Sterling Talent Solutions Canada Privacy Statement

Privacy Mission Statement

Sterling Talent Solutions is committed to the protection of individual privacy rights. We hold ourselves to the highest legal and ethical standard for compliance and strive to be a privacy champion in the background screening industry. We value the trust placed in us by clients, colleagues and suppliers and work to maintain that trust by building privacy protection into everything we do.

Definitions

  • Sterling Talent Solutions, we or us means Sterling Talent Solutions Canada Corp.
  • Personal information means any information about an identifiable individual.
  • Data subject means the individual that personal information is about.
  • Client means a company or individual that has engaged us to perform background checks or human resources services.

Contact Information

Sterling Talent Solutions Canada Corp.
Privacy
Suite 200 – 19433 96th Avenue
Surrey, BC V4N 4C4

In Quebec:
Sterling Talent Solutions Canada Corp.
Protection des renseignements personnels
1150-2021, avenue Union
Montréal (QC) H3A 2S9

privacy@sterlingbackcheck.ca

1-866-455-5671

Core Privacy Principles

Accountability
We are accountable for our privacy practices

We are responsible for safeguarding the personal information entrusted to us. Sterling Talent Solutions has appointed a team of privacy professionals (the ‘Privacy Team’) which ensures we comply with this Privacy Statement, the law, our contractual obligations and the rights of individuals. The Privacy Team provides training and guidance on privacy matters, and investigates concerns and complaints from colleagues, clients, individuals or government agencies. We take privacy concerns and complaints seriously and investigate and respond to them in good faith.

We have personal information that is subject to various Canadian privacy laws, including the federal Personal Information Protection and Electronic Documents Act, the British Columbia Personal Information Protection Act, the Alberta Personal Information Protection Act, the Quebec Act respecting the protection of personal information in the private sector, and federal, provincial and territorial public-sector privacy laws. Some information in our custody is also subject to foreign data protection and privacy laws. Additionally, some personal information in our custody is under the legal control of a client, in which case it is also subject to the terms of our contract with that client.

Regardless of the rules that govern it, all personal information in our custody or control is subject to the strict standards set forth in this Privacy Statement. However, when our legal obligations go beyond or contradict part or all of this Privacy Statement, we will comply with those obligations.

If, after reading this Privacy Statement, you still have a question, concern or complaint about our privacy practices or how we will handle or have handle your personal information, or feedback about this Privacy Statement, please contact us. If you are unsatisfied with our response to your concern and would like to escalate your complaint to a regulatory body, we will inform you upon request of the complaint procedures available to you.

The Privacy Director is the designated individual responsible for ensuring compliance with Canadian privacy laws and the promises we have made in this Privacy Statement.

Fairness and Transparency
We handle personal information in line with data subjects’ expectations and the law.

We only collect and use personal information with the consent of the data subject or where there is a legitimate purpose. The data subject may withdraw consent for use of the information at any time.

Most of the personal information we collect is for one or more of the purposes listed below. After each purpose, there is more information about how we notify data subjects of the purposes for collecting that personal information and obtain their consent to do so.

To perform and maintain records of background checks or other human resources services, either for our clients or individuals.

We collect personal information from our clients’ employees, job applicants, and contractors, as well as from users of our myBackCheck.com platform, to perform background checks and other human resources services. When collecting personal information for these purposes, we or our client will provide notice of the specific purposes for which the personal information will be used (for example: verification of past employment or education; criminal record check; credit inquiry, etc.) and collect consent from the data subject by electronic or handwritten means. Consent can be withdrawn at any time. On request, our Privacy Team will tell the data subject how to withdraw consent for use of personal information and the consequences of doing so.

The types of personal information collected to complete background checks vary. They include full name, date of birth, place of birth, address history, work history, education history, criminal convictions, telephone and email contact information, government-issued identifying numbers, and identity documents, among others. We only require the types of personal information that are needed to complete the services we have been asked to complete, and if a type of information is optional, it will be indicated as such. Any questions about why a specific type of personal information is required can be directed to the person requesting the information or our Privacy Team.

To establish and manage relationships with our clients or prospective clients.

We collect personal information from clients and potential clients to communicate about our services and about their orders. This may include solicitations to purchase additional services. Consent for collection and use of this information is usually implied, based on public availability of contact information or a decision on the part of the data subject to communicate with us about our services. Data subjects can withdraw or withhold consent for use of their personal information for marketing purposes by contacting their Sterling Talent Solutions representative or the Privacy Team. Data subjects can withdraw or withhold consent for collection or use of their personal information for the purposes of communicating about services that have been ordered, but that may prevent them from placing orders with us.

