The Details

While The Basics set out our core commitments and key information about how we handle personal information, there are many other details you might want. We have organized these details into categories below.

Types of personal information, sources, and purposes for collection

Each table below tells you the types of personal information we collect, what we do with it, and where we get it from, based on your relationship with us. Remember, you might fit into more than one of these categories. In addition to the ways that each type of personal information is used in these tables, personal information is also used for service improvement and compliance if allowed by law.

Some types of personal information have one or more letters next to them, corresponding with the categories of personal information set out in California law.

You can find more information about the lawful basis for handling your personal information under European data protection laws here.

We do not use your personal information for purposes other than the ones listed in this document or that you have been told about elsewhere, unless you would reasonably expect it or we are allowed or required to do so by law.

Type of information What we do with it Where we get it from

Name A, B

  • Identify you internally, with our clients, and with third parties involved in performing services
  • You or our client

Other names you have used A, B

  • Look for background information related to your other name

If your name has been changed or corrected due to your gender identity, please contact us to help us complete services correctly while protecting your privacy

  • You or our client
  • Public records
  • Publicly available media or social media
  • Credit/consumer reporting agencies
  • Third parties that we contact in the course
    of performing services

Date of birth A, B, C

  • Identify you internally, with our clients, and with third parties involved in performing services
  • You or our client

Contact information A, B

(including personal or business phone number, email address, and mailing address)

  • Communicate with you to complete services about you
  • Comply with our legal obligations to contact you
  • Allow you to exercise your privacy rights
  • Connect you with other work or volunteer opportunities, if you ask us to
  • You or our client

Address history A, B

  • Match you to background records
  • You or our client
  • Credit/consumer reporting agencies
  • Public records

Documents to prove identity or address A, B

  • Verify your identity
  • Request your personal information from sources
  • You or our client

Sex or gender A, B, C

  • Complete services where the source requires us to ask for your sex or gender

If your legally recognized sex or gender has been changed or corrected, or if your identity is different from the sex or gender indicated on official documents, you are welcome to contact us to help us complete services correctly while protecting your privacy.

  • You or our client

Government-issued identity numbers A, B

(examples: Social Security Number, Social Insurance Number, National Insurance Number, driver’s license number)

  • Verify your identity
  • Verify your right to work or immigration status
  • Get records from sources that use your government identity number to identify you
  • You or our client

Biometric information E

(examples: fingerprints, fingerprint geometry, facial geometry, photographs)

  • Check records that are identified by your fingerprints
  • Verify your identity
  • Create a profile or ID card with your picture
  • You

Physical attributes B, C, E

(examples: race, weight, eye color, hair color)

  • Validate that police or court records match your description
  • You or our client

Criminal history, police records, and court records

  • Complete criminal, police and court record check or monitoring services
  • You or our client
  • Law enforcement or other government agencies
  • Courts, court runners, or court data aggregators
  • Credit/consumer reporting agencies
  • Public records

Credit or bankruptcy history B

  • Complete credit or financial history services
  • Verify your identity
  • Credit/consumer reporting agencies
  • Government agencies
  • Public records

Employment history B, I

  • Verify your current or past employment
  • Match you to your social media profiles
  • You or our client
  • Your current or past employers or their record-keeping service providers
  • Agencies that placed you with your current or past employers
  • Publicly available media or social media
  • References you have provided

Education history J

  • Verify your education
  • Match you to your social media profiles
  • You or our client
  • Educational institutions you have attended or their record-keeping service providers
  • Government education authorities in jurisdictions where you have attended school
  • Publicly available media or social media
  • References you have provided

Volunteering history B, I

  • Verify your volunteering history
  • Connect you to new volunteer opportunities, if you ask us to
  • You or our client
  • Organizations you have volunteered with or their record-keeping service providers
  • Publicly available media or social media
  • References you have provided

Travel history

  • Verify your activities when you were not working or studying
  • You or our client
  • References you have provided

Professional credentials, designations, memberships, sanctions or reprimands B, I

