Helloverify Privacy Policy
Reference No.: HELLOVERIFY/OM/POL/PP
Version: 3.0
23-May-2019
Public Use Only
Helloverify Privacy Policy
Helloverify/Privacy Policy Ver.3.0 Page 2 23-May-2019
Document Control
Reference No. HELLOVERIFY/PP
Document Name Privacy Policy
Version No. 3.0
Document Status Released
Issue Date 23-May-2019
Compliance Status Mandatory
Review Period One year from the date of release or earlier if required
Security Classification Public Use Only
Distribution Part of HELLOVERIFY Information Security Management System
– Operations Manual
Authored by Kashvi Malhotra-Legal Team
Name Role Signature
Reviewed by Taruna Bhatnagar CISO
Approved by Karan M Director
Released by Khushal Mannan Risk and
Compliance
Document Revision History
Version Release Date Change Description
1.0 20-April-2018 First Issue
2.0 23-May-2018 Document Review & Released
3.0 23-May-2019 Annual Review
Helloverify Privacy Policy
Helloverify/Privacy Policy Ver.3.0 Page 3 23-May-2019
Table of Contents
I. POLICY SCOPE .................................................................................................................................... 4 II. POLICY CHANGES ............................................................................................................................... 4 III. POLICY CONTENT ............................................................................................................................... 5 IV. INFORMATION WE COLLECT .............................................................................................................. 5
V. INFORMATION WE SHARE ................................................................................................................... 7
VI. GENERAL EXCEPTIONS ...................................................................................................................... 8 VII. WITHDRAW CONSENT ........................................................................................................................ 9
VIII. UPDATE RECORDS .............................................................................................................................. 9 IX. CHOICES REGARDING ONLINE TRACKING, ANALYTICS AND EMAIL COMMUNICATIONS ................ 10 X. SECURITY AND CONFIDENTIALITY .................................................................................................. 10 XI. COMPLIANCE AND COOPERATION WITH REGULATORY AUTHORITIES ........................................... 10 XII. PROTECTION OF INFORMATION ....................................................................................................... 10
XIII. INFORMATION PROCESSING OR STORED .......................................................................................... 10
XIV. INTERNATIONAL – ONWARD TRANSFER OF PERSONAL IDENTIFIABLE INFORMATION ................. 11 XV. INFORMATION FROM CHILDREN ...................................................................................................... 11
XVI. GRIEVANCE OFFICER/PRIVACY PROTECTION OFFICER ................................................................. 11
Helloverify Privacy Policy
Helloverify/Privacy Policy Ver.3.0 Page 4 23-May-2019
PRIVACY POLICY FOR ALL COUNTRIES EXCEPT
THOSE BELOW
I. Policy Scope
Helloverify India Private Limited is dedicated to protecting your personal Information and
will make every reasonable effort to handle collected Information appropriately. This
Privacy Policy (“Policy”) describes how Helloverify India Private Limited ("Helloverify”
or "we" or "our") treats Information collected or provided in connection with an end user’s
(“you” or “user” or “client”) use of Helloverify products and background screening
services (the “Services “). This privacy statement covers the data collected by Helloverify.
By accessing, using or by providing data directly to Helloverify you accept and agree to
Helloverify’s Privacy Policy. We are committed to protecting privacy and information
provided by end users to enable Helloverify to complete its Services. This Privacy Policy
sets forth Helloverify policy with respect to Personally Identifiable Information (“PII”),
Sensitive Personal Information ("SPI") and certain other information that is collected from
users of the site.
This Policy has been drafted in accordance with the provisions of the Information
Technology Act, 2000 and the Rules thereunder, including, without prejudice to the
generality of the foregoing, the Information Technology “Reasonable security practices
and procedures and sensitive personal data or information” Rules 2011. Your use of and
interaction with Helloverify’s online portals constitutes your unconditional acceptance of
the practices described in this privacy policy, as they may be modified from time to time.
If you do not agree with and accept all of the practices described in this privacy policy,
you may refrain from using Helloverify’s website/online portals and/or providing or
submitting Personally Identifiable Information (“PII”) & Sensitive Personal Information
("SPI") by means of or while using Helloverify’s website/online portals. By providing
personal information to us, you consent to our collection, use and disclosure of your
personal information in accordance with this privacy policy.
Helloverify Privacy Policy applies to all of the services offered by Helloverify India
Private Limited including services offered on the websites/online portals. The Policy
applies to all the Clients, Vendors, Employees, CEO, COO and such other stakeholders
who are associated with Helloverify.
II. Policy Changes
We reserve the right to modify Helloverify’s privacy policy at any time which will be
published on our website If we make material changes to this privacy policy, we will notify
the same by means of a notice on our home page. By continuing to use our service after
notice of changes have been published on the website, the Client is deemed to be consenting
to the changes.
Helloverify Privacy Policy
Helloverify/Privacy Policy Ver.3.0 Page 5 23-May-2019
III. Policy Content
This policy seeks to answer questions you may have about the Services and Helloverify
information practices.
i. What information we collect and why we collect it
ii. How we share and use that information
iii. General Exceptions
iv. Consent and Update of Records
v. Services regarding tracking, analytics and email communications
vi. Security and Compliance with regulatory authorities
vii. How we protect your information
viii. Where is the information processed or stored?
ix. Who can use the services?
x. Grievance officer
IV. Information we collect
Personally Identifiable Information
Personally Identifying Information (“PII”) of a person means such information that can
potentially identify you, such as your name, date of birth and address. It does not include
anonymized, aggregate or statistical information.
Personally Identifying Information that we collect and hold about an individual will vary
depending upon the background checks required by the Client and the information the
individual supplies to us. Personally Identifiable Information and Sensitive Personal
Information or Data (SPI) shall have the same meaning as defined under The Information
Technology Act, 2000 read with Rules along with the amendments made thereunder.
