Search
Close this search box.

Vendor Management Privacy Policy

Last Updated: August 27, 2025

At Certify Global Inc (“Certify ”, “we”, “our”, “us”), your privacy is important.  

This Privacy Policy describes the personally identifiable information (“personal information”) that me may collect via our credentialing services via our Certify.me Workforce Management solution (collectively the “Services”): 

This Privacy Policy does not apply to the information that our Healthcare Partners choose to manage, upload, and store in our Services (“Partner Content”) for which we are a service provider/processor/business associate, including information obtained from or about an employee, vendor, or patient via use of the services offered on behalf of such Healthcare Partners.  In those circumstances, we process and/or host Partner Content on behalf of a Healthcare Partner and that Healthcare Partner is responsible for the collection and use of all Partner Content, including all necessary consents related to such Partner Content. The respective business partner’s privacy notice will apply to the Healthcare Partner’s collection and use of such Partner Content and questions regarding such notice should be directed to such Healthcare Partner.  

If you do not agree to the terms and conditions of this Privacy Policy, then please do not provide us with your personal information and do not access or use the Services.  By using our services, you agree to the terms outlined in this Privacy Policy.  If you have additional questions or require more information about our Privacy Policy, do not hesitate to contact us. 

CHANGES TO PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes to our privacy practices, and when we do, we will update the “Last Updated” date at the top of the Privacy Policy. If we make material changes, we will provide prominent notice (such as through a notice or banner or, where feasible, via email). Your continued use of the Services after the “Last Updated” date constitutes your acceptance of the changes. If you do not agree to the changes, you should immediately stop using our Services.

COLLECTION OF PERSONAL INFORMATION

As further described below, we collect personal information directly from you and from other and from third-party sources. To the extent permitted by applicable law, we may combine the information we collect from you with publicly available or data we receive from a third party. 

Personal Information We Collect Directly From You. While the personal information we collect varies depending upon your use of the Services and our interactions with you, in general, we may collect the following personal information directly from you: 

  • Communications and Interactions. When you send email, call, or otherwise communicate with us and with members of our team, we collect and maintain a record of your contact details, communications, and our responses. 
  • Responses and Feedback. If you participate in our surveys or questionnaires, we collect your responses and feedback, such as user satisfaction or other information related to your use of the Services, and any other information you so choose to provide. 

Personal Information We Collect from Vendor Personnel to Perform Vendor Credentialing and Background Verification (“Credentialing Information”). 

We only collect what we need for the services our client requests for the credentialing requirements.  Such Credentialing Information may include:   

  • Identifiers: This includes your name, other names you have used, date of birth, contact information (phone, email, mailing address), and government-issued identity numbers such as a Social Security Number, Social Insurance Number, or driver’s license number. 
  • Biometric Information: This may include fingerprints, fingerprint geometry, or facial geometry, primarily for checking records identified by your fingerprints and verifying identity. 
  • Physical Attributes: Information such as race, weight, eye color, and hair color may be collected to validate that police or court records match your description. 
  • Background and History: This includes: 
  • Address History: Used to match you to background records. 
  • Criminal History, Police, and Court Records: Collected to complete criminal, police, and court record checks or monitoring services. 
  • Credit or Bankruptcy History: Used for credit or financial history services and identity verification. 
  • Employment and Education History: Used to verify your current or past employment and education. 
  • Professional Credentials: Used to verify your professional standing and to check or monitor for professional sanctions. 
  • Driving Records: Used to check your driver’s license validity and driving history. 
  • Health Information: This includes substance test results, collected for testing for substance use or other health conditions, and vaccination records. 
  • Other Information: 
  • Opinions about you: Collected during reference interviews. 
  • Appearance on government watch or sanctions lists: Checked and monitored by law enforcement or government agencies. 
  • Eligibility to work: Used to verify if you are legally allowed to work in a certain country. 
  • Publicly available social media activities and online/print media mentions: Used for services involving social media and media checks. 

We may collect Credentialing Information from: 

  • You or our client. 
  • Third parties that we contact in the course of performing services, such as: 
  • Public records. 
  • Publicly available media or social media. 
  • Law enforcement or other government agencies. 
  • Courts, court runners, or court data aggregators. 
  • Credit/consumer reporting agencies. 
  • Your current or past employers or their recordkeeping service providers. 
  • Educational institutions you have attended or their recordkeeping service providers. 
  • Professional organizations or regulatory bodies with which you have been associated. 
  • Substance testing laboratories. 
Processing activity Lawful basis
Performing and collecting payment for services requested by you and our client Contract
Performing and collecting payment for services requested by our client, which may include handling special categories of personal information or criminal history Legitimate interests of our client or another lawful basis established by our client
Complying with audit, retention and other obligations imposed by the third-party source of personal information Legal obligation in Europe, our legitimate interest to comply with a legal obligation outside of Europe, or the third-party source’s legitimate interest to ensure proper use of personal information it holds
Sending you legally mandated notices about our services and your personal information Legal obligation
Recording and reviewing telephone calls and other communications Our and our client’s legitimate interest to maintain service quality
Ensuring our systems are secure Legal obligation

