Privacy and Security Notice

This Privacy Policy is effective as of and was last updated on November 17, 2023

1. Who We Are

Business Credentialing Services, Inc. (“BCS”), is a corporation incorporated in the United States of America.

We at BCS created this Global Privacy Policy (“Privacy Policy”) because we know that our customers care about how information they provide to us is used and shared. This Privacy Policy explains the conditions under which and the purposes for which we collect and use your Personal Information (as defined in Section 3 below) in connection with your use of our website at <www.businesscredentialingservices.com>, <www.bcsaudit.com> (“Site”), the BCS application (“App”), the third parties to whom we disclose your Personal Information, and the choices and means, if any, we offer you for limiting the use and disclosure of your Personal Information. The Site, App and Verification Service will be referred to collectively herein as the “Services”. We will provide you with notice of such practices in clear and conspicuous language when you are first asked to provide Personal Information to us, or as soon as practicable thereafter, and in any event before: (a) we use your Personal Information for a purpose other than that for which it was originally collected; (b) your Personal Information is processed by a transferring organization; or (c) we disclose your Personal Information for the first time to a third party. As discussed in this Privacy Policy, we will disclose your Personal Information as described in Section 5 (How We Disclose Your Information/Onward Transfer).

BCS is committed to safeguarding your personal information. Whenever you provide such information, we are legally obliged to use your information in line with applicable laws and regulations concerning the protection of personal information. The procedures for modifying or changing this Privacy Policy in the future are discussed in Section 9 (“Changes to this Privacy Policy”) below.

2. Important Information for Non-U.S. Residents
   
   A) U.S. and Non-U.S. Residents

This Privacy Policy applies to use of the BCS Services around the world.

B) Non-U.S. Resident Data Transfer

If you are located outside of the United States, please be aware that any information you provide to us, including Personal Information (defined in Section 3 below), may be transferred to the United States where personal data protection rules may be less protective than the rules in your country.

3. Information We Collect

A) General

We collect both Non-Personal Information and Personal Information directly from your input, from third parties, and/or automatically through a Service's technologies. “Non–Personal Information” is information that, without the aid of additional information, cannot be directly associated with a specific person or entity. “Personal Information,” by contrast, is information such as first name; last name; address, including street name and number, city, state, postal or zip code and country; home or mobile phone number; email address; and such other information that you choose to provide to us in your sole discretion from time to time, that without more, can identify a specific living person, individual or entity.

We may also collect information about you from third parties. For example, we may also collect information about you from vendors who provide background and screening services. To the extent that you provide personal data about someone other than yourself, you warrant that you are duly authorized to provide such personal data to us for the purposes described in this Privacy Policy.

B) Collection of Personal Information

When you are required to sign up to use certain BCS Services, you may be asked to provide us with certain Personal Information, such as your name, telephone number, company name (if applicable), and email address. If you submit documents to us, we will collect the Personal Information that is on those documents. The functionality of the BCS Services, and our other Services may change from time to time and we specifically reserve the right to make such changes.

C) Modifying Your Profile

If you want to make any changes to the Personal Information in your profile, please log on to the full BCS application on your desktop, and use the tools provided to modify your Personal Information.

D) Collection of Non-Personal Information

Like most app operators, we use automatic data collection technology when you use the BCS Services to record information that identifies your device, to track your use of our BCS Services, and to collect certain basic information about you and your usage habits. This information includes information about your operating system, your IP addresses, browser type and language, referring and exit pages and URLs, keywords, date and time, amount of time spent on particular pages, what sections of the BCS Services you visit, and similar information concerning your use of the BCS Services (the “Usage Information”). We collect this Usage Information by using cookies and pixel tags (also called web beacons or clear gifs).

E) Cookies

Cookies are small packets of data that the BCS Services store on your device so that your device will “remember” information about your visit. We may use cookies to track the pages that you visit during each BCS Service session, both to help us improve your experience and to help us understand how the BCS Services are being used.

IF YOU DO NOT WISH TO HAVE COOKIES PLACED ON YOUR DEVICE, YOU SHOULD SET YOUR BROWSER TO REFUSE WEB COOKIES BEFORE ACCESSING THE BCS SERVICES, WITH THE UNDERSTANDING THAT CERTAIN FEATURES OF THE BCS SERVICES MAY NOT FUNCTION PROPERLY WITHOUT THE AID OF COOKIES. IF YOU REFUSE COOKIES, YOU ASSUME ALL RESPONSIBILITY FOR ANY RESULTING LOSS OF FUNCTIONALITY.

