Sterling is a global company with operations in several countries and under several brand names. The following tables identify each local Sterling entity. No matter which Sterling company you have engaged with, you are welcome to contact the one closest to where you live, and they will help you find what you need.
| Legal name | Doing business as | Address |
|---|---|---|
|
Sterling Infosystems Inc. (USA) |
Sterling |
1 State Street Plaza, 24th Floor New York, NY 10004 USA |
|
Bishops Services LLC (USA) |
Sterling Diligence |
1 State Street Plaza, 24th Floor New York, NY 10004 USA |
|
STS SID LLC (USA) |
Sterling Identity |
1 State Street Plaza, 24th Floor New York, NY 10004 USA |
|
Sterling Backcheck Canada Corp. |
Sterling Backcheck |
200-19433 96 Avenue Surrey, BC V4N 4C4 Canada |
| Legal name | Doing business as | Address |
|---|---|---|
|
Sterling (EMEA) Limited (United Kingdom) ICO Registration Number: Z9745943 |
Sterling Sterling’s global representative in the United Kingdom |
8th Floor, Alexandra House 1 Alexandra Road Swansea SA1 5ED United Kingdom |
|
Sterling EMEA BV (Netherlands) |
Sterling Sterling’s global representative in the European Union |
Weesperstraat 61, kantoor 105 1018 VN Amsterdam, Netherlands |
|
Sterling sp. z o.o. (Poland) |
Service provider for other Sterling businesses |
ul. Marii-Curie-Skłodowskiej 12 50-381 Wrocław, Poland |
| Legal name | Doing business as | Address |
|---|---|---|
|
Sterling Information Resources India Private Limited |
Service provider for other Sterling businesses |
9th Floor, G-Corp Tech Park, Kasarvadavli, Ghodbunder Road, Thane (West), 400615 Maharashtra, India |
|
Sterling Talent Solutions Philippines Inc. |
Service provider for other Sterling businesses |
5th Floor, Science Hub Tower 5, 1110 Campus Avenue, McKinley Hill Town Center, Fort Bonifacio, Taguig City 1634 Philippines |
|
AIM Screening Pty Ltd (Australia) |
Sterling RISQ |
Suite 902, Level 9, 50 Berry Street North Sydney 2060 NSW Australia |
|
AIM Screening (M) Sdn Bhd (Malaysia) |
Sterling RISQ |
W307/W308, Level 3, West Tower, Wisma Consplant 1, No. 7, Jalan SS16/14 7500 Subang Jaya, Selangor, Darul Ehsan, Malaysia |
|
AIM Screening Pte Ltd (Singapore) |
Sterling RISQ |
101 Thomson Road, #10-1 United Square, Singapore 307591 |
|
AIM Screening Limited (Hong Kong) |
Sterling RISQ |
Unit C, 11/F, On Hing Building,1 On Hing Terrace, Central, Hong Kong |
|
RISQ Group Management Consulting Co Ltd (China) |
Sterling RISQ |
1508. Bldg.B, Jia Tai International Tower, No.41 East Fourth Ring Middle Rd, Chaoyang District, Beijing, China 100025 |
|
National Crime Check Pty Ltd (Australia) |
National Crime Check |
100 Jude Lane, Kent Town, South Australia 5067, Australia |
Information for people in Europe
(EEA, UK, and Switzerland)
The GDPR and other European data protection laws
Data protection laws in the European Economic Area (EEA) — which includes the European Union (EU) — as well as data protection laws in the United Kingdom (UK), Switzerland, and some other European countries, apply to some of the personal information that Sterling handles. Usually, this is because the data controller is located in Europe (no matter where you are located) or is offering you a product or service and you are located in Europe.
European data protection laws will not necessarily apply to your personal information just because you are in Europe or you have European citizenship. European data protection laws probably apply to your personal information if:
- You are a client, prospect, or website visitor located in Europe
- You are a candidate located in Europe and you have requested services about yourself
- You are a candidate or source and we are performing services for an organization located in Europe
- You are a worker for a Sterling company in Europe
Even if you are located in Europe, European data protection laws probably do not apply to your personal information if:
- You are a client, prospect, or website visitor looking for Sterling services that are not related to Europe (for example, you are looking for background screening services to support your company’s United States locations)
- You are a candidate and you are requesting services for yourself that are not related to Europe (for example, a Canadian or Australian online criminal record check)
- You are a candidate or source and we are performing services for an organization located outside Europe
- You are a worker for a Sterling company outside Europe
For more information about what laws we apply to your personal information, contact us.
