Creative Services, Inc. (CSI) is an expert in handling and protecting sensitive information. As an industry leader in employment screening, CSI is provided with, and provides to others, personally identifiable and other information.
CSI considers privacy and information security among our highest priorities. All data is collected, stored and used in compliance with federal, state, and international laws regarding background screening and privacy.
CSI complies with the EU-U.S. Data Privacy Framework and the Swiss-U.S. Data Privacy Framework(s) (Privacy Framework) as set forth by the U.S. Department of Commerce (DOC) regarding the collection, use and retention of personal information transferred from the European Union and the United Kingdom and/or Switzerland to the United States, in reliance on Privacy Framework. CSI has certified to the DOC that it adheres to the Privacy Framework Principles with respect to such information. If there is any conflict between the terms in this privacy policy and Privacy Framework Principles, the Privacy Framework Principles shall govern. To learn more about the Privacy Framework program, and to view our certification, please visit https://www.dataprivacyframewo....
Principles include Data Integrity and Purpose Limitation, Notice, Choice, Access, Security, Accountability for Onward Transfer and Recourse, Enforcement and Liability as outlined below, except where statute, government regulation, or case law that creates conflicting obligations or explicit authorizations, provided that, CSI, in exercising any such authorization, demonstrates that its non-compliance with the Principle(s) is limited to the extent necessary to meet the overriding legitimate interests furthered by such authorization.
Data Integrity and Purpose Limitations
- CSI collects information for the purpose of performing employment screening and other information services on behalf of employers and government agencies.
- CSI does not sell or rent personally identifiable information or use it for marketing or any other unauthorized purposes.
- CSI does not disclose personally identifiable information to unauthorized parties.
- CSI collects only the information necessary for the intended purpose above.
- CSI maintains a formal process to identify and credential prospective clients.
- CSI requires employment screening clients to execute user agreements certifying permissible purpose.
- Information sources that may be used in producing screening or information reports are not maintained by CSI therefore CSI cannot absolutely guarantee that the information from certain sources is entirely current or accurate. However, CSI makes every effort to utilize the most reliable informational resources and stringent validation criteria to help ensure the information it receives and disseminates is thorough, current and accurate.
- CSI maintains a Document Retention Policy whereby sensitive records are securely retained for the time period necessary to comply with federal law and state statutes, statute of limitations, to respond to audit requests by authorized entities and to fulfill Fair Credit Reporting Act (FCRA) obligations.
- Upon expiration of the time period set forth in the Document Retention Policy, or as otherwise required by law, records with personal information are disposed of in accordance with regulations promulgated by the Federal Trade Commission (FTC) regarding the disposal of consumer report information and records including Fair and Accurate Credit Transaction Act (FACTA) Destruction Guidelines and state law analogues regarding destruction of personal information.
Notice
- CSI is subject to enforcement by, among other statutory and regulatory requirements, the FTC including the Bureau of Consumer Financial Protection (BCFP).
- CSI participates in the EU-U.S. Data Privacy Framework and the Swiss-U.S. Data Privacy Framework. Information about the Privacy Framework can be found at https://www.dataprivacyframework.gov/s/.
- CSI collects personal information for the purposes of conducting employment screening or other information services for clients.
- CSI uses information gathered from employment applications, release forms, credit bureaus, public sources and other informational databases. This information may include, but is not limited to: name, address, telephone number, social security or other identification number, date of birth, credit information, academic history, licensing, employment history and/or criminal record.
- CSI does not conduct employment screening without properly executed consent forms or certification by client of properly executed consent forms.
- Employment screening clients have certified to CSI that they understand their obligations under the FCRA including but not limited to proper consumer disclosure and written authorization.
- CSI also conducts other informational services on behalf of companies and government agencies.
- CSI acknowledges liability in cases of onward transfers to third parties.
- Individuals have the right to access their personal data that CSI maintains.
- This Privacy Policy or execution of consent documents constitutes notice regarding CSI’s screening and other informational services.
- For inquiries or complaints individuals can contact CSI at:
Creative Services, Inc.
Privacy Officer
64 Pratt Street
Mansfield, MA 02048
Phone: 800-227-0002
Phone: 508-339-5451
privacyofficer@creativeservices.com
Individuals outside the United States covered under the EU-U.S. Data Privacy Framework may also contact the appropriate Data Protection Authority (DPA). Information about Data Protection Authorities is available at http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm.
Individuals outside the United States covered under the Swiss-U.S. Data Privacy Framework may also contact the Swiss Federal Data Protection and Information Commissioner (FDPIC). Information about FDPIC is available at https://www.edoeb.admin.ch/edo...
- An individual covered under the EU-U.S. Data Privacy Framework or Swiss-U.S. Data Privacy Framework may have, under certain conditions, the possibility to invoke binding arbitration.
- An individual has requirements to disclose certain personal or sensitive information in response to lawful requests by authorities, including to meet national security or law enforcement requirements.
Choice
- Employment screening consumers must expressly consent to employment screening prior to CSI conducting this service, however, if a consumer does not wish to have his/her personal information made available to CSI or its vendors for the purpose of CSI conducting and providing employment screening to its clients, the consumer may choose not to execute consent forms necessary.
- If a consumer elects not to have personal information disclosed to a third party or to be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by a consumer, a consumer has the choice to opt-out of such use.
To opt-out, please contact:
Creative Services, Inc.
Privacy Officer
64 Pratt Street
Mansfield, MA 02048
Phone: 800-227-0002
Phone: 508-339-5451
privacyofficer@creativeservices.com
- There are no refunds once the consumer report is completed. If at any time a client or consumer cancels an order for services, the contracted party will be charged for the services completed at the time of cancellation.
