top of page

Applicant Assistance

Privacy Policy

As a leader in providing timely and relevant information to our clients, Research Associates Inc. (DBA "Thuro") is committed to protecting the privacy of individuals and the information that we obtain, both within the United States and throughout the global marketplace.

This Privacy Policy covers the information practices of Thuro and sets forth our privacy provisions for the receipt, processing, delivery and disposal of information. This Policy applies to data that we collect from clients, job applicants and other sources in connection with our professional investigative services, as well as information developed internally.

Thuro performs investigations in every major commercial location worldwide and complies with all  applicable privacy laws. All data shall be collected, stored, used and discarded in compliance with applicable law, which may include the federal Fair Credit Reporting Act (“FCRA”), the Graham-Leach-Bliley Act ("GLBA"), the Fair  and  Accurate Credit Transactions Act (FACTA") and other national  laws  and  state  background screening and privacy laws.

Summary of Thuro's Privacy Policy

  1. Thuro collects Personal Identifiable Information (“PII”) and other information in connection with our services, including employment screening, client acceptance investigations, business due diligence and business investigations.

  2. Prior to receiving any pre-employment services from Thuro, clients must execute an agreement certifying that they will comply with all applicable laws regulating background investigations and will not procure a background investigative report without first making required disclosures to an applicant for employment and without obtaining the applicant’s prior written consent.

  3. Thuro collects PII from job applications, resumes, databases, public records and from third parties as permitted by law.

  4. Thuro uses PII only to perform investigations and does not share PII with nonaffiliated third parties other than as necessary to perform investigations.

  5. When Thuro discloses PII to third parties to perform services, we require that they protect the PII and use it only for the purpose it was disclosed.

  6. Thuro provides a toll free number and web access for individuals who, as authorized by law, seek to obtain PII maintained by Thuro and information is provided in a timely basis pursuant to applicable law.

  7. Thuro does not sell PII to third parties and does not maintain a commercially available database for the sale or transfer of PII.

  8. Thuro maintains physical, electronic and procedural safeguards to protect PII.

  9. Thuro maintains written policies and procedures which are disseminated to Thuro employees explaining the duties and obligations of the employees to abide by this Privacy Policy, as well as, all applicable laws.

This policy is available on-line at thuro.ai

Applicable Laws and Regulations

Thuro complies with all regulations regarding the collection, use, transmission and destruction of information we receive. The major regulations include:

The Gramm-Leach-Bliley Act (“GLBA”):

The GLBA requires financial institutions and businesses that receive personal information in the course of conducting their business to establish safeguards for the handling and disclosure of that information. The GLBA requires certain safeguards for the protection of Personal Identifiable Information (“PII”). PII includes any combination of a person's name and the following data: credit card numbers, date of birth, Social Security number, driver's license number and financial account numbers.

The Fair Credit Reporting Act (“FCRA”):

The FCRA is a federal law that regulates the collection, dissemination, and use of consumer information. Thuro is a consumer reporting agency under the FCRA and is subject to the Act when conducting investigations for employment purposes.

EU-U.S. Data Privacy Framework (“EU-U.S. DPF”) and the UK Extension to the EU-U.S. DPF: Similar to the GLBA, the EU-U.S. Data Privacy Framework addresses the protection and confidentiality of Non-Public Information. The requirements under the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF require adequate measures to safeguard the information from unauthorized access and unauthorized sharing, whether the data is at rest or in-transit.

Fair and Accurate Credit Transactions Act (“FACTA”):

FACTA is federal legislation that went into effect June 20, 2006 and became regulatory January 01, 2008. FACTA contains provisions to help reduce identity theft and provisions regarding the proper disposal of personal information regarding consumers.

State FCRA Laws and Regulations:

Several states within the United States have enacted laws similar to the FCRA. Where those state laws provide more restrictive requirements than those set forth in the FCRA, Thuro follows the more restrictive limitations unless pre-empted by the express terms of the FCRA. Many states have also enacted privacy laws and regulations which limit the information which may be included in a background investigative report for employment purposes. Several states enacted legislation requiring certain data security measures to be utilized in the transmission of PII. Thuro takes all reasonable steps to comply with these varying state laws and regulations.

How We Collect Personal Identifiable Information

Personal Identifiable Information (“PII”) is received by Thuro directly from job candidates, or an application and related documents presented as part of an application for employment to one of our clients. Most applications contain PII such as name, address, social security number and driver’s license number. Dates of birth are typically obtained through independent sources. We may request a national consumer reporting agency to provide a report in compliance with the federal Fair Credit Reporting Act (“FCRA”). We also obtain information from databases, public records and from third parties as permitted by law.

