Privacy policy

Checkr Foundation Privacy Policy
Effective Date: November 15, 2023

This Privacy Policy (“Policy”) describes how Checkr Foundation, including its affiliates, (“Checkr” or “we” or “our”) collects, uses, discloses, and processes personal information (“Personal Data”) in connection with Checkr’s website (https://checkr.org) (“Website” or “Site”). Please note that by using Checkr’s Site, you are agreeing that you have read and agree to this Policy.

We believe privacy policies should be transparent, accessible and help you find the information you need. The information we collect and how we use it will depend on how you interact with us. See the definitions below to determine which type of user you are:

Consumers: Consumers are individuals Checkr has received information about for the purpose of using the Site. This information may come directly from Consumers.

Site Visitors: Customers are organizations or individuals that use the Services.

Workers: Workers are Checkr employees, contractors, directors or officers.

This Privacy Policy applies to our processing of the Personal Data of Consumers and Site Visitors. If you are a Worker, please review our separate privacy notice to learn more about how we process your Personal Data. With the type of user in mind, you can navigate our Privacy Policy through the Table of Contents below.

Table of contents

1. What information does Checkr collect through the Site?

Checkr collects certain information that relates directly to the Consumer. Checkr may also collect limited information related to Site Visitors. In the past 12 months, Checkr has collected the following categories of Personal Data:

  • Identifiers, such as name, date of birth, online identifiers, phone number, email address, postal address;
  • Internet or other electronic network activity information, such as, IP address, browser type, device type, operating system and version, browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site;
  • Inferences drawn from Personal Data to create a profile about a consumer reflecting the consumer’s preference, characteristics, behavior, abilities, and aptitudes; and
  • Communications information, such as support communications (including the content and metadata relating to such communications) to assist Site Visitors.

2. How does Checkr collect your information?

In the past 12 months, Checkr collected information from the following categories of sources:

Information You Submit To Us
Checkr collects Personal Data submitted directly to Checkr via our site or by email; and Personal Data including name, email address and general business information provided in contact requests, in browser chats, and/or with Checkr agents. Checkr may maintain records of communications submitted through the Site.

Automatically Collected Information
When Consumers or Site Visitors visit the Site, we automatically gather certain Internet or other electronic network activity information, including technical and usage information, which may be associated with your user account. Technical Information also includes “Cookies,” which are small text files containing a string of alphanumeric characters that are downloaded by your web browser when you visit a website. In certain jurisdictions (including the EEA, UK, California, and Virginia), we present Site Visitors with a cookies banner which enables you to adjust your cookies settings.

3. How does Checkr use the collected information?

In the past 12 months, Checkr used all categories of data described in Section 1 to:

  • To Provide the Site: Checkr uses collected information to provide the Site to all users. Checkr may reuse certain personal information when such use is compatible with the context in which the personal information was collected. For example, we may pre-fill certain personal information you previously provided so we can offer you a more convenient experience.
  • To Communicate with You: Checkr uses collected information to communicate with you, such as by phone, mail, email, in-browser chat, or SMS to facilitate the delivery of information. Where appropriate, Checkr may send you product announcements and special promotions from Checkr or our business partners, or to administer participation in special events, surveys, contests and sweepstakes.
  • To Meet Legal and Compliance Requirements: Checkr may use the collected information to: i) comply with any applicable procedures, laws, and regulations, subpoenas, governmental requests or legal process; ii)  in connection with a legal investigation, if in our good faith opinion such is required or permitted by law; iii) protect the rights, property or safety of Checkr, our Consumers, or third parties; (iv) prevent fraud or abuse of Checkr or our users; or (v) perform a task carried out in the public interest.
  • To Provide Security: Checkr uses collected information to create Consumer account credentials, to verify identity prior to granting access to account information, to validate against existing information maintained by Checkr, to protect against duplicate or unauthorized account creation, to secure the Site, and to address fraud, abuse or safety concerns of Checkr or Consumers, including investigation of complaints or suspected fraud or wrongdoing.
  • To Improve our Systems: Checkr uses collected information to continuously improve system functionality through quality assurance checks and audits, to troubleshoot problems, and to verify, improve, or maintain the quality or safety of the Site.
  • Business Transaction or Reorganization: Checkr may be involved with a transaction such as a merger, acquisition, joint venture, financing, or sale of company assets. In connection with such a transaction, Checkr may disclose personal information to a third party. Personal information may be disclosed as part of an insolvency, bankruptcy, or receivership.
  • To Conduct Research and Marketing: Where permitted by law, we may disclose information to non-affiliated third parties for research and marketing purposes. To help us build a product that best serves our diverse customer and candidate population, we may ask research participants for their voluntary consent to provide demographic information, such as racial or ethnic origin and sexual orientation. To learn more about how Checkr protects sensitive data, see California and Other State Privacy Laws.
  • As otherwise permitted by law.