  • Verify your professional standing, participation or completion of professional development courses
  • Check or monitor for professional sanctions or reprimands
  • You or our client
  • Professional organizations with which you have been associated, or their record-keeping service providers
  • Public records
  • Publicly available media or social media
  • References you have provided

Opinions about you

  • Complete reference interviews
  • You or our client
  • Your current or past employers or their record-keeping service providers
  • Agencies that placed you with your current or past employers
  • References you have provided

Appearance on government watch or sanctions lists

  • Check or monitor for presence on government watch or sanctions lists
  • Law enforcement or other government agencies

Health information, including substance test results C

  • Test for substance use or other health conditions
  • You or our client
  • Substance testing laboratories that have taken a sample for this purpose
  • Medical professionals that have seen you for this purpose

Eligibility to work A, B, C

  • Verify that you are allowed to work in a certain country
  • You or our client
  • Government agencies

Tax information A, B

  • Complete employment-related tax forms
  • You or our client

Driving records

  • Check your driver’s license validity and driving history
  • You or our client
  • Government agencies

Directorship and corporate governance history B, I

  • Verify your involvement with corporations as a director or officer
  • You or our client
  • Public records
  • Publicly available media or social media
  • Corporations with which you have had previous involvement

Place of birth C

  • Complete services where the source requires us to ask for your place of birth
  • You or our client

Publicly available social media activities

  • Complete services involving social media checks
  • Social media platforms

Mentions in online or print media

  • Complete services involving media checks
  • Online and print media platforms

Other public record information

  • Complete other public record search or monitoring services
  • You or our client
  • Government agencies
  • Public records

Telephone call recordings H

  • Ensure quality service, train our employees, and investigate complaints or problems
  • You

Your opinions about us and our services

  • Measure and improve the quality of our service
  • You

Skills and interests C,

  • Help match you with volunteering or other relevant opportunities, if you ask us to
  • You

Billing and payment card information B

  • Collect payment for services that our client requires you to pay for
  • You

IP address when you use our candidate platform A,F

  • Maintain your session
  • Determine your location
  • Ensure security on our candidate platform
  • Your device or internet service provider

Location when you use our candidate platform F,G

  • Provide an experience that is relevant to your location
  • Your device or internet service provider

Login credentials for our candidate platform A,F

  • Authenticate you when you use our candidate platform
  • You

Authentication information provided by a social media or cloud services platform A,

  • Authenticate you when you choose to use those platforms to identify yourself to our system
  • You
  • Social media or cloud services platforms

Dates, times and length of session on our candidate platform F

  • Maintain your session
  • Ensure security on our candidate platform
  • Your device

Access to and modification of data on our candidate platform F

  • Keep records of what information was provided to us, when, and by whom
  • Ensure security on our candidate platform
  • You

Device and browser information when you use our candidate platform F

  • Make sure the experience on our candidate platform works for you
  • Your device

Your behavior on our candidate platform F

  • Look for ways to improve the experience on our candidate platform
  • You
Type of information What we do with it Where we get it from

Name A, B

  • Provide information you request
  • Contact you to tell you more about our services
  • You
  • Companies that can match your behavior on our website to your information elsewhere

Job title and organization B, I

  • Provide information you request
  • Contact you to tell you more about our services
  • You
  • Companies that can match your behavior on our website to your information elsewhere

Contact information A,B

(examples: phone number, email address, mailing address)

  • Provide information you request
  • Contact you to tell you more about our services
  • You
  • Companies that can match your behavior on our website to your information elsewhere

Registration or subscription preferences for webinars, whitepapers, newsletters or other content F

  • Provide information you request
  • Contact you to tell you more about our services
  • You

IP address A,F

  • Determine your location
  • Ensure security on our websites
  • Identify you or your employer
  • Your device or internet service provider

Location F, G

  • Provide an experience that is relevant to your location
  • Your device or internet service provider

Your behavior on our websites F

  • Look for ways to improve the experience on our websites
  • Determine what you might be interested in
  • You

Dates, times and length of session F

  • Look for ways to improve the experience on our websites
  • Ensure security of our websites
  • Your device

Device and browser information F

  • Make sure the experience on our websites works for you
  • Your device
Type of information What we do with it Where we get it from