F) Clear Gifs

Clear gifs are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of BCS Services users. It is usually invisible to you but allows us to check whether you have viewed a particular page or communication. We may place clear gifs on pages of the BCS Services and in emails we send to you.

You may not decline clear gifs. However, they may be rendered ineffective by declining all cookies or modifying your browser setting to notify you each time a cookie is tendered and permit you to accept or decline cookies on an individual basis.

G) Sensitive Personal Information

BCS does not collect, hold or otherwise process the following types of personal information:

- your racial or ethnic origin;
- your political opinions;
- your religious or philosophical beliefs or other beliefs of a similar nature;
- whether you are a member of a trade union;
- information relating to your physical or mental health or condition; and
- information about your sexual life;

4. How We Use Your Information

A) Personal Information

We will use your Personal Information for any purpose related to our business, including without limitation the following: (i) to respond to your requests and to provide you with the BCS Services and related services; (ii) to respond to your inquiries and contact you about changes to the BCS Services; (iii) to send you notices (for example, in the form of e-mails, mailings, and the like) regarding products or services you are receiving; (iv) for billing and collection purposes; (v) to improve the BCS Services; (vi) to contact you regarding other products or services we offer; (vii) to carry out our obligations and to enforce our rights arising from any or all contracts entered into between you and us; (viii) for any other purposes disclosed at the time the information is collected or to which you consent; or (ix) as otherwise specifically described in this Privacy Policy.

We may also use cookies and other information to enable us to customize your user experience.

B) Data Integrity and Purpose Limitation

We will use Personal Information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by you as set forth in this Privacy Policy. We will take reasonable steps to ensure that Personal Information is reliable for its intended use, accurate, complete, and current.

C) Non-Personal Information

We analyze Non–Personal Information gathered from BCS Services users to help us better understand how the BCS Services are being used. By identifying patterns and trends in usage, we are able to better design the BCS Services to improve your experiences, both in terms of content and ease of use. We link information gathered using Non-Personal Information to Personal Information. Automatic data collection may be performed on our behalf by our services providers.

D) How long will my personal information be kept?

We will hold your personal information on our systems for as long as is relevant for the purposes of processing in connection with the purpose for which it was collected for the applicable activity, or as long as is set out in any relevant contract you hold with us, or as further set out in our corporate retention schedule (a database that defines which documents should be kept and for how long).

The security of your personal data is important to us. We use a variety of data security measures intended to ensure the confidentiality and integrity of your personal data. However, unfortunately no data transmission over the Internet or data storage system is 100% secure. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us at <info@getbcs.com>.

5. How We Disclose Your Information/Onward Transfer

A) Personal Information

As decribed in Section 3 (“Information We Collect”), users may, at their option, disclose their own Personal Information by any means they choose. We will disclose Personal Information as set forth in this Section 5.

B) Surveys

From time to time, we may ask you to participate in surveys for our general business and marketing purposes. Participation in any survey is entirely voluntary. Any Personal Information provided to us in connection with a survey will be used by us and disclosed to third parties (that are not bound by this Privacy Policy) solely for the limited and specified purposes of the survey, and only in non-personally-identifying, aggregated form.

C) Contests, Giveaways and other Promotions

From time to time, we may offer you the opportunity to participate in contests, giveaways and other promotions, which may be offered by us or by third parties. You will be given the option to consent to the use of your Personal Information at the time you sign up for the promotion. Any information submitted by you in connection with promotions will only be shared for the limited and specified purpose of the promotion and will be subject to the terms of the promotion, and to the terms of our Privacy Policy if we offer the promotion. If a third party is running the promotion, we will enter into a contract with them in order to provide that they will use Personal Information for limited and specified purposes consistent with the consent provided by you to them, You will not be required to participate in any promotion.

D) Employees, Third-Party Processors and Third-Party Service Providers

We will disclose Personal Information to our employees, contractors, affiliates, distributors, dealers, vendors and suppliers who process Personal Information on our behalf, participate with us in the provision or operation of the BCS Services, or provide you with services.