To track usage of, and communication through, our marketing web site.

The information we gather through our marketing website (http://www.sterlingtalentsolutions.ca) falls into two categories:

(1) Information voluntarily supplied by visitors to the site, for example, when they subscribe to our email newsletters or use a form to request information, is used to communicate with people who have expressed an interest. This may include marketing messages. Data subjects may withdraw consent for future communication at any time. Our email messages carry unsubscribe mechanisms, and you can also contact us to be removed from our lists.

(2) Tracking information gathered as visitors navigate through our website, review our email newsletters and other email messages, and “like” or share content through social media, or our “send page by email” function. This information may be collected directly by us or it may be collected by third-party service providers on our behalf, such as Google Analytics, Pardot, LeadLander and Salesforce. Social media sites may gather information as well, through processes we don't control. This information is used to measure traffic patterns and to assist us in setting marketing priorities. This information is usually only collected, kept and used in anonymized, aggregate format, but if you would like to inquire about more specific personal information that we may have collected, please contact us.

Proportionality
We ensure that we collect, use and retain only the personal information we need for a specified purpose. We do this by observing a number of more specific principles:

Limiting purposes
We do not use personal information for purposes that are incompatible with those that were identified when the information was first collected, unless the data subject has consented to the new purpose or it is required by law.

When handling personal information, we will use it in accordance with the purposes that were set out when the information was collected and will not reuse the information for other purposes without the data subject’s consent, unless the new purposes are compatible with the original purpose and would fit within the data subject’s reasonable expectations for how the personal information should be used.

Limiting collection, use and disclosure
We avoid the collection, use and disclosure of personal information that is not necessary for the purposes we have identified, unless required by law.

We will endeavour to collect the right amount of personal information – not too little or not too much – to achieve the purpose at hand, and similarly we will only process personal information to the extent necessary for that purpose. From time to time we may need to disclose personal information to a third party. We will only disclose the minimum amount of information that must be disclosed, and disclosure will generally be done only with the knowledge and consent of the data subject, or if it is reasonable to assume the data subject would expect the disclosure. There may be circumstances where we are required by law to disclose personal information without the consent of the data subject, in which case we will fulfill our legal obligations.

Retention
We only retain personal information long enough to fulfill the purpose for which it was originally collected, to fulfill our legal obligations, or to allow data subjects to exercise their rights under the law.

We will retain personal information for the minimum amount of time necessary to fulfill the purposes for which it was collected and comply with our legal and contractual obligations. Some kinds of information must be available for a certain amount of time for audit purposes: for example, we must keep criminal record check documents for a minimum of two years, and we must keep information about credit checks for a minimum of six years. We also retain personal information to allow the data subject to exercise any legal recourse, such as requesting access to your information or filing a complaint with a privacy commissioner. Once we no longer have a reason to retain personal information, it will be deleted or rendered anonymous.

Quality and Accuracy
We take reasonable steps to ensure that personal information is accurate, complete and, where necessary, kept up to date.

We do our best to ensure that the information we have is accurate. When collecting personal information from a data subject or a third party, we will ensure our records match the information as we received it, but we are not responsible for the accuracy of information collected from others. If we have reason to believe that personal information we have is inaccurate, we will take steps to correct it. When it is appropriate and necessary to keep information up to date, we will do so. However, personal information collected as part of a background check or other human resources service normally has a date associated with it and is a snapshot in time rather than a living record. This means that we will take steps to ensure it is accurate at the time of collection, but generally will not update it if it changes at a later date.

Security
We ensure personal information in our custody is kept secure.

We take the necessary technical and organizational measures to ensure personal information is secured against accidental access, destruction, loss, modification or disclosure, and take appropriate steps to reduce or eliminate harm in case of a breach. We do not transfer personal information to third parties or overseas when it is prohibited by law. When it is permitted to transfer personal information, we ensure that the protections afforded by this Privacy Statement are applied to information that has been transferred as well.

Our information security systems and practices have been vetted and approved by many of our clients, including banks, crown corporations, telecommunications firms and other highly trusted organizations. For more information about our information security practices, contact us.

In the unlikely event that there should be a breach affecting personal information, we have a detailed incident management plan to rapidly contain the breach and minimize harm that may come to the data subject as a result. When appropriate or legally required, we will ensure that the appropriate parties are notified that personal information has been compromised and let them know what we are doing to rectify the problem.

In some cases we may need to transfer personal information to a third-party service provider or to our parent company or its subsidiaries outside of Canada. We will not transfer data outside of the country when such a transfer would be prohibited by law or a contractual agreement. When personal information is transferred to another country or to a service provider, it continues to be subject to the protections in this privacy statement and the laws that apply where it was collected. However, personal information transferred to another country may be subject to the laws of that country as well.