How We Use, Process and Disclose Personal Identifiable Information

Thuro uses and discloses PII only as permitted by law and as necessary to conduct business. Thuro prepares “consumer reports” and “investigative consumer reports” as defined in the FCRA. Consumer reports or investigative consumer reports may contain information bearing on an individual’s character, general reputation, personal characteristics, mode of living, and credit standing. The types of reports that may be prepared include, but are not limited to: credit reports, criminal records checks, public court records checks, driving records, summaries and verification of educational records  and histories, and/or summaries and verification of employment positions held and related duties, last pay rate or salary, work performance, experience, skills, qualifications, compliance with employer or institutional policies, licensing, certification, tThuroning, honesty, etc. The information contained in these reports may be obtained from private or public record sources including sources identified in the job application or through interviews or correspondence with past or present co-workers, neighbors, friends, associates, current or former employers, educational institutions or other acquaintances.

 

Thuro processes and discloses PII under strict laws and regulations including, but not limited to: Gramm-Leach-Bliley Act, Fair Credit Reporting Act, Fair and Accurate Credit Transactions Act, the EU-U.S. Data Privacy Framework (“EU- U.S. DPF”) and the UK Extension to the EU-U.S. DPF. In adhering to the aforementioned laws and regulations, Thuro may use PII to: verify an individual’s identity; perform address locator searches; perform business due diligence; conduct fraud and/or business investigations and; for other business-related purposes. We may also disclose PII to protect against fraud and comply with legal requirements. For these purposes, we may share PII with:

  1. Our clients;

  2. Consumer reporting agencies;

  3. Researchers working on our behalf

  4. State and federal governmental authorities; and

  5. Other persons and entities as ordered by subpoena, warrant or other court order or as required by law.

We provide employment background reports only to businesses with a permissible purpose and in accordance with all applicable laws and regulations. All Thuro clients have been subject to a due diligence investigation to confirm that they are a legitimate business. These investigations may include on-site or virtual visits to offices, verification of business standing through publicly available information, business database verifications, Internet searches, reference verification and other means.

How We Dispose Of Personal Identifiable Information

Thuro does not maintain PII except to the extent required by law. Thuro utilizes secure and locked trash receptacles for the disposal of data containing PII. Company policy requires that any documents containing PII and in need of disposal be deposited in these secure containers. Documents are shredded on site by a licensed, bonded commercial shredding company which has been vetted by Thuro prior to obtaining a contract for services.

How We Safeguard Personal Identifiable Information

Thuro maintains appropriate physical, electronic and managerial procedures to safeguard and secure the information we collect. Thuro has published to employees an employee handbook and other policies that require employees to keep confidential all PII obtained in the course of our business. All Thuro employees undergo a rigorous pre-employment background investigation prior to being granted access to Thuro information and files. Thuro maintains a state-of-the-art building security program overseen by a licensed security professional.

Individual Rights

The FCRA and certain state laws provide that a person, under certain circumstances, has the right to inspect files maintained by Thuro which relate to that person. For example, applicants for employment with our clients have the right to inspect their files and can receive a copy of their background reports. Within thirty (30) business days of receipt of a written request, we will disclose copies of any reports and other information in our files which we are required by law to provide. Upon written request and as required by law, we will advise to whom we have shared any consumer reports within the past two years, or for the time period required by state law, and we will provide the name and address of any consumer reporting agency that provided us a report.

An individual may contact Thuro if they believe information in their file is incomplete, inaccurate or misleading. All such requests and all subsequent correspondence must be in writing. Upon such request, Thuro will investigate the nature and scope of the dispute and will make appropriate changes to any incomplete, inaccurate or misleading information or will provide an explanation of our refusal to do so. If we do not make a requested change, the individual is entitled, under certain circumstances, to submit a written statement for insertion in their file and we will disclose that statement to future requestors as required by law.

EU-U.S. DATA PRIVACY FRAMEWORK and the UK EXTENSION to the EU-U.S. DPF

Thuro complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”) and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce. Thuro has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/s/.

Scope

The EU-U.S. Data Privacy Framework (“EU-U.S. DPF”) (the “Policy”) applies to all personal identifiable information (“PII”) received by Thuro in the United States from the European Economic Area and the United Kingdom (and Gibraltar), in any format including electronic, paper or verbal.

Definitions

For purposes of this Policy, the following definitions shall apply:

"Agent" means any third party that uses personal information provided by Thuro to perform tasks on behalf of and under the instructions of Thuro.

"Thuro" means Thuro, Inc., its predecessors, successors, subsidiaries, divisions and groups in the United States of America.

"Personal Identifiable Information" (PII) as used in US privacy law and information security, is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context.