E) By Law, to Protect Rights and to Comply with Our Policies

In the United States of America, we disclose Personal Information if: (a) required to do so by law including by statute, government regulation, or case law that creates conflicting obligations or explicit authorizations, or in response to a subpoena or court order; (b) we believe in our sole discretion that disclosure is reasonably necessary to protect against fraud, to protect the property or other rights of us or other users, third parties or the public at large; (c) we believe that you have abused the service or BCS Services by using it to attack other systems or to gain unauthorized access to any other system, to engage in spamming or otherwise to violate applicable laws; (d) necessary to the extent and for the period necessary to meet national security, public interest, government regulation, or statutory or law enforcement requirements; (e) required to comply with legal obligations or legitimate accounting activities; (f) there is a need for confidentiality connected with possible acquisitions, mergers, joint ventures or other similar transactions carried out by investment bankers or auditors; (g) case law applies that creates conflicting obligations or authorizations for us; or (h) the effect of the European Directive or an EU Member State law is to allow exceptions or exemptions in a comparable situation.

The laws of other countries may require us to disclose Personal Information in certain circumstances.

F) Business Transfers; Bankruptcy

We reserve the right to transfer all Personal Information in our possession to a successor entity in the event of a merger, acquisition, bankruptcy or other sale of all or a portion of our assets. Other than to the extent ordered by a bankruptcy or other court, the use and disclosure of all transferred Personal Information will be subject to this Privacy Policy, or to a new privacy policy if you are given notice of that new privacy policy and you affirmatively opt-in to accept it. Personal Information submitted or collected after a transfer, however, may be subject to a new privacy policy adopted by the successor entity.

G) Marketing Communications

We will email you about products and services that we believe may be of interest to you. If you wish to opt-out of receiving marketing materials from us, please send us a message at <info@getbcs.com>. You may also choose to unsubscribe from our emails by following the instructions at the bottom of each email for opting out.

H) Choice

Users located in the EEA may direct us not to disclose their Personal Information to third parties (other than our service providers). We do not use Personal Information for purposes materially different from the purposes for which we originally collected the information without notifying the relevant individuals of such uses and offering an opportunity to opt out.

Notwithstanding the foregoing, we may disclose Personal Information without offering individuals the opportunity to opt out for the reasons described in more detail in Sections 5(E) (“By Law, to Protect Rights and to Comply with Our Policies”) and 5(F) (“Business Transfers; Bankruptcy”) above.

I) Non-Personal Information

From time to time, we may also release the Non–Personal Information gathered from BCS Services users in the aggregate, such as by publishing a report on trends in the usage of the BCS Services.

6. Security

We maintain reasonable and appropriate administrative, technical, organizational and physical safeguards designed to protect and secure your information from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. Please understand, however, that we cannot guarantee that the information you supply will not be intercepted while being transmitted to and from us over the Internet. In particular, e-mail sent to or from us may not be secure, and you should therefore take special care in deciding what information you send to us via e-mail.

7. Accessing and Modifying Account Information

Upon request, we will grant individuals reasonable access to Personal Information that we hold about them for the purpose of verifying the accuracy of correcting, amending, or deleting such Personal Information where it is inaccurate or if it has been processed contrary to data privacy laws.

We reserve the right to deny access or limit access in cases where the burden or cost of providing access would be disproportionate to the risks to your privacy, in the case of a fraudulent request or requests intended to harass or annoy; where the rights of another person would be violated; or if full access would reveal our own confidential commercial information, such as marketing inferences, classifications generated by us or the confidential commercial information of another that is subject to a contractual obligation of confidentiality.

We may further restrict access to Personal Information for the following reasons:

A) Interference with the execution or enforcement of the law or with private causes of action, including the prevention, investigation or detection of offenses or the right to a fair trial;
B) Disclosure where the legitimate rights or important interests of others would be violated;
C) Breaching a legal or other professional privilege or obligation;
D) Prejudicing employee security investigations or grievance proceedings or in connection with employee succession planning and corporate re-organizations;
E) Prejudicing the confidentiality necessary in monitoring, inspection or regulatory functions connected with sound management, or in future or ongoing negotiations involving the organization;
F) Countervailing public interests; or
G) Requests purely for research or statistical purposes.

We may charge fees when justified, such as for access requests that are manifestly excessive, in particular because of the repetitive character.

8. Children

The BCS Services are not intended for children under 18 years of age. We do not knowingly collect Personal Information from children under the age of 18. If you are under 18, please do not give us any Personal Information. If you have reason to believe that a child under the age of 18 has provided Personal Information or any other information or content to us, please email us at <info@getbcs.com>, and we will endeavor to delete it from our databases. Please be advised, however, that the removal of such materials from our databases does not ensure complete or comprehensive removal of such materials from the BCS Services.