Helloverify does not collect any Sensitive Personal Data or Information, without due
notification to you and without your consent unless it is mandated by law. We recognize the
importance of PII and SPI provided to us with respect to privacy issues and confidentiality of
the PII and SPI. Therefore, we collect and deal with PII and SPI in accordance with the
privacy legislations in India and this Privacy Policy (as amended from time to time).
Personally Identifiable Information about an individual that we may collect and hold includes
name, age, date of birth, employment history, reference information, education, professional
qualifications, residency, sanctions, immigration status, claims, judgments, insolvency,
current and previous directorships, character, personal reputation, and such other checks and
enquiries as the client considers necessary to verify information provided by an individual.
From clients we may collect company address and the name, email and phone number of any
system users.
From clients and individuals, we may collect information related to conducting a background
check, payment details.
Helloverify Privacy Policy
Helloverify/Privacy Policy Ver.3.0 Page 6 23-May-2019
From the sources of our background checks we may collect the name and job title of the
person who supplied us with the information.
We recognize the importance of privacy issues and respect the confidentiality of the
Personally Identifying Information individuals or clients provide to us. We will collect and
deal with Personally Identifying Information in accordance with the local laws and this
Privacy Policy (all as amended from time to time).
How do we collect information?
In order to process and verify information for a client’s request, the client and Helloverify
may collect an individual’s Personally Identifying Information directly from the individual.
We may also collect information which the client provides directly through their client portal
access or usage of our applicant portal, wherein clients/applicant upload applicant’s details on
the portal and access is given to Helloverify Users. We collect information to provide better
services to all in the following ways:
a) Information given to us. i. Clients: If client want to use the services to screen applicants we may collect
the following information including, but not limited to:
Account creation information, including client name, email address
Contact information such as address and phone number;
Corporate and individual applicable license information not limited to
Driver license, doctor’s license
If client is an employer, employee identification number
ii. Applicants: If applicant directly provide us details who will be the subject of
a screening or background check, we may collect the following information
including, but not limited to:
Account creation information, including full name, e-mail address;
Contact information, including phone number and address;
Identity verification information, including identity number and date of
birth; and
Additional information or supporting documentation submitted or
upload regarding identity, background, query;
Examples include an uploaded picture, a driver’s license, or education
qualification document
We may use the Personally Identifiable Information (“PII”) & Sensitive Personal
Information ("SPI"), documents and any responses an individual or third party
reference has provided to us for verification of an individual’s personal and other
information, to collect additional Personally Identifiable Information (“PII”) &
Sensitive Personal Information ("SPI"), and to conduct public court record searches.
Example of sources include, but are not limited to, government agencies, law
enforcement bodies, publicly available records, public registries, court or tribunal
records, insolvency registers, educational institutions, current and/or precious
employers, and regulatory and licensing bodies.
Helloverify Privacy Policy
Helloverify/Privacy Policy Ver.3.0 Page 7 23-May-2019
b) Information used by Helloverify. We collect information for conduct and delivery of services contracted by our client or
applicants. Helloverify may collect this information via online request through email, this
information includes:
i. Log information:
Helloverify India Private Limited may use (only with permission) this
information to provide its client with background check information &
additional information regarding products and services.
verify applicant identity;
conduct background checks bases upon information provide by client;
conduct quality assurance checks;
investigate disputes; or
provide certain communications, including adverse action notices.
contact client regarding their use of the Services;
send client communications regarding updates or modifications to the
services.
Helloverify obtains client’s consent to use, transfer or store the information only for its
legitimate business purpose. Such information shall be stored, processed and retained in the
Helloverify database to be used only for the legitimate business purposes.
V. Information we share
We do not share Personal Identifiable Information with companies, organizations and
individuals outside of Helloverify unless one of the following circumstances applies:
With client and applicant consent
We will share applicant Information with companies, organizations or individuals
outside of Helloverify for employment services when we have client consent to do so.
For external processing
For conduct of background reports that may arise during the course of the verification
service. Helloverify may use researchers & third party service Providers, whom
Helloverify may provide access to client information to select third parties who
perform services on our behalf. These third parties provide a variety of services to us,
including without limitation conducting components of background checks, billing,
fulfillment, data storage, analysis and processing, identity verification, fraud,
accounting, auditing, and legal services.
For legal reasons
We will share Personally Identifiable Information (“PII”) & Sensitive Personal
Information ("SPI") /data with companies, organizations or individuals outside of
Helloverify if we have a good-faith belief that access, use, preservation or disclosure
of the information is reasonably necessary to:
Helloverify Privacy Policy
Helloverify/Privacy Policy Ver.3.0 Page 8 23-May-2019
Meet any applicable law, regulation, legal process or enforceable
governmental request.
Enforce applicable Terms of Service, including investigation of potential
violations.
Detect, prevent, or otherwise address fraud, security or technical issues.
Protect against harm to the rights, property or safety of Helloverify, our
users or the public as required or permitted by law.
If Helloverify is involved in a merger, demerger, acquisition or asset sale or reconstruction
we will continue to ensure the confidentiality of any Personally Identifiable Information
(“PII”) & Sensitive Personal Information ("SPI")/ data and give affected users Notices.
Data Retention: Helloverify retains Personally Identifiable Information (“PII”) & Sensitive
Personal Information ("SPI") as needed to provide services or product information, respond
to inquiries, or as required by contractual obligation such as Client – Helloverify contracts,
statutory or other legal obligations. All Client Information is stored/ Retained digitally.
Data Retention is defined as the maintenance of data in a production or live environment
which can be accessed by an authorized user in the ordinary course of business. For the
avoidance of doubt, data used in staging, development, and testing or draft versions of data
shall not be retained beyond their active use period, nor copied into production or live
environments.
The retention period of Helloverify data shall be an active use period of five years unless an
exception has been obtained from client in a documented/stated expression - permitting a
longer or shorter active use period by the division responsible for creating, using, processing,
disclosing storing and destroying the data or as directed by client contracts.