Name A, B

  • Connect you with the services you order
  • Provide information you request
  • Contact you about services you order
  • Contact you to tell you more about our services
  • You
  • Another person at your organization

Job title and organization B, I

  • Keep track of our different contacts within your organization
  • Manage our relationship with your organization
  • You
  • Another person at your organization

Contact information A, B

(examples: phone number, email address, mailing address)

  • Connect you with the services you order
  • Provide information you request
  • Contact you about services you order
  • Tell you more about our services
  • You
  • Another person at your organization

Telephone call recordings H

  • Ensure quality service
  • Train our employees
  • Investigate complaints or problems
  • You

Records of your use of our services D

  • Perform services for you
  • Manage our relationship with you
  • You

Records of email, chat and other communication with you, including whether you have read an email F

  • Perform services for you
  • Manage our relationship with your organization
  • Train our employees
  • Ensure quality service
  • Tell you more about our services
  • You

Billing and payment card information B

  • Collect payment for services we have provided
  • You

IP address when you use our client platform A, F

  • Maintain your session
  • Determine your location
  • Ensure security on our client platform
  • Your device or internet service provider

Location when you use our client platform F, G

  • Provide an experience that is relevant to your location
  • Your device or internet service provider

Login credentials for our client platform A, F

  • Authenticate you when you use our client platform
  • You

Authentication information provided by a social media or cloud services platform A, F

  • Authenticate you when you choose to use those platforms to identify yourself to our system
  • You
  • Social media or cloud services platforms

Dates, times and length of session on our client platform F

  • Maintain your session
  • Ensure security on our client platform
  • Your device

Access to and modification of data on our client platform F

  • Keep records of what information was provided to us, when, and by whom
  • Ensure security on our client platform
  • You

Device and browser information when you use our client platform F

  • Make sure the experience on our client platform works for you
  • Your device

Your behavior on our client platform F

  • Look for ways to improve the experience on our client platform
  • Tell you relevant information about our services
  • You

Your opinions about us and our services

  • Measure and improve the quality of our service
  • You
Type of information What we do with it Where we get it from

Name A, B

  • Provide information you request
  • Contact you to tell you about our services
  • You
  • Companies that sell lists of professional contact information
  • Your social media profiles
  • Your company’s website
  • Other publicly available sources

Job title and organization B, I

  • Provide information you request
  • Contact you to tell you about our services
  • You
  • Companies that sell lists of professional contact information
  • Your social media profiles
  • Your company’s website
  • Other publicly available sources

Contact information A, B

(examples: phone number, email address, mailing address)

  • Provide information you request
  • Contact you to tell you about our services
  • You
  • Companies that sell lists of professional contact information
  • Your social media profiles
  • Your company’s website
  • Other publicly available sources

Telephone call recordings H

  • Ensure quality service
  • Train our employees
  • Investigate complaints or problems
  • You

Records of email, chat and other communication with you, including whether you have read an email F

  • Manage our relationship with your organization
  • Train our employees
  • Ensure quality service
  • Tell you more about our services
  • You
Type of information What we do with it Where we get it from

Name A, B

  • Communicate with you about a candidate
  • Report information you provided to our client
  • You
  • A candidate who knows you
  • Our client

Job title and organization B, I

  • Communicate with you about a candidate
  • Understand your relationship with a candidate
  • Report information you provided to our client
  • You
  • A candidate who knows you
  • Our client

Contact information A, B

(examples: phone number, email address)

  • Communicate with you about a candidate
  • You
  • A candidate who knows you
  • Our client

Your relationship with a candidate B, I

  • Put information you provide about a candidate into context
  • You
  • A candidate who knows you
  • Our client

Your opinions about a candidate

  • Report information you provided to our client
  • You

Records of email, chat, and other communication with you F

  • Train our employees
  • Ensure quality service
  • You

Telephone call recordings H

  • Ensure quality service
  • Train our employees
  • Investigate complaints or problems
  • You

Your opinions about your experience with us

  • Measure and improve the quality of our service
  • You

IP address when you use our platform A, F

  • Maintain your session
  • Determine your location
  • Ensure security on our client platform
  • Your device or internet service provider