Controllers and processors
Under data protection laws in EEA and EU member states, as well as the UK, Switzerland, and some other European countries, there is a distinction between “controllers” and “processors” of personal information. Controllers determine the purposes and means of collecting and handling personal information, and processors collect and handle personal information on behalf of controllers, only following the controllers’ instructions and the law and not making their own decisions about what to do with personal information. You can find more information about controllers and processors here.
When the GDPR or other European laws apply, Sterling is sometimes a controller and sometimes a processor. When we collect and use personal information of workers, clients, prospects, and website visitors, we are always a controller. When we collect and use personal information of candidates and sources, we are sometimes a controller and sometimes a processor.
When we are a controller, we are responsible for all aspects of compliance with European privacy and data protection laws and you can generally exercise any of your rights directly with us. We sometimes share these responsibilities with another organization (usually our client) but we are still accountable for what we do with personal information.
When we are a processor, we are responsible for securing and protecting personal information in our custody, reporting any requests or problems to the controller (usually our client), and following that controller’s instructions. We cannot decide whether it is appropriate to collect your personal information or how or whether you can exercise your rights.
The difference does not usually matter much to you, but sometimes it will affect our ability to make decisions about your personal information. For example, if we are a processor, we might not be able to decide whether to give you a copy of your personal information or delete your personal information; the controller will have to decide. We also might not be able to take personal information that we collected for one client and share it with another client. If you contact us and we cannot do what you ask because we are a processor, we will explain that to you and contact the controller (usually our client) to make sure your request gets to the right place.
Lawful basis for processing personal information
Under data protection laws in EEA and EU member states, as well as the UK, Switzerland, and other European countries, there must be a “lawful basis” for collecting and handling your personal information. You can find more about the different options that organizations can choose as a lawful basis here. Sometimes, additional conditions must be met when we collect “special categories” of personal information, or information about criminal convictions.
Each of the following is a lawful basis for processing personal information under European law:
- Contract means we need to handle your personal information to fulfill our duties under a contract with you
- Consent means you have made a free and informed choice to allow us to handle your personal information. When we rely on your consent to process your personal information, you may withdraw that consent any time
- Legal obligation means we are required by law to handle your personal information
- Vital interests means handling your personal information is necessary to protect someone’s life
- Legitimate interests means handling your personal information is necessary to meet our, our client’s, or someone else’s reasonable business needs while balancing those needs with the protection of your own interests and rights
Each table below indicates the lawful basis for each personal information processing activity, depending on your relationship with us.
| Processing Activity | Lawful Basis |
|---|---|
|
Performing and collecting payment for services requested by you |
Contract |
|
Performing and collecting payment for services requested by our client, which may include handling special categories of personal information or criminal history |
Legitimate interests of our client or another lawful basis established by our client |
|
Complying with audit, retention and other obligations imposed by the third-party source of personal information |
Legal obligation in Europe, our legitimate interest to comply with a legal obligation outside of Europe, or the third-party source’s legitimate interest to ensure proper use of personal information it holds |
|
Carrying forward past service results and using them to complete services for a different client |
Our, your, and our client’s legitimate interest to perform services quickly and accurately |
|
Collecting your opinions about our services |
Consent |
|
Sending you legally mandated notices about our services and your personal information |
Legal obligation |
|
Recording and reviewing telephone calls and other communications |
Our and our client’s legitimate interest to maintain service quality |
|
Ensuring our systems are secure |
Legal obligation |
|
Analyzing and improving our services |
Our legitimate interest to understand how our business works and operate quickly, efficiently, and accurately |
| Processing Activity | Lawful Basis |
|---|---|
|
Contacting you about services you have requested or changes to the way we perform services |
Contract |
|
Contacting you to provide information you have asked for or subscribed to |
Consent |
|
Determining whether you might be interested in our services, and contacting you to market or sell our services |
Our legitimate interest to market and sell our services |
|
Sending you legally mandated notices |
Legal obligation |
|
Recording and reviewing telephone calls and other communications |
Our legitimate interest to maintain service quality |
|
Tracking your online activity |
Our legitimate interests to maintain high-quality websites and market and sell our services |
| Processing Activity | Lawful Basis |
|---|---|
|
Collecting and reviewing your application for employment |
Consent |
|
Conducting an interview, confirming your qualifications and background, including criminal history, other sanctions, and publicly available social media content |
Our legitimate interests to hire high-quality workers and protect our assets and reputation |
|
Paying your wages or salary |
Contract |
|
Deducting and paying income taxes and other payroll-related activities |
Legal obligation |
|
Providing health and pension benefits |
Legal obligation |
|
Accommodating sickness, disability, and pregnancy |
Legal obligation |
|
Maintaining workplace health and safety |
Legal obligation |
|
Monitoring your activities on our networks and in our offices for security |
Legal obligation |
|
Monitoring and evaluating your attendance, work activities, policy adherence, and job performance |
Our legitimate interests to perform business functions efficiently and effectively, and protect our assets and reputation |
|
Investigating allegations of improper behavior |
Our legitimate interests to enforce our organizational policies and protect our assets and reputation |
|
Collecting and analyzing your opinions about Sterling |
Our legitimate interest to promote a happy workforce |
|
Maintaining emergency contact information |
Vital interests |
Additional conditions for processing special categories of personal information and criminal convictions
Under data protection laws in in EEA and EU member states, or the UK, Switzerland, and other European countries, certain types of personal information require additional conditions to be met beyond a lawful basis. These include:
- racial or ethnic origin
- political opinions
- religious or philosophical beliefs
- trade union membership
- genetic data
- biometric data
- data concerning health
- data concerning sex life or sexual orientation
- criminal convictions and offenses or related security measures
If you are a candidate and we are performing services requested by our client, and the services require us to handle one or more of these types of personal information, our client must make sure the appropriate conditions are met for processing these types of personal information.