Helloverify data may be classified into paper data such as contracts or hard drives on servers
namely the Oniverify production servers and the Oniverify backup servers. After active use
has expired and according to appropriate exceptions, data shall be archived until the data is
destroyed. For the purposes of enforcing retention in accordance with this policy, each
function is responsible for the data it creates, uses, stores, processes and destroys
VI. General Exceptions
If we are required to intercept, disclose, monitor and/or store client Personally Identifiable
Information (“PII”) & Sensitive Personal Information ("SPI"):
by law;
to conduct our business;
to secure our systems; or
to enforce our own rights, we will do so in the manner as prescribed by law.
Such interception, disclosure, monitoring and storage may take place. In that case, we will
not be liable for any third party damages howsoever arising from such interception,
disclosure, monitoring and storage. In order to ensure that all our users comply with the User
Helloverify Privacy Policy
Helloverify/Privacy Policy Ver.3.0 Page 9 23-May-2019
Agreement or Terms of Use of the Helloverify platform or application, we may monitor
Personally Identifiable Information (“PII”) & Sensitive Personal Information ("SPI") to the
extent that this may be required to determine compliance and/or to identify instances of non-
compliance. To ensure that the security and integrity of our Services is safeguarded, we may
monitor Personally Identifiable Information (“PII”) & Sensitive Personal Information
("SPI"). This monitoring may include (without limitation) the filtering of incoming and
outgoing electronic data messages to identify, limit and/or prevent the transmission of spam,
viruses and/or unlawful, defamatory, obscene or otherwise undesirable material or content.
We may under certain circumstances procure an element of the Services from a third party
service provider. To the extent that it may be necessary, and solely for the purposes of
providing the Service to client, Client are deemed to be in agreement of disclosure to such
third party of their Personally Identifiable Information (“PII”) & Sensitive Personal
Information ("SPI") that may be necessary for the procurement of services from the third
party.
VII. Withdraw Consent
Client/candidate may at any time withdraw their consent of PII and SPI stored with
Helloverify. Any withdrawal of will be effective only after a reasonable duration of 15 days
from the date of communication of such withdrawal of consent.
VIII. Update Records
Clients should promptly update their contact information pursuant to a change or inaccuracy
of such information, with their customers/employer or may contact us on their behalf.
Applicants may review, access, and change certain account information such as email
address, phone number and mailing address via the applicant portal on the services. Requests
to change certain other information, such as identity numbers, may require verification before
the change is accepted. Applicants can request deletion of certain information in
Helloverify’s control by directly contacting Helloverify, as set forth at the end of this Policy.
Applicants can dispute background check reports through the applicant portal/ or by directly
contacting their employer/customer (requestor), which is accessible through the Services.
Once a Customer, such as an employer, has received a background check report, Helloverify
India Private Limited does not control the customer’s retention of such information.
Our policy is to retain Personally Identifiable Information (“PII”) & Sensitive Personal
Information ("SPI") only as long as reasonably necessary to provide the Services or as
otherwise required for legal compliance purposes. For instance, we may retain information,
including information from closed accounts, in order to comply with the law, prevent fraud,
collect any fees owed, resolve disputes, troubleshoot problems, assist with any investigations
of any user, enforce our Terms of Use, and/or for any other purposes otherwise permitted by
law that we deem necessary in our sole discretion.
Helloverify will be unable to proceed with the provision of services to Clients in the absence of
necessary permissions or consent from the individual subject to the background check.
Helloverify Privacy Policy
Helloverify/Privacy Policy Ver.3.0 Page 10 23-May-2019
IX. Choices regarding online tracking, analytics and email
communications
Helloverify may send periodic promotional or informational emails to its Clients. Clients may
opt out of such communications by connecting with their concerned account manager or
sending an email to Helloverify (please see last section for contact email id). Please note that
it may take up to 15 business days for us to process opt-out requests. If client opts out of
receiving emails about recommendations or other information we think may interest them, we
may still send emails about clients account or any services that have been requested or
received from us.
X. Security and Confidentiality
Helloverify strives to protect Personally Identifiable Information (“PII”) & Sensitive Personal
Information ("SPI") that we collect, maintain and disclose through the use of reasonable
administrative, physical and technical safeguards. Our products and/or services online are
transmitted through a Secure Socket Layer (SSL) transmission, which is a protocol for
establishing a secure connection for transmission of Personally Identifiable Information
(“PII”) & Sensitive Personal Information ("SPI").
Helloverify has also employed security protocols and measures to ensure confidentiality and
protection of Personally Identifiable Information (“PII”) & Sensitive Personal Information
("SPI"), in order to avert unauthorized access or alteration as well as unlawful disclosure of
the collected information. These measures include internal and external firewalls, physical
security and technological security measures, as well as encryption of certain information and
password protection for account information. Ergo, our security program is designed to: (1)
ensure the security and confidentiality of personal identifiable information that may include
Pan Number, Aadhar Card Number etc.;(2) protect against any anticipated threats or hazards
to the security or integrity of the information; and (3) protect against unauthorized access,
use, alteration, or unlawful disclosure of the information that could result in substantial harm
or inconvenience to any individual.
XI. Compliance and cooperation with regulatory authorities
Helloverify ensures We regularly review our compliance with our Policy. We also adhere to
several self-regulatory frameworks, including and not limited to adherence to Information
Technology, Privacy and Data Protection legislations applicable in India.
XII. Protection of Information
Helloverify provides for adequate safeguards to protect/secure Information we maintain about
Client. Helloverify strives to use information security best practices as defined within ISO
27001 and client provided security requirements, such as, encryption, passwords, secure
network, IT hardening and physical security measures to protect Information against
unauthorized access and disclosure.
