RISQ Group incorporating Aim Screening ("RISQ Group") is committed to safeguarding the privacy of information we receive. RISQ Group will collect, use, disclose and store, personal information only in compliance with applicable laws.

RISQ Group will only collect personal information that is needed for it to operate its business activities effectively.

RISQ Group will only use or disclose personal information for the purpose(s) originally explained when the information was collected and for any related purpose that would reasonably be expected by both the individual concerned and RISQ Group.

If you have provided your personal information in connection with a background screen ordered by RISQ Group's client – RISQ Group may use your personal information to perform your background screen for that client. RISQ Group also may disclose your information to certain third parties as necessary to conduct the background screening (such as government agencies, law enforcement bodies, public registries, court or tribunal records, ratings agencies, educational institutions, regulatory and licensing bodies, prior employers and other persons or entities that may provide or verify information about you).

RISQ Group is committed to protecting the personal information that we receive against loss, misuse, and unauthorized access, disclosure, alteration and destruction.

All personal information that is collected and stored by RISQ Group is protected by complex security technologies as well as detailed internal security measures. All databases are protected by secure network links, which are complemented by firewalls, hardware and software encryption, password protection and virus protection. All our staff are rigorously screened and subject to strict confidentiality undertakings.

RISQ Group will take reasonable steps to ensure that the personal information it uses is accurate, complete and up-to-date. If an individual advises RISQ Group that personal information held on them is inaccurate, incomplete or not up to date, RISQ Group will take reasonable steps to update the information accordingly.

A candidate may apply in writing, to the contact details below to obtain details of their personal information which is held by us. RISQ Group reserves the right to levy a reasonable charge to meet the costs of providing access to personal information.

From time to time, we will need to transfer personal information overseas in order to liaise with verification sources. RISQ Group will not transfer personal information overseas without the consent of the individual unless:

The transfer is necessary for the performance of a contract between RISQ Group and the individual, or for the implementation of pre-contractual measures taken in response to the individual's request.The transfer is necessary for the performance or conclusion of a contract between RISQ Group and a third party that is in the interests of the individual concerned.

The transfer is for the benefit of the individual; it is impractical to obtain the individual's consent and, if it was, the individual would be likely to give it.

RISQ Group has taken reasonable steps to satisfy itself that the recipient of the information will manage the information consistent with this policy.

Reading or downloading materials from RISQ Group's website(s) will not identify you personally. Our Web servers automatically collect the domain names or IP address from which you accessed our site, the date and time you accessed each page on our website, the URL of and webpage from which you accessed our site ("the referrer") and the web browser you are using and the RISQ Group web pages you accessed. RISQ Group uses this information to measure the use of and to improve the content of our Web site.

When you elect to contact us with a comment or request for information, we may preserve the details you have input and make it available to the appropriate RISQ Group staff member for the relevant action to be taken.

If RISQ Group uses personal information it holds for direct marketing of its products or services, it will always provide the individual the opportunity at the point of first contact and at any time afterwards at the individuals request to decline receipt of any further marketing information.

RISQ Group may revise this policy from time to time. If there is a material change to this Privacy Policy, we will post the revised policy at this location.

This Privacy Policy covers RISQ Group's web site, and RISQ Group's practices for handling personal information provided to RISQ Group over the Internet by the general public using RISQ Group's publicly available web site. This Policy also covers personal information provided by RISQ Group's clients, and their job applicants and employees (as well as other individuals who have given their written authorization for RISQ Group's clients to conduct a background investigation on them), using RISQ Group's online background screening solution

RISQ Group's web site may provide links to third-party web sites. Please be aware that those third-party web sites are outside of our control and are not covered by this Privacy Policy. If you have questions about how another site uses your information, consult that site's privacy statement.

The Company's information and data will be protected by use of the following measures:

• Ensuring appropriate destruction of RISQ Group SPII* data (cross cut shredding of paper documents and physical destruction or degaussing of electronic media)
• Performing due-diligence checks on employees handling SPII data to help prevent the employment of individuals who have previous convictions such as drug offences, burglary, or fraud-related offenses
• Conducting awareness training for employees or contractors with access to RISQ Group data
• Establishing access controls for electronic access to RISQ Group data that:
• Ensure users only have access to data needed to perform their job function;
• Include user name and password authentication;
• Ensure access of users is revoked immediately upon termination of employee/contractor; and Log and monitor administrative access for inappropriate activities
• Implementing security technology controls such as firewalls, intrusion detection devices and anti-virus software, as appropriate
• Ensuring appropriate levels of protection of RISQ Group data as it is stored or transferred across public networks (e.g., encrypt SPII data (utilizing 128 bit encryption technology) if transferred over public networks)
• Ensuring appropriate physical security controls where RISQ Group data is stored including door locks, monitoring of employee access to buildings and escorting of visitors.
• Establishing procedures to notify RISQ Group immediately of any potential breaches of RISQ Group data.
• Ensuring that laptop computers and other mobile devices containing RISQ Group data are protected by never leaving them unattended or unsecured
• Evaluating any vendors providing Third Party Service Provider with services involving the handling of RISQ Group data to ensure the vendor has implemented adequate information and physical security controls.