Critical Research Respects Your Privacy Concerns

Critical Research’s privacy and security policies demonstrate our responsibilities to the individuals about whom we report information and to our clients who rely on us to safeguard the information they order. If you have any questions or concerns about Critical Research’s privacy and security policies, please contact us at privacy@criticalresearch.com.

Information Safeguards

Critical Research maintains strict standards on our collection, use, and distribution of all information. We do not provide services to consumers or individuals. Critical Research does not collect or compile information on particular persons or subjects, except to fulfill legitimate requests from businesses that have met our pre-qualification requirements. Critical Research provides reports only to the clients who ordered the report, and the clients can use the report only for the particular purpose for which they ordered the report. We obtain the information available through our online services from public sources or publicly available sources and third parties as necessary. We do not sell or provide access to information about our clients, the inquiries they may make, or the individuals that they request information about, except as required by law. Critical Research keeps all transactions through our web site and systems confidential.

Information Collection

Critical Research does not collect personally identifiable information from any individuals using our website. Critical Research obtains its information from public sources, such as police departments, sheriffs’ offices, courts, motor vehicle departments, including other state and local agencies, and third parties when necessary. We attempt to report accurate information, though we do rely on the previously mentioned sources – as creators of the records we provide – to maintain accurate records for this purpose.

Clients

We provide information to business clients only – not to the general public. Critical Research clients and markets may include human resources, loss-prevention and risk-management departments, employment agencies, investigators, finance companies, attorneys and government bodies as necessary. All Critical Research clients must undergo a stringent pre-qualification process and demonstrate a legitimate business need for the information.

Information We Distribute

Output from Critical Research’s public-records database consists of criminal records for individuals matching client search criteria. Search results may include court records from county, state, federal and international courts. Search results can also include information from state sex-offender registries. Critical Research Clients are restricted to ordering reports for authorized business purposes only. Critical Research also provides a service to verify prior employment and education as provided by job applicants to employers.

Legal Compliance

Critical Research’s privacy and data security standards follow legislative and regulatory requirements for consumer reporting agencies. Critical Research complies with state and federal guidelines and the Fair Credit Reporting Act (FCRA). Critical Research maintains a process whereby individual consumers may request, access and correct their information in accordance with legal requirements. For additional information on your rights under the FCRA, please refer to the FTC’s web site at http://www.ftc.gov.

Cookies

“Cookies” are small pieces of information that your browser stores on your computer’s hard drive. We do not presently use cookies. We do not collect and store cookies received through Critical Research’s web site.

Children

This website is not intended for children; therefore, in accordance with the Children’s Online Privacy Protection Act (COPPA), we will not knowingly collect personal information from children under age 13.

Privacy Shield

Critical Research complies with the EU-U.S. Privacy Shield Framework and the Swiss – U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States, respectively. This includes information provided by clients or other third parties in which Critical Research is contractually obligated to apply both Privacy Shield Policies. Critical Research has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/. Critical Research agrees to adhere to the following Principles:

Notice

Before we collect EU personal data, Critical Research ensures that individuals are informed about the purposes for which their personal information is being collected and used, the type of personal information being collected, how to contact us with any inquiries or complaints you may have, the types of third parties to which we disclose personal information and the purposes for which we do so, the right for you to request and access your personal information and the choices you have for limiting the use and disclosure of your personal data.

Our clients have agreed that they will provide a disclosure notice to the consumer to notify them that a background search will be performed in accordance with this Privacy Policy and that their personal information will be collected for the purpose of completing the background search.

Critical Research collects the personal (and sometimes sensitive) information of individuals, including but not limited to: Name, previous/alternate names, date of birth, national identity numbers, telephone numbers, address history, education history, employment history, credit information, motor vehicle records and criminal records.

Critical Research uses the personal information collected in order to process and complete a background check report on an individual on behalf of our clients for both pre-employment and due diligence screening purposes. Personal information is collected as needed to process requested services, including but not limited to: Employment verifications, education verifications, motor vehicle reports, credit reports, criminal history reports, ID verifications and professional license verifications. Critical Research only provides background screening services to businesses that have a permissible purpose to request such services.

All inquiries, requests and complaints regarding the use and collection of your personal information should be addressed to Critical Research at the address found at the bottom of this policy.

Critical Research is subject to the investigatory and enforcement powers of the FTC, the Department of Transportation or any other U.S. authorized statutory body.

Critical Research is required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Choice

Critical Research offers individuals the opportunity to choose (opt-out) whether their personal information is (i) to be disclosed to a third party or (ii) to be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by the individuals. For sensitive information, Critical Research understands that an individual must “opt-in” by granting affirmative express written consent to authorize the disclosure of personal information to any non-agent third parties.

