DISA

Privacy Policy

DISA Global Solutions, Inc. (“DISA”) gathers personal data for the purpose of supporting its clients’ (employers’) employment practices, e.g. employee hiring, promoting, and discharging. Initially, personal consumer/employee data is received from the client and is used, in turn, to gather the information required by clients to facilitate their requirements for employment. 

DISA is committed to ensuring and protecting the privacy of our clients’ and consumers/employees. DISA has developed many internal systems and processes to ensure that the integrity and confidentiality of the sensitive information that DISA manages is maintained to the highest degree. 

DISA adopted and adheres to a strong data protection policy and, as an international service provider, is dedicated to the privacy rights of all European consumers/employees and to the European Union’s (“EU”) high standards relating to personal data protection. This same data protection policy and commitment also extends to and includes Switzerland and any and all other countries that are not part of the EU.

DISA hereby states and affirms that in addition to maintaining strict compliance with the Fair Credit Reporting Act (“FCRA”), it strictly adheres to and follows the U.S.-EU and the U.S.-Swiss Safe Harbor Frameworks as set forth by the United States Department of Commerce, at all times, as well as all other applicable U.S. laws and regulations. 

Our policy includes the seven important Safe Harbor principles outlined below. This policy statement applies to all personal information handled by DISA, including data processed manually, through the Internet, or through any other means.

Policy Principles and Guidelines

1. Notice – All European employees, including EU and Swiss employees subject to data gathering procedures conducted by DISA on behalf of its clients will first be notified as to the purpose and intended use of their personal data. This notification process includes instructions on how employees can raise inquiries or complaints regarding their personal data, as well as notification pertaining to disclosures and restrictions regarding how their information is used.

2. Choice – Since DISA maintains strict compliance with the Fair Credit Reporting Act (“FCRA”), all consumers/ employees must first give written consent before their personal data is collected. In keeping with this practice, all European employees, including EU and Swiss employees are first given the option to authorize, in writing, the gathering and use of their personal and private data. 

3. Onward Transfer – All written consents, as described in the above principle of choice, include consent for the consumer/employee to also authorize the release of their personal data to third-parties and/or for it to be used for any purpose other than its original intent. It is DISA’s policy that any third-party to which personal data is disclosed must agree in writing to provide the same level of personal data protection as DISA.

4. Access – In accordance with FCRA guidelines, all consumers/employers for which DISA gathers and handles personal data are given access to that information. They are given the opportunity to request that DISA correct, amend or delete any inaccurate information, and receive instructions on how to facilitate this process.

5. Security – DISA maintains the highest level of data security available. DISA employs the use of a robust mix of best-of-breed, industry recognized security technology. Our website and administrative systems are protected by the Cisco ASA firewall appliance, widely recognized as an industry leader in firewall security and protection. The Cisco ASA firewall appliance, secures our systems by providing best-of-breed fire wall and VPN security services, while the Cisco in-line IPS module provides access control, secure remote access, real-time worm and virus detection and removal, and protects against denial-of-service attacks. DISA’s security controls include monitoring systems to alert if attempts to infiltrate its systems or impact the availability of its website are detected.  

DISA also has a comprehensive security layer built into the system and application architecture. It is impossible to access data without passing through this security layer. This forms an effective barrier against outside intrusion or internal misuse. 

DISA’s facilities are also monitored by an extensive security camera system and all access is controlled by a security badging system.

6. Data Integrity – DISA takes all appropriate and reasonable measures possible to ensure that all data collected is as accurate, reliable, current and complete, and that it is only used for and applied to its original intent and purpose.

7. Enforcement – DISA will use the following systems and measurements to ensure its compliance with all of the Safe Harbor Principles described herein.
a. DISA is certified by the International Standards Organization (“ISO”). As such, it follows and adheres to the quality measures dictated by a strong Quality Management System (“QMS”), as required by ISO. The quality assurance procedures and measurements that the QMS is designed with ensure that DISA follows and complies with the herein described Safe Harbor Principles.
b. DISA’s employees remain highly trained regarding all Safe Harbor Principles. They maintain strict departmental policies and procedures to protect and defend the integrity of DISA