Location when you use our platform F, G

  • Provide an experience that is relevant to your location
  • Your device or internet service provider

Dates, times, and length of session on our platform F

  • Maintain your session
  • Ensure security on our client platform
  • Your device

Access to and modification of data on our platform F

  • Keep records of what information was provided to us, when, and by whom
  • Ensure security on our client platform
  • You

Device and browser information when you use our platform F

  • Make sure the experience on our client platform works for you
  • Your device

Your behavior on our platform F

  • Look for ways to improve the experience on our client platform
  • Tell you relevant information about our services
  • You
Type of information What we do with it Where we get it from

Name A, B

  • Identify you
  • You
  • Someone you know who refers you to us

Contact information A, B

(examples: phone number, email address, mailing address, residential address)

  • Communicate with you about working for Sterling
  • You
  • Someone you know who refers you to us

Interests and other personal characteristics you share with us C

  • Decide what kind of job you might want to do
  • Associate you with other similar people who work for Sterling
  • Provide support to you if you need it
  • You

Professional background information A, B, I, J

(examples: skills, education history, employment history, professional credentials, professional sanctions, other people’s opinions about your work)

  • Decide if you have the right skills and background to work for us
  • You
  • Your current and former employers or their record-keeping service providers
  • Educational institutions where you have studied or their record-keeping service providers
  • Professional organizations or regulatory bodies or their record-keeping service providers
  • References you provide

Personal background and identity information A, B, C, I, J

(examples: date of birth, place of birth, sex or gender, address history, criminal history, police and court records, credit history, substance or health testing results, public social media activity, identity documents or numbers, appearance on government watch or sanctions lists, nationality, citizenship, or immigration status)

  • Decide if your background or activities create any risks for the company or our clients
  • Make sure you are allowed to work in the country where you are applying
  • You
  • Police, courts, and government agencies
  • Credit/consumer reporting agencies
  • Substance testing labs or medical professionals that you have gone to as part of your work for Sterling
  • Social media platforms
  • Other publicly available sources

Information about protected class or characteristics, if you tell us about them C

(examples: sex or gender, gender identity, race, ethnicity, sexual orientation, disability or health status, and others)

  • Run diversity and inclusion programs and affinity groups for workers
  • Manage accommodations for different needs
  • You

Attendance information I

(examples: hours worked, reasons for leave or tardiness, information about a medical condition, information about your family, information about a disability)

  • Manage staffing, hours and attendance
  • Manage accommodations for different needs
  • You
  • Medical professionals you ask to speak with us
  • Family members or other representatives you ask to speak with us

Information about workplace benefits, support, and health A, B, C

(examples: medical information, substance test results, disability information, marital status, family information, transportation records, vehicle information, charitable donation information, professional development and education information, personal concerns or problems)

  • Manage benefits
  • Provide support services to workers
  • Maintain a healthy and substance-free workplace
  • You
  • Substance testing labs or medical professionals that you have gone to as part of your work for Sterling or that you have asked to speak to us
  • Family members or other representatives you ask to speak with us
  • Benefits providers

Tax and payroll information A, B, C

(examples: identity documents, date of birth, government ID numbers, loan information, wage garnishment information, banking information, marital status, family information)

  • Make sure you get paid
  • Report payroll and tax information to government authorities
  • Pay taxes
  • You
  • Government agencies
  • Courts

Network and equipment use information F

(examples: access logs, IP address, login credentials, data access, internet browsing activities, email records, chat records, telephone calls, information about your home office, information about your mobile device, voicemails)

  • Make sure our systems are secure
  • Investigate unusual or suspicious behavior
  • Investigate suspected violations of company policy or the law
  • You
  • Your device

Information about your job performance, quality, and productivity I

(examples: computer and network activity, telephone call recordings, email and chat logs, performance appraisals, training records, corrective action records, assessments of quality and quantity of work done)

  • Manage individual, team and company performance, quality, and productivity
  • You
  • Monitoring of activities on our systems
  • Your supervisor
  • Other workers

