Effective Date: April 6, 2021
Certain terms are defined herein, but others have the meanings provided below:
- “CastleBranch,” means Castle Branch, Inc. and any subsidiaries (including any subsidiaries that CastleBranch may form or acquire in the future). We also refer to CastleBranch as “we,” “us” and “our.” But when we say “CastleBranch Entities,” we mean CastleBranch and its affiliates; its and their suppliers, vendors, contractors, and licensors; and its and their directors, officers, employees, and agents.
- “CastleBranch Site” or “CastleBranch Sites,” we mean castlebranch.com, https://mycb.castlebranch.com, any CastleBranch mobile site, the CastleBranch Apps, and all related functionality, services, and Content offered by or for CastleBranch on or through any of the CastleBranch Sites and the CastleBranch Apps or the systems, servers, and networks used to make the CastleBranch Sites available.
- “CastleBranch Apps,” we mean any official apps we make available for iPhone and Android, which can be downloaded from the iTunes App Store or the Google Play Store.
- When we say “you” or “your” we mean any visitor or user of any CastleBranch Site or Service.
- When we say “user” we mean a natural person in an individual capacity (which likely includes you) who visits any of our CastleBranch Sites.
- When we say “Customer” we are referring to a customer who has an agreement with one or more of the CastleBranch Entities and has requested use of our Service.
- When we say “Business Information” we mean information submitted by a Customer to facilitate use of the Service.
CastleBranch has no foreign offices or “offshoring” of operations. CastleBranch’s operates in business primarily based on information available in the United States. Even if a foreign element is involved, CastleBranch will attempt to obtain the information through domestic means and sources. In instances that necessitate an in–country verification or research, CastleBranch obtains the information directly from the source or, if applicable, through research by a member of our established network of vetted subcontractors. Documentation or information such as passport numbers and dates of birth are not sent to anyone overseas other than the actual verification provider (e.g., school registrar) whenever possible. CastleBranch takes reasonable measures to ensure that its handling of Personal Data on an international basis is safe and secure, which includes requiring its subcontractors who conduct international searches to contractually agree that they will perform CastleBranch’s assignments in accordance with applicable laws and regulations and maintain adequate safeguards with respect to the protection of data privacy and security and the corresponding rights of individuals.
IMPORTANT: THIS AGREEMENT CONTAINS A MANDATORY ARBITRATION PROVISION THAT, AS FURTHER SET FORTH IN THESE TERMS, REQUIRES THE USE OF ARBITRATION ON AN INDIVIDUAL BASIS TO RESOLVE DISPUTES. THIS MEANS THAT YOU AND CASTLEBRANCH ARE EACH GIVING UP OUR RIGHTS TO SUE EACH OTHER IN COURT OR IN CLASS ACTIONS OF ANY KIND.
I. INFORMATION WE COLLECT
- Collection of Information Through Tracking Technologies: We use various methods and technologies to store or collect Usage Information (“Tracking Technologies“). A few of the Tracking Technologies used with the Service, include, without limitation, cookies, web beacons, embedded scripts, browser fingerprinting, entity tags, UTM codes (i.e. a code that you can attach to a custom URL in order to track a source, medium, and campaign name), and recognition technologies that make assumptions about users and devices. We use Tracking Technologies for a variety of purposes, including:
- Strictly Necessary: We use Tracking Technologies that we consider are strictly necessary to allow you to use and access our Service, including cookies required to prevent fraudulent activity, improve security or allow you and a Customer to make use of Service functionality.
- Performance Related: We use Tracking Technologies that are useful in order to assess the performance of the Service, including as part of our analytic practices or otherwise to improve the content, ads, products or services offered through the Service.
- Functionality Related: We use Tracking Technologies that are required to offer you enhanced functionality when accessing the Service, including identifying you when you use our Service or keeping track of your specified preferences.
- Targeting Related: We use Tracking Technologies to deliver content, which may include ads, including those promoted by our Customers, that we deem relevant to your interests on our Service and third–party services based on how you interact with our advertisements and/or content. This includes using Tracking Technologies to understand the usefulness to you of the content and ads that have been delivered to you.
