TABB INC. has committed to processing all personal data received  in accordance with its Privacy requirements as it applies to personal data relating to Human Resources functions.

To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit: https://www.dataprivacyframework.gov/s/

TABB INC. has certified to the Department of Commerce that it adheres to the Privacy Principles. If there is any conflict between the terms in this privacy policy and the Privacy Principles, the Privacy Principles shall govern. To learn more about the Privacy Principles program, please visit: https://www.dataprivacyframework.gov/s

1. Notice

TABB INC. only conducts pre-employment verifications of a candidate's prior employment and education and may include criminal record research in the appropriate public judicial jurisdiction;. The verifications are conducted only at the request of the potential employer that has gone through the required personally identifiable information privacy vetting process to become a client and after the candidate has signed appropriate employment application authorizations. Our service only confirms the applicant's dates of employment and title provided on the employment application. TABB INC. only provides information developed through the verification to the employer that requested the verification and only after the authorization was obtained from the candidate. TABB INC. does not reuse or resell information developed in previous verifications. By this we mean if a subsequent verification request comes through on the same candidate for the same employer or from another employer requiring verifications, we will conduct a new verification of employment and or education through primary sources. TABB INC. does not resell data obtained during the pre-employment background check process and data is never available to any other entity other than the original employer that requested the verification at the direction of the candidate.

This privacy policy is included in the employee handbook and additional training is conducted during the new employee orientation process to ensure all employees are aware of privacy concerns.

2. Choice

Reports we prepare are only initiated once the consent (“opt in”) of the individual has been obtained by the prospective employer. Personal data is never disclosed to a third party other than a former employer or educational experience completed by the individual. Personal data is never used for a purpose that is materially different from the purpose(s) for which it was originally collected by the prospective employer and authorized by the individual.

TABB INC. never requests, obtains or transfers sensitive personal data such as medical or health information, credit or financial information, current and former addresses, information relating to employment or educational experiences not specifically authorized by the individual, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, information specifying political beliefs, credit or mode of living.

3. Accountability for Onward Transfer

TABB INC. discloses personal data that it collects to its employment screening clients for due diligence or similar purposes. Personal data may be disclosed to service providers to facilitate the employment and education verification process or to lawful requests by public entities including law enforcement agencies. Transfer of personal data will take place within a secure web-based platform.

TABB INC. will:

  • transfer such data only for limited and specified purposes;
  • ascertain that the service provider is obligated to provide at least the same level of privacy protection as is required by the Privacy Principles;
  • take reasonable and appropriate steps to ensure that the service provider effectively processes the personal data transferred in a manner consistent with CARCO’s obligations under the Principles;
  • require the service provider to notify the organization if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the Principles;
  • upon notice, including under (iv), take reasonable and appropriate steps to stop and remediate unauthorized processing; and;
  • provide a summary or a representative copy of the relevant privacy provisions of its contract with that service provider to the Department of Commerce upon request.

4. Security

TABB INC. employs reasonable and appropriate measures to protect personal data from loss, misuse, and unauthorized access, disclosure, alternation, and destruction, taking into account the risks involved in the processing and nature of the personal data as outlined in the FCRA. PII is double encrypted upon the completion of each background investigation.

5. Data Integrity and Purpose Limitation

TABB INC. limits the personal data it collects to information that is relevant for the purposes of processing. Personal data is not collected or processed in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by the individual. TABB INC. takes reasonable steps to ensure that personal data is reliable for its intended use, accurate, complete, and current. TABB INC meets this obligation by complying with FCRA requirements, including a requirement that consumer reporting agencies follow reasonable procedures to ensure maximum possible accuracy.

TABB INC. takes reasonable and appropriate measures to retain personal data only for as long as needed for a legitimate legal or business need to do so, such as customer service, compliance with legal or contractual retention obligations, retention for audit purposes, security and fraud prevention, preservation of legal rights or other reasonable purposes consistent with the purpose of the collection of the information. Personally identifiable information is masked within our reporting system once the verification is completed. TABB INC. will adhere to the Privacy Principles for as long as it retains personal data in reliance upon the Privacy Principles.

6. Access

TABB INC. will provide personal data to an individual that was developed about them and provides a means to request the correction, amendment, or deletion of information that is inaccurate, or has been processed in violation of the Privacy Principles, except where the burden or expense of providing access would be disproportionate to the risks to the individual's privacy in the case in question, or where the rights of persons other than the individual would be violated.

TABB INC.’s services are governed by the FCRA. The FCRA specifies the rights of consumers to obtain a disclosure of the contents of the consumer reporting file. The FCRA also provides consumers with rights to dispute the contents of their file and, if warranted, to have the contents corrected or deleted. Copies of the verification report that is created and the opportunity to dispute inaccurate or incorrect information contained within are conducted under the rights provided in FCRA requirements.

TABB INC. requires that an individual must provide reasonable verification of their identity before we provide access to personal data.

7. Recourse, Enforcement and Liability

In compliance with the Privacy Principles, TABB INC. commits to resolve complaints about our collection or use of your personal information. Inquiries or complaints regarding our Privacy Principles policy should first contact TABB INC. at: info@tabb.net

Complaints will be conducted by our internal dispute resolution team.

TABB INC. internally monitors and assesses our compliance with our Privacy Principles Statement and our Privacy obligations. Under the Privacy Principles, TABB INC. may be liable in the event that a service provider to whom TABB INC. transfers personal data such personal data in a manner inconsistent with the Privacy Principles, unless the organization proves that it is not responsible for the event giving rise to the damage. An individual with an inquiry or complaint may contact us using the mailing or email address below.

TABB INC., 5948 Easton Road, Pipersville, PA 18947 or by email at info@tabb.net.

Individuals that have unresolved privacy, or data use concerns that are not addressed by TABB INC. on a satisfactory basis may contact a US-based third-party dispute resolution provider at no charge at the following website: https://www.dataprivacyframework.gov/s

Individuals also may be able to invoke binding arbitration, under certain circumstances where permitted by the Privacy Principles program, if the individual believes there has been a violation of Privacy Principles requirements that has not been appropriately addressed by TABB INC.

TABB INC.’s compliance with its Privacy Principles obligations also is subject to investigation and enforcement by the U.S. Federal Trade Commission. TABB INC. is required by the Privacy Principles program to respond promptly to inquiries and requests for information from the U.S. Department of Commerce.

8. Public Record and Publicly Available Information

In accordance with Privacy Principles, in cases where TABB INC. discloses public records or publicly available information without combining that information with non‑public information, our general policies on Notice, Choice, and Accountability for Onward Transfer may not apply.

9. Contact Us

If you have any inquiries or complaints regarding this policy or our privacy practices, contact Brian Bodkin by mail at TABB INC., 5948 Easton Road, Pipersville, PA 18947 or by email at info@tabb.net.

10. Affirmative commitment to comply

TABB INC. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.  TABB INC. has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF.  TABB INC. has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/

In compliance with the EU-U.S. DPF and the Swiss-U.S. DPF, [INSERT your organization name] commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the Swiss-U.S. DPF in the context of the employment relationship.

11. Policy changes

TABB INC. reserves right to change their policy from time to time, consistent with the Privacy Principles.