Emergency contact information A, B

  • Communicate with you, your family or your friends in an emergency
  • You

Your opinions and feedback about Sterling, your job, and other workers

  • Measure our performance as a workplace
  • Improve the experience for our workers
  • You

Biometric information E

(examples: fingerprints, fingerprint geometry, hand geometry, face geometry, photographs)

  • Allow you to access our offices
  • Allow you to track your working hours
  • Provide you with a company ID card
  • You

Information about your personal belongings in our offices

(examples: contents of bags or storage lockers)

  • Make sure our offices are secure
  • You

Information about your activities in our offices H

(examples: entry and exit records, security video and audio recordings)

  • Ensure our offices are secure
  • Investigate unusual or suspicious behavior
  • Investigate suspected violations of company policy or the law
  • You
  • Recording devices

Information collected as part of an investigation D, F, G, H, I

(examples: activity on social media, in the news, or in public; information about interpersonal relationships; complaints or concerns voiced by others; internal and external communications)

  • Investigate suspected violations of company policy or the law
  • You
  • Social media platforms
  • News outlets
  • Remote monitoring
  • Other workers, clients, or other relevant people

Service improvement and compliance

We constantly analyze our systems and services to make sure they work as well as possible. Whenever we can, we do this analysis with anonymous information, meaning identifiable information (for example, your name, date of birth, and government-issued identification numbers) is removed, but we also need to analyze identifiable information. Also, we have some legal obligations to ensure our systems are secure and our results are accurate. Finally, some sources audit us to make sure we are using information properly.

If the law and contracts with our clients allow it, we use personal information for these purposes:

  • Watching system activity and data movement to make sure your personal information is secure
  • Reviewing service fulfillment and results to make sure they have been done correctly
  • Testing systems to make sure they work right and to find coding mistakes
  • Making sure sources are providing us with consistent and accurate information
  • Checking that our workers, service providers, and other people or organizations that help us operate are doing their work properly
  • Looking for patterns, analyzing manual and automated business activities, and gathering other business information to help our people and our systems work faster, more accurately, and more efficiently in the future
  • Allowing sources (like consumer and credit reporting agencies, courts, police services, government agencies, and others) to check that we are collecting and using information from them properly

Mergers and acquisitions

Like many industries, our industry undergoes a lot of changes. This means that we might buy other companies, or we might be bought by another company. We might also join together with other companies to create a new partnership or joint venture. When we do this, personal information from different companies might be mixed together. However, the commitments in this privacy statement remain the same. Any new company that has access to your personal information through merger, acquisition or joint venture activity will not use it for any new purposes.

Online tracking and cookies

When you use websites and read emails, information is created about your activities. This can be as simple as a log of your IP address accessing the website or an indication of whether you read an email, or it can be more complex, like step-by-step records of everywhere you have clicked and how long you have stayed on each page. Many websites save small files called “cookies” on your computer, so that the same website can recognize you as you move around the website and when you come back in the future. There are a few websites that you can refer to for more information about how cookies work. We recommend http://aboutcookies.org.

To keep things easy to understand, we call cookies and other internet tracking technologies “trackers” throughout this section.

Sterling and other organizations we work with use trackers when you use our websites and read our emails. Depending on how you interact with us, these trackers serve different functions. When you access one of our websites for the first time, we show you a banner that allows you to see what kinds of trackers will be used on that website and what they do. Some trackers need to be on for functional reasons, but you might be able to turn off others. If you have choices about trackers, you can to make those choices through that banner. Our websites have trackers for the following reasons:

Access and disclosure

Each table below tells you the people and organizations that might have access to your personal information (or to whom we might disclose your information) based on your relationship with us. Remember, you might fit into more than one of these categories.

When a person or an organization works on our behalf to store data, maintain our systems, or help us perform services, we only choose people or organizations that will protect your personal information appropriately and use it only the way we ask them to. We require these partners and service providers to make that commitment through a contract.

Who has access? What information do they get? What do they do with it?

