Last Updated: September 27, 2016
NOTE THE EU-US PRIVACY SHIELD POLICY HAS BEEN ADDED.
CSS Inc. is a consumer reporting agency. It is required by the Fair Credit Reporting Act, 15 U.S.C. §1681 et seq. ("FCRA") to maintain the confidentiality of all consumer information.
Any information gathered on any consumer may only be provided to the user authorized by the consumer or permitted by the FCRA or similar state law to receive the information. We cannot and do not share, sell or distribute consumer information with or to any third party other than the requesting party thereof. Any consumer, upon proper identification, has the right under the FCRA to request us to furnish to the consumer any and all information we may have on that consumer. The consumer has the right to dispute the accuracy or completeness of any information contained in the consumer's file. However, we may be required, upon receipt of a court order to release the information in civil litigation, or as otherwise required by law, to disclose information regarding a consumer to law enforcement agencies.
CSS obtains information on an individual consumer only upon the request of a user who has a permissible purpose under the FCRA to request information on that consumer in order to provide consumer reports. The FCRA requires a user for employment purposes to certify to us that it has a permissible purpose for the report and has obtained the written consent of the consumer to request information before we can supply the requested information.1 The user must submit to reasonable audits by us to confirm that it is, in fact, obtaining such consents. All users must certify that they have a permissible purpose to request a report such as credit, insurance, and renting an apartment. Our customers agree to keep your information confidential and secure.
Other privacy initiatives and procedures include, but are not limited to:
- Access to CSS Inc.'s computer terminals, file cabinets, fax machines, trash bins, desktops, etc. are secure from unauthorized access.
- Access to confidential consumer information is limited within CSS Inc. to those who have a need to know the information: obtaining and transmitting information on the consumer or those dealing with a consumer request for information or consumer disputes.
- CSS Inc. maintains a secure network to safeguard consumer information from internal and external threat.
- Any backup data is maintained in an encrypted form.
- CSS Inc. maintains records on each request for information and identifies each user who requested information on a consumer.
- Destruction of consumer information follows the Federal Trade Commission's requirements that the information be unreadable upon disposal.
- Employees are prohibited from “browsing” files or databases without a business justification.
If you have questions about our privacy and security policy, contact our Chief Privacy Officer:
Telephone: 856.344.7000 x106
20 E. Clementon Road
Gibbsboro, NJ 08026
EU-US Privacy Shield Statement:
CSS Inc. gathers personal information regarding individuals on behalf of our Customers for the purpose of providing a variety of information products and services to employers and other CSS Customers. Individuals are notified which information is collected about them in writing and must either manually or electronically consent via FCRA compliant Consent and Disclosure Forms.
As an example, CSS may collect identification information such as information about an individual's employment history, educational qualifications, credit history, or criminal history for the purpose of preparing and providing employment screening services to our customers.
We are committed to subjecting all personal data received from the EU to the Privacy Shield Principles. In certain instances, we may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Before the information we collect is provided to our Customer, they must certify to us:
- They will not resell the background report to a third party.
- They will provide disclosure to their Applicants that a background investigation will be performed and that personal data may be gathered for the purpose of completing the background screening report.
- They will receive consent from an Applicant before a Background Screening Report is requested.
Choice (Opt-Out of Sensitive Information)
The information collected is only utilized for the purpose described above in the section on “Notice.” In the event a Consumer wishes to opt-out of any use of information collected by us, the Consumer can notify us through the contact information listed above that permission or any use of the data is withdrawn. Consumer opts-out do not mean that the data is erased or deleted. Various laws require that this service maintains the data on file for a period of time for the protection of the Consumer as a result of applicable statute of limitations required under the federal Fair Credit Reporting Act. However, in the event of an opt-out, the data will not be forwarded or utilized by us for any purpose. If you are a U.S. resident and you do not wish to have your personal data made available to our Customer (your current or prospective employer), please do not authorize our Customer to procure a screening report from us.
In cases of onward transfer, CSS Inc. may engage third party service providers to perform functions on our behalf, in order for us to provide the services requested by our Customers. Consistent with Privacy Shield requirements for onward transfer compliance, CSS Inc. enters into service agreements with third-party providers agreeing that data may only be processed for limited and specified purposes consistent with the consent provided by the individual. Third-party providers agree to provide the same level of protection as the Principles and will notify the organization if it makes a determination that it can no longer meet this obligation. Should such a determination be made, the third-party provider will cease to process requests and will take reasonable steps to remediate. Company shall be liable in accordance with all applicable laws if found to have willfully violated consumer’s rights in the onward transfer of personal data to third parties.
CSS Inc. takes all reasonable and appropriate measures to protect personal data from loss, misuse, and unauthorized access, disclosure, alteration, and destruction, taking into account the risks involved in the processing and nature of the personal data.
Data Integrity and Purpose Limitation
Consistent with the Principles, personal information is limited to the information that is relevant for the purposes of processing. The information collected is only utilized for the purpose described above in the section on “Notice.” Personal information is not processed in a way that is incompatible with the purpose for which it has been collected or subsequently authorized by the consumer. To the extent necessary and possible, reasonable steps are taken to ensure that data and information are reliable for its intended use, accurate, complete, and current.
Many of CSS Inc.’s products and services are held to FCRA compliance. Where applicable, CSS provides access and correction rights in accordance with FCRA requirements. We also acknowledge the right of EU individuals to access their data collected pursuant to Privacy Shield. The FCRA defines the rights of consumers to obtain a copy of the consumer report that CSS maintains about them, if any. Although we make every effort to ensure that the data we collect about individuals is as accurate as possible, we cannot guarantee that third parties are accurate in information that is transmitted and therefore we are not responsible for the data. Consumers are also provided with rights to dispute the contents of their file under FCRA guidelines and, if warranted, to have the contents corrected or deleted.
Regardless of if consumer personal data is covered by the FCRA or by our Privacy Shield Principles, CSS Inc. requires that an individual provide reasonable verification of their identity before we provide access to personal data. To request information relating to information collected about you use the Chief Privacy Officer contact information listed above.
Recourse, Enforcement and Liability
CSS Inc. is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC) and the Consumer Financial Protection Bureau (CFPB). This service verifies adherence to the EU Privacy Shield Policy by means of in-house verification by the management of this company.
In addition, we provide a readily available and affordable independent recourse mechanisms by which each individual's complaints and disputes are investigated and resolved by reference to the Principles.
CSS Inc. has further committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles to an alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.
CSS Inc. has further committed to cooperate with EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EU in the context of the employment relationship. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact EU DPAs for more information or to file a complaint. The services of EU DPAs are provided at no cost to you.
For complaints not resolved through other channels, EU individuals may, under certain conditions, invoke binding arbitration before a Privacy Shield Panel.