XIII. Information processing or stored
Helloverify Privacy Policy
Helloverify/Privacy Policy Ver.3.0 Page 11 23-May-2019
For the purposes of processing or storing information, Helloverify employs servers installed
in its facility located in Noida, India. Our servers reside in a secure environment protected
from unauthorized access, natural disaster, fire or other compromising conditions.
Helloverify uses servers located in facility in Noida, India. Additionally, Helloverify may
engage with its partners or affiliates located in India in order to store and process information
for the purposes of backup or retention, as the case may be. By using our services, Clients
consent to transmit data to sources for verification that may be within India or outside India.
Helloverify ensures safe data transmission and handling.
XIV. International – Onward Transfer of Personal Identifiable
Information
We may disclose Personally Identifiable Information (“PII”) & Sensitive Personal
Information ("SPI") for the purposes of conducting our services to overseas recipients. The
circumstances of disclosure may be as follows: -
We may need to disclose an individual’s Personally Identifiable Information overseas in
order to carry out background checks. For example, if an individual lived, studied or worked
overseas, we may need to disclose that individuals Personally Identifiable Information (“PII”)
& Sensitive Personal Information ("SPI") to obtain data from sources, employers, third party
reference or education institutes. Disclosures of this kind may be to any country in the world,
depending upon the nature and scope of work to be carried, and where the candidate’s data
resides.
We may also disclose an individual’s Personally Identifiable Information (“PII”) & Sensitive
Personal Information ("SPI") to related bodies for purposes including operations, processing
of background report or make it accessible to law enforcement and national security
authorities in India, upon receipt of authorization letter, notice, warrants or legal mandate
XV. Information from Children
Helloverify background verification is not directed to children under the age of 13 and we do
not knowingly collect personally identifiable information from children under the age of 13.
If we learn that we have collected personally identifiable information of a child under the age
13, we will take reasonable steps to delete such information from our files as soon as is
practicable.
Please contact us at [email protected] if you believe we have any information from or
about a child under the age of 13.
XVI. Grievance Officer/Privacy protection officer
As required under The Information Technology Act of India, the name and contact details of
the grievance officer are as provided below:
Helloverify Privacy Policy
Helloverify/Privacy Policy Ver.3.0 Page 12 23-May-2019
Vinod Mamgai, Legal Department, at
Email: [email protected]
Phone Number: +91 011 30441084
The Grievance Officer/Privacy protection officer is designated exclusively for addressing
discrepancies and grievances of data providers with respect to processing of information in a
time bound manner. Please do NOT use the contact information for login issues for any portal
of Helloverify®. XVII. EUROPEAN UNION PRIVACY SHIELD PRIVACY POLICY
Helloverify Corporation and its U.S. subsidiaries (“Helloverify”) have committed to handling
EU Personal Data received in accordance with the EU-US Privacy Shield Principles set forth
in the EU-US Privacy Shield Framework administered by the Department of Commerce
regarding the collection, use and retention of EU Personal Data. “EU Personal Data” is data
pertaining to an identified or identifiable individual that is received by Helloverify from the
European Union (including Iceland, Norway and Liechtenstein).
Helloverify has certified that it adheres to the Privacy Shield Principles of Notice, Choice,
and Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation,
Access, and Recourse, Enforcement and Liability. Our Privacy Shield certification can be
found at www.privacyshield.gov/list.
In compliance with the EU-US Privacy Shield Principles, Helloverify commits to resolve
complaints about our collection or use of your personal information. Individuals in the
European Union with inquiries or complaints regarding this policy should first contact
Helloverify at [email protected] or at one of the contacts provided below. If such a
complaint goes unresolved, Helloverify further commits to comply with the advice of a panel
of EU Data Protection Authorities established to investigate and resolve Privacy Shield
complaints (“EU DPA Panel”). Contact details for the EU data protection authorities can be
found at http://ec.europa.eu/. Finally, Helloverify agrees to participate in binding arbitration
for any complaints unresolved by the EU DPA Panel that meet the conditions set forth in
Annex I of the Privacy Shield requirements. For more information about binding arbitration
please visit: www.privacyshield.gov. All of the above described recourse mechanisms are
available at no cost to you.
In cases where Helloverify transfers EU Personal Data received pursuant to the EU-US
Privacy Shield onward to third party agents, Helloverify is potentially liable under the
Privacy Shield Principles if its agents process that EU Personal Data in a manner inconsistent
with the Principles, unless Helloverify is not responsible for the event giving rise to the
damage. In the event of a conflict between this policy and the Privacy Shield Principles, the
Privacy Shield Principles shall govern.
Helloverify is subject to the investigatory and enforcement powers of the Federal Trade
Commission. Helloverify may be required to disclose personal information in response to a
lawful request by public authorities, including to meet national security or law enforcement
requirements.
Helloverify Privacy Policy
Helloverify/Privacy Policy Ver.3.0 Page 13 23-May-2019
1. Notice Helloverify receives certain EU Personal Data at the request of clients and other third parties
for investigative, credential verification, and employment related purposes, as well as credit
and fraud risk mitigation related purposes.
Where permissible, Helloverify gathers and maintains consumer and other data which it
provides to its clients (employers or their agents, such as recruiters or staffing firms) for use
in making employment-related decisions, such as who to hire, retain, promote, or re-assign.
Helloverify also gathers and maintains consumer and other data which it provides to entities
including lenders, credit reference agencies and fraud prevention agencies. Provided below is
an illustrative list of common ways in which employers use the data provided by this
service:
Performance of applicant and employee background checks
Verification of the credentials of job applicants and current employees
Investigation into a suspicion of work-related misconduct or wrongdoing
Investigation into matters of employee compliance with employer policies, or
Investigation into matters of employee compliance with Federal, State, or local laws
and regulations.