- Information Collected From Other Sources: We may collect information about you, including Personal Data, from our Customers who place orders with us for a consumer report, investigative consumer report, or other product or service about you. The information collected from our Customers may include, but is not limited to, your name, date of birth, social security number, email address(es), home address, mailing address, phone number(s), student identification number, education history, licensure, and employment history. We also may collect information about you, including Personal Data, from other sources, such as, but not limited to, third party databases; the department of motor vehicles; county, state, and federal courts; state repositories; federal repositories; state and regional prisons; local police stations; federal bankruptcy courts; federal civil courts; state medical boards; drug testing facilities or specimen collection sites; professional licensing organizations; and other private, local, state, and federal organizations and agencies.
- Information Collected and Stored When We Send You a Text Message: After you sign up for our Service (subject to your consent where required by applicable law), we and/or our Customers may send you text messages that provide marketing, promotional, and/or other information. We and our third–party service providers use a variety of technologies that automatically (or passively) store or collect certain information whenever you, we, and/or our Customers send you a text message. This information will be stored or accessed using a variety of technologies that will be downloaded to your mobile device whenever you receive a text message.
- Information Collected from Other Social Media Sites: CastleBranch also conducts and/or collects social media data about individual users, including you, for itself, its Customers, or other third parties that either you make available or is made available to CastleBranch and others directly by social media sites such as Twitter, Facebook, LinkedIn, Instagram, Pinterest, YouTube, Google+ and others through APIs or social media monitoring technology (“Third Party Sites“). This data includes names, user IDs, social media handles, gender, and other information that individuals choose to make publicly available on social media sites. In connection with the Service, CastleBranch may also monitor the public activities of individuals on social media sites, including posts, blogs, tweets, and profile information, including such social media messages directed at you and other users. This Privacy Notice does not govern the collection of content by Third Party Sites that is not published or generated through the Service, except to the extent that we act as a processor with respect to such content. Our customers are required to abide by the applicable policies and requirements of such Third Party Sites used in connection with the Services and when using information from Third Party Sites.
II. HOW WE USE YOUR INFORMATION
- Generally: In order to perform services on your behalf, primarily to our Customers, we will process your Personal Data, Business Information or Usage Information:
- to process and track the actions you take into using the Service;
- to verify your identity;
- to provide the Service;
- to provide customer support, including to resolve disputes, and troubleshoot problems;
- to contact you with regard to your use of the Service and, in our discretion, changes to the Service and/or Service’s policies; and
- to enable you to participate in a variety of the Service’s features.
- Legitimate Interests: As it is in our legitimate interests to be responsive to you and to ensure the proper functioning of our Service and provide you with a user–friendly service, we will use your Personal Data, Business Information, and/or Usage Information:
- to provide you with information such as to send you electronic correspondence or to provide you with promotional and marketing materials on behalf of us or third–parties, including to let you know about new products or services;
- to manage risk, or to detect, prevent, and/or remediate fraud or other potentially prohibited or illegal activities;
- to manage and protect our information technology infrastructure;
- to improve the Service, marketing endeavors, or our Service offerings;
- to customize your experience on the Service or to serve you specific content or ads that we deem are relevant to you;
- to identify your Service preferences so that you can be informed of new or additional opportunities, products, services, and promotions;
- to improve the overall experience of the Service;
- to comply with our legal and regulatory obligations;
- for internal business purposes; and
- Telephonic Communications: If you are an individual user, you acknowledge that by providing your telephone number(s) to CastleBranch, you are providing CastleBranch with your express written consent to receive informational phone calls from us and/or Customers. You acknowledge that you may incur a charge for these calls by your telephone carrier and that CastleBranch is not responsible for these charges. Your consent to receive automated calls and texts is completely voluntary, however, opting out of receiving such communications will limit your use of the Service. You may opt-out of receiving text messages and/or phone calls at any time:
- To opt-out of automated phone calls and text messages, please contact us at email@example.com. Please allow up to thirty (30) days to process any opt-out request.
- If you opt-out of receiving text messages and/or phone calls, we reserve the right to still contact you if it relates to verifying your account, any transaction made using our Service, or if required by law.