In using the above categories of data, Checkr strives to adhere to a philosophy of data minimization so as to use only the data necessary to complete any of the above activities.

Data Retention
Checkr will retain collected information in accordance with applicable laws. See Section 6 below for instructions on how to request deletion of your Personal Data.

Anonymized Information
We may use and share anonymized information without limitation, including sharing with third parties. This includes anonymized, pseudonymized, aggregated, or de-identified information about Consumers, Site Visitors, and information collected from third parties, including public records.

4. When does Checkr share collected information?

Checkr shares Personal Data with authorization from a Consumer or when otherwise permitted by law. Checkr shares Personal Data with the following categories of third parties:

  • Checkr affiliates and partners;
  • Service Providers;
  • Government Entities; and
  • with authorization from a Consumer

In the past 12 months, Checkr has shared the categories of data described in Section 1 with the above third parties with consent, for a legitimate business purpose, or as required by law.

To learn more about how Checkr respects the “Do Not Share” right of California residents, see California and Other State Privacy Laws.

5. Will you receive notices and disclosures electronically?

Yes. See How can you contact Checkr with more questions? below.

Method of Providing Communications to You in Electronic Form
All Communications that we provide to you in electronic form will be provided either (1) via email, telephone or text, or (2) by requesting you download a PDF file containing the Communication.

Your Consent to Electronic Disclosures

By creating an account and/or requesting information, you acknowledge and agree that:

  • You can access and read the information we post on our website or mobile app;
  • To provide an email address that is active and effective for receiving emails from us;
  • To receive electronically on our website, app, or via email notices and disclosures, required by law related to your account; and
  • You have received the following disclosures as required by the federal Electronic Signatures in Global and National Commerce Act (“ESIGN”).

Please read this Federal ESIGN disclosure and consent carefully and keep a copy for your records. Your consent is voluntary, but we cannot provide the certain services to you if you do not consent. If you are unwilling to receive these disclosures and notices electronically, you may terminate the creation of your account by closing your browser at any time before you create an account.

Accurate Contact Information
It is your responsibility to provide us with true, accurate, and complete contact information, such as email address, and other information related to your account, and to maintain and update promptly any changes in this information. If you give us an incorrect email address or fail to update or correct your email address, an electronic communication will be deemed provided to you if we use the email address in our records for the electronic communication.

Scope of Communications to Be Provided in Electronic Form
Your consent to receive electronic communications and transactions includes, but is not limited to, all legal and regulatory notices or disclosures and communications associated with your account, your request for a background check, and any product or service we agree to provide you (each, a “Communication”).

How to Withdraw Consent
You may at any time withdraw your consent to receive Communications in electronic form. To begin receiving Communications in paper form, please contact us at the following address: One Montgomery Street, Suite 2400, San Francisco, CA 94104. Please specify the information you wish to receive in paper form. Be sure to state that you are requesting a copy of the disclosures, notices, etc., and include your name and mailing address. Your request will apply only to those specific items you designate. We will not impose any fee to process the withdrawal of your consent to receive electronic Communications. Any withdrawal of your consent to receive electronic Communications will be effective only after we have a reasonable period of time to process your withdrawal.

Required Equipment
In order to use the Site and to view and retain a copy of this Policy and certain Communications, you understand that you must have a computer or device equipped with at least: a browser with 128-bit encryption, a current version of a software that can open and display PDF files (e.g., Adobe), and either a printer or other electronic storage device.