9. Notice to California Residents

This notice to California residents supplements solely to the visitors, users, and others who reside in the State of California (“consumers” or “you”). We adopt this notice to comply with the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, the “CCPA”). Any terms defined in the CCPA have the same meaning when used in this notice.

Information We Collect

We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device (“personal information”). Personal information does not include:

• Publicly available information from government records.
• Deidentified or aggregated consumer information.
• Information excluded from the CCPA’s scope, like:
• health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA), clinical trial data, or other qualifying research data;
• personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.
• In particular, we have collected the following categories of personal information from consumers within the last twelve (12) months:

As described in Section 4 of the Privacy Policy, we obtain the categories of personal information listed above from the following categories of sources:

• Direct interactions with you.
• Automated technologies or interactions.
• Third parties or publicly available sources.
• Use of Personal Information

We may use or disclose the personal information we collect for one or more of the following purposes:

• To register you as a user of the Services, either as an authorized user of a client or a supplier.
• To assess your eligibility pursuant to the requirements by the parties you work with or seek to work with through our Services.
• To assist our users in soliciting, bidding for or completing a transaction or order.
• To contact you about your account or tasks to complete and to manage our relationship with you such as notifying you about changes to the Services or our terms and asking you for your feedback or comments.
• To verify your identity and account when you contact our customer support team.
• To provide and improve our Services and support and develop new products.
• To test new products and services (e.g. Beta testing).
• To deliver relevant content and marketing materials to you and measure or understand the effectiveness of our marketing strategy.
• To deliver targeted advertising to visitors of our website (through cookies and other tracking technologies) and measure or understand the effectiveness of the advertising we serve.
• To provide you with features on the Services such as sharing content with a colleague.
• To invite you to participate in surveys, sweepstakes, competitions and similar promotions.
• To aggregate information in order to anonymize it for data analysis, audits, developing new products, enhancing the Service, identifying usage trends and determining the effectiveness of our promotional campaigns.
• To use data analytics to improve our Services, marketing, customer relationships and experiences.
• To prepare or implement reorganization or sale of assets or shares.
• To administer and protect our business and the Services (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data), and prevent and detect security threats, fraud or other malicious activity.
• To comply with our legal obligations, respond to government or judicial requests for information (including in the context of private litigation), resolve disputes, and enforce our agreements.
• As described to you when collecting your personal information or as otherwise set forth in the CCPA.

As stated above, if you contact our customer support team, we may collect voice data for authentication purposes but only after obtaining your express consent. Please note that any other sensitive personal information we collect from individuals is strictly used to fulfill our contracts with our customers that the individuals work for and for purposes permitted under the CCPA. We do not process any sensitive personal information to infer characteristics about the individuals.

We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

Retention of Personal Information

As stated in Section 12 of the Privacy Policy, we will only retain your personal information for as long as reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements. In some circumstances we will anonymize your personal Information (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

Disclosure of Personal Information

We may disclose your personal information to third parties for business purposes. We only make these business purpose disclosures under written contracts that describe the purposes, require the recipient to keep the personal information confidential, and prohibit using the disclosed information for any purpose except performing the contract.

We do not sell personal information for any monetary consideration.

Your Rights and Choices

The CCPA provides consumers (California residents) with specific rights regarding their personal information:

• The right to know about the personal information BCS collects about you and how it is used and shared;
• The right to delete personal information collected from you (with some exceptions);
• The right to opt-out of the sale or sharing of your personal information; and
• The right to non-discrimination for exercising your CCPA rights.

To exercise your rights to know, correct, or delete described above, please submit a request by emailing us at <info@getbcs.com>.

Only you, or someone legally authorized to act on your behalf, may make a request to know, correct, or delete related to your personal information.

10. Changes to This Privacy Policy

This Privacy Policy is effective as of the date stated at the top of this Privacy Policy. Because of changes in technology and the growth and development of our business, or for other business reasons, we may need to change this Privacy Policy from time to time. We will alert you via the BCS Services the first time you log in after the Privacy Policy is modified, and we will post a copy of the new policy with its effective date on the BCS Services. It is therefore important that you notify us if you change your email address. If you do not provide us with a current email address, you should regularly review this policy to ensure that you are informed of any changes.

11. Online Tracking

We currently do not process or comply with any web browser’s “do not track” signal or other similar mechanism that indicates a request to disable online tracking of individual users who use our services.