Provided below is an illustrative list of common ways in which lenders, credit
reference agencies and fraud prevention agencies use the data provided by this service
(where available):
Authentication of consumer applicants for loans or other credit services
Prevention or detection of fraud by consumer applicants for loans or other credit
services
Determination of credit worthiness or capacity of consumer applicants for loans or
other credit services
Location of absconded borrowers
Helloverify uses a limited number of third party service providers to assist us in providing
our services to customers. These third party providers perform reference and credential
verifications and complete portions of services requested by our customers, such as by
obtaining records from data sources. These third parties may access or process personal data
in the course of providing their services. Helloverify maintains contracts with these third
parties restricting their access, use and disclosure of personal data in compliance with our
Privacy Shield obligations.
The scope of this notice also covers consumer report data that Helloverify has obtained on
behalf of employers and other businesses by manually or electronically contacting the
appropriate sources of the data (court records, education and employment references,
licensing bureaus, etc.). Helloverify also performs services related to corporate litigation and
investigative services as requested by our clients.
Helloverify Privacy Policy
Helloverify/Privacy Policy Ver.3.0 Page 14 23-May-2019
More information regarding the nature and scope of consumer data inquiries is available by
contacting Helloverify in writing or by e-mail at the addresses listed on the Contact Us
page or by writing to the contacts listed below.
2. Choice Helloverify or its clients will offer individuals the opportunity to choose (opt-out) whether
their EU Personal Data will be disclosed to a third party (not including our agents) or will be
used for a purpose other than the purpose for which it was originally collected or
subsequently authorized by the individual. With respect to sensitive information, however, an
individual must "opt-in" to the disclosure of the information to a non-agent third party or to
the use of this information for a purpose other than its original purpose or that purpose
authorized subsequently by the individual. Helloverify or its clients will provide individuals
with a readily-available mechanism to exercise their choices should circumstances arise that
require opt-out or opt-in. In addition, Helloverify will treat as sensitive any EU Personal Data
received from a third party where the third party identifies and treats it as sensitive.
3. Onward Transfer (Transfers to Third Parties) With respect to the transfer of EU Personal Data to third parties (other than our agents), the
principles of "Notice" and "Choice" apply. Accordingly, EU Personal Data is only provided
to these types of third parties for purposes described in the "Notice" section or otherwise
disclosed to consumers, and will not be disseminated to such a third party where a consumer
has "opted-out" or, in the case of sensitive information, failed to "opt-in."
Non-agent third parties to whom we transfer EU Personal Data will be obligated to provide
the same level of protection as the Privacy Shield Principles.
Helloverify may disclose EU Personal Data to clients and third parties acting as agents. We
will transfer such data only for limited and specified purposes and ascertain that agents are
obligated to provide at least the same level of privacy protection as is required by the Privacy
Shield Principles.
4. Security
Helloverify takes reasonable and appropriate measures to protect EU Personal Data from
loss, misuse and unauthorized access, disclosure, alteration and destruction.
5. Data Integrity and Purpose Limitation Helloverify collects EU Personal Data that is relevant for the purpose(s) for which it is to be
used, consistent with the Privacy Shield Principles. We process EU Personal Data in ways
that are compatible with the purpose(s) for which it has been collected (as identified in the
Notice section above, or as subsequently authorized by the individual). To the extent
necessary for those purposes, Helloverify takes reasonable steps to ensure that EU Personal
Data collected is accurate, complete, current, and reliable for its intended use. Helloverify
retains EU Personal Data only for as long as it serves a purpose of processing.
6. Access A consumer may request, in writing, access to EU Personal Data collected and maintained
about him or her, which Helloverify will make a good faith effort to provide. Helloverify
Helloverify Privacy Policy
Helloverify/Privacy Policy Ver.3.0 Page 15 23-May-2019
affords the consumer a reasonable opportunity to correct, amend, or delete information that is
inaccurate or incomplete, except where the burden or expense of providing access would be
disproportionate to the risks to the individual's privacy, or where the rights of persons other
than the individual would be violated.
Helloverify reserves the right to engage in reasonable efforts to confirm the identity of the
individual requesting EU Personal Data to ensure the information is provided only to the
subject of the data.
To request information relating to his or her EU Personal Data, a consumer may contact
Helloverify in writing or by e-mail at the following email address: [email protected]; or by
writing to the contacts listed below. In addition, the consumer will be asked to provide
sufficient evidence of his or her identity so we may ensure that information is being released
to the correct individual. If we are unable to provide the consumer with access to his or her
EU Personal Data or to correct the data, we will notify the consumer.
7. Recourse, Enforcement and Liability
Helloverify will verify that its attestations and assertions about its privacy practices with
respect to Privacy Shield are true and that those privacy practices have been implemented as
presented via in-house verification and internal policies and procedures implemented by
Helloverify management. Helloverify will take reasonable and appropriate steps to remediate
any issue that comes to its attention with respect to compliance with the Privacy Shield
Principles.
As described above, Helloverify will cooperate with the EU DPA Panel as an independent,
readily available recourse mechanism by which individual consumer complaints and disputes
that cannot be resolved between the consumer and Helloverify can be investigated and
remedied at no cost to the individual and by reference to the Privacy Shield Principles.
Helloverify will respond promptly to inquiries and requests by the Department of Commerce
for information related to the Privacy Shield, as well as to complaints regarding compliance
with the Privacy Shield Principles referred by the EU Data Protection Authorities through the
Department of Commerce.
Helloverify will arbitrate claims and follow the terms set forth in Annex I of the Privacy
Shield requirements, provided that an individual has properly invoked binding arbitration and
delivered notice to Helloverify in accordance with the appropriate procedures and conditions.
8. Amendments
From time to time, this policy may be amended to reflect new products and services, or as
necessary to reflect a new business practice. Consistent with the Privacy Shield
requirements, we will post any revised policy on this website.
CONTACT INFORMATION
To request information relating to your EU Personal Data, please
contact: [email protected].
Helloverify Privacy Policy
Helloverify/Privacy Policy Ver.3.0 Page 16 23-May-2019
If you have questions regarding this European Union Privacy Shield Privacy Policy,
contact:
Helloverify® Corporation
Angeli C. Heyne, Esq.