Retaining Copies of the Communications
To retain a copy of any Communication we provide electronically, you can download an electronic copy to your computer or a storage device (such as a disk or USB storage device), request a copy by email, or print copies on a printer attached to your computer. You will not be charged for a downloaded or emailed copy.

6. How can you delete information about you?

We offer certain privacy resources regardless of where you are located, as described below. Please note that if you reside in certain jurisdictions, you may have additional rights. If you reside in California, Colorado, Connecticut, or Virginia, see California and other state privacy laws; you reside in the European Economic Area (“EEA”) or UK, see GDPR and Other International Considerations.

You may request deletion of your data by sending an email to foundation@checkr.com.

7. California and other state privacy laws

If you reside in California or certain other states (including those listed below), you may have rights under applicable state privacy laws, such as the California Consumer Privacy Act and the California Privacy Rights Act (collectively, “CPRA”), the Colorado Privacy Act (“CPA”), the Connecticut Data Privacy Act (“CTDPA”), or the Virginia Consumer Data Protection Act (“VCDPA”) (collectively, “State Privacy Law” or “State Privacy Laws”).

California, Colorado, Connecticut, and Virginia residents may learn more about their rights below:

  • Right to know: California, Colorado, Connecticut, and Virginia residents have the right to know what categories of Personal Data have been collected about them, and whether such Personal Data has been disclosed or sold for a business purpose in the past 12 months.
    • For a description of the categories of Personal Data that Checkr has collected in the past 12 month, see the section above entitled, What information does Checkr collect through the Site? Checkr retains this Personal Data in accordance with applicable laws.
    • For a description of the categories of Personal Data that Checkr has disclosed for a business purpose in the past 12 month, see the section above entitled, What information does Checkr collect through the Site? Checkr does not sell your Personal Data. However, Checkr may share Site Visitors’ cookies data for the purposes of cross-contextual behavioral advertising. When required by applicable State Privacy Law, we present a banner which enables Site Visitors to exercise their applicable opt out rights relating to such processing, including “Do Not Share” in California. Please click on the opt out button if you would like to opt out of such processing.
    • For a description of the categories of third parties with whom Checkr has disclosed Personal Data for a business purpose in the past 12 month, see the section above entitled, When does Checkr share collected information?
  • Access: California, Colorado, Connecticut, and Virginia residents have the right to request access to their Personal Data.
  • Deletion: California, Colorado, Connecticut, and Virginia residents have the right to request the deletion of certain Personal Data.
  • Right to Non-Discrimination: Checkr enforces a strict non-discrimination policy when you exercise your rights.
  • Rights relating to sensitive personal information. Prior to processing the sensitive personal information of Colorado, Connecticut, or Virginia Consumers, Checkr obtains Consumer consent, except for in circumstances where an exemption applies under the applicable State Privacy Law. Checkr may process the sensitive personal information of Colorado, Connecticut, or Virginia Consumers, including the following categories: racial or ethnic origin, health, sexual orientation, and citizenship or immigration status.
  • California residents have the right to limit processing of sensitive personal information under the CPRA. Checkr will help you exercise these rights free of charge, where applicable.

Submitting a request via our support portal is the best way to contact us; you may also submit a request via email at support@checkr.com. If you make a request under a State Privacy Law, we may need to take additional steps to verify your identity.  If you designate an authorized agent to make a request on your behalf, we may require you to provide the authorized agent written permission to do so and to verify your own identity directly with us.

Regardless of where you are located, you may use the tools described above to request deletion of your information.

8. Does this Policy apply to third parties or third-party links?

No. The Site may contain links to third-party websites, but this Policy does not apply to information that you may provide to or that may be collected by such third parties. We encourage you to review such third parties’ privacy policies and terms and conditions before engaging with such third parties.

9. What choices do you have about email and text communications from Checkr?

Promotional Emails:
Subject to any restrictions under applicable laws, we may send periodic promotional or informational emails to you. You may opt-out of such communications by clicking the unsubscribe link in the email. Please note that it may take up to 10 business days for us to process opt-out requests. If you opt-out of receiving emails about recommendations or other information we think may interest you, we may still send you emails you have requested from us.