To cancel your background investigation, please contact:
Creative Services, Inc.
Privacy Officer
64 Pratt Street
Mansfield, MA 02048
Phone: 800-227-0002
Phone: 508-339-5451
privacyofficer@creativeservices.com
Access
- An individual has the right to access information about themself. Subject to proper identification or authentication by an individual that is the subject of personal information, CSI will provide access to the data collected to ensure accuracy or opportunity to correct, amend or delete information that has been processed in violation of the Principles, except where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question or where the rights of persons other than the individual would be violated.
For access to your personal information, contact:
Creative Services, Inc.
Compliance Department
64 Pratt Street
Mansfield, MA 02048
Phone: 800-227-0002
Phone: 508-339-5451
Compliance Hotline: 800-536-0093
compliance@creativeservices.com
Security
- CSI has established physical, electronic and procedural safeguards to protect personal information. CSI restricts access to personal information to those CSI employees who require access in order to perform their job responsibilities.
- CSI conducts extensive initial and periodic background screening on all CSI employees with access to sensitive information.
- CSI employees are under the obligations of non-disclosure and confidentiality agreements as a condition of employment.
- CSI conducts annual training regarding the lawful and intended purpose of processing sensitive information and the need to maintain the confidentiality of the sensitive information to which CSI employees have access.
- CSI employs physical security measures to protect the perimeter of all buildings and facilities housing personal information. This information is stored in a secured environment, accessible only to those employees and individuals with a legitimate business need.
- Electronic personal information that is stored or transmitted is encrypted and layered for security by firewall and multi-tiered virus protection, as well as by network servers, network workstations and software applications that are password protected.
- CSI maintains response plans for disaster recovery, emergency action and breach of information that are regularly reviewed, tested and modified as necessary.
- CSI maintains a formal Visitor Policy, on which employees are trained, prohibiting unescorted access, complimenting a physical layout that renders such access difficult.
Accountability for Onward Transfer
- CSI complies with Notice and Choice Principles as outlined above.
- CSI contracts with third parties in performing certain screening or informational services in accordance with intended purposes outlined above. CSI maintains a formal process to identify and credential prospective third parties and requires approved third parties to execute agreements.
- CSI, and third parties acting on its behalf, shall undertake reasonable steps to prevent unauthorized or accidental destruction, alteration or disclosure of, accidental loss of, unauthorized access to, misuse of, unlawful processing of, or damage to, the personal information that is collected about individuals for the intended purposes defined above.
- Before CSI transfers information to a third party acting as a “controller” (defined as a person or organization which, alone or jointly with others, determines the purposes and means of the processing of personal data), CSI will enter into a contract with the third-party controller that provides that personal information may only be processed for limited and specified purposes consistent with the consent provided by the individual and that the recipient will provide the same level of protection as the Principles and will notify CSI if it makes a determination that it can no longer meet this obligation. The contract provides that when such a determination is made the third-party controller will cease processing or take other reasonable and appropriate steps to remediate.
- Before CSI transfers information to a third party acting as an agent, CSI will (i) transfer such data only for limited and specified purposes; (ii) ascertain that the agent is obligated to provide at least the same level of privacy protection as is required by the Principles; (iii) take reasonable and appropriate steps to ensure that the agent effectively processes the personal information transferred in a manner consistent with CSI’s obligations under the Principles; (iv) require the agent to notify CSI if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the Principles; (v) upon notice, including under (iv), take reasonable and appropriate steps to stop and remediate unauthorized processing; and (vi) provide a summary or a representative copy of the relevant privacy provisions of its contract with that agent to the DOC upon request.
Recourse, Enforcement and Liability
- CSI is subject to the investigatory and enforcement powers of the FTC, including BCFP as well as other U.S. authorized statutory bodies.
- CSI employs effective mechanisms for assuring compliance with the Principles outlined above.
- CSI is subject to the federal laws, including the FCRA, as well as state laws regarding recourse for the use, maintenance and destruction of personal information.
- For inquiries or complaints regarding recourse or enforcement of CSI’s obligations under this policy or other obligations, in-house arrangements for handling complaints can be directed to:
Creative Services, Inc.
Privacy Officer
64 Pratt Street
Mansfield, MA 02048
Phone: 800-227-0002
Phone: 508-339-5451
privacyofficer@creativeservices.com
CSI encourages individuals to raise complaints with CSI prior to contacting independent recourse mechanisms, however, individuals outside the United States covered under the EU-U.S. Data Privacy Framework may also contact the appropriate DPA. Information about DPAs is available at http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.html
Individuals outside the United States covered under the Swiss-U.S. Data Privacy Framework may also contact the Swiss Federal Data Protection and Information Commissioner (FDPIC). Information about FDPIC is available at https://www.edoeb.admin.ch/edoeb/en/home/deredoeb.html
- CSI conducts self-assessment.
- CSI agrees to participate in the EU DPA’s procedures to resolve disputes pursuant to the EU-U.S. Data Privacy Framework.
- CSI agrees to participate in the Swiss FDPIC’s procedures to resolve disputes pursuant to the Swiss-U.S. Data Privacy Framework. In instances where a dispute involves HR data used in the context of the employment relationship, CSI agrees to comply with advice of the Commissioner.
To contact Creative Services, Inc.
Creative Services, Inc.
Corporate Headquarters
64 Pratt Street
Mansfield, MA 02048
Phone: 508-339-5451 / 800-227-0002
Fax: 508-339-2352
Compliance Hotline: 800-536-0093