Under data protection laws in in EEA and EU member states, or the UK, Switzerland, and other European countries, certain types of personal information require additional conditions to be met beyond a lawful basis. These include: 

  • racial or ethnic origin 
  • political opinions 
  • religious or philosophical beliefs 
  • trade union membership 
  • genetic data 
  • biometric data  
  • data concerning health 
  • data concerning sex life or sexual orientation 
  • criminal convictions and offenses or related security measures 

If you are Vendor Personnel and we are performing services requested by our client, and the services require us to handle one or more of these types of personal information, our client must make sure the appropriate conditions are met for processing these types of personal information.  

If you are a candidate and we are performing services requested by you, we process these types of personal information based on your consent. 

USE OF PERSONAL INFORMATION.

We may use the personal information we collect in various ways, including for the below purposes: 

  • Provide, operate, and manage the Services, including but not limited to credentialing and background check requests. 
  • Analytics and Improvement. To better understand how users access and use the Services, and for other research and analytical purposes, to develop the Services and its features, and for internal quality control and training purposes. 
  • Communicate With You. To respond to your inquiries, send you requested materials, and send administrative information to you, for example, information regarding the Services and changes to our terms, conditions, and policies. 
  • Security and Protection of Rights. To protect the Services and our business operations, and to protect our rights or those of our stakeholders; to prevent and detect fraud, unauthorized activities and access, and other misuse; where we believe necessary to investigate, prevent or act regarding illegal activities, suspected fraud, situations involving potential threats to the safety or legal rights of any person or third party, or violations of our Terms of Use.  
  • Compliance and Legal Process. To comply with applicable legal or regulatory obligations, including as part of a judicial proceeding; to respond to a subpoena, warrant, court order, or other legal process; or as part of an investigation or request, whether formal or informal, from law enforcement or a governmental authority. 
  • Auditing, Reporting, and Other Internal Operations. To conduct financial, tax, and accounting audits; audits and assessments of our operations, privacy, security and financial controls, risk, and compliance with legal obligations; our general business, accounting, record keeping and legal functions, and to maintain appropriate business records and enforce company policies and procedures. 
  • General Business and Operational Support. To assess and implement mergers, acquisitions, reorganizations, bankruptcies, and other business transactions such as financings, and to administer our business, accounting, auditing, compliance, recordkeeping, and legal functions. 
DISCLOSURES OF PERSONAL INFORMATION

We may share your personal information for the purposes described above and as follows: 

  • Affiliates and Subsidiaries. We may disclose the personal information we collect to our corporate affiliates and subsidiaries.  
  • Vendors and Service Providers. We may disclose the personal information we collect to service providers who perform functions on our behalf, such as IT and website hosting, marketing, and marketing research providers, customer support, data storage, analysis and processing providers, auditors, consultants, and legal counsel. 
  • Background Check Provider.  We utilize  third-party background check providesr to assist with conducting background checks and collection of information related to the credentialing services.  
  • Healthcare Partners:  We disclose Credentialing Information to our customers who have initiated the credentialing services.   
  • Credentialing Service Partners:  We disclose Credentialing Information as necessary to our third party partners, such as drug and health testing sites, hospital partners and facilities, credentialing boards, and law enforcement services, to facilitate the credentialing services requested. 
  • In Support of Business Transfers. If we or our affiliates are or may be acquired by, merged with, or invested in by another company, or if any of our assets are or may be transferred to another company, whether as part of a bankruptcy or insolvency proceeding or otherwise, we may disclose or transfer the personal information we have collected from you with or to the other company. We may also disclose certain personal information as necessary prior to the completion of such a transaction or other corporate transactions such as a financing or restructuring, to lenders, auditors, and third-party advisors, including attorneys and consultants. 
  • Compliance and Legal Obligations. To comply with our legal and compliance obligations and to respond to the legal process. For example, we may disclose information in response to subpoenas, court orders, and other lawful requests by regulators and law enforcement, including responding to national security or law enforcement disclosure requirements. The disclosure of personal information to third parties to comply with valid legal demands for such information is governed by Certify  Government Disclosures Policy. 
  • Security and Protection of Rights. Where we believe doing so is necessary to protect us, our rights and property, or the rights, property, and safety of others. We may also disclose personal information related to litigation and other legal claims or proceedings in which we are involved, as well as for our internal accounting, auditing, compliance, recordkeeping, and legal functions. 
  • Aggregate and Deidentified Information. Notwithstanding anything else in this Privacy Policy, we may use, disclose, and otherwise process aggregate and deidentified information related to our business and the Services with third parties for quality control, analytics, research, development, and other purposes.  
  • Other Disclosures. We may disclose personal information in other ways not described above, but will notify you and, if necessary, obtain your consent. 
DESTRUCTION OF PERSONAL INFORMATION

Personal information is retained no longer than necessary to fulfill the purposes set out in this Privacy Policy, unless a longer retention period is required (such as under applicable contracts with clients or business partners) or permitted by law (such as tax, accounting, or other legal requirements).