Senior Attorney, Regional Compliance Officer EMEA & Dubai
100 Carillon Parkway, Suite 350
St. Petersburg, FL 33716
United States
Telephone: +1.813.682.3664
Email: [email protected]
XIX. Switzerland Privacy Shield Privacy Policy
Helloverify Corporation and its U.S. subsidiaries (“Helloverify”) complies with the Swiss-
U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding
the collection, use, and retention of personal information transferred from the Switzerland to
the United States. Helloverify has certified to the Department of Commerce that it adheres to
the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy
and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more
about the Privacy Shield program, and to view our certification, please visit
https://www.privacyshield.gov/.
“Swiss Personal Data” is data pertaining to an identified or identifiable individual that is
received by Helloverify from Switzerland.
In compliance with the Swiss-U.S. Privacy Shield Principles, Helloverify commits to resolve
complaints about our collection or use of your personal information. Individuals in
Switzerland with inquiries or complaints regarding this policy should first contact Helloverify
at [email protected] or at one of the contacts provided below. If such a complaint goes
unresolved, Helloverify further commits to comply with the advice of the Swiss Federal Data
Protection and Information Commissioner’s authority established to investigate and resolve
Privacy Shield complaints (“FDPIC”). Contact details for the FDPIC can be found at
https://www.edoeb.admin.ch. All of the above described recourse mechanisms are available
at no cost to you.
In cases where Helloverify transfers Swiss Personal Data received pursuant to the Swiss-U.S.
Privacy Shield onward to third party agents, Helloverify is potentially liable under the
Privacy Shield Principles if its agents process that Swiss Personal Data in a manner
inconsistent with the Principles, unless Helloverify is not responsible for the event giving rise
to the damage. In the event of a conflict between this policy and the Privacy Shield
Principles, the Privacy Shield Principles shall govern.
Helloverify is subject to the investigatory and enforcement powers of the Federal Trade
Commission. Helloverify may be required to disclose personal information in response to a
lawful request by public authorities, including to meet national security or law enforcement
requirements.
1. Notice
Helloverify Privacy Policy
Helloverify/Privacy Policy Ver.3.0 Page 17 23-May-2019
Helloverify receives certain Swiss Personal Data at the request of customers and other third
parties for investigative, credential verification, and employment related purposes, as well as
credit and fraud risk mitigation related purposes.
Where permissible, Helloverify gathers and maintains consumer and other data which it
provides to its clients (employers or their agents, such as recruiters or staffing firms) for use
in making employment-related decisions, such as who to hire, retain, promote, or re-assign.
Helloverify also gathers and maintains consumer and other data which it provides to entities
including lenders, credit reference agencies and fraud prevention agencies. Provided below is
an illustrative list of common ways in which employers use the data provided by this
service:
Performance of applicant and employee background checks
Verification of the credentials of job applicants and current employees
Investigation into a suspicion of work-related misconduct or wrongdoing
Investigation into matters of employee compliance with employer policies, or
Investigation into matters of employee compliance with Federal, State, or local laws
and regulations
Provided below is an illustrative list of common ways in which lenders, credit
reference agencies and fraud prevention agencies use the data provided by this service
(where available):
Authentication of consumer applicants for loans or other credit services
Prevention or detection of fraud by consumer applicants for loans or other credit
services
Determination of credit worthiness or capacity of consumer applicants for loans or
other credit services
Location of absconded borrowers
Helloverify uses a limited number of third party service providers to assist us in providing
our services to customers. These third party providers perform reference and credential
verifications and complete portions of services requested by our customers, such as by
obtaining records from data sources. These third parties may access or process personal data
in the course of providing their services. Helloverify maintains contracts with these third
parties restricting their access, use and disclosure of personal data in compliance with our
Privacy Shield obligations.
The scope of this notice also covers consumer report data that Helloverify has obtained on
behalf of employers and other businesses by manually or electronically contacting the
appropriate sources of the data (court records, education and employment references,
licensing bureaus, etc.). Helloverify also performs services related to corporate litigation and
investigative services as requested by our clients.
Helloverify Privacy Policy
Helloverify/Privacy Policy Ver.3.0 Page 18 23-May-2019
More information regarding the nature and scope of consumer data inquiries is available by
contacting Helloverify in writing or by e-mail at the addresses listed on the Contact Us
page or by writing to the contacts listed below.
2. Choice
Helloverify or its clients will offer individuals the opportunity to choose (opt-out) whether
their Swiss Personal Data will be disclosed to a third party (not including our agents) or will
be used for a purpose other than the purpose for which it was originally collected or
subsequently authorized by the individual. With respect to sensitive information, however, an
individual must "opt-in" to the disclosure of the information to a non-agent third party or to
the use of this information for a purpose other than its original purpose or that purpose
authorized subsequently by the individual. Helloverify or its customers will provide
individuals with a readily-available mechanism to exercise their choices should
circumstances arise that require opt-out or opt-in. In addition, Helloverify will treat as
sensitive any Swiss Personal Data received from a third party where the third party identifies
and treats it as sensitive.
3. Onward Transfer (Transfers to Third Parties)
With respect to the transfer of Swiss Personal Data to third parties (other than our agents), the
principles of "Notice" and "Choice" apply. Accordingly, Swiss Personal Data is only
provided to these types of third parties for purposes described in the "Notice" section or
otherwise disclosed to consumers, and will not be disseminated to such a third party where a
consumer has "opted-out" or, in the case of sensitive information, failed to "opt-in."
Non-agent third parties to whom we transfer Swiss Personal Data will be obligated to provide
the same level of protection as the Privacy Shield Principles.
Helloverify may disclose Swiss Personal Data to clients and third parties acting as agents. We
will transfer such data only for limited and specified purposes and ascertain that agents are
obligated to provide at least the same level of privacy protection as is required by the Privacy
Shield Principles.