12. Collection and Use of Information by Third Parties

A) General

The BCS Services may contain links to third party sites. We do not control or endorse such third-party sites, and we are not responsible for the privacy practices of such sites. Third parties are under no obligation to comply with this Privacy Policy with respect to Personal Information that you provide directly to those third parties or that those third parties collect for themselves. This Privacy Policy does not apply to information provided to third-party sites or gathered by the third parties that operate them. Before visiting a third-party site, whether by means of a link on our BCS Services or otherwise, and before providing any Personal Information to any third party, you should inform yourself of the privacy policies and practices (if any) of the third party responsible for that site, and should take those steps necessary to your discretion, to protect your privacy.

B) Third Party Collection of Information for Analytics Purposes

We may use third party companies (currently including Google and Hubspot) to provide us with analytics information. These companies may collect Personal Information and Non-Personal Information from you via our BCS Services. You can find out more information about what information Google and Hubspot collect and how they use and disclose that information here: http://www.google.com/policies/privacy/;

https://legal.hubspot.com/privacy-policy.

13. Enforcement

A) Unauthorized Disclosure of Information

If we become aware that the security of any of the BCS Services has been compromised or your Personal Information has been disclosed to unrelated third parties as a result of external activity, including but not limited to security attacks or fraud, we reserve the right to take reasonable and appropriate measures, including but not limited to, investigation and reporting, and notification to and cooperation with law enforcement authorities.

If we become aware that your Personal Information has been disclosed in a manner not permitted by this Privacy Policy, we will make reasonable efforts to notify you, as soon as reasonably possible and as permitted by law, of what Personal Information has been disclosed, to the extent that we know this information.

B) Complaints

Individuals who wish to file a complaint or who take issue with our privacy policies should direct such communication to our Director of Information Security and Infrastructure via e-mail or written communication at the address provided in Section 13 below. Our Director of Information Security and Infrastructure will explain the process to be followed when filing a complaint. Filing a complaint in English will expedite the process. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with the principles contained in this Privacy Policy. For complaints that cannot be resolved between us, in the United States of America, the arbitration provisions of Section 12(c) shall apply. For users located in certain other countries outside of the United States of America, complaints that cannot be resolved between us may be subject to resolution by a different body (remedies can include deletion, modification or correction of the Personal Information at issue).

In the United States of America, we are also subject to the jurisdiction of the US Federal Trade Commission. The Federal Trade Commission may be contacted at the following address:

Federal Trade Commission

Attn: Consumer Response Center

600 Pennsylvania Avenue NW

Washington, DC 20580

consumerline@ftc.gov

www.ftc.gov

C) Arbitration

Except for complaints to the Federal Trade Commission, all disputes relating in any way, directly or indirectly, for any breach by BCS of this Privacy Policy will be subject to arbitration. All arbitration proceedings shall be conducted according to the rules of the American Arbitration Association (“AAA”) in Harris County, Texas, including any dispute about the scope of this arbitration agreement, and including all questions about the types of disputes that are subject to this arbitration agreement, all of which you agree will be decided by a single arbitrator whose decision will be final and binding on you. Any issue concerning the extent to which a dispute is subject to arbitration, or concerning the applicability, interpretation or enforceability of this agreement, including any contention that all or part of this agreement is invalid or unenforceable, shall be governed by the Federal Arbitration Act and resolved by arbitrator.

You acknowledge and agree that, in any arbitration proceeding, no deposition will be taken, and all other forms of discovery of facts will be limited to those things that the arbitrators determine, in their sole discretion, to be necessary. Further, in any arbitration proceeding, (i) there shall be no award of punitive, exemplary, incidental or consequential or other special damages and (iii) the parties will conduct the arbitration confidentially and expeditiously and will pay their own costs and expenses of arbitration, including their own attorney’s fees. If you are unable to afford the AAA fee, you agree to notify all persons against whom you have an arbitrable claim and give such persons the opportunity individually and as a group to pay such fee. The proceeding and the decision shall be kept confidential by the parties. All claims you may have under this Privacy Policy must be brought within one (1) year of the date on which the claim arose.

13. How to Contact Us

If you have questions about this Privacy Policy, please contact us at:

Business Credentialing Services, Inc.

119 Cherry Hill Rd,

Suite 210

Parsippany, NJ 07540

Phone: 862-242-5557

Email: <info@getbcs.com>