Sterling’s client support, service fulfillment, finance, compliance, privacy, information technology, and data analytics teams

  • All personal information
  • Communicate with you and our client about our services
  • Fulfill and collect payment for services
  • Maintain our systems
  • Analyze our business activities
  • Comply with our legal obligations

Our client

  • All personal information collected when we provide services to that client
  • Determined by our client

Organizations you ask us to share your information with

  • The information you ask us to share
  • Determined by the recipient organization

Data storage and processing providers

  • All personal information in our custody
  • Store, carry out automated tasks on, and provide access to, data

Technology support providers

  • Personal information in our custody with which we require technical support
  • Provide technical assistance in developing and using our systems

Other companies that provide services similar to ours

  • Personal information required to complete services
  • Provide services we cannot complete due to geographic, linguistic, or technical limitations
  • Provide services when we need help to handle overflow volume

Court researchers

  • Name
  • Date of birth
  • Government-issued identifiers
  • Address history
  • Other information required to complete court research
  • Court records
  • Retrieve and report court records

Drug and health testing sites and labs

  • Name
  • Date of birth
  • Government-issued identifiers
  • Other information required to complete drug and health testing
  • Health information, including test results
  • Collect and test biological specimens for drugs or other health-related purposes

Local police services and national criminal record checking authorities like the Australian Criminal Intelligence Commission, the UK Disclosure and Barring Service, the Royal Canadian Mounted Police, or the Federal Bureau of Investigation

  • Name
  • Date of birth
  • Government-issued identifiers
  • Address history
  • Other information required to complete police record searches
  • Police records
  • Fingerprints or other biometric identifiers (images or geometry)
  • Conduct police record checks
  • Conduct law enforcement duties

Biometric collection or transmission services

  • Fingerprints or other biometric identifiers (images or geometry)
  • Name
  • Address
  • Date of birth
  • Government-issued identifiers
  • Professional license numbers
  • Physical characteristics
  • Reasons for a request for services
  • Conduct fingerprint-based public record checks

Translation services

  • Personal information we have received in a language our workers cannot understand
  • Translate documents or information
  • Provide services in the language required by our client

Survey services

  • Name
  • Contact information
  • Opinions about our services
  • Conduct surveys

Credit card processing services

  • Billing and payment card information
  • Process payment for services
Who has access? What information do they get? What do they do with it?

Sterling’s marketing and sales teams

  • All personal information
  • Develop and carry out our marketing and sales activities

Marketing analytics, communications, and data aggregation providers

  • IP address and location
  • Web browsing behavior
  • Information entered in contact forms on marketing websites
  • Analyze the use of our marketing websites to provide a better and more relevant user experience
  • Identify users to target marketing and sales activities
  • Manage marketing communications

Advertising and social media partners

  • Name
  • Job title and employer
  • Contact information
  • Deliver targeted marketing and advertising to you

Data storage and processing providers

  • All personal information
  • Store, carry out automated tasks on, and provide access to, data

Technology support providers

  • Personal information with which we need technical support
  • Provide technical assistance in developing and using our systems

Survey services

  • Name
  • Contact information
  • Opinions about our services
  • Conduct surveys
Who has access? What information do they get? What do they do with it?

Sterling’s human resources, finance, and executive teams, and your direct and indirect supervisors

  • All personal information
  • Manage all aspects of Sterling’s relationship with you

Recruiting companies

  • Name
  • Contact information
  • Employment, education and other professional background information
  • Help you become a Sterling worker

Payroll providers

  • Name
  • Government identifiers
  • Tax information
  • Banking information
  • Hours worked
  • Wage/salary
  • Other payroll- and tax-related information
  • Ensure payment of wages/salary and related taxes and fees

Data storage and delivery providers, including data centers/cloud providers, applicant tracking systems, recruiting systems, human resources information systems, and others

  • All personal information
  • Store, carry out automated tasks on, and provide access to, data

Technology support providers

  • Personal information with which we need technical support
  • Provide technical support

Organizations involved in background screening (see the table for “candidates” above)

  • Personal information required to complete background checks (see the table for “candidates” here)
  • Background screening

Benefits providers, including healthcare providers, financial institutions, and others