- It is your sole responsibility to notify us if you no longer want to receive automated calls or text messages. You waive any rights to bring claims for unauthorized or undesired calls or text messages by failing to opt-out immediately or by failing to follow these instructions. Please allow up to thirty (30) days (or ten (10) business days where required by law) to process any opt-out request. Please note that if you opt out of automated calls or text messages, we reserve the right to make non-automated calls to you.
III. HOW WE SHARE YOUR INFORMATION
- With Customers: We share your Personal Data and Usage Information with Customers whom you authorize.
- When You Request Information from or Provide Information to Third–Parties: You will be presented with an option on our Service to receive certain information and/or marketing offers directly from third–parties or to have us send certain information to third–parties or to have us give third–parties access to your information. In many instances these third–parties are our Customers who you are working with to, for example, obtain a job. If you choose to do so, such Personal Data will be disclosed to such third–parties and all information you disclose will be subject to the third–party privacy policies and practices of such third–parties. We are not responsible for the privacy policies and practices of such third–parties and, therefore, you should review such third–party privacy policies and practices of such third–parties prior to requesting information from or otherwise interacting with them.
IV. OTHER REASONS WE SHARE YOUR INFORMATION
- To Protect the Rights of CastleBranch and Others: We will access, use, preserve, transfer and disclose your information (including Device Identifiers and Personal Data) to third–parties: (i) to satisfy any applicable law, regulation, subpoenas, governmental requests or legal process if in our good faith opinion such is required or permitted by law; (ii) to protect and/or defend the Service’s Terms of Service or other policies applicable to the Service, including investigation of potential violations thereof; (iii) to protect the safety, rights, property or security of the Service or any third–party; and/or (iv) to detect, prevent or otherwise address fraud, security or technical issues. Further, we will use IP address or other Device Identifiers to identify users and will do so in cooperation with third-parties such as copyright owners, internet service providers, wireless service providers and/or law enforcement agencies, including disclosing such information to third–parties, all in our discretion, subject to applicable law. Where necessary in accordance with applicable law, such disclosures will be carried out without notice to you.
- Affiliates and Business Transfer: We share your information, including your Device Identifiers and Personal Data, Business Information and Usage Information within and across all CastleBranch Entities as we deem appropriate. We will also disclose your information to third parties: (i) in the event that we sell any business or assets, in which case we will disclose your data to the prospective buyer of such business or assets; or (ii) if we or substantially all of our assets are acquired by a third party, in which case information held by us about our users will be one of the transferred assets.
- California Residents:
- Your California Privacy Rights: We may elect to share information about you with third–parties for those third–parties’ direct marketing purposes. California Civil Code § 1798.83 permits California residents who have supplied Personal Data (as defined in the law) to us to, under certain circumstances, request and obtain certain information regarding our disclosure, if any, of Personal Data to third–parties for their direct marketing purposes. If this law applies to you, you may obtain the categories of Personal Data shared by us and the names and addresses of all third–parties that received Personal Data for their direct marketing purposes from us during the immediately prior calendar year (e.g., requests made in 2019 will receive information about 2018 sharing activities). To make such a request, please provide sufficient information for us to determine if this applies to you, attest to the fact that you are a California resident and provide a current California address for our response. To make such a request (limit one request per year), please send an email to: firstname.lastname@example.org, with “California Privacy Rights” as the subject line or mail us a letter to: CastleBranch, Inc., Attention: Compliance, 1844 Sir Tyler Drive, Wilmington, NC 28405. You must include your full name, email address, and postal address in your request.
- California Do Not Track Disclosure: Various third–parties are developing or have developed signals or other mechanisms for the expression of consumer choice regarding the collection of information about an individual consumer’s online activities over time and across third–party websites or online services (e.g., browser do not track signals). Currently, we do not monitor or take any action with respect to these signals or other mechanisms.
V. DE-PERSONALIZED OR ANONYMIZED DATA – POTENTIONAL FOR MARKETING
- CastleBranch may, in accordance with applicable law (e.g. GDPR, California Consumer Privacy Act (“CCPA”), Nevada Revised State 603A, as amended (“Nevada Privacy Law”)), sell to third-parties aggregate, de-personalized, or anonymized data that may be comprised in part by your Usage Information or other information we gather from your use of the Services.