4. Security Helloverify takes reasonable and appropriate measures to protect Swiss Personal Data from
loss, misuse and unauthorized access, disclosure, alteration and destruction.
5. Data Integrity and Purpose Limitation Helloverify collects Swiss Personal Data that is relevant for the purpose(s) for which it is to
be used, consistent with the Privacy Shield Principles. We process Swiss Personal Data in
ways that are compatible with the purpose(s) for which it has been collected (as identified in
the Notice section above, or as subsequently authorized by the individual). To the extent
necessary for those purposes, Helloverify takes reasonable steps to ensure that Swiss Personal
Data collected is accurate, complete, current, and reliable for its intended use. Helloverify
retains Swiss Personal Data only for as long as it serves a purpose of processing.
6. Access A consumer may request, in writing, access to Swiss Personal Data collected and maintained
about him or her, which Helloverify will make a good faith effort to provide. Helloverify
affords the consumer a reasonable opportunity to correct, amend, or delete information that is
Helloverify Privacy Policy
Helloverify/Privacy Policy Ver.3.0 Page 19 23-May-2019
inaccurate or incomplete, except where the burden or expense of providing access would be
disproportionate to the risks to the individual's privacy, or where the rights of persons other
than the individual would be violated.
Helloverify reserves the right to engage in reasonable efforts to confirm the identity of the
individual requesting Swiss Personal Data to ensure the information is provided only to the
subject of the data.
To request information relating to his or her Swiss Personal Data, a consumer may contact
Helloverify in writing or by e-mail at the following email address: [email protected]; or by
writing to the contacts listed below. In addition, the consumer will be asked to provide
sufficient evidence of his or her identity so we may ensure that information is being released
to the correct individual. If we are unable to provide the consumer with access to his or her
Swiss Personal Data or to correct the data, we will notify the consumer.
7. Recourse, Enforcement and Liability Helloverify will verify that its attestations and assertions about its privacy practices with
respect to Privacy Shield are true and that those privacy practices have been implemented as
presented via in-house verification and internal policies and procedures implemented by
Helloverify management. Helloverify will take reasonable and appropriate steps to remediate
any issue that comes to its attention with respect to compliance with the Privacy Shield
Principles.
As described above, Helloverify will cooperate with the FDPIC as an independent, readily
available recourse mechanism by which individual consumer complaints and disputes that
cannot be resolved between the consumer and Helloverify can be investigated and remedied
at no cost to the individual and by reference to the Privacy Shield Principles.
Helloverify will respond promptly to inquiries and requests by the Department of Commerce
for information related to the Privacy Shield, as well as to complaints regarding compliance
with the Privacy Shield Principles referred by the FDPIC through the Department of
Commerce.
8. Amendments
From time to time, this policy may be amended to reflect new products and services, or as
necessary to reflect a new business practice. Consistent with the Privacy Shield
requirements, we will post any revised policy on this website.
XX. PRIVACY POLICY FOR AUSTRALIA AND NEW ZEALAND
INTRODUCTION
Helloverify® Australia Pty Ltd ABN 67 101 863 209 and Helloverify® New Zealand
Limited [NZBN 9429034295540] ("Helloverify®", "we", "us" or "our") provides a
background screening service for its clients ("Client"), to assist them in considering
individuals for employment, change in the level of responsibility, other circumstances where
an individual's background is relevant (including but not limited to insurance and claims
review), or to determine if further verification or investigation is necessary. This is achieved
by preparing an employment, investigative, or due diligence report for the Client.
Helloverify Privacy Policy
Helloverify/Privacy Policy Ver.3.0 Page 20 23-May-2019
This policy may change from time to time. Please check the policy each time you use our
Web site for the most current information.
In this Privacy Policy for Australia and New Zealand, the following definitions apply:
Privacy Legislation means:
- for Australia, the Privacy Act 1988 including the Australian Privacy Principles; and
- for New Zealand, the Privacy Act 1993 including the Information Privacy Principles
Personal Information has the same meaning as in the Privacy Legislation; ie:
- for Australia, "information or an opinion about an identified individual, or an individual
who is reasonably identifiable: (a) whether the information or opinion is true or not; and (b)
whether the information or opinion is recorded in a material form or not; and
- for New Zealand, "information about an identifiable individual; and includes information
relating to a death that is maintained by the Registrar-General".
THE INFORMATION WE COLLECT AND HOLD
As part of our services, we receive information about individuals for the purposes of
conducting our checks.
Personal Information that we collect and hold about an individual will vary depending upon
the background checks required by the Client and the information the individual supplies to
us. Personal Information about an individual that we may collect and hold includes name,
age, date of birth, employment history, reference information, education, professional
qualifications, residency, sanctions, immigration status, claims, judgments, insolvency,
current and previous directorships, character, personal reputation, and such other checks and
enquiries as the Client considers necessary to verify information provided by an individual.
From Clients we may collect company address and the name, email and phone number of any
system users.
From Clients and individuals, we may collect credit card payment details.
From the sources of our background checks we may collect the name and job title of the
person who supplied us with the information.
We may also collect other Personal Information which is "sensitive information". Sensitive
information is given a greater level of protection under the Privacy Legislation. The Privacy
Legislation imposes greater obligations on us regarding any collection, use or disclosure we
make of an individual's sensitive information.
Sensitive information about an individual that we may collect and hold includes criminal
records, and membership of a professional or trade association.
We recognise the importance of privacy issues and respect the confidentiality of the Personal
Information and sensitive information individuals provide to us. We will collect and deal with
Personal Information and sensitive information in accordance with the Privacy Legislation,
and our Privacy Statement and this Privacy Policy (all as amended from time to time).
