EU-U.S. Privacy Shield Policy

TABB INC. Privacy Shield Statement

TABB INC. has committed to processing all personal data received from EU member states and in accordance with its Privacy Shield requirements as it applies to personal data relating to HR functions transferred pursuant to the Privacy Shield. Information about the Privacy Shield is available at

TABB INC complies with applicable U.S. laws including the Fair Credit Reporting Act ("FCRA" 15 U.S.C. §§ 1681 et seq.) and appropriate State FCRA guidelines that offer privacy protections of personal data contained in "consumer reports." In the event of a conflict between this Privacy Shield Privacy Statement and the FCRA or other applicable laws, TABB INC. will comply with its obligations under the FCRA or other applicable US law.

TABB INC. complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. TABB INC. has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit

1. Notice

TABB INC. only conducts pre-employment verifications of a candidate's prior employment and education and may include criminal record research in the appropriate public judicial jurisdiction;. The verifications are conducted only at the request of the potential employer that has gone through the required personally identifiable information privacy vetting process to become a client and after the candidate has signed appropriate employment application authorizations. Our service only confirms the applicant's dates of employment and title provided on the employment application. TABB INC. only provides information developed through the verification to the employer that requested the verification and only after the authorization was obtained from the candidate. TABB INC. does not reuse or resell information developed in previous verifications. By this we mean if a subsequent verification request comes through on the same candidate for the same employer or from another employer requiring verifications, we will conduct a new verification of employment and or education through primary sources. TABB INC. does not resell data obtained during the pre-employment background check process and data is never available to any other entity other than the original employer that requested the verification at the direction of the candidate.

This privacy policy is included in the employee handbook and additional training is conducted during the new employee orientation process to ensure all employees are aware of privacy concerns.

2. Choice

Reports we prepare are only initiated once the consent (“opt in”) of the individual has been obtained by the prospective employer. Personal data is never disclosed to a third party other than a former employer or educational experience completed by the individual. Personal data is never used for a purpose that is materially different from the purpose(s) for which it was originally collected by the prospective employer and authorized by the individual.

TABB INC. never requests, obtains or transfers sensitive personal data such as medical or health information, credit or financial information, current and former addresses, information relating to employment or educational experiences not specifically authorized by the individual, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, information specifying political beliefs, credit or mode of living.

3. Accountability for Onward Transfer

TABB INC. discloses personal data that it collects to its employment screening clients for due diligence or similar purposes. Personal data may be disclosed to service providers to facilitate the employment and education verification process or to lawful requests by public entities including law enforcement agencies. Transfer of personal data will take place within a secure web-based platform.

TABB INC. will:

transfer such data only for limited and specified purposes;
ascertain that the service provider is obligated to provide at least the same level of privacy protection as is required by the Privacy Shield Principles;
take reasonable and appropriate steps to ensure that the service provider effectively processes the personal data transferred in a manner consistent with CARCO’s obligations under the Principles;
require the service provider to notify the organization if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the Principles;
upon notice, including under (iv), take reasonable and appropriate steps to stop and remediate unauthorized processing; and
provide a summary or a representative copy of the relevant privacy provisions of its contract with that service provider to the Department of Commerce upon request.

4. Security

TABB INC. employs reasonable and appropriate measures to protect personal data from loss, misuse, and unauthorized access, disclosure, alternation, and destruction, taking into account the risks involved in the processing and nature of the personal data as outlined in the FCRA.

5. Data Integrity and Purpose Limitation

TABB INC. limits the personal data it collects to information that is relevant for the purposes of processing. Personal data is not collected or processed in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by the individual. TABB INC. takes reasonable steps to ensure that personal data is reliable for its intended use, accurate, complete, and current. TABB INC meets this obligation by complying with FCRA requirements, including a requirement that consumer reporting agencies follow reasonable procedures to ensure maximum possible accuracy.

TABB INC. takes reasonable and appropriate measures to retain personal data only for as long as needed for a legitimate legal or business need to do so, such as customer service, compliance with legal or contractual retention obligations, retention for audit purposes, security and fraud prevention, preservation of legal rights or other reasonable purposes consistent with the purpose of the collection of the information. Personally identifiable information is masked within our reporting system once the verification is completed. TABB INC. will adhere to the Principles for as long as it retains personal data in reliance upon the Privacy Shield.

6. Access

TABB INC. will provide personal data to an individual that was developed about them and provides a means to request the correction, amendment, or deletion of information that is inaccurate, or has been processed in violation of the Principles, except where the burden or expense of providing access would be disproportionate to the risks to the individual's privacy in the case in question, or where the rights of persons other than the individual would be violated.

TABB INC.’s services are governed by the FCRA. The FCRA specifies the rights of consumers to obtain a disclosure of the contents of the consumer reporting file. The FCRA also provides consumers with rights to dispute the contents of their file and, if warranted, to have the contents corrected or deleted. Copies of the verification report that is created and the opportunity to dispute inaccurate or incorrect information contained within are conducted under the rights provided in FCRA requirements.

TABB INC. requires that an individual must provide reasonable verification of their identity before we provide access to personal data.

7. Recourse, Enforcement and Liability

In compliance with the Privacy Shield Principles, TABB INC. commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact TABB INC. at:

Complaints will be conducted by our internal dispute resolution team.

TABB INC. has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EU and Switzerland in the context of the employment relationship.

TABB INC. internally monitors and assesses our compliance with our Privacy Shield Privacy Statement and our Privacy Shield obligations. Under the Privacy Shield Principles, TABB INC. may be liable in the event that a service provider to whom TABB INC. transfers personal data such personal data in a manner inconsistent with the Principles, unless the organization proves that it is not responsible for the event giving rise to the damage. An individual with an inquiry or complaint may contact us using the mailing or email address below.

In compliance with the Privacy Shield Principles, TABB INC. commits to resolve complaints regarding our collection and or use of personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact TABB INC. by mail at: TABB INC., 5948 Easton Road, Pipersville, PA 18947 or by email at

In the case of human resources data from the EU, TABB INC. has agreed to cooperate with a panel of European Data Protection Authorities created for that purpose. In the case of human resources data transferred from Switzerland, TABB INC. has agreed to cooperate with the Swiss Federal Data Protection and Information Commissioner.

Individuals that have unresolved privacy or data use concerns that are not addressed by TABB INC. on a satisfactory basis may contact a US-based third-party dispute resolution provider at no charge at the following website: https://feedback-formwatchdog/request.

Individuals also may be able to invoke binding arbitration, under certain circumstances where permitted by the Privacy Shield program, if the individual believes there has been a violation of Privacy Shield requirements that has not been appropriately addressed by TABB INC.

TABB INC.’s compliance with its Privacy Shield obligations also is subject to investigation and enforcement by the U.S. Federal Trade Commission. TABB INC. is required by the Privacy Shield program to respond promptly to inquiries and requests for information from the U.S. Department of Commerce.

8. Public Record and Publicly Available Information

In accordance with Privacy Shield, in cases where TABB INC. discloses public records or publicly available information from the EU without combining that information with non‑public information, our general policies on Notice, Choice, and Accountability for Onward Transfer may not apply.

9. Contact Us

If you have any inquiries or complaints regarding this policy or our privacy practices, contact Brian Bodkin by mail at TABB INC., 5948 Easton Road, Pipersville, PA 18947 or by email at


TABB INC. reserves right to change their policy from time to time, consistent with the Privacy Shield Principles.