VI. HOW WE TREAT PUBLICLY AVAILABLE INFORMATION
- Public Information: Use of our CastleBranch Sites and the Service may permit you to submit some or all of the following: ideas, photographs, video, audio recordings, computer graphics, pictures, data, information about your location, questions, comments, suggestions or other content, including Personal Data and/or Business Information (collectively, “User Content“). We or others may store, display, reproduce, publish, distribute or otherwise use User Content online or offline in any media or format (currently existing or hereafter developed) and may or may not attribute it to you. Others may have access to this User Content and may have the ability to share it with third–parties. Please think carefully before deciding what information you share, including Personal Data, in connection with your User Content. We are not responsible for the privacy or security of any information, including Personal Data, that you make publicly available or what others do with information you share with them on the Service. We are not responsible for the accuracy, use or misuse of any User Content that you disclose or receive from third–parties through the Service.
- Name and Likeness: We may also publish your name, voice, likeness and other Personal Data and/or Business Information that is part of your User Content, and we may use such User Content, or any portion thereof, for advertising, marketing, publicity and promotional activities, as well as for any other commercial purpose.
VII. THIRD–PARTY CONTENT, SITES, AND/OR APPS YOU ACCESS THROUGH US
- When you are on the Service you may be directed to other sites and apps that are operated and controlled by third–parties, including those that we do not control such as our Customers or merchants who directly sell products and services to you (“Third–Party Owners“). If you go to these other sites and apps, such sites and apps will have their own privacy policies. We are not responsible for these third–party privacy policies or the practices of Third–Party Owners. Be sure to review any available policies before submitting any Personal Data to a third–party application or otherwise interacting with it and exercise caution in connection with these applications and Third–Party Owners.
VIII. CHANGING YOUR PERSONAL DATA
- You are responsible for maintaining the accuracy of the information you submit to us. The Service allows you to review, correct, update, and in certain instances delete, Personal Data you have provided, however, when you use any of the CastleBranch Sites, outside of the Service, you may not be able to update your Personal Data. We will upon request, and where required by applicable law (e.g. GDPR, CCPA, Nevada Privacy, Law etc.) update your Personal Data if you contact us by email at: email@example.com. We will make good faith efforts to make requested changes in our then active databases as soon as reasonably practicable (but retain the prior information as a legitimate interest). Please note that it is not always possible to completely remove or delete all of your information from our databases and that residual data may remain on backup media or for other reasons. The provisions of this section are limited to the extent its application would violate applicable law (e.g. you are an individual who hold legal or resident status in the EEA, or you are covered under CCPA, the Nevada Privacy Law, etc.).
IX. HOW LONG WE RETAIN YOUR INFORMATION
- We will retain your information as follows for as long as we are required in order to provide the Service to you, as required to fulfill our legal obligations (e.g. under applicable law), commitments we made to and on behalf of our Customers in order to provide the Service to you, and defend legal claims. After you have ceased use of the CastleBranch Sites, any relationship with any CastleBranch Entities, or have terminated use of the Service, we may, and you consent, store your information in any manner permitted under applicable law.
X. ACTIVITIES AND/OR USERS OUTSIDE OF THE UNITED STATES
- Transfer of Your Information:
- In connection with use of the Service there are instances where Personal Data we request and/or collect about you, whether directly from you or from other sources, may be transferred to third parties outside of the United States and its territories or from third parties outside the United States and its territories to us.
- While our Service is operated in the United States and intended for users located in the United States, please be aware that information we collect, including Personal Data, will be transferred to, and processed, stored and used in the United States in order to provide the Service to you. Where the GDPR applies and our processors of your Personal Data are located outside the EEA, such transfer will only be to a recipient country that ensures an adequate level of data protection.
- Additional Rights Provided to EU Individuals—GDPR: GDPR went into effect on May 25, 2018 and was designed to harmonize data privacy laws across the EU and EEA in an effort to protect individuals who provide individuals who hold legal or resident status in the EEA with the ability to control their Personal Data. As part of our business, CastleBranch has performed a comprehensive assessment of GDPR’s requirements, and made the applicable technical, administrative and documentation changes to meet its compliance obligations.
- Access and Portability: You have the right to ask us to access the information we hold about you, including Personal Data, and be provided with certain information about how we use your such information and who we share it with. Where you have provided your Personal Data to us with your consent, you have the right to ask us for a copy of this data in a structured, machine readable format and to ask us to share (port) this data to another data controller.