MAIN PURPOSES FOR WHICH WE COLLECT, HOLD, USE AND DISCLOSE
PERSONAL INFORMATION
Helloverify Privacy Policy
Helloverify/Privacy Policy Ver.3.0 Page 21 23-May-2019
When engaged by a Client, Helloverify® verifies an individual's information, documentation
and any responses by carrying out verification checks for the purposes of preparing an
employment, investigative, or due diligence report. This is done at the Client's request to
enable them to assess an individual's suitability for employment, promotion, provision of
services, or other purposes in accordance with their legal obligations and internal risk
management policy (including but not limited to insurance and claims review).
In certain circumstances, Helloverify® may be engaged by a Client to prepare an
employment or investigative report because they are required by law to determine a
candidate's suitability for a position of employment.
HOW WE COLLECT PERSONAL INFORMATION
In order to process and verify information for a Client's request, the Client and Helloverify®
may collect an individual's Personal Information directly from the individual. We may also
collect information about an individual from a third party a candidate refers us to. In these
circumstances, we will assume that the individual has referred Helloverify® to them and
informed them of the purposes involved in the collection, use and disclosure of the relevant
personal or other information.
We may use the Personal Information, documentation and any responses an individual or
third party reference has provided to us to apply to various other entities ("Sources") for
verification of an individual's personal and other information, to collect additional Personal
Information, and to conduct public record searches. Examples of Sources include, but are not
limited to, government agencies, law enforcement bodies, publicly available records, public
registries, court or tribunal records, insolvency registers, educational institutions, current
and/or previous employers, and regulatory and licensing bodies.
HOW WE HOLD PERSONAL INFORMATION
The Personal Information provided to us by an individual, third party references, and any
other Personal Information provided by the Sources, will be processed by us.
Helloverify® will then use the Personal Information to prepare a report outlining the findings
of its investigations and provide the report to the Client via a secure means. The Client may
then use that information to consider an individual's suitability for employment, change in the
level of responsibility, or other circumstances where an individual's background is relevant,
or to determine if further verification or investigation is necessary. If a Fit and Proper report
was requested, the Client may use this to determine whether an individual meets the
requirements as a Fit and Proper Person. If the report was requested for insurance purposes, it
may be used by the client to determine eligibility for insurance or for claims payments.
We store the Personal Information we receive in hard copy files and/or in electronic format in
a database.
We take steps to protect against the loss, misuse, or unauthorized alteration of Personal
Information collected and subject to this policy. We recognize the importance of security for
all Personal Information collected by Helloverify®. Once we receive Personal Information,
we take steps to protect its security on our systems. In the event we request or transmit
sensitive information, we use industry standard, secure socket layer (SSL) encryption.
We limit access to personally-identifiable information to those employees who need this
access in order to carry out their job responsibilities.
Helloverify Privacy Policy
Helloverify/Privacy Policy Ver.3.0 Page 22 23-May-2019
When we dispose of personally identifiable information, we use procedures to dispose of
Personal Information by means such as shredding documents and erasure of electronic media
that information cannot be practicably read or reconstructed.
We may need to retain Personal Information collected from an individual, third party
references, or Sources to comply with our contractual, statutory or other legal obligations
even after the employment or other application process is completed or terminated.
IDENTIFIERS
An "identifier" is a unique identification number assigned to a candidate by the Australian
Government or an Australian Government Agency. Examples of identifiers include a Tax
File Number (TFN) or a Medicare number. Helloverify® does not use identifiers to identify a
candidate's personal information in our systems.
OVERSEAS TRANSFERS OF PERSONAL INFORMATION
We may disclose Personal Information to overseas recipients. The circumstances of
disclosure may be as follows:
We may need to disclose an individual's Personal Information overseas in order to carry out
our checks. For example, if an individual lived, studied or worked overseas, we may need to
disclose that individual's Personal Information overseas to liaise with Sources, employers,
third party references, or educational institutions. Disclosures of this kind may be to any
country in the world, depending upon the circumstances of the individual.
We may also disclose an individual's Personal Information to our related bodies corporate
located overseas, most likely in Australia, India, Canada, New Zealand, the U.S. or the U.K.
Personal Information may be disclosed to related bodies corporate located overseas for
purposes including data storage, administrative purposes (creating internal and external
reports, invoicing and trends in data), and operational and/or processing purposes in
connection with the preparation of an employment or investigative report to the Client.
ACCESS AND CORRECTION OF INFORMATION
An individual has a right to request access to their Personal Information which is held by us.
An individual may apply for that information by contacting the Privacy Officer at the contact
details set out below. We will acknowledge receipt of a request for access. Where reasonable
and practicable, we will provide access to Personal Information in the form requested by an
individual. A moderate fee may be charged for this information. Proof of identity may be
required.
We will handle requests for access to Personal Information in accordance with the Privacy
Legislation. However, in some circumstances permitted under the Privacy Legislation we
may not be required to give an individual access to the information we hold about them.
It is also important to us that the information we hold about an individual is accurate,
complete and up to date. An individual has a right to request the correction of the Personal
Information that Helloverify® holds about them. The Individual may do so by lodging a
Helloverify Privacy Policy
Helloverify/Privacy Policy Ver.3.0 Page 23 23-May-2019
correction request with the Privacy Officer at the contact details listed below. Helloverify®
will handle correction requests in accordance with the Privacy Legislation.
Please note that the Privacy Officer listed below handles requests from Australia and New
Zealand.
XXI. PRIVACY POLICY FOR JAPAN Please go to http://www.HV.com/japan-privacy.htm
XXII. DATA PROTECTION CONTACT FOR CANADA
Our Data Protection Officer for Canada is Bret Jardine, Esq.
To request information or receive help with data protection issues, contact our Data
Protection Officer at:
Vinod Mamgai
Telephone: [email protected]
XXIII. DATA PROTECTION CONTACT FOR SINGAPORE
Our Data Protection Officer for Singapore is Taruna Bhatnagar.
To request information or receive help with data protection issues, contact our Data
Protection Officer at:
Taruna Bhatnagar, CISO
Email: [email protected]