Effective on: 09/01/2019
Introduction and Scope
Vault Verify acts as an agent, also known as a data processor, for the Personal Data we process for our customers when providing our Services. This means that our customers determine the type of Personal Data they provide for us to process on their behalf.
Basis of Processing
We may process your Personal Data on the basis of:
- your consent;
- the need to perform a contract with you, such as facilitating verification;
- the need to comply with the law; or
- any other ground, as required or permitted by law.
How We Receive Personal Data
We may receive your Personal Data when:
- you provide it directly to us as part of using our Services;
- you provide it to one of our customers who enters it into our Services;
- you register on our Services;
- you place an order with us;
- you provide us with a signed release form;
- our Client provides a weekly feed of updated Personal Data to us; or
- from cookies present on our Services.
Categories of Personal Data
We may process the following types of Personal Data:
- biographical information, such as first and last name;
- contact information, such as email address, phone number, and postal addresses;
- employment information, such as dates of employment and related income data;
- login information, such as username and password;
- business information, such as business name and position; and
- financial information, such as credit card number.
Purposes of Processing
We may process your Personal Data for the purposes of:
- enabling the use of the Services;
- processing orders and purchases;
- responding to your requests or questions;
- verifying the particulars of an individual’s past or current employment with the individual’s past or current employer; and
- verifying particulars of an individual’s income from the individual’s past or current employers.
All Personal Data is processed according to permissible purposes.
We retain Personal Data for as long as instructed by the respective customer (who typically acts as a data controller). We delete the Personal Data submitted to us within six months of the end of our service agreement with the customer, unless applicable laws require otherwise.
Sharing Personal Data with Third Parties
We may share personal data with approved Requestors for permissible purposes, such as employment verification and employment income verifications.
Prospective employers and others, from time to time, seek to verify the particulars of an individual’s past or current employment with the individual’s past or current employer. Similarly, lenders, landlords, and other entities that extend credit also need to verify, from time to time, the particulars of an individual’s income from that individual’s past or current employers. We act on behalf of Clients and data subjects to facilitate the verification.
Before providing verification of employment data on behalf of a Client or data subject to a third party Requestor, we will perform verification of the identity of the third party Requestor. Before providing income data to a third party Requestor, we will perform verification of the identity of the third party Requestor and confirm that they are authorized to receive the personal data of the data subject.
In the context of an onward transfer, Vault Verify has a responsibility for the processing of personal data we receive under the Privacy Shield and subsequently transfer to a third party acting as an agent on our behalf. We shall remain liable under the Principles if our agent processes such personal data in a manner inconsistent with the Principles, unless the organization proves that it is not responsible for the event giving rise to the damage.
Other Disclosure of Your Personal Data
We may disclose your Personal Data to the extent required by law, or if we have a good-faith belief that we need to disclose it in order to comply with official investigations or legal proceedings (whether initiated by governmental/law enforcement officials, or private parties). We may also disclose your Personal Data if we sell or transfer all or some of our company’s business interests, assets, or both, or in connection with a corporate restructuring.
If we have to disclose your Personal Data to governmental/law enforcement officials, we may not be able to ensure that those officials will maintain the privacy and security of your Personal Data.
We use session and persistent cookies. Session cookies are deleted when you close your browser. Persistent cookies may remain even after you close your browser, but always have an expiration date. Most of the cookies placed on your device through our Services are first-party cookies, since they are placed directly by us.
If you would prefer not to accept cookies, you can change the setup of your browser to reject all or some cookies. Note, if you reject certain cookies, you may not be able to use all of our Services’ features. For more information, please visit https://www.aboutcookies.org/.
You may also set your browser to send a Do Not Track (DNT) signal. For more information, please visit https://allaboutdnt.com/. Please note that our Services do not have the capability to respond to “Do Not Track” signals received from web browsers.
Data Integrity & Security
We have implemented and will maintain technical, administrative, and physical measures that are reasonably designed to help protect Personal Data from unauthorized processing. This includes unauthorized access, disclosure, alteration, or destruction.
Access & Review
It is Vault Verify’s policy to provide individuals with access to their Personal Data that Vault Verify holds and to provide them with a means to request the correction, amendment, or deletion of that information where it is inaccurate. Any inquiries related to Personal Data contained in the databases we maintain on behalf of Clients should be directed to the relevant Client itself. If you are a current or former employee of a Client, you can register with Vault Verify for access to your personal employee portal account. To submit these requests or raise any other questions, please contact us by using the information in the “Contact Us” section below.
We are committed to providing individuals with clear, conspicuous, and readily available mechanisms to exercise choice regarding their Personal Data. Therefore, if a customer has no further need—or desire—for our Services and chooses to opt out we make the changing, updating, deleting, or deactivation of Personal Data a simple process
If we have received your Personal Data in reliance on the Privacy Shield, you may also have the right to opt out of having your Personal Data shared with third parties and to revoke your consent to our sharing your Personal Data with third parties. You may also have the right to opt out if your Personal Data is used for any purpose that is materially different from the purpose(s) for which it was originally collected or which you originally authorized. To submit these requests or raise any other questions, please contact us by using the information in the “Contact Us” section below.
Privacy of Children
The Services are not directed at, or intended for use by, children under the age of 13.
EU-U.S. Privacy Shield Framework
For Personal Data processed in the scope of this Policy, Vault Verify complies with the EU-U.S. Privacy Shield Framework (the “Privacy Shield”), as adopted and set forth by the U.S. Department of Commerce regarding the processing of Personal Data transferred from the European Union, the European Economic Area, or the United Kingdom to the United States, or otherwise received in reliance on the Privacy Shield. We commit to adhere to the Privacy Shield Principles and have certified our adherence to the Department of Commerce.
Where a privacy complaint or dispute cannot be resolved through our internal processes, we have agreed to participate in the VeraSafe Privacy Shield Dispute Resolution Procedure. Subject to the terms of the VeraSafe Privacy Shield Dispute Resolution Procedure, VeraSafe will provide appropriate recourse free of charge to you. To file a complaint with VeraSafe and participate in the VeraSafe Privacy Shield Dispute Resolution Procedure, please submit the required information here: https://www.verasafe.com/privacy-services/dispute-resolution/submit-dispute/
FOR HR DATA ONLY – If a complaint or dispute cannot be resolved through our internal process, we have agreed to cooperate with the EU data protection authorities and to participate in the dispute resolution procedures of the panel established by such data protection authorities.
If your dispute or complaint can’t be resolved by us, nor through the dispute resolution program established by VeraSafe, you may have the right to require that we enter into binding arbitration with you under the Privacy Shield’s “Recourse, Enforcement and Liability Principle” and Annex I of the Privacy Shield.
U.S. Regulatory Oversight
Vault Verify is subject to the investigatory and enforcement powers of the United States Federal Trade Commission.
Changes to this Policy
If we make any material change to this Policy, we will post the revised Policy to this web page. We will also update the “Effective” date. By continuing to use our Services after we post any of these changes, you accept the modified Policy.
If you have any questions about this Policy or our processing of your Personal Data, please write to our Vice President of Client Experience by email at [email protected] or by postal mail at:
Attn: Vice President of Client Experience
1597 Industrial Drive
New Smyrna Beach, FL 32168
Please allow up to four weeks for us to reply.