- Right to deletion: In certain circumstances, you have the right to ask us to delete the Personal Data we hold about you:
- where you believe that it is no longer necessary for us to hold your data including Personal Data;
- where we are processing your Personal Data on the basis of legitimate interests and you object to such processing and we cannot demonstrate an overriding legitimate ground for the processing;
- where you have provided your Personal Data to us with your consent and you wish to withdraw your consent and there is no other ground under which we can process your Personal Data; or
- where you believe the Personal Data we hold about you is being unlawfully processed by us.
- Restriction: In certain circumstances, you have the right to ask us to restrict (stop any active) processing of your Personal Data:
- where you believe the Personal Data we hold about you is inaccurate and while we verify accuracy;
- where we want to erase your Personal Data as the processing is unlawful, but you want us to continue to store it;
- where we no longer need your Personal Data for the purposes of our processing, but you require us to retain the data for the establishment, exercise or defense of legal claims; or
- where you have objected to us processing your Personal Data based on our legitimate interests and we are considering your objection.
- In addition, you can object to our processing of your Personal Data based on our legitimate interests and we will no longer process your Personal Data unless we can demonstrate an overriding legitimate ground.
- To exercise any of these rights above, please contact us at firstname.lastname@example.org.
- Restriction: In certain circumstances, you have the right to ask us to restrict (stop any active) processing of your Personal Data:
Please note that these rights are limited, for example, where fulfilling your request would adversely affect other individuals where there are overriding public interest reasons or where we are required by law to retain your Personal Data.
You can withdraw your consent at any time by contacting us at email@example.com.
- Complaints: In the event that you wish to make a complaint about how we process your Personal Data, please contact us in the first instance at firstname.lastname@example.org and we will endeavor to deal with your request as soon as possible. This is without prejudice to your right to raise a complaint with a relevant supervisory authority.
- Castle Branch does not permit anyone under age 13 from using our products and services and does not knowingly collect any information from anyone under age 13. If we come to find out that we have received information from a person under age 13, we will purge the information from our files.
- Protecting the privacy of children is especially important to us. Castle Branch complies with all applicable state and federal laws regulating student and health privacy. The federal Children’s Online Privacy Protection Act (COPPA) is designed to prevent the collection and use of information from children under age 13. However, certain products and services we offer are intended to support a child’s participation in both school and non-school related activities. In such instances, verifiable consent from a child’s parent or guardian is required before collecting, using, or disclosing personal information from a child under age 13.
- In order to use our products and services, you must attest that all of the following must be true: (i) you are at least 18 years old and have not been removed from using the service under our Terms of Conditions and Use; (ii) you are the parent, guardian or other lawful representative of the child whose information is being provided in connection with our products and services; (iii) you have agreed to be bound by our Terms and Conditions of Use; and (iv) your use complies with all state and federal laws and regulations.
- CastleBranch takes seriously the security of the CastleBranch Sites and your Personal Data, and we utilize a combination of online and offline security technologies, procedures and organizational measures to help safeguard consumer information against loss, misuse, and unauthorized access, disclosure, alteration and destruction of your information. CastleBranch has implemented industry standard technology designed to keep your Personal Data safe from unauthorized access or disclosure. Any CastleBranch Site that accepts credit cards is compliant with the Payment Card Industry Data Security Standard (PCI DSS). CastleBranch has installed layered firewalls and other security technologies to help prevent unauthorized access to the System. Strong password protection protocols are used on all computers and employees are kept up–to–date on CastleBranch’s security and privacy policies. The servers used to store your information are maintained in a secure environment with appropriate security measures. Such protective measures are designed to limit access to your Personal Data. However, no data transmission over the Internet, mobile networks, wireless transmission or electronic storage of information can be guaranteed to be 100% secure. CastleBranch cannot guarantee that your Personal Data will be secure under all circumstances and as such offers no guarantees, warranties, or representations regarding the security from unauthorized disclosure of Personal Data.
Castle Branch, Inc.
1844 Sir Tyler Drive
Wilmington, NC 28405
XIV. DISPUTE RESOLUTION
XV. CONTACT US