may be asked to view this document, or both.

Depending on our relationship with you, we may notify you or someone else may notify you about the collection of your personal information:

If you are a candidate, our client will usually notify you either by providing you with a paper notice or disclosure, or by sending you an invitation through our platform which contains information about your privacy and a link to this document. If you request services for yourself, you will be given information about the services and a link to this document before you submit your request
If you are a source, you can visit our website and follow a link to this document when we contact you about using you as a source. If your information is provided by a candidate, that candidate should tell you that they are providing your personal information
If you are a website visitor or client, you can follow a link to this document when you visit our website or log into our client portal
If you are a prospect, you can visit our website and follow a link to this document after we first make contact, or you can ask the person you speak with to provide more information about your privacy
If you are a worker, you will be provided a link to this document when you first apply to work for us, and you can follow a link to this document through our internal or external websites at any time afterwards

Sometimes, notice is not given before your personal information is collected. This is rare, but may happen in the following circumstances:

You are a source and the candidate does not tell you that they are providing your personal information. We will contact you shortly after we have received your contact information
You are a prospect and we contact you through publicly available channels
You are a candidate for certain types of due diligence investigations and our client has determined that the investigation can be done without notice to you

You must provide consent or authorization for some of the things we do with your personal information. That can be expressed by many actions, including by signing a form, checking a box, or simply providing your personal information after being told how it will be used. Many of the things we do with your personal information do not require your consent, though, because you do not really have a choice (for example, if a certain activity involving your personal information is required by law or required for employment) or because asking for your consent would defeat the purpose (for example, if we are conducting an investigation into suspected workplace policy violation). If you want to know whether you have consented to the collection and handling of your personal information, or if you want to withdraw your consent, please contact us and we will explain your options.

Retention

We keep personal information long enough to meet our and our clients’ contractual, legal, and business needs. Once we no longer need your personal information, it is deleted or anonymized, meaning you can no longer be identified from any remaining information. To delete data, we de-index it from our databases and overwrite it with new information. There are many factors that go into deciding how long to keep personal information. Our general retention guidelines are as follows:

If you are a candidate or source in the United States or Canada, we usually need to keep your personal information for at least six years to comply with our legal and contractual obligations. If you are in another country, we may only need to keep your personal information for a few months so we can fulfill the services and collect payment for them, but sometimes we might need to keep it longer because of the type of information we collected about you or where we collected it from. Also, our clients use our system to keep records of all the services they have requested, so they might need us to keep your personal information longer. We do not delete personal information collected on behalf of our client until our client asks us to delete it
If you are candidate having fingerprint collection or screening done with Sterling Identity, we keep fingerprints and criminal history information for no more than 29 days. After that, they are deleted. We are required to retain certain information about your fingerprint screening for one to three years for compliance with FBI audit requirements. Beyond that, we keep personal information in active accounts for seven years, after which it is anonymized. If your account is inactive, we anonymize your personal information three years after your last login
If you are a candidate having a national coordinated criminal history check done in Australia, we do not keep the results of that check for more than 12 months, and we keep the information you submitted for us to complete the check for no less than 12 months and no more than 18 months
If you are a candidate and we receive a UK criminal disclosure certificate about you, we do not keep the certificate for more than six months

To find out how long personal information is retained in your case, contact us and we will let you know or tell you how to find out.

Accuracy

Much of the personal information we collect comes directly from you, so you control if it is accurate or not. When we collect personal information from sources, the source is responsible for making sure it is accurate. No matter how we collect your personal information, we correct it if we find out it is inaccurate, either because you told us it was inaccurate, or we discovered it was inaccurate through regular quality control checks. To ask for correction of your personal information, contact us.

Information security

We have advanced security measures to secure and protect your personal information, such as internal and external firewalls, monitoring and alert systems to prevent and detect hackers, and 256-bit encryption of data in transit and at rest. Our servers are in secure locations that are carefully monitored and audited. Most of our employees access personal information only through secure virtual desktop interfaces, and our online interfaces are encrypted, password-protected, and monitored.

We have rigorous physical security policies to prevent unauthorized physical access to our offices. Our servers and offices, including electronic storage and paper documents containing personal information, are kept in access-controlled and monitored environments.

When we collect and communicate personal information outside of Sterling, we take care to do so through secure connections (like an SSL web connection or through a direct electronic integration) whenever possible. If we cannot exchange personal information that way because of technological limitations, we exceptionally collect and communicate personal information by phone, fax, postal mail, or email. If we have asked you to provide your personal information and you are not comfortable with the way you have been asked to provide it, contact us and we will provide an alternate method.

All our employees have been background checked and have taken security and privacy training courses. Our workers are only permitted to access your personal information if they need it to do their work.

Our contracts with service providers require them to protect your personal information properly and allow us to monitor them to be sure they do.

These information security practices are the same in all our offices around the world. Your personal information is protected to the same level whenever it is with Sterling, no matter where it goes.

International data transfers

Almost all the personal information we have is stored in data centers or with cloud providers in Canada, the European Union, Singapore, or the United States. A small amount of personal information is also stored in our offices around the world, including personal information about our workers, personal information that we have sent or received by mail or courier service, and information that is subject to special local rules. Our offices are in Australia, Canada, China, Hong Kong, India, Malaysia, Mexico, the Netherlands, the Philippines, Poland, Singapore, the United Arab Emirates, the United Kingdom, and the United States. We also have some workers who work remotely in other countries.