SECURITY

Certify takes reasonable steps to prevent destruction, alteration, disclosure, misuse, and unauthorized access to your personal information. Unfortunately, no security system can be guaranteed to be 100% secure. Accordingly, we cannot guarantee the security of your information and cannot assume liability for improper access to it.

CHILDREN

We do not knowingly collect personal information from children under the age of 13 without parental consent.  If we learn that we have collected the personal information of a child under the age of 13 without parental consent, we will take steps to delete the information as soon as possible.

UNITED STATES PRIVACY LAWS

This section describes state specific consumer rights afforded to residents of those states who have enacted comprehensive privacy laws (“State Privacy Laws”)Not all of the State Privacy Laws are effective as of the date of this Privacy Policy, and several do not apply to Certify; however, even where we are not subject to a particular State Privacy Law, we will endeavor to honor applicable privacy rights requests to the extent we are able under the circumstances, but this is a courtesy only and does not otherwise subject us to or make us liable under these laws, to the extent permitted.  Any terms defined in the applicable State Privacy Laws that we use here have the same meaning as the applicable State Privacy Law. Please note that when we are collecting your personal information as a Processor/Service Provider, we cannot decide whether it is appropriate to collect your personal information or how or whether you can exercise your rightsPlease contact the applicable Healthcare Provider with any questions. 

Information We Collect

As more fully described above, we collect (and have collected within the last twelve (12) months) the following categories of personal information: 

  • Identifiers 
  • Commercial information 
  • Protected Classifications 
  • Biometric Information 
  • Employment Information 
  • Education Information 
  • Inferences 
  • Sensitive Personal Information 
Disclosure of personal information to Third Parties and Other Recipients
Categories of personal information that May Be Sold, Shared, or Disclosed Categories of Third Parties to whom personal information May Be Sold, Shared, or Disclosed Business or Commercial Purpose of Selling, Sharing, or Disclosing personal information
Identifiers Affiliates, Subsidiaries
Vendors and Service Providers
Financial Partners
Background Check Provider
Healthcare Partners
Credentialing Service Parnters
Provide the services
Communicate with you
Monitor the services
Market & Advertise the services, including via use of Targeted Advertising
Respond to Inquiries and Fulfill Requests
Improve the services
Support business operations
With your Consent
Commercial information Affiliates, Subsidiaries
Vendors and Service Providers
Financial Partners
Provide the services
Monitor the services
Respond to Inquiries and Fulfill Requests
Support business operations
With your Consent
Credentialing Information Affiliates, Subsidiaries
Vendors and Service Providers
Healthcare Partners
Credentialing Service Partners
Background Check Provider
Healthcare Partners
Provide the services
Communicate with you
Monitor the services
Respond to Inquiries and Fulfill Requests
Support business operations
With your Consent
Your Privacy Rights and Choices

Residents of states with generally applicable privacy laws have the following rights regarding their personal information, subject to certain exceptions and qualifications under their respective state laws. Please note that when we are collecting your personal information as a Processor/Service Provider, we cannot decide whether it is appropriate to collect your personal information or how or whether you can exercise your rights.  Please contact the applicable Healthcare Provider with any questions. 

  • Access and Data Portability. You have the right to request details about the personal information we have collected about you, such as whether we have collected personal information about you, the categories of sources, the purposes for which we have collected the personal information, the categories of recipients, and the specific pieces of personal information we have collected. You may also have the right to receive a copy of your personal information in a readily usable format. 
  • Correction. You may have the right to request we correct incorrect or inaccurate personal information, subject to restrictions regarding the determination of accuracy of the existing personal information. 
  • Deletion/Right to be Forgotten. You may have the right to request deletion of your data unless an exception applies. 
  • Opt-Out of Sale, Sharing, or Targeted Advertising. You have the right to opt-out of “sales” and “sharing” of your personal information, and to opt-out of the use of your personal information for “targeted advertising” as those terms are defined under applicable state privacy laws.  However, we do not “sell”, “share” or utilize targeted advertising.    
  • Limit Use and Disclosure. We do not collect nor engage in uses of sensitive personal information that trigger a right to limit use and disclosure of sensitive personal information under applicable state privacy law. 
  • Opt-Out of Profiling with Legal or Significant Effects. You may have the right to opt out of profiling in furtherance of decisions that produce legal or similarly significant effects. However, we do not engage in such activities as described under applicable state privacy law, so there is no need to exercise this right. 
CONSUMER REQUESTS AND VERIFICATION

Right to Non-Discrimination 

We may not discriminate against you because you exercise any of your privacy rights contained in this Privacy Policy including, but not limited to: 

  • Denying goods or services to you; 
  • Charging different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties; 
  • Providing a different level or quality of goods or services to you; or 
  • Suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services. 

