PRIVACY POLICY

This Privacy Policy (this “Policy”) explains the types of personal information i3Screen, LLC (“i3Screen,” “we,” “us,” or “our”) collects and how we use, protect, and disclose it. This Privacy Policy also tells you about the rights and choices you may have when it comes to your personal information.

i3Screen sometimes act as a controller and sometimes as a processor. When you access this website (the “Site”), when we manage user accounts, billing or communications, or when we otherwise decide what personal information we collect and how we use it, we act as a controller. We act as a processor when we process personal information only on behalf of and under the instructions of a controller, including when we provide background checks, occupational health screenings, drug testing, or other services (“Services”) at a client’s request, in which case the client is the controller.

This Policy only applies to the personal information we collect and process as a controller. When we act as a processor, we do so pursuant to our Data Processing Agreement with the client (“DPA”), and the client’s privacy policies and notices (not this Privacy Policy) govern how your personal information is collected, used, and disclosed. We will only process information as instructed by the client and as required by law. This Policy supplements but does not override the DPA.

By accessing or using our Site and/or by agreeing to this Policy, you understand and acknowledge that we will collect and use personal information as described in this Policy.

1. WHAT WE COLLECT

We may collect personal information, including sensitive personal information, depending on whether we are acting as a controller or processor.

When you interact directly with our Site or with us as a client or user (and not as part of a client’s screening or Services request), we collect personal information in our capacity as a controller. This may include:

• Account information, such as username and password for your Site or portal login, contact details (name, email address, phone number, job title), and security or authentication credentials;
• Billing and payment information, such as company name, billing address, tax ID or EIN, payment details (credit card number, bank account information), and records of transactions, invoices or services ordered;
• Usage data, such as log and session data (IP address, browser type, operating system, access times, pages viewed, referral URLs), activity data within our Site or portals (clicks, navigation, features used), device identifiers, and communications (support tickets, chat transcripts, emails, call logs); and
• Marketing and communications data, such as subscription preferences with respect to newsletters, updates and promotional emails, feedback, survey responses and other information you provide to us directly, and any professional or business contact details (e.g., company and title) when interacting with us as part of a client relationship.

Some of this information may be considered “sensitive personal information” under certain privacy laws (for example, account log-in credentials or payment card information). We collect and use such information only as reasonably necessary to provide our Services and comply with legal obligations.

When we process personal information as a processor on behalf of a client, the specific categories of personal information we collect are determined by the client who engaged us. We only collect the information that the client directs us to obtain in order to provide the requested Services. Such information may include:

• Identifiers and demographic data, such as name, date of birth, Social Security number, driver’s license number, and other government-issued identifiers;
• Employment, legal, and education records, such as employment history, job title, references, and educational background;
• Sensitive personal information, such as government identifiers, including Social Security, driver’s license, or passport number, financial account credentials, health information, drug or alcohol test results, biometric data,  or other sensitive categories defined by law if required by the client; and
• Other client-directed information that the client instructs us to collect in order to complete the requested screening or service.

For additional detail about how these categories map to the legal categories of personal information defined under certain US state laws, please refer to APPENDIX A – STATE LAW DISCLOSURES.

2. HOW WE COLLECT PERSONAL INFORMATION

We collect personal information in different ways depending on whether we act as a controller or a processor.

When you interact directly with our Site or with us as a client or user, we may collect personal information in our capacity as a controller:

• Directly from you, including when you create an account, complete forms, subscribe to communications, provide billing or payment information, or contact us;
• Automatically, including through cookies, log files, analytics tools, and similar technologies; and
• From third parties, such as payment processors, IT and security vendors, analytics providers, marketing platforms, or other service providers that support our business.

When providing our Services as a processor on behalf of a client, we may collect personal information:

• Directly from you, including through consent forms or other information you provide in connection with the Services we provide to a client;
• From our client, such as your employer or another organization that engages us to perform our Services;
• From third-party sources, including laboratories, medical review officers, prior employers, educational institutions, licensing authorities, and other data providers identified by the client; and
• From publicly available sources, such as government databases, licensing boards, and public record repositories.

When we process personal information as a processor on behalf of a client, the categories and types of information we collect are determined by the client. We process that information only as instructed under our DPA with the client and as required by law. 

For additional detail on how these collection sources map to the statutory categories of personal information defined under certain US state privacy laws, please refer to APPENDIX A – STATE LAW DISCLOSURES.

3. HOW WE USE PERSONAL INFORMATION

We use personal information for different purposes depending on whether we act as a controller or a processor.