Personal information held by Sterling Talent Solutions is stored on secure servers located in Calgary, Alberta, Canada. It is accessed remotely through secure connections by our employees around the world as appropriate and necessary to carry out the purposes for which it was collected. Access to personal information is restricted to employees who need to access it, including but not limited to data entry specialists, order fulfillment specialists and customer service representatives.

Individual Participation
We help individuals understand and exercise their legal rights with respect to the personal information entrusted to us.

All individuals have the right to know whether we hold personal information about them and, if we do, how it has been or will be used. They have a right to access personal information about themselves upon request, with reasonable limitations as provided by law. Individuals have the right to dispute the accuracy of their personal information and, if their dispute is successful, have their information updated as appropriate. We inform individuals about their rights upon request and as required by law, and take reasonable steps to assist them in exercising those rights.

Our Privacy Team is here to ensure that data subjects’ privacy rights are respected. On request from an individual, we will indicate whether we have personal information about that individual. In most cases, we will also indicate what information we have, where we got it, how it has been or will be used, to whom it has been or will be disclosed and how long it will be retained.

Access Requests: If a data subject would like to receive printed copies of some or all of his or her personal information in our custody, we will indicate how to make that request and we will comply in accordance with applicable law. In some cases we may not be permitted to discuss or disclose personal information that is under the legal control of our client. In those cases, we will direct the data subject to the person or organization that can assist. Finally, in some situations we may refuse to provide access to some personal information. Among others, this includes situations where the disclosure would expose confidential information about us or a third party, or the disclosure is prohibited by law. For example, we will generally not disclose the details of reference interviews, as they contain the opinions of third parties. If we cannot provide access to personal information, we will indicate the legal basis for the refusal or provide reasonable assistance to obtain the information from another source.

Disputes: If a data subject feels that personal information in our custody is inaccurate or incomplete, our Privacy Team will investigate the dispute and update the personal information as appropriate. Even if a dispute is not resolved in the data subject’s favour, we will nevertheless make note of it in the file.

We will endeavor to provide reasonable accommodations for individuals with disabilities, or whose situation otherwise prevents them from communicating with us or accessing their personal information according to our standard practices.

To request access to personal information, to dispute its accuracy or to request special accommodations, please contact us.

Privacy by Design
We build privacy into everything we do.

We subscribe to the concept of Privacy by Design. This means that we take a proactive approach to privacy. Rather than trying to fix privacy problems as they come up, we aim to prevent them entirely. Before a new system, product or procedure is developed, or an existing one is modified, we carefully review any effect it may have on personal information to ensure our Core Privacy Principles are upheld.

To read more about Privacy by Design, please visit http://www.privacybydesign.ca.

Training and Awareness

Our Privacy Team consists of dedicated privacy professionals, some of which hold certifications from the International Association of Privacy Professionals. Privacy Team members keep abreast of changing privacy rules and practices in Canada and around the world through regular engagement with privacy professionals from other organizations and participation in continuing professional education programs.

All Sterling Talent Solutions employees receive comprehensive privacy training tailored to their job function at the beginning of employment and at regular intervals throughout their employment. The Privacy Team is actively engaged with all areas of our business to ensure that our privacy obligations are understood and followed.

Control of Personal Information

We have some personal information in our systems that may not be under our legal control because it belongs to one of our clients. This includes personal information provided to us by public bodies subject to the Privacy Act or similar provincial legislation. Whenever it is in our custody, information that is not under our control is handled in accordance with this Privacy Statement to the extent permitted by the contractual agreement with our client. If you would like clarification as to who controls your personal information, contact us.

Sterling Talent Solutions does not make decisions on behalf of our clients as to what types of background check services to request. Our role is to complete the services as ordered, provided we have the data subject’s consent to do so. We also do not know how personal information will be used once it has been disclosed to our client. Any questions about why certain types of background checks have been requested or how the results will be interpreted or used should be directed to the requesting organization.

Government, Law Enforcement or Judicial Disclosure

We may be asked by law enforcement agencies, courts or other public bodies to disclose personal information without notice to or consent from the data subject. If we are subject to a production order, warrant, subpoena or other enforceable demand, we will comply as required by law. If we receive a request to provide information voluntarily, we will consider the interests of the data subject, our business interests, impact to our clients, public safety implications and our legal obligations prior to deciding whether to disclose personal information. If appropriate and permitted by law, we will notify affected data subjects or clients of the disclosure, or make information about the disclosure available upon request.