Data Requests 

You may request to exercise your rights of access, deletion, or correction by contacting us as described by contacting us at Suite 305, 656 Quince Orchard Rd STE 300, Gaithersburg, MD 20878, United States. Please note that when we are collecting your personal information as a Processor/Service Provider, we cannot decide whether it is appropriate to collect your personal information or how or whether you can exercise your rights. If we are collecting your personal information as a part of the background check services, we may need such information to perform the contractual purpose for which it was provided.  Please contact the applicable Healthcare Provider with any questions. To help protect your privacy and maintain security, we will take steps to verify your identity before processing your request.  If you request access to or deletion of your personal information, we may require you to provide any of the following information: name, email address, telephone number, or postal address, and account information. When you make such a request, you can expect the following:  

  • As required under applicable law, we will verify your identity. You will need to provide us with your email address and full name.  We may ask for additional information if needed. 
  • We will confirm that you want your information accessed, corrected, and/or deleted. 
  • We will confirm our receipt of your request within 10 days. If you have not received a response within a few days after that, please let us know by contacting us at the Website or phone number listed below. 
  • We will respond to your request within 45 days upon receipt of your request. If necessary, we may need an additional period of time, up to another 45 days, but we will reply either way within the first 45-day period and, if we need an extension, we will explain why. 
  • In certain cases, a request for access, correction, or deletion may be denied. For example, if we cannot verify your identity, the law requires that we maintain the information, or if we need the information for internal purposes such as providing services or completing an order. If we deny your request, we will explain why we denied it and delete any other information that is not protected and subject to denial. 

Authorized Agents 

You may designate an authorized agent to request any of the above rights on your behalf. You may make such a designation by providing the agent with written permission, signed by you, to act on your behalf. Your agent may contact us as described in the Data Request section below to make a request on your behalf. Even if you choose to use an agent, we may, as permitted by law, require: 

  • The authorized agent to provide proof that you provided signed permission to the authorized agent to submit the request; 
  • You to verify your identity directly with us; or 
  • You to directly confirm with us that you provided the authorized agent permission to submit the request. 

Appeal Process 

If you have made a request to access, correct, or delete your personal information under a state privacy law with an appeal right, and we have declined to take action, you may appeal our decision within 45 days of the denial. When you make such an appeal, you can expect the following: 

  • We will verify your identity. You will need to provide us with your email address and full name.  We may ask for additional information if needed. 
  • We will review your appeal and respond in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decision, within 45 days upon receipt of your appeal. If necessary, we may need an additional period of time, up to another 45 days, but we will reply either way within the first 45-day period and, if we need an extension, we will explain why. 
  • In certain cases, an appeal may be denied. For example, if we cannot verify your identity, the law requires that we maintain the information, or if we need the information for internal purposes such as providing Services or completing an order. If we deny your appeal, we will explain why we denied it and provide you with a method to contact your state’s Attorney General to submit a complaint. 
BIOMETRIC INFORMATION SERVICES USERS

If you reside in Illinois, Texas, Washington, or another state with a biometric privacy laws and utilize our FaceCheck solution, Certify collection and use of your Biometric Information is on behalf of the healthcare provider utilizing such services and is subject to our Biometric Information Notice, incorporated herein by reference. When you use the Services, you will be asked to indicate that you agree to our collection, storage, and use of your Biometric Information in accordance with the terms of this Notice by clicking on a checkbox, by entering you name, or by similar means.  You agree that such indication of consent is your written release regarding our collection, storage, and use of your Biometric Information.   

INTERNATIONAL USERS

If you reside in the European Union or another jurisdiction that has adopted the EU’s General Data Protection Regulation (“GDPR”), Certify  collection and use of your personal information is subject to the GDRP.  Certify obligations under the GDPR are set forth in the Certify GDPR Policy, which is incorporated by reference into this Privacy Policy. 

COMMUNICATIONS

Questions, complaints, and other communications regarding any aspect of this Privacy Policy should be addressed to Certify  at info@certify.me. 

Questions, complaints, and other communications regarding any aspect of Certify  GDPR Policy should be addressed to Certify  as set forth in our GDPR Policy. 

With CERTIFY.me, enhance your organization’s ability to succeed in a world where illegal authentication is the norm and security is a concern.

Features

Resources

Company

© Copyright 2023 CERTIFY Global INC. All Rights Reserved.