Sterling
  • Privacy Basics
  • Privacy Details
  • Legal & Technical
  • Your Rights, Choices & Contact
    • English
      • Français (French)
      • Deutsch (German)

Legal and Technical Stuff

Sterling Companies

Americas
Europe, Middle East, and Africa
Asia-Pacific

Information for people in Europe (EU/EEA, UK, Switzerland)

The GDPR and other European data protection laws
Controllers and processors
Lawful basis for processing personal information
Additional conditions for processing special categories of personal information
Cross-border data transfers, including the EU-US Data Privacy Framework and UK Extension
Automated decision making and profiling

Information for People in California

The California Consumer Privacy Act
Businesses and service providers
Sale of personal information
Categories and disclosure of personal information

Sterling is a global company with operations in several countries and under several brand names. The following tables identify each local Sterling entity. No matter which Sterling company you have engaged with, you are welcome to contact the one closest to where you live, and they will help you find what you need.

Legal name Doing business as Address

Sterling Infosystems Inc. (USA)

Sterling

Sterling Volunteers

Talentwise

ESIQ

Verified Person

Sterling Talent Solutions

6150 Oak Tree Boulevard, Suite 490

Independence, Ohio 44131 USA

Bishops Services LLC (USA)

Sterling Diligence

6150 Oak Tree Boulevard, Suite 490

Independence, Ohio 44131 USA

STS SID LLC (USA)

Sterling Identity

10220 SW Greenburg Road

Portland OR 97223 USA

Sterling Backcheck Canada Corp.

Sterling Backcheck

100 King Street West, First Canadian Place, Suite 5600
Toronto, ON M5X 1C9 Canada

A-Check America, LLC

A-Check

6150 Oak Tree Boulevard, Suite 490

Independence, Ohio 44131 USA

Employment Background Investigations, LLC

EBI

6150 Oak Tree Boulevard, Suite 490

Independence, Ohio 44131 USA

Socrates Consultoria Ltda. (Brazil)

Sterling Latin America

Rua Oswaldo Lussac, 355 bloco 02 /211 Taquara – Jacarepaguá – CEP 22.770.640

Tritium Consulting S.A.S. (Colombia)

Sterling Latin America

Av 6ª Bis #35N-100, Of. 212, Cali, Valle del Cauca, Colombia

Socrates Screening S.A. de C.V.

Sterling Latin America

Bosques de Duraznos No. 65-211, Colonia Bosques de las Lomas, Alcaldía Miguel Hidalgo, CDMX, Mexico, CP. 11700.

Legal name Doing business as Address

Sterling (EMEA) Limited (United Kingdom)

ICO Registration Number: Z9745943

Sterling

Sterling’s global representative in the United Kingdom

Suite 6, Axis 2 Business Centre, Axis Court

Swansea Vale, Swansea, SA7 0AJ United Kingdom

Sterling EMEA BV (Netherlands)

Sterling

Sterling’s global representative in the European Union

Weesperstraat 61, kantoor 105

1018 VN Amsterdam, Netherlands

Sterling sp. z o.o. (Poland)

Service provider for other Sterling businesses

ul. Marii-Curie-Skłodowskiej 12

50-381 Wrocław, Poland

Legal name Doing business as Address

Sterling Information Resources India Private Limited

Service provider for other Sterling businesses

Zenia Building, Unit No 302, 3rd Floor
Hiranandani Estate, Off Ghodbunder Road
Thane West – 400 607, Mumbai

Sterling Talent Solutions Philippines Inc.

Service provider for other Sterling businesses

The Curve Building, 3rd Avenue Corner 32nd Street, 23rd Floor, Bonifacio Global City (BGC), Taguig City 1634, Manila, Philippines

AIM Screening Pty Ltd (Australia)

Sterling

Suite 902, Level 9, 50 Berry Street

North Sydney 2060 NSW Australia

AIM Screening (M) Sdn Bhd (Malaysia)

Sterling

W307/W308, Level 3, West Tower, Wisma Consplant 1, No. 7, Jalan SS16/14 7500 Subang Jaya, Selangor, Darul Ehsan, Malaysia

AIM Screening Pte Ltd (Singapore)

Sterling

101 Thomson Road, #10-1 United Square, Singapore 307591

AIM Screening Limited (Hong Kong)

Sterling

Unit C, 11/F, On Hing Building,1 On Hing Terrace, Central, Hong Kong

RISQ Group Management Consulting Co Ltd (China)

Sterling

1508. Bldg.B, Jia Tai International Tower, No.41 East Fourth Ring Middle Rd, Chaoyang District, Beijing, China 100025

National Crime Check Pty Ltd (Australia)

National Crime Check

Tenancy A 100 Fullarton Road
Norwood SA 5067

Information for people in Europe
(EEA, UK, and Switzerland)

The GDPR and other European data protection laws

Data protection laws in the European Economic Area (EEA) — which includes the European Union (EU) — as well as data protection laws in the United Kingdom (UK), Switzerland, and some other European countries, apply to some of the personal information that Sterling handles. Usually, this is because the data controller is located in Europe (no matter where you are located) or is offering you a product or service and you are located in Europe.

European data protection laws will not necessarily apply to your personal information just because you are in Europe or you have European citizenship. European data protection laws probably apply to your personal information if:

  • You are a client, prospect, or website visitor located in Europe
  • You are a candidate located in Europe and you have requested services about yourself
  • You are a candidate or source and we are performing services for an organization located in Europe
  • You are a worker for a Sterling company in Europe

Even if you are located in Europe, European data protection laws probably do not apply to your personal information if:

  • You are a client, prospect, or website visitor looking for Sterling services that are not related to Europe (for example, you are looking for background screening services to support your company’s United States locations)
  • You are a candidate and you are requesting services for yourself that are not related to Europe (for example, a Canadian or Australian online criminal record check)
  • You are a candidate or source and we are performing services for an organization located outside Europe
  • You are a worker for a Sterling company outside Europe

For more information about what laws we apply to your personal information, contact us.

Controllers and processors

Under data protection laws in EEA and EU member states, as well as the UK, Switzerland, and some other European countries, there is a distinction between “controllers” and “processors” of personal information. Controllers determine the purposes and means of collecting and handling personal information, and processors collect and handle personal information on behalf of controllers, only following the controllers’ instructions and the law and not making their own decisions about what to do with personal information. You can find more information about controllers and processors here.

When the GDPR or other European laws apply, Sterling is sometimes a controller and sometimes a processor. When we collect and use personal information of workers, clients, prospects, and website visitors, we are always a controller. When we collect and use personal information of candidates and sources, we are sometimes a controller and sometimes a processor.

When we are a controller, we are responsible for all aspects of compliance with European privacy and data protection laws and you can generally exercise any of your rights directly with us. We sometimes share these responsibilities with another organization (usually our client) but we are still accountable for what we do with personal information.

When we are a processor, we are responsible for securing and protecting personal information in our custody, reporting any requests or problems to the controller (usually our client), and following that controller’s instructions. We cannot decide whether it is appropriate to collect your personal information or how or whether you can exercise your rights.

The difference does not usually matter much to you, but sometimes it will affect our ability to make decisions about your personal information. For example, if we are a processor, we might not be able to decide whether to give you a copy of your personal information or delete your personal information; the controller will have to decide. We also might not be able to take personal information that we collected for one client and share it with another client. If you contact us and we cannot do what you ask because we are a processor, we will explain that to you and contact the controller (usually our client) to make sure your request gets to the right place.

Lawful basis for processing personal information

Under data protection laws in EEA and EU member states, as well as the UK, Switzerland, and other European countries, there must be a “lawful basis” for collecting and handling your personal information. You can find more about the different options that organizations can choose as a lawful basis here. Sometimes, additional conditions must be met when we collect “special categories” of personal information, or information about criminal convictions.

Each of the following is a lawful basis for processing personal information under European law:

  • Contract means we need to handle your personal information to fulfill our duties under a contract with you
  • Consent means you have made a free and informed choice to allow us to handle your personal information. When we rely on your consent to process your personal information, you may withdraw that consent any time
  • Legal obligation means we are required by law to handle your personal information
  • Vital interests means handling your personal information is necessary to protect someone’s life
  • Legitimate interests means handling your personal information is necessary to meet our, our client’s, or someone else’s reasonable business needs while balancing those needs with the protection of your own interests and rights

Each table below indicates the lawful basis for each personal information processing activity, depending on your relationship with us.

Processing Activity Lawful Basis

Performing and collecting payment for services requested by you

Contract

Performing and collecting payment for services requested by our client, which may include handling special categories of personal information or criminal history

Legitimate interests of our client or another lawful basis established by our client

Complying with audit, retention and other obligations imposed by the third-party source of personal information

Legal obligation in Europe, our legitimate interest to comply with a legal obligation outside of Europe, or the third-party source’s legitimate interest to ensure proper use of personal information it holds

Carrying forward past service results and using them to complete services for a different client

Our, your, and our client’s legitimate interest to perform services quickly and accurately

Collecting your opinions about our services

Consent

Sending you legally mandated notices about our services and your personal information

Legal obligation

Recording and reviewing telephone calls and other communications

Our and our client’s legitimate interest to maintain service quality

Ensuring our systems are secure

Legal obligation

Analyzing and improving our services

Our legitimate interest to understand how our business works and operate quickly, efficiently, and accurately

Processing Activity Lawful Basis

Contacting you about services you have requested or changes to the way we perform services

Contract

Contacting you to provide information you have asked for or subscribed to

Consent

Determining whether you might be interested in our services, and contacting you to market or sell our services

Our legitimate interest to market and sell our services

Sending you legally mandated notices

Legal obligation

Recording and reviewing telephone calls and other communications

Our legitimate interest to maintain service quality

Tracking your online activity

Our legitimate interests to maintain high-quality websites and market and sell our services

Processing Activity Lawful Basis

Collecting and reviewing your application for employment

Consent

Conducting an interview, confirming your qualifications and background, including criminal history, other sanctions, and publicly available social media content

Our legitimate interests to hire high-quality workers and protect our assets and reputation

Paying your wages or salary

Contract

Deducting and paying income taxes and other payroll-related activities

Legal obligation

Providing health and pension benefits

Legal obligation

Accommodating sickness, disability, and pregnancy

Legal obligation

Maintaining workplace health and safety

Legal obligation

Monitoring your activities on our networks and in our offices for security

Legal obligation

Monitoring and evaluating your attendance, work activities, policy adherence, and job performance

Our legitimate interests to perform business functions efficiently and effectively, and protect our assets and reputation

Investigating allegations of improper behavior

Our legitimate interests to enforce our organizational policies and protect our assets and reputation

Collecting and analyzing your opinions about Sterling

Our legitimate interest to promote a happy workforce

Maintaining emergency contact information

Vital interests

Additional conditions for processing special categories of personal information and criminal convictions

Under data protection laws in in EEA and EU member states, or the UK, Switzerland, and other European countries, certain types of personal information require additional conditions to be met beyond a lawful basis. These include:

  • racial or ethnic origin
  • political opinions
  • religious or philosophical beliefs
  • trade union membership
  • genetic data
  • biometric data
  • data concerning health
  • data concerning sex life or sexual orientation
  • criminal convictions and offenses or related security measures

If you are a candidate and we are performing services requested by our client, and the services require us to handle one or more of these types of personal information, our client must make sure the appropriate conditions are met for processing these types of personal information.

If you are a candidate and we are performing services requested by you, we process these types of personal information based on your consent.

We do not collect or handle any of these types of personal information about our clients, prospects, or website visitors.

If you are a worker in a European country:

  • We might collect information about your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, sex life, or sexual orientation in our day-to-day interactions with you if you have manifestly made the information public (for example, by posting about it publicly on a social media platform or speaking about it to the press) or if you have decided of your own accord to share it with us (for example, by providing us with the name and contact information of your spouse or domestic partner). We do not ask you to provide this information, we avoid collecting it wherever possible, and we do not collect it if it is prohibited by law where you work
  • We might collect your racial or ethnic origin to promote and assess workplace diversity and equal opportunity. If we do, the collection of this information is optional and only done where we have permission to do so under local employment laws in the country where you work and have appropriate policy documents controlling how the information is used
  • We collect information about your health to comply with our obligations under employment laws (for example, to accommodate a disability, health condition, or pregnancy), or to protect public health (for example, by monitoring workplace health during an outbreak of sickness)
  • We collect information about criminal convictions and offenses or related security measures as part of some pre-employment background checks:
    • In the United Kingdom, we do this based on the substantial public interest to prevent or detect unlawful acts, subject to appropriate policy documents controlling how the information is used
    • In the Netherlands, we do this based on our right under Dutch law to assess your application to work for us and protect our interests by preventing the commission of criminal acts against us or other workers
    • In Poland, we do not collect this type of information about our workers
  • We do not collect your genetic or biometric information, as those are defined in European data protection laws

Cross-border data transfers, including the EU-US Data Privacy Framework and UK Extension

If your personal information is subject to data protection laws in EEA and EU member states, or the UK, Switzerland, or some other European countries, it may be transferred outside of the relevant jurisdiction based on one or more of the following legal mechanisms:

  • Relevant authorities have decided that your personal information will be protected adequately once it is transferred. These countries and sectors have been deemed to be adequate by European Authorities, while these countries and sectors have been deemed to be adequate by the UK Authorities.
  • We, our client, or a third-party partner or service provider have signed contractual clauses with the recipient of personal information that relevant authorities have deemed to ensure adequate protection of personal information
  • We, our client, or a third-party partner or service provider has binding corporate rules within their corporate group that relevant authorities have deemed to ensure adequate protection of personal information
  • You have provided your consent for us to transfer data to allow us to carry out services for you or on behalf of a client

Contact us for more information about the legal mechanism for transfer of your personal information, and to see copies of safeguards that have been used for that transfer, if applicable.

Sterling Infosystems Inc. and its US affiliates and subsidiaries operating under the brand name of Sterling (listed below under “Data Privacy Framework Covered Entities” and collectively referred to in this paragraph as “Sterling”) comply with the EU-US Data Privacy Framework (“EU-US DPF”), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework (“Swiss-US DPF”) as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information transferred from the EU, UK, and Switzerland to the United States. Sterling has certified to the US Department of Commerce that it adheres to the EU-US DPF Principles with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-US DPF and UK Extension to the EU-US DPF. Sterling has certified to the US Department of Commerce that it adheres to the Swiss-US DPF Principles with regard to the processing of personal data received from Switzerland in reliance on the Swiss-US DPF. Sterling remains responsible for personal information that is communicated to third parties for processing. If there is any conflict between the terms of this privacy statement and the EU-US DPF and/or Swiss-US DPF Principles, the Principles will prevail. To learn more about the Data Privacy Framework and to view our certification, please visit https://www.dataprivacyframework.gov/ In compliance with the EU-US DPF, the UK Extension to the EU-US DPF, and the Swiss-US DPF, Sterling commits to resolve complaints about our collection or use of your personal information. EU, UK, and Swiss individuals with inquiries or complaints regarding the handling of personal information under the EU-US DPF, the UK Extension to the EU-US DPF, or the Swiss-US DPF should first contact us. The Federal Trade Commission has jurisdiction over Sterling’s compliance with the EU-US DPF, the UK Extension to the EU-US DPF, and the Swiss-US DPF. We commit to cooperating with the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and complying with the advice given by the DPAs, the ICO, and the FDPIC with regard to unresolved complaints concerning our handling of personal information received in reliance on the EU-US DPF, the UK Extension to the EU-US DPF, and the Swiss-US DPF, respectively. We may also be subject to the investigatory and enforcement powers of the Federal Trade Commission. In some circumstances, you may be able to invoke binding arbitration to resolve your complaint where your personal information has been transferred to and processed in the United States.

Data Privacy Framework Covered Entities

  • Bishops Services, LLC d/b/a Sterling Diligence
  • Sterling Infosystems Inc. d/b/a ESIQ
  • Sterling Infosystems Inc. d/b/a Sterling
  • Sterling Infosystems Inc. d/b/a Sterling Talent Solutions
  • Sterling Infosystems Inc. d/b/a Talentwise
  • Sterling Infosystems Inc. d/b/a Verified Person
  • Sterling Infosystems Inc. d/b/a Verified Volunteers
  • Sterling Infosystems Inc. d/b/a Sterling Volunteers
  • STS SID LLC d/b/a SureID
  • Employment Background Investigations, LLC
  • A-Check America, LLC

Automated decision making and profiling

Sterling does not use automated means to evaluate or profile you or make decisions about you which have legal effects or otherwise significantly affect you. Our clients may use our services to make decisions about you. We do not know how our clients make decisions based on our services.

We may use automated means to gather or validate information about you. You can contact us to dispute any personal information that you believe is incorrect, whether or not it was it was gathered automatically.

Information for people in California

The California Consumer Privacy Act

The California Consumer Privacy Act (CCPA) is a law that protects the personal information of people in California. However, it only applies to some personal information, because other information is protected by other laws. Some or all of the protections and requirements in the CCPA may apply to your personal information in the following circumstances:

  • You are a client, prospect, or website visitor and you live in California
  • You are a worker in California
  • You are a candidate or a source for a service that does not involve background checks (for example, onboarding or I-9 forms, fingerprinting services, or investment due diligence services)

The CCPA probably does not apply to your personal information in the following circumstances:

  • You do not live in California (laws in your state will apply to your personal information instead)
  • You are a candidate or a source for background screening services (the federal Fair Credit Reporting Act and similar state laws will apply to your personal information instead)

For more information about what laws apply to your personal information, contact us.

Businesses and service providers

Under the CCPA, there is a distinction between “businesses” and “service providers.” Businesses determine the purposes and means for collecting and handling personal information, and service providers collect and handle personal information on behalf of businesses, only following the businesses’ instructions and the law and not making their own decisions about what to do with personal information.

When the CCPA applies, Sterling is sometimes a business and sometimes a service provider. When we collect and use personal information of workers, clients, prospects, and website visitors, we are always a business. When we collect and use personal information of candidates and sources, we are usually a service provider.

When we are a business, we are responsible for all aspects of compliance with the CCPA and you can generally exercise any of your rights directly with us.

When we are a service provider, we are responsible for securing and protecting personal information in our custody, reporting any requests or problems to the business (usually our client), and following that business’s instructions. We cannot decide whether it is appropriate to collect your personal information or how or whether you can exercise your rights.

The difference does not usually matter much to you, but sometimes it will affect our ability to make decisions about your personal information. For example, if we are a service provider, we might not be able to decide whether to give you a copy of your personal information or delete your personal information. We also might not be able to take personal information that we collected for one client and share it with another client. If you contact us and we cannot do what you ask because we are a service provider, we will explain that to you and contact the relevant business (usually our client) to make sure your request gets to the right place and you get a response from the right organization.

Sale of personal information

Sterling does not sell personal information that is subject to the CCPA.

Categories and disclosure of personal information

The CCPA defines a specific list of categories of personal information and requires that we indicate each category of personal information we collect, why we collect it, where we get it from, and to whom we disclose it for a business purpose.

Each category is assigned a letter in the table below, corresponding with the subdivision of the CCPA that describes that category. We have added notations to the tables that set out the types of personal information, sources, and purposes for collection to indicate which category each type of personal information in that table belongs to.

For detailed information about who we disclose personal information to, see the section entitled people and organizations that access personal information.

Category Collected Disclosed

A. Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, internet protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers

Yes
Yes

B. Name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information

Yes
Yes

C. Characteristics of protected classifications under California or federal law

Yes
Yes

D. Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies

Yes
Yes

E. Biometric information

Yes
Yes

F. Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an internet website, application, or advertisement

Yes
Yes

G. Geolocation data

Yes
Yes

H. Audio, electronic, visual, thermal, olfactory, or similar information

Yes
Yes

I. Professional or employment-related information

Yes
Yes

J. Education information, defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. section 1232g, Sec. 1232g; 34 C.F.R. Part 99)

Yes
Yes

K. Inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes

No
No