CARCO Group Safe Harbor Privacy Policy
As part of our commitment to privacy, CARCO Group, Inc. (“CARCO”) adheres to the United States Department of Commerce Safe Harbor Principles (“Safe Harbor Principles”) when we transfer consumers’ personal information from the European Union to the United States as reflected in this Safe Harbor Privacy Policy. We also comply with U.S. laws, particularly the Fair Credit Reporting Act (“FCRA” 15 U.S.C. §§ 1681 et seq.) and its state counterparts, where applicable, which provide rigorous privacy protections for consumer personal information. In the event of a conflict between this Safe Harbor Privacy Policy and the FCRA or other laws, CARCO will comply with our legal requirements. CARCO’s Safe Harbor Privacy Policy includes the following principles:
1. NOTICE
At CARCO, we notify individuals about the purposes for which we collected and use information about them, choices they have regarding certain uses and disclosures of their personal information, and how to contact us with inquiries or complaints. We provide this notice either directly or through our customers who, in the employment context, provide consumers with FCRA-mandated notices. CARCO collects and maintains consumer personal information for the purpose of providing a variety of information products to employers and other customers. For example, we collect employment, education, and criminal history information for the purpose of providing employment screening services to employers. We also provide information for non-FCRA purposes such as reports for investigative or due diligence purposes. In all cases where these products are not regulated by the FCRA and contain consumer personal information from the EU, we apply this Safe Harbor Policy.
2. CHOICE
In many cases, the reports that we prepare are with the express consent of the individual. For example, the subject of a consumer report issued for employment purposes must provide express authorization (“opt-in”) before CARCO may furnish the report.
In addition, in the case that we transfer sensitive consumer information from the EU to the U.S., we require (with some exceptions) the consumer to opt-in before their sensitive information is disclosed to a third party or used for a purpose other than its original purpose or the purpose authorized subsequently by the individual through the exercise of opt-in choice. That is, we will not disclose sensitive consumer information to third parties unless the consumer expressly indicates that we may do so. “Sensitive information”, for purposes of the Safe Harbor Principles, includes data specifying medical or health conditions, racial or ethnic status, political opinions, religious or philosophical beliefs, trade union membership, or sexual orientation and activity.
In other cases, where an opt-in is not provided, we give individuals the opportunity to choose (“opt-out”) whether their personal information will be disclosed to a third party or used for a purpose incompatible with the purpose for which it was originally collected or subsequently authorized by the individual We are dedicated to making the opt-out mechanism quick, easy, and affordable. Therefore, consumers may opt-out by contacting CARCO in writing or by e-mail at 5000 Corporate Court, Suite 203, Holtsville, NY, 11742 or euattn@carcogroup.com.
3. ONWARD TRANSFER
As discussed above, CARCO’s disclosure of consumer personal information to third parties will comply with the Notice and Choice principles described above, and, for the purpose of providing consumer reports to third parties, CARCO complies with the FCRA.
Furthermore, when a third party acts as CARCO’s agent in connection with consumer personal information that has been transferred from the EU to the U.S., CARCO requires, at a minimum, one of the following assurances that consumer data will be subject to our high standard of security and confidentiality:
· That the third party subscribes to the Principles; or,
· That the third party is subject to the European Union’s Directive on Data Protection (the “Directive”) or another adequacy finding that complies with the Directive and Safe Harbor requirements; or,
· That the third party agrees in its contract with CARCO to provide at least the same level of privacy protection as is required by the Directive and Safe Harbor.
4. ACCESS
Many CARCO products are governed by the FCRA. The FCRA specifies the rights of consumers to obtain a disclosure of the contents of the file that we maintain about them, if any. The FCRA also provides consumers with rights to dispute the contents of their file and, if warranted, to have the contents corrected or deleted.
It is CARCO’s policy to provide individuals with access to the personal information about the individual in CARCO’s files. In the event that FCRA rights of access, dispute, and correction do not apply to information that CARCO has transferred from the EU to the U.S., we provide a mechanism for consumers to correct, amend, or delete their personal information where it is inaccurate, except in cases where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question; where the rights of persons other than the individual would be violated; or with respect to consumer requests for the correction or deletion of information, in cases where CARCO is otherwise legally required to retain the personal information.
Of course, whether the consumer personal information is covered by the FCRA or by our Safe Harbor Principles, CARCO requires that an individual provide reasonable verification of their identity before we provide access to that individual’s file. To access your CARCO file and obtain any of the remedies discussed in this section, contact us at 5000 Corporate Court, Suite 203, Holtsville, NY, 11742 or euattn@carcogroup.com.
5. SECURITY
CARCO takes reasonable precautions to protect personal information from loss, misuse, and unauthorized access, disclosure, alternation, and destruction.
6. DATA INTEGRITY
CARCO complies with FCRA requirements regarding data integrity in our preparation of consumer reports which require consumer reporting agencies, such as CARCO, to follow reasonable procedures to ensure maximum possible accuracy. Consistent with Section 613 of the FCRA, when we issue a consumer report for employment purposes that contains public records information that is likely to adversely impact the consumer’s ability to obtain employment, we either ensure that such information is complete and up to date, or notify the consumer that we have reported public record information concerning them and who that information was reported to.
In cases where the FCRA does not apply, CARCO uses consumer personal information only for purposes for which the information is relevant. We take reasonable steps to ensure that data is reliable for its intended use, accurate, complete, and current.
7. ENFORCEMENT
In addition, CARCO internally monitors and assesses its compliance with our Safe Harbor Privacy Policy. We also have agreed to work with an independent third party, currently a panel of European data protection authorities established under the Safe Harbor Program for this purpose, in the event a consumer has a complaint about our compliance with our Safe Harbor policy that we are not able to resolve by working directly with the consumer. This provides a low-cost, accessible, and unbiased mechanism for the investigation of consumer concerns regarding our compliance with the Safe Harbor Principles. The Federal Trade Commission has primary enforcement responsibility for the FCRA.
PUBLIC RECORD AND PUBLICLY AVAILABLE INFORMATION
In accordance with Safe Harbor, in cases where CARCO discloses public records or publicly available information from the EU without combining that information with non-public information, our general policies on Notice, Choice, and Onward Transfer may not apply.
CONTACT US
If you have any questions or complaints regarding this policy or our privacy practices, contact us at 5000 Corporate Court, Suite 203, Holtsville, NY, 11742 or euattn@carcogroup.com.
CARCO reserves the right to change their policy from time to time, consistent with the Safe Harbor Principles.