  • Identifying information
  • Health information
  • Information about family members
  • Financial information
  • Other information required to provide benefits
  • Provision of benefits, including health plans, retirement plans, and support services

Survey services

  • Name
  • Department
  • Job title
  • Contact information
  • Opinions about Sterling
  • Conduct surveys

Retention

We keep personal information long enough to meet our and our clients’ contractual, legal, and business needs. Once we no longer need your personal information, it is deleted or anonymized, meaning you can no longer be identified from any remaining information. To delete data, we de-index it from our databases and overwrite it with new information. There are many factors that go into deciding how long to keep personal information. Our general retention guidelines are as follows:

  • If you are a candidate or source in the United States or Canada, we usually need to keep your personal information for at least six years to comply with our legal and contractual obligations. If you are in another country, we may only need to keep your personal information for a few months so we can fulfill the services and collect payment for them, but sometimes we might need to keep it longer because of the type of information we collected about you or where we collected it from. Also, our clients use our system to keep records of all the services they have requested, so they might need us to keep your personal information longer. We do not delete personal information collected on behalf of our client until our client asks us to delete it
  • If you are candidate having fingerprint collection or screening done with Sterling Identity, we keep fingerprints and criminal history information for no more than 29 days. After that, they are deleted. We are required to retain certain information about your fingerprint screening for one to three years for compliance with FBI audit requirements. Beyond that, we keep personal information in active accounts for seven years, after which it is anonymized. If your account is inactive, we anonymize your personal information three years after your last login
  • If you are a candidate having a national coordinated criminal history check done in Australia, we do not keep the results of that check for more than 12 months, and we keep the information you submitted for us to complete the check for no less than 12 months and no more than 18 months
  • If you are a candidate and we receive a UK criminal disclosure certificate about you, we do not keep the certificate for more than six months

To find out how long personal information is retained in your case, contact us and we will let you know or tell you how to find out.

Accuracy

Much of the personal information we collect comes directly from you, so you control if it is accurate or not. When we collect personal information from sources, the source is responsible for making sure it is accurate. No matter how we collect your personal information, we correct it if we find out it is inaccurate, either because you told us it was inaccurate, or we discovered it was inaccurate through regular quality control checks. To ask for correction of your personal information, contact us.

Information security

We have advanced security measures to secure and protect your personal information, such as internal and external firewalls, monitoring and alert systems to prevent and detect hackers, and 256-bit encryption of data in transit and at rest. Our servers are in secure locations that are carefully monitored and audited. Most of our employees access personal information only through secure virtual desktop interfaces, and our online interfaces are encrypted, password-protected, and monitored.

We have rigorous physical security policies to prevent unauthorized physical access to our offices. Our servers and offices, including electronic storage and paper documents containing personal information, are kept in access-controlled and monitored environments.

When we collect and communicate personal information outside of Sterling, we take care to do so through secure connections (like an SSL web connection or through a direct electronic integration) whenever possible. If we cannot exchange personal information that way because of technological limitations, we exceptionally collect and communicate personal information by phone, fax, postal mail, or email. If we have asked you to provide your personal information and you are not comfortable with the way you have been asked to provide it, contact us and we will provide an alternate method.

All our employees have been background checked and have taken security and privacy training courses. Our workers are only permitted to access your personal information if they need it to do their work.

Our contracts with service providers require them to protect your personal information properly and allow us to monitor them to be sure they do.

These information security practices are the same in all our offices around the world. Your personal information is protected to the same level whenever it is with Sterling, no matter where it goes.

International data transfers

Almost all the personal information we have is stored in data centers or with cloud providers in Canada, the European Union, Singapore, or the United States. A small amount of personal information is also stored in our offices around the world, including personal information about our workers, personal information that we have sent or received by mail or courier service, and information that is subject to special local rules. Our offices are in Australia, Canada, China, Hong Kong, India, Malaysia, Mexico, the Netherlands, the Philippines, Poland, Singapore, the United Arab Emirates, the United Kingdom, and the United States. We also have some workers who work remotely in other countries.