When you interact with i3Screen or our Site as a client or user, we may use personal information to:

• Provide and manage our Site and Services, including creating and maintaining accounts, authenticating users, and enabling portal functionality;
• Communicate with you, including responding to inquiries, sending updates, providing customer support, and delivering newsletters or other communications you subscribe to;
• Process payments and manage billing, including issuing invoices and processing transactions;
• Operate, maintain, and improve our Site and Services, including monitoring usage, troubleshooting errors, and performing analytics;
• Protect our business, users, and systems, including detecting and preventing fraud, unauthorized access, and other unlawful activities;
• Comply with legal obligations, including record-keeping, responding to lawful requests, and enforcing our agreements; and
• Conduct marketing and business development, including offering new services, promotions, or events, subject to your marketing preferences, and where required by law, obtaining your consent for such communications.

When providing our Services as a processor on behalf of a client, we use personal information only to:

• Perform the requested Services, such as verifying identity, obtaining digital results of biological samples, and transmitting chain-of-custody and screening results to the client;
• Comply with client instructions, in accordance with the client’s direction and our DPA; 
• Comply with legal and regulatory requirements; and
• Ensure security and integrity of the process, such as confirming identities, preventing misuse of our Site or Services, and maintaining audit records.

When acting as a processor, we do not decide independently how your personal information is used. The client determines the purposes, and we process the information only as instructed in the DPA and as required by law. 

For additional detail on how these uses map to the statutory categories of personal information defined under certain US state privacy laws, please refer to APPENDIX A – STATE LAW DISCLOSURES.

4. HOW WE DISCLOSE PERSONAL INFORMATION

We disclose personal information in different ways depending on whether we act as a controller or a processor; however, whether we are acting as a controller or a processor, we may disclose personal information:

• As required by law, including to comply with law enforcement requests, court orders, legal processes, or regulatory obligations, or to protect the security of our systems, rights, or the rights of others; or
• In the context of a corporate transaction, such as a merger, acquisition, financing, restructuring, or sale of assets, where personal information may be transferred as part of the business assets.

When you interact directly with our Site or with us as a client or user, we may disclose personal information in our capacity as a controller:

• To service providers, such as IT and hosting providers, payment processors, customer support tools, analytics providers, and marketing platforms, all of whom are contractually obligated to handle information securely and only for our business purposes;
• To business partners or affiliates, where appropriate, to provide or improve our Services; and
• With your consent, when you direct us to share information or consent to a disclosure.

We do not sell personal information, nor do we disclose personal information for cross-context behavioral advertising or other unrelated secondary purposes.

When providing our Services as a processor on behalf of a client, we disclose personal information only as instructed by the client and as required by law. This may include disclosures:

• To the client that engaged us, such as your employer or another organization requesting Services;
• To third-party service providers, such as laboratories, credentialing agencies, or background check providers, as directed by the client, as well as to medical review officers, who provide verified test results back into our Services for delivery to the client; and
• To our sub-processors, such as IT or hosting providers that support the secure delivery of the Services, in accordance with the DPA.

When acting as a processor, we do not decide independently to whom personal information is disclosed. All disclosures are determined by the client and governed by the DPA and applicable law. For additional detail on how these disclosures map to the statutory categories of personal information defined under certain US state privacy laws, please refer to APPENDIX A – STATE LAW DISCLOSURES.

5. USE OF COOKIES AND OTHER TRACKING TECHNOLOGIES

Cookies are small text files that are placed on your device when you visit a website. They allow a website to recognize a device, store preferences, and track certain activities. When you visit our Site, cookies and similar tools may automatically collect information, such as your IP address, browser type, operating system, referral URLs, pages viewed, and clickstream data. This may include:

• Strictly necessary cookies, which are required for the Site to function properly;
• Performance and analytics cookies, which help us understand how visitors use our Site, including pages visited, time spent, and errors encountered, so we can improve functionality;
• Functional cookies, which remember your preferences and choices to provide a more personalized experience; and
• Marketing cookies, which may be used to deliver relevant communications or measure the effectiveness of our outreach. We do not use cookies or similar technologies for cross-context behavioral advertising unless permitted by law and, where required, only with your consent.

Most web browsers allow you to block or delete cookies. If you do so, some features of our Site may not work properly. You can opt out of certain analytics or marketing cookies by adjusting your preferences in your browser or device. You may also opt out of some cookies by adjusting your browser settings or by visiting industry opt-out platforms such as the Network Advertising Initiative (NAI) or Digital Advertising Alliance (DAA).

In addition to the cookies we set directly, we may allow certain third parties to place cookies and similar technologies on your device when you visit our Site. These third parties may collect information about your browsing activity across different websites, apps, and devices over time. This information may be combined with data from other sources to build a profile of your interests or to provide services to us. Examples of these third parties may include analytics providers, advertising partners, and social media platforms. We do not control the collection or use of data by these third parties. Their use of cookies is governed by their own privacy policies. For more information on how these third parties process your information, please visit their respective privacy policies.