If you are a candidate and we are performing services requested by you, we process these types of personal information based on your consent.
We do not collect or handle any of these types of personal information about our clients, prospects, or website visitors.
If you are a worker in a European country:
- We might collect information about your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, sex life, or sexual orientation in our day-to-day interactions with you if you have manifestly made the information public (for example, by posting about it publicly on a social media platform or speaking about it to the press) or if you have decided of your own accord to share it with us (for example, by providing us with the name and contact information of your spouse or domestic partner). We do not ask you to provide this information, we avoid collecting it wherever possible, and we do not collect it if it is prohibited by law where you work
- We might collect your racial or ethnic origin to promote and assess workplace diversity and equal opportunity. If we do, the collection of this information is optional and only done where we have permission to do so under local employment laws in the country where you work and have appropriate policy documents controlling how the information is used
- We collect information about your health to comply with our obligations under employment laws (for example, to accommodate a disability, health condition, or pregnancy), or to protect public health (for example, by monitoring workplace health during an outbreak of sickness)
- We collect information about criminal convictions and offenses or related security measures as part of some pre-employment background checks:
- In the United Kingdom, we do this based on the substantial public interest to prevent or detect unlawful acts, subject to appropriate policy documents controlling how the information is used
- In the Netherlands, we do this based on our right under Dutch law to assess your application to work for us and protect our interests by preventing the commission of criminal acts against us or other workers
- In Poland, we do not collect this type of information about our workers
- We do not collect your genetic or biometric information, as those are defined in European data protection laws
Cross-border data transfers, including Privacy Shield
If your personal information is subject to data protection laws in EEA and EU member states, or the UK, Switzerland, or some other European countries, it may be transferred outside of the relevant jurisdiction based on one or more of the following legal mechanisms:
- Relevant authorities have decided that your personal information will be protected adequately once it is transferred. These countries and sectors have been deemed to be adequate by European Authorities
- We, our client, or a third-party partner or service provider have signed contractual clauses with the recipient of personal information that relevant authorities have deemed to ensure adequate protection of personal information
- We, our client, or a third-party partner or service provider has binding corporate rules within their corporate group that relevant authorities have deemed to ensure adequate protection of personal information
- You have provided your consent for us to transfer data to allow us to carry out services for you or on behalf of a client
Contact us for more information about the legal mechanism for transfer of your personal information, and to see copies of safeguards that have been used for that transfer, if applicable.
Sterling Infosystems Inc. and its US affiliates and subsidiaries operating under the brand name of Sterling (listed below under “Privacy Shield Covered Entities”) comply with the EU-US and Swiss-US Privacy Shield Frameworks as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information transferred from the EU, Switzerland, and UK to the United States. Sterling has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. Sterling remains responsible for personal information that is communicated to third parties for processing. If there is any conflict between this statement and the Privacy Shield Principles, the Privacy Shield Principles will prevail. To learn more about the Privacy Shield program and to view our certification, please visit https://www.privacyshield.gov. The Federal Trade Commission has jurisdiction over Sterling’s compliance with Privacy Shield. We commit to cooperating with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC), and comply with the advice given by the panel and the FDPIC with regard to personal information transferred from the EU, Switzerland, or the UK. We may also be subject to the investigatory and enforcement powers of the Federal Trade Commission. In some circumstances, you may be able to invoke binding arbitration to resolve your complaint where your personal information has been transferred to and processed in the United States.
