Effective August 28, 2023
Financial Risk Mitigation (“FRM”) complies with the E.U.-U.S. Data Privacy Framework and the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework (the “Data Privacy Frameworks,” or “DPF’s”) which became effective August 2023 as set forth by the U.S. Department of Commerce (DOC). Financial Risk Mitigation, Inc. has certified to the U.S. DOC that it adheres to the E.U.-U.S. Data Privacy Framework Principles (E.U.-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the E.U.-U.S. DPF and the UK Extension to the E.U.-U.S. DPF. Financial Risk Mitigation, Inc. has certified to the U.S. DOC that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.
FRM collects information about EU/EEA Data Subjects when conducting investigations on behalf and at the request of its Subscribers. The majority of FRM’s investigations on EU/EEA Data Subjects involves the use of independent agents in Europe that research public domains such as published articles, searches of corporate registries, and other European public and regulatory databases. FRM and its agents also research education and employment data for the purposes of investigatory work. FRM may also perform interviews as a part of its investigatory work.
Where such data is used, FRM’s Terms of Service (https://www.frm-inc.com/frmclientportaltermsofservice/) or other separate agreements with its Subscribers require that the Subscriber certify that it has provided notice to and received consent for such an investigation to be conducted and the EU/EEA Data Subject has given his/her unambiguous, voluntary, and knowing consent to the Subscriber requesting the investigation.
The types of personal information that may be collected include: identification and location information, personal and family information, information available in publications, current and former employment information, information about educational and professional licensing, public record information, financial and credit history, business affiliations such as officer and director positions, and other publicly available information.
The investigation brief, results, and related information may include:
lifestyle and social circumstances
goods and services
education and employment details
physical or mental health details
racial or ethnic origin
religious or other beliefs of a similar nature
trade union membership
offences including alleged offences
When personal information is collected directly from EU/EEA Data Subjects by FRM, it is only upon the direct instruction of FRM’s Subscriber who has contractually represented that the Subscriber has provided notice to the EU/EEA Data Subject that an investigation will be conducted and the Data Subject has given unambiguous, voluntary, and knowing consent to the Subscriber requesting the investigation, including a link to this policy in the event individuals are asked to provide personal information to FRM.
The information collected is only disclosed as necessary to perform services for FRM’s Subscribers pursuant to the consent of the individual unless a lawful exception to processing the data without Notice and Consent applies. FRM does not use personal information for any purpose other than that for which it was originally collected and authorized by the individual.
Notwithstanding the above, FRM may disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Notwithstanding the above, FRM may disclose personal information to third parties without Notice and Consent when a lawful exception applies.
As noted above, FRM does not collect any personal information without an individual’s unambiguous, voluntary, and knowing consent to FRM’s Subscriber unless an exception applies. If the individual’s choice is to not consent to the collection of information for purposes of the investigation, unless exception applies, FRM will not collect any information. Information is never disclosed to a third party except for the purposes consented to by the individual, or FRM’s processors to carry out the purpose for which it was collected. The information is not reused or disclosed by FRM for any other purpose.
- Accountability for Onward Transfer
FRM’s independent agents in Europe transfer personal data to FRM in the U.S. and FRM transfers that information only to its Subscribers pursuant to the individual’s consent as discussed above unless an exception may apply. FRM does not transfer personal information to any third parties other than its Subscribers pursuant to the individual’s consent unless exception may apply. FRM’s Subscribers covenant and agree to undertake commercially reasonable steps to protect information received from FRM and to not disclose it except for the purpose for which it was collected pursuant to the individual’s consent, unless an exception may apply.
FRM may transfer personal identifying data to its independent agents in the E.U. for the purpose of performing the investigations including manually searching court and other records. In such cases, FRM will transfer such identifying data only for limited and specified purposes.
FRM is liable under the Principles if an agent processes the information in a manner inconsistent with the Principles, unless it can prove that it is not responsible.
FRM maintains a comprehensive information security program designed to anticipate foreseeable threats or hazards for attacks, intrusions, unauthorized access, system failures, alteration, destruction, or breach of confidentiality through: (a) using administrative, technical, and physical safeguards (Safeguards); (b) reasonably designing, periodically reviewing, regularly testing, monitoring, and risk assessing the Safeguards; and (c) modifying and upgrading systems, system controls, procedures (including training of employees and management).
FRM does not retain personal information beyond the time needed to prepare a report for its Subscribers, usually for five (5) years thereafter for audit purposes unless Subscriber requires a longer retention period. FRM will provide access to the data subject upon request, unless an exception may apply. If the subject of a report would like to access his/her personal information retained by FRM, and to correct, amend, or delete information that is inaccurate, or has been processed in violation of the Data Privacy Framework Principles, or if the EU/EEA Data Subject would like all information about him/herself deleted, the individual may contact:
Data Privacy Framework Ombudsman-Compliance
Financial Risk Mitigation
2332 N. Arnoult Rd.
Metairie, LA 70001
- Recourse, Enforcement, and Liability
Individuals with complaints about the collection or use of personal information should contact:
Data Privacy Framework Ombudsman
Financial Risk Mitigation
2332 N. Arnoult Rd.
Metairie, LA 70001
If your dispute is not resolved satisfactorily, you may submit it for mediation to: https://www.jamsadr.com/, an alternative dispute resolution provider located in the United States and Europe. The services of JAMS are provided at no cost to you.
FRM is subject to regulation by the Federal Trade Commission (the “FTC”) under its investigatory and enforcement powers. Under certain circumstances, you may submit your complaint to binding arbitration.