"Sensitive Personal information" means personal information that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, or that concerns health or sex life. In addition, Thuro will treat as sensitive personal information any information received from a third party where that third party treats and identifies the information as sensitive.

EU-U.S. DATA PRIVACY FRAMEWORK and the UK EXTENSION to the EU-U.S. DPF - Principles

NOTICE: Where Thuro collects personal information directly from individuals in the EEA and the United Kingdom (and Gibraltar), it will inform them about the purposes for which it collects and uses personal information about them, the types of non-agent third parties to which Thuro discloses that information, and the choices and means, if any, Thuro offers individuals for limiting the use and disclosure of their personal information. Notice will be provided in clear and conspicuous language when individuals are first asked to provide personal information to Thuro, or as soon as practicable thereafter, and in any event before Thuro uses the information for a purpose other than that for which it was originally collected.

Where Thuro receives personal information from its subsidiaries, affiliates or other entities in the EEA and United Kingdom (and Gibraltar), it will use such information in accordance with the notices provided by such entities and the choices made by the individuals to whom such personal information relates.

CHOICE: Thuro will offer individuals the opportunity to choose (opt-out) whether their personal information is (a) to be disclosed to a non-agent third party, or (b) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. For sensitive personal information, Thuro will give individuals the opportunity to affirmatively and explicitly (opt-in) consent to the disclosure of the information to a non-agent third party or the use of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. Thuro will provide individuals with reasonable mechanisms to exercise their choices. 
By reviewing the Disclosure(s) and completing the Authorization for a background investigation, an individual expressly agrees to the use of PII and consents to Thuro’s use of that information in accordance with this Policy. Data subjects are informed of the possible risks of such transfers. In the event an individual ops-out of disclosure, the personal information will be deleted unless required to be maintained by law or sound business judgment. However, in the event of an opt-out, the data will not be forwarded or utilized by Thuro for any further purpose.

ACCOUNTABILITY FOR ONWARD TRANSFER: Thuro obtains signed contracts from EU and United Kingdom record research vendors obligating the agent to provide at least the same level of protection as is required by the relevant EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Vendors are provided with specific documentation to regulate their acquisition and use of criminal research, while detailing standards for data security and privacy guidelines. Where Thuro has knowledge that an agent is using or disclosing personal information in a manner contrary to this Policy, Thuro acknowledges this potential liability and will take reasonable steps to prevent or stop the use or disclosure.

SECURITY: Thuro will take all reasonable technical, physical and managerial procedures to protect PII from loss, misuse and unauthorized access, disclosure, alteration and destruction. Any personal data transmitted to or from our website(s) is protected by a secure socket layer (SSL) key which encrypts the data transmitted over the Internet. Strong password practices are used on Thuro systems. Access to servers containing private information and data is strictly limited to only our authorized personnel who have been tThuroned to protect against loss, misuse, unauthorized access, disclosure, alteration or destruction of personal data under our control. All servers that handle sensitive personal information are kept in a secure environment with appropriate security measures.

DATA INTEGRITY AND PURPOSE LIMITATION: Thuro will use personal information only in ways that are compatible with the purposes for which it was subsequently collected or authorized by the individual. Thuro will take reasonable steps to ensure that personal information is relevant to its intended use, accurate, complete, and current.

ACCESS: Upon request, Thuro will grant individuals reasonable access to personal information that it holds about them. Per EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, Thuro will take reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete. Individuals will be informed whether any personal data is being processed upon written notice from the applicant. Any requests must be sent by email or letter to the contact person listed at the end of this policy. Individuals have the right to receive (1) a description of the personal data; (2) the purposes for which the data is being processed; (3) a list of the recipients to whom the data may be disclosed; and (4) information regarding the source of the data. The information provided will be in a format that is easy to understand.

RECOURSE, ENFORCEMENT AND LIABILITY: Thuro is subject to the investigatory and enforcement powers of the Federal Trade Commission (“FTC”). In compliance with the EU-US Data Privacy Framework Principles, Thuro commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the DPF Principles. European Union and United Kingdom (and Gibraltar) individuals with DPF inquiries or complaints should first contact Thuro at: Thuro, Inc.

Thuro, Inc. Attention: Disputes27999 Clemens RoadCleveland, OH 44145(800) 255-9693

 

OR

www.thuro.ai

(click on the tab “Applicants” top of the page on the right side)

Thuro has further committed to refer unresolved privacy complaints under the DPF Principles to an independent dispute resolution mechanism, Data Privacy Framework Services, operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers for more information or to file a complaint. This service is provided to you free of charge.

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584=2

Thuro will conduct compliance audits of its relevant privacy practices to verify adherence to this Policy. Any employee that Thuro determines is in violation of this policy will be subject to disciplinary action up to and including termination of employment.

bottom of page