Opting Out of Checkr Text Messages:
The number of text messages you receive may depend upon factors and whether you take steps to generate additional text messages from us (such as by sending a HELP request). If you no longer want to receive Checkr text messages, you may reply STOP to our messages at any time. After doing so, we will send you confirmation of your opt-out via text message. If you have revoked consent and want to re-enroll in our text message program, you can re-enroll by submitting an email to foundation@checkr.com.

10. How does Checkr protect your information?

Checkr maintains industry standard physical, technological, and administrative safeguards to help protect the security and privacy of the information we maintain about you. We may use such safeguards as encryption, multi-factor authentication, and other proactive security measures to help protect your information against unauthorized access and disclosure. However, no security measures are 100% effective. You should take steps to protect against unauthorized access to your information, passwords, accounts, phones, computers, and other devices.

11. GDPR and Other International Considerations

GDPR and UK GDPR

In the EEA and UK, we present Site Visitors with a cookies banner asking for your affirmative consent to non-essential cookies.

If you reside in the EEA or UK, you have the right to submit a data subject access request (“DSAR”) under the General Data Protection Regulation or UK General Data Protection Regulation (“GDPR”), including requests to delete and object to certain processing of your information. You can exercise many of these rights by visiting the links described above in How can you delete information about you? In addition, you may submit a DSAR request to foundation@checkr.com.

Data Storage
Checkr uses infrastructure primarily located and operated in the United States. Checkr may also use partners or affiliates located in countries outside the US to store, process, and transmit your information. If you are located in the EEA, UK, or another region with comparable data protection laws, your personal information may be transferred to a jurisdiction that does not have the same level of legal protections.

Personal Information Disclosure: United States or Overseas
For more information on how Checkr handles cross-border transfers of personal information, please read the remainder of this section below.

Data Transfer and Standard Contractual Clauses
Checkr may transfer, store, or process your Personal Data in a country outside your jurisdiction, including countries outside the EEA and UK. We take appropriate safeguards with respect to such cross-border data transfers. For example, if we transfer Personal Data from the EEA or UK to another country, such as the United States, we will implement an appropriate data transfer solution such as entering into “standard contractual clauses” approved by the European Commission or competent UK authority (as applicable) with the data importer, or take other measures to provide an adequate level of data protection under EEA and UK law. Checkr may also rely on the active consent of EEA based data subjects. Data from EEA based data subjects is processed with consent, to fulfill our legitimate interests to produce a data subject’s requested background check, and to fulfill our contractual obligations.

Additional Information for Canadian Users
This Policy applies to Consumers and Site Visitors in Canada. However, to the extent that this Policy is inconsistent with any applicable Canadian laws, Checkr will comply with the applicable law for Consumers and Site Visitors in Canada. For example, Checkr will only send commercial electronic messages to persons located in Canada with explicit, opt-in consent, unless otherwise permitted pursuant to Canadian legislation that is applicable to such activities.

In addition, Personal Data that is collected may be transferred outside Canada. Therefore, such information may be accessible to law enforcement and national security authorities in the jurisdiction(s) where it is stored or processed.

Canadian Consumers will be notified of any material changes to this Policy, where such a change would result in use or disclosure of their personal information by Checkr in a manner not contemplated by this Policy or reasonably expected by the individual.

Privacy Shield
Checkr complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.  Checkr has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF.  Checkr has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Checkr is accountable for Personal Data that it receives in the United States under the Privacy Shield and subsequently transfers to a third party as described in the Privacy Shield Principles.  In particular, Checkr remains liable under the Privacy Shield Principles if third-party service providers engaged by Checkr to process Personal Data on its behalf do so in a manner inconsistent with the Privacy Shield Principles, unless Checkr is not responsible for the event giving rise to the damages.

In certain situations, Checkr may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Pursuant to the Privacy Shield Frameworks, EEA and Swiss individuals have the right to obtain our confirmation of whether Checkr maintains personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, should direct their request to our support portal. If requested to remove data, we will respond within a reasonable timeframe.