6. YOUR PRIVACY RIGHTS

Certain jurisdictions provide residents with specific rights regarding their personal information. Depending on where you live, you may have the right to request (subject to applicable legal exceptions):

• Access to the personal information we have collected about you, or confirmation of whether we are processing your personal information;
• Correction of any inaccuracies in the personal information we hold about you;
• Deletion of your personal information;
• Portability, by requesting a copy of your personal information in a portable and, where feasible, readily usable format;
• Limitation of our use and disclosure of sensitive personal information to what is necessary to perform the requested services; and
• Opting out of marketing communications, which you can do at any time by following the “unsubscribe” link in our marketing emails or by contacting us directly. Please note that opting out of marketing communications will not affect transactional or service-related communications.

You may also have the right to lodge a complaint with your local data protection authority or regulatory agency if you believe our processing of your personal information violates applicable law.

We do not use personal information to make automated decisions that produce legal or similarly significant effects.

We will not refuse to provide Services, charge different prices, or offer a lower quality of Services because you choose to exercise your privacy rights.

SUBMITTING A REQUEST

If you interact with our Site or with us directly as a client or user, you may submit a privacy rights request using the contact information provided in the CONTACT US section below. To protect the privacy and security of your information, we may require you to provide additional information to verify your identity before fulfilling your request. If we cannot verify your identity or ownership rights to the information, we may be unable to act on your request until you provide sufficient documentation. We will respond within the timeframes and as otherwise required under applicable law.

Please note that certain information may not be returned or disclosed in response to an access request if doing so would adversely affect the privacy of others or conflict with legal requirements. Similarly, we may be unable to comply with a deletion request where we need to retain personal information to provide Services, to comply with a legal obligation, or for other permitted purposes. In some cases, we may not maintain enough identifying information to match data in our records with your request.

If we deny your request, you may have the right to appeal our decision. Instructions for submitting an appeal will be included in our response. Appeals may also be submitted by contacting us using the information provided in the CONTACT US section.

Finally, if your personal information was collected as part of a background check, occupational health screening, or other Services performed on behalf of a client, we cannot respond directly to your request. In those cases, you should submit your request to the client (e.g., your employer or the organization that engaged us). We will support our client in responding to privacy rights requests as required under our DPA and applicable law.

DO-NOT-TRACK

Some web browsers incorporate a Do Not Track (“DNT”) or other similar feature that signals to websites that a visitor does not want to have his or her online activity and behavior tracked. Not all browsers offer a DNT option, and there is currently no industry consensus for how to recognize or respond to a DNT signal. For these reasons, we do not currently respond to DNT signals.

7. RETENTION OF PERSONAL INFORMATION

We retain personal information for varying periods of time depending on the type of information and the purposes for which it was collected. When we act as a controller, we determine retention periods based on factors such as:

• the business purposes for which the information was collected and used;
• applicable federal, state, and local recordkeeping requirements;
• statutes of limitation and other legal requirements that may make the information relevant to potential claims or defenses; and/or
• obligations to preserve evidence in the context of actual or anticipated litigation, investigations, or regulatory matters.

In some cases, applicable law sets specific retention periods, and certain information is deleted automatically once those periods expire. In other cases, we retain the information until the applicable business or legal need has been satisfied. Where legal requirements compel us to keep information longer, we will comply with those obligations.

When we act as a processor, our retention and deletion of personal information are governed by the client’s instructions and our obligations under the applicable DPA, except where applicable law requires otherwise.

.

8. HOW WE PROTECT INFORMATION

We follow industry-standard practices to protect the personal information we collect and maintain against unauthorized access, use, alteration, or disclosure. Our security program includes a combination of technical, administrative, and physical safeguards, which may vary depending on the type and sensitivity of the information. Examples of these safeguards include access controls, encryption, monitoring, secure storage, and personnel training.

We take our responsibility to safeguard personal information seriously; however, no system or method of transmission over the Internet, or method of electronic storage, is completely secure. Accordingly, while we implement reasonable and appropriate safeguards, we cannot guarantee that our systems or safeguards will prevent every unauthorized attempt to access, use, or disclose personal information.

When we act as a controller, we apply these safeguards to information we collect directly through our Site, accounts, or customer relationships.

When we act as a processor, we also comply with the security requirements in our DPA with the client, as well as with applicable legal and regulatory obligations.

9. CHANGES TO OUR PRIVACY POLICY

As our business and Services evolve and we perceive the need or desirability of using information collected in other ways, we may from time to time amend this Privacy Policy. We encourage you to check our website frequently to see the current Privacy Policy in effect and any changes that may have been made to them. If we make material changes to this Privacy Policy, we will post the revised Policy and the revised effective date on this Site. Please check back here periodically or contact us at the address listed at the end of this Policy.

10. QUESTIONS

If you have any questions about this Privacy Policy, please contact us at [email protected] or 877-858-7366.

APPENDIX A – STATE LAW DISCLOSURES