Any of the types of information we collect may be handled in any of the countries where we operate, for any of the purposes we collect personal information. The people and organizations who access personal information may be located anywhere in the world. Where your personal information is stored and accessed depends on why we have it and which part of our organization is using it. The following are general guidelines about where personal information is most frequently stored and accessed:

  • If you are engaging with our United States companies (Sterling, Sterling Volunteers, Sterling Diligence, or Sterling NOW), then personal information will primarily be stored in the United States and processed in the European Union, India, Mexico, the Philippines, and the United States
  • If you are engaging with Sterling Identity for fingerprinting services, your personal information is stored and accessed in the United States only
  • If you are engaging with our Canadian company (Sterling Backcheck and myBackCheck.com), then personal information will primarily be stored in Canada and the United States and processed in Canada, the European Union, India, Mexico, the Philippines, and the United States
  • If you are engaging with our Europe, Middle East, and Africa companies (Sterling EMEA), then personal information will primarily be stored in Germany, Canada or the United States and processed in the European Union, India, the Philippines, the United Arab Emirates, the United Kingdom, and the United States
  • If you are engaging with our Asia-Pacific companies (Sterling APAC and National Crime Check), then personal information will primarily be stored in Australia, Singapore, and the United States and processed in Australia, China, Hong Kong, Malaysia, the Philippines, Singapore, and the United States
  • If you are undergoing an Australian national coordinated criminal history check, your personal information will be stored in Singapore and processed in Australia, Malaysia, the Philippines, and Singapore
  • If you are paying for a service using a card, your payment card data will be processed by our payment partner in the United States.

If we are asked to collect information about you from sources outside of a country where we are located or using a language we do not know, your personal information might be stored and accessed from additional countries.

We follow European rules for protecting cross-border transfers of personal information, including by being certified to the EU-US Data Privacy Framework and UK Extension.

Personal information disclosure: United States or overseas

When Sterling is acting as an Investigative Consumer Reporting Agency under California state law, personal information collected from candidates in the United States may be transferred outside of the United States as follows:

  •  To Sterling’s affiliate operations centers in Australia, Brazil, Canada, Colombia, the European Union, India, Malaysia, Mexico, the Philippines, Singapore, and the United Kingdom for service fulfillment
  • To Sterling’s information technology service providers in Australia, Canada, Singapore and the European Union if needed to transfer personal information between the United States and our affiliates around the world
  • To third parties from which personal information must be collected or verified to fulfill services requested by our client (for example, if our client asks for a criminal record check in Brazil, personal information will be transferred to the organization in Brazil that provides police certificates)
  • To our affiliates, partners or service providers that provide country- or region-specific services, where our client has requested those services (for example, if our client asks for an education verification in Japan, personal information may be transferred to a company in Asia with expertise in verifying Japanese education history in the Japanese language)

Risks of international data transfers

No matter where we store or access your personal information, we protect it to the same high standard and your rights remain the same. This means that if we handle personal information in a country with weaker privacy and data protection laws than what would usually apply, we still follow the stricter laws. However, if local laws in a different country apply to your personal information, then local authorities in that country (like courts, police, or the government) might be able to demand access to personal information. This is very unlikely to happen, but if it does, we carefully consider our response before providing information to public authorities and always take your interests into account.

Requests for personal information from public authorities

Law enforcement agencies, national security agencies, courts, or other public bodies in any jurisdiction where we are subject to the law may ask us for personal information, no matter where it is stored. If we get a production order, warrant, subpoena, or other enforceable demand, we will comply as required by law. If we get a request by a public authority to provide information voluntarily, we will consider your interests, our business interests, the interests of our clients, public safety implications, and our legal obligations before we decide whether to communicate personal information. If the personal information was collected from or on behalf of a client, we will consult with the client before proceeding if allowed by law.

We may decide to share personal information with law enforcement or other third parties proactively if necessary to investigate or report a violation of the law or a contractual agreement, if allowed by law.

For the experts

There are some things that we are required to say by law, but that are difficult to understand for someone who is not an expert. Instead of making it harder to read about privacy by mixing those things into The Basics and The Details, we have added a section called The Legal and Technical Stuff for the people who are really interested. Lawyers, regulators, and privacy geeks, this is for you!