E.U.-E.E.A. Privacy Policy

Effective date: February 2, 2021

Privacy Policy – Financial Risk Mitigation (“FRM”)

The following is the FRM Privacy Policy as it relates to personal data about EEA, Swiss, and UK Data Subjects (collectively ‘European Data Subjects’) that it obtains as a result of its investigative work on behalf of its Subscribers:

  • Notice

FRM collects information about European Data Subjects when conducting investigations on behalf of, and at the request of its Subscribers. The majority of FRM’s investigatory on European Data Subjects involves the use of independent agents in Europe that research public domains such as published articles, searches of corporate registries, and other European public and regulatory databases. FRM and its agents also research education and employment data for the purposes of its investigatory work. FRM may also perform interviews as a part of its investigatory work.

Where such data is used, FRM’s Terms of Service (https://www.frm-inc.com/frmclientportaltermsofservice/) or other separate agreements with its Subscribers requires that the Subscriber certify that it has provided notice and received consent that such an investigation will be conducted and the European Data Subject has given their unambiguous, voluntary and knowing consent to the Subscriber requesting the investigation.

The types of personal data that may be collected include, identification and location information, personal and family information, information available in publications, current and former employment information, information about educational and professional licensing, public record information, financial and credit history, business affiliations such as officer and director positions, and other publicly available information.

The investigation brief, results, and related information may include:

  • personal details
  • family details
  • lifestyle and social circumstances
  • goods and services
  • financial details
  • education and employment details
  • physical or mental health details
  • racial or ethnic origin
  • religious or other beliefs of a similar nature
  • trade union membership
  • offences including alleged offences

When personal data is collected directly from European Data Subjects by FRM, it is only upon the direct instruction of FRM’s Subscriber who has contractually represented that they have provided notice to the European Data Subject that an investigation will be conducted and the Data Subject has given unambiguous, voluntary and knowing consent to the Subscriber requesting the investigation, including a link to this policy in the event individuals are asked to provide personal data to FRM.

The information collected is only disclosed as necessary to perform services for FRM’s Subscribers pursuant to the consent of the Data Subject (unless a lawful exception to processing the data without consent applies). FRM does not use personal data for any purpose other than that for which it was originally collected and authorized by the Data Subject and in accordance with the Subscriber’s instructions.

Notwithstanding the above, and subject to the terms of its agreement with a Subscriber, FRM may disclose personal data in response to lawful requests by public authorities or other third parties, including to meet national security or law enforcement requirements.

  • Choice

As noted above, FRM does not collect any personal data without an individual’s unambiguous, voluntary and knowing consent to FRM’s Subscribers unless an exception applies.

  • Accountability for Onward Transfer

FRM’s independent agents in Europe transfer personal data to FRM in the U.S. and FRM transfers that information only to its Subscribers pursuant to the individual’s consent as discussed above (subject to any exception that may apply). FRM’s Subscribers covenant and agree with FRM to undertake commercially reasonable steps to protect information received from FRM and to not disclose it except for the purpose for which it was collected pursuant to the individual’s consent (subject to any exception that may apply).

FRM may transfer personal identifying data to its independent agents in Europe for the purpose of performing the investigations including manually searching court and other records. In such cases, FRM will transfer such identifying data only for limited and specified purposes.

  • Security

FRM maintains a comprehensive information security program designed to anticipate foreseeable threats or hazards for attacks, intrusions, unauthorized access, system failures, alteration, destruction, or breach of confidentiality through (a) using administrative, technical, and physical safeguards (Safeguards); (b) reasonably designing, periodically reviewing, regularly testing, monitoring, and risk assessing the Safeguards; and (c) modifying and upgrading systems, system controls, procedures (including training of employees and management).

  • Access

FRM does not retain personal data beyond the time needed to prepare a report for its Subscribers usually for five (5) years thereafter for audit purposes unless the Subscriber requires a longer retention period. FRM will provide access to the Data Subject, upon request subject to any instructions from the Subscriber and any exceptions that may apply under applicable European law. If the Data Subject would like to access their personal data retained by FRM, and to correct, amend, or delete information that is inaccurate, or if the European Data Subject would like their personal data deleted, or has any other questions or complaints about the processing of their personal data they may contact:

Privacy Officer

Financial Risk Mitigation

2332 N. Arnoult Rd.

Metairie, LA 70001