Any of the types of information we collect may be handled in any of the countries where we operate, for any of the purposes we collect personal information. The people and organizations who access personal information may be located anywhere in the world. Where your personal information is stored and accessed depends on why we have it and which part of our organization is using it. The following are general guidelines about where personal information is most frequently stored and accessed:

If you are engaging with our United States companies (Sterling, Sterling Volunteers, Sterling Diligence, or Sterling NOW), then personal information will primarily be stored in the United States and processed in the European Union, India, Mexico, the Philippines, and the United States
If you are engaging with Sterling Identity for fingerprinting services, your personal information is stored and accessed in the United States only
If you are engaging with our Canadian company (Sterling Backcheck and myBackCheck.com), then personal information will primarily be stored in Canada and the United States and processed in Canada, the European Union, India, Mexico, the Philippines, and the United States
If you are engaging with our Europe, Middle East, and Africa companies (Sterling EMEA), then personal information will primarily be stored in Germany, Canada or the United States and processed in the European Union, India, the Philippines, the United Arab Emirates, the United Kingdom, and the United States
If you are engaging with our Asia-Pacific companies (Sterling APAC and National Crime Check), then personal information will primarily be stored in Australia, Singapore, and the United States and processed in Australia, China, Hong Kong, Malaysia, the Philippines, Singapore, and the United States
If you are undergoing an Australian national coordinated criminal history check, your personal information will be stored in Singapore and processed in Australia, Malaysia, the Philippines, and Singapore
If you are paying for a service using a card, your payment card data will be processed by our payment partner in the United States.

If we are asked to collect information about you from sources outside of a country where we are located or using a language we do not know, your personal information might be stored and accessed from additional countries.

We follow European rules for protecting cross-border transfers of personal information, including by being certified to the EU-US Data Privacy Framework and UK Extension.

Personal information disclosure: United States or overseas

When Sterling is acting as an Investigative Consumer Reporting Agency under California state law, personal information collected from candidates in the United States may be transferred outside of the United States as follows:

 To Sterling’s affiliate operations centers in Australia, Brazil, Canada, Colombia, the European Union, India, Malaysia, Mexico, the Philippines, Singapore, and the United Kingdom for service fulfillment
To Sterling’s information technology service providers in Australia, Canada, Singapore and the European Union if needed to transfer personal information between the United States and our affiliates around the world
To third parties from which personal information must be collected or verified to fulfill services requested by our client (for example, if our client asks for a criminal record check in Brazil, personal information will be transferred to the organization in Brazil that provides police certificates)
To our affiliates, partners or service providers that provide country- or region-specific services, where our client has requested those services (for example, if our client asks for an education verification in Japan, personal information may be transferred to a company in Asia with expertise in verifying Japanese education history in the Japanese language)

Risks of international data transfers

No matter where we store or access your personal information, we protect it to the same high standard and your rights remain the same. This means that if we handle personal information in a country with weaker privacy and data protection laws than what would usually apply, we still follow the stricter laws. However, if local laws in a different country apply to your personal information, then local authorities in that country (like courts, police, or the government) might be able to demand access to personal information. This is very unlikely to happen, but if it does, we carefully consider our response before providing information to public authorities and always take your interests into account.

Requests for personal information from public authorities

Law enforcement agencies, national security agencies, courts, or other public bodies in any jurisdiction where we are subject to the law may ask us for personal information, no matter where it is stored. If we get a production order, warrant, subpoena, or other enforceable demand, we will comply as required by law. If we get a request by a public authority to provide information voluntarily, we will consider your interests, our business interests, the interests of our clients, public safety implications, and our legal obligations before we decide whether to communicate personal information. If the personal information was collected from or on behalf of a client, we will consult with the client before proceeding if allowed by law.

We may decide to share personal information with law enforcement or other third parties proactively if necessary to investigate or report a violation of the law or a contractual agreement, if allowed by law.

For the experts

There are some things that we are required to say by law, but that are difficult to understand for someone who is not an expert. Instead of making it harder to read about privacy by mixing those things into The Basics and The Details, we have added a section called The Legal and Technical Stuff for the people who are really interested. Lawyers, regulators, and privacy geeks, this is for you!

The Details

Types of personal information, sources, and purposes for collection

Candidates

Website Visitors

Clients

Prospects

Sources

Workers

Service improvement and compliance

Mergers and acquisitions

Online tracking and cookies

To allow our websites to work properly and securely.

To customize the website experience for you and remember your preferences when you move around our websites or visit again in the future.

To understand who is visiting our websites or reading our emails, what they are looking at, and how we can improve their experience.

To target our sales, marketing, and advertising efforts to the right people and allow advertising and social media platforms to see what you do on our websites.

Access and disclosure

Candidates and sources

Website visitors, clients, and prospects

Workers

Notice and consent

Retention

Accuracy

Information security

International data transfers

Personal information disclosure: United States or overseas

Risks of international data transfers

Requests for personal information from public authorities

For the experts