Checkr is responsible for the processing of Personal Data we receive and subsequent transfers to a third party acting as an agent on our behalf, under the Privacy Shield Frameworks. Checkr complies with the Privacy Shield Principles for all onward transfers of personal data from the EEA and Switzerland, including the onward transfer liability provisions.

With respect to Personal Data received or transferred pursuant to the Privacy Shield Framework, Checkr is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.

In compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF), Checkr commits to resolve complaints about our collection or use of your personal information transferred to the U.S. pursuant to the EU-U.S. DPF, the UK extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. EU, UK, and Swiss individuals with inquiries or complaints should first contact Checkr.

Checkr has further committed to refer unresolved DPF Principles-related complaints to a U.S.-based independent dispute resolution mechanism, BBB NATIONAL PROGRAMS. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbbprograms.org/dpf-complaints for more information and to file a complaint. This service is provided free of charge to you.

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf

Our Legal Bases for Processing Your Information
Laws in certain jurisdictions, such as the GDPR in the EEA, require the controller to identify their legal bases for processing Personal Data. Checkr is sometimes a controller and sometimes a processor. When we collect and use the Personal Data of Site Visitors, we are always a controller. When we collect and use the Personal Data of Consumers, we are sometimes a controller and sometimes a processor.

In other cases, Checkr acts as a controller, and is therefore responsible for identifying a legal basis for each processing purpose. We rely on different legal bases to process your information for the various purposes described in this Privacy Policy.

For each legal basis below, we describe the purposes of our processing (why we process your information) and our processing operations (how we process your information to achieve each purpose). We also list the categories of your information that we may process for each purpose.

You also have particular rights available to you depending on which legal basis we use. No matter what legal basis applies, you always have the right to request erasure of your information. To exercise your rights, see
How can you delete information about you?.

Compliance With A Legal Obligation
We process information to comply with a legal obligation including, for example, to access, preserve or disclose certain information if there is a valid legal request. New laws may be enacted or other obligations may become binding on our processing and we will update the list of laws from time to time.

Why And How We Process Your Information
 Information Categories We May Use

 
Sending legally mandated notices about your personal information Identifiers

Communications information
Complying with audit, retention and other obligations imposed by the third-party source of personal information Internet or other electronic network activity information (such as user information API logs)

Communications information

Legitimate Interests

We rely on our legitimate interests or the legitimate interests of a third-party, such as our users, where they are not outweighed by your interests or fundamental rights and freedoms (“legitimate interests”):

Why And How We Process Your Information Legitimate Interests Relied On Information Categories We May Use
Securing Checkr systems and protecting against abuse, including but not limited to security investigations, audits, and ongoing monitoring It is in our interest and interests of users to secure Checkr systems, detect and respond to abuse, and promote safety and security of our systems. Identifiers

Communications
Internet or other electronic network activity information (such as usage information, logs, and device and connection information)
Recording and reviewing communications It is in our interests to retain personal information for investigations or regulatory inquiries and litigation or other disputes, to continuously improve and develop the customer support we provide. Identifiers

Communications information (such as call and email logs)
Responding to data subject requests (including deletion and access requests) It is in our interest and interests of users to provide support services users. Identifiers

Communications information (such as call and email logs)
Complying with audit, retention and other obligations imposed by the third-party source of personal information It is in our interests to retain personal information for investigations or regulatory inquiries and litigation or other disputes. Identifiers

Internet or other electronic network activity information (such as user information API logs)

11. Changes to the Privacy Policy

Checkr reserves the right to change this Policy at any time. Please check this page periodically for changes. Your continued use of our Site following the posting of changes to this Policy will mean you agree with, and consent to be bound by, the new revised Privacy Policy.

12. How can you contact Checkr with more questions?

If you have any questions, concerns or complaints about our Policy or Checkr’s handling of your personal information, submitting an email to foundation@checkr.com. You may also contact us via the following methods:

Checkr Foundation
Attn: Privacy Questions
One Montgomery Street, Suite 2400
San Francisco, CA 94104
foundation@checkr.com

In addition to those rights, you have the right to contact your relevant supervisory authority. However, we encourage you to contact us first, and we will do our very best to resolve your concern.