While the Privacy Shield framework is no longer considered an adequate mechanism for transferring personal information from the EU to the United States, it is still in place and Sterling still complies with its principles. You can still exercise any rights you may have under the Privacy Shield framework.
Privacy Shield covered entities
- Bishops Services, LLC
- Sterling Infosystems Inc. d/b/a ESIQ
- Sterling Infosystems Inc. d/b/a Sterling
- Sterling Infosystems Inc. d/b/a Sterling Talent Solutions
- Sterling Infosystems Inc. d/b/a Talentwise
- Sterling Infosystems Inc. d/b/a Verified Person
- Sterling Infosystems Inc. d/b/a Verified Volunteers
- STS SID LLC d/b/a SureID
Automated decision making and profiling
Sterling does not use automated means to evaluate or profile you or make decisions about you which have legal effects or otherwise significantly affect you. Our clients may use our services to make decisions about you. We do not know how our clients make decisions based on our services.
We may use automated means to gather or validate information about you. You can contact us to dispute any personal information that you believe is incorrect, whether or not it was it was gathered automatically.
Information for people in California
The California Consumer Privacy Act
The California Consumer Privacy Act (CCPA) is a law that protects the personal information of people in California. However, it only applies to some personal information, because other information is protected by other laws. Some or all of the protections and requirements in the CCPA may apply to your personal information in the following circumstances:
- You are a client, prospect, or website visitor and you live in California
- You are a worker in California
- You are a candidate or a source for a service that does not involve background checks (for example, onboarding or I-9 forms, fingerprinting services, or investment due diligence services)
The CCPA probably does not apply to your personal information in the following circumstances:
- You do not live in California (laws in your state will apply to your personal information instead)
- You are a candidate or a source for background screening services (the federal Fair Credit Reporting Act and similar state laws will apply to your personal information instead)
For more information about what laws apply to your personal information, contact us.
Businesses and service providers
Under the CCPA, there is a distinction between “businesses” and “service providers.” Businesses determine the purposes and means for collecting and handling personal information, and service providers collect and handle personal information on behalf of businesses, only following the businesses’ instructions and the law and not making their own decisions about what to do with personal information.
When the CCPA applies, Sterling is sometimes a business and sometimes a service provider. When we collect and use personal information of workers, clients, prospects, and website visitors, we are always a business. When we collect and use personal information of candidates and sources, we are usually a service provider.
When we are a business, we are responsible for all aspects of compliance with the CCPA and you can generally exercise any of your rights directly with us.
When we are a service provider, we are responsible for securing and protecting personal information in our custody, reporting any requests or problems to the business (usually our client), and following that business’s instructions. We cannot decide whether it is appropriate to collect your personal information or how or whether you can exercise your rights.
The difference does not usually matter much to you, but sometimes it will affect our ability to make decisions about your personal information. For example, if we are a service provider, we might not be able to decide whether to give you a copy of your personal information or delete your personal information. We also might not be able to take personal information that we collected for one client and share it with another client. If you contact us and we cannot do what you ask because we are a service provider, we will explain that to you and contact the relevant business (usually our client) to make sure your request gets to the right place and you get a response from the right organization.
Sale of personal information
Sterling does not sell personal information that is subject to the CCPA.
Categories and disclosure of personal information
The CCPA defines a specific list of categories of personal information and requires that we indicate each category of personal information we collect, why we collect it, where we get it from, and to whom we disclose it for a business purpose.
Each category is assigned a letter in the table below, corresponding with the subdivision of the CCPA that describes that category. We have added notations to the tables that set out the types of personal information, sources, and purposes for collection to indicate which category each type of personal information in that table belongs to.
For detailed information about who we disclose personal information to, see the section entitled people and organizations that access personal information.
| Category | Collected | Disclosed |
|---|---|---|
|
A. Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, internet protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers |
Yes
|
Yes
|
|
B. Name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information |
Yes
|
Yes
|
|
C. Characteristics of protected classifications under California or federal law |
Yes
|
Yes
|
|
D. Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies |
Yes
|
Yes
|
|
E. Biometric information |
Yes
|
Yes
|
|
F. Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an internet website, application, or advertisement |
Yes
|
Yes
|
|
G. Geolocation data |
Yes
|
Yes
|
|
H. Audio, electronic, visual, thermal, olfactory, or similar information |
Yes
|
Yes
|
|
I. Professional or employment-related information |
Yes
|
Yes
|
|
J. Education information, defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. section 1232g, Sec. 1232g; 34 C.F.R. Part 99) |
Yes
|
Yes
|
|
K. Inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes |
No
|
No
|