As a general rule, Critical Research seeks to ensure that all consumers have the opportunity to “opt-in”, whether the personal information obtained is deemed sensitive or not, and we encourage our clients to do the same.

Should you wish to “opt-out” of any use of information collected by Critical Research, please notify us via e-mail at privacy@criticalresearch.com.

Accountability for Onward Transfer

In order to provide some of our services, Critical Research may subcontract third parties to perform searches on our behalf. These third parties are required to maintain the integrity of all personal data provided to them as outlined in this Privacy Policy. This includes not sharing EU personal information to any third parties other than Critical Research and its clients, unless required by law.

To transfer personal information to a third party acting as a controller, Critical Research agrees to comply with the aforementioned Principles of “Notice” and “Choice.” We also agree to enter into a contract with the third party controller that provides that such data may only be processed for limited and specified purposes consistent with the consent provided by the individual and that the recipient will provide the same level of protection as set forth in this Privacy Policy.

To transfer data to a third party acting as an agent, Critical Research must: (i) transfer such data only for limited and specified purposes; (ii) ascertain that the agent is obligated, via contract, to provide at least the same level of privacy protection as is set forth in this Privacy Policy; (iii) take reasonable and appropriate steps to ensure that the agent effectively processes the personal information transferred in a manner consistent with the organization’s obligations under the Principles; (iv) upon notice, take reasonable and appropriate steps to stop and remediate unauthorized processing; and (v) provide a summary or a representative copy of the relevant privacy provisions of its contract with that agent to the Department of Commerce upon request.

Critical Research’s accountability for personal data that it receives under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, Critical Research remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless Critical Research proves that it is not responsible for the event giving rise to the damage.

Security

Critical Research realizes the inherent risks associated with the handling of personal data and therefore takes reasonable and appropriate measures to protect it from loss, misuse and unauthorized access, disclosure, alteration and destruction.

Data Integrity and Purpose Limitation

Critical Research takes reasonable steps to ensure that the personal information we collect is accurate, complete, current and reliable for its intended use. We limit the collection of personal information to only what is necessary and relevant for the purposes of processing (as mentioned in the “Notice” section above).

While Critical Research does everything in its power to ensure that the data collected is as accurate as possible, we cannot guarantee the accuracy of our third party sources.

Critical Research agrees to adhere to these Principles for as long as we retain information obtained through this Framework.

Access

A consumer may request, in writing, access to any and all EU personal information Critical Research has collected and maintained about them. Critical Research will give consumers a reasonable opportunity to correct, amend or delete inaccurate or incomplete information, or if it has been processed in violation of the Principles, except where, (a) the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy, or (b) the rights of persons other than the individual would be violated.

If you would like to request access to your EU-originated personal information, you may reach out to Critical Research via e-mail at privacy@criticalresearch.com. For security purposes, Critical Research will require verification of your identity.

Recourse, Enforcement and Liability

In compliance with the EU-US and Swiss-US Privacy Shield Principles, Critical Research commits to resolve complaints about your privacy and our collection or use of your personal information. European Union or Swiss individuals with inquiries or complaints regarding this privacy policy should first contact Critical Research directly in writing either via e-mail (privacy@criticalresearch.com) or post to the address found at the bottom of this policy.

Critical Research has further committed to refer any unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU/Swiss Privacy Shield, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.

Because Critical Research may be required to handle human resources data originating from Europe, we also agree to cooperate with and respond directly to any EU Data Protection Authority, including the Swiss Federal Data Protection and Information Commissioner, regarding the investigation and resolution of any Privacy Shield complaints. Critical Research does not have any affiliates in the EU, therefore we are not under the jurisdiction of any EU Data Protection Authority and we recommend that you communicate with the appropriate DPA in your country.

If the complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel. Critical Research accepts its obligation to arbitrate claims and follow the terms as set forth in Annex I, provided that an individual has invoked binding arbitration by delivering notice to the organization at issue and following the procedures and subject to conditions set forth in Annex I.

Critical Research agrees to fully comply with all applicable U.S. and international laws surrounding the privacy and protection of personal data, including but not limited to:

• Fair Credit Reporting Act (FCRA-United States)
• EU-US Privacy Shield Principles
• US-Swiss Privacy Shield Principles
• Data Protection Act 1998 (United Kingdom)
• PIPEDA (Canada)
• APEC Privacy Framework
• OECD Privacy Framework

This policy may be amended as necessary.

Contact Information:
Critical Research
ATTN: Compliance Department
5755 North Point Pkwy, Suite 279
Alpharetta, Georgia 30022
E-mail: privacy@criticalresearch.com
Phone: (770) 350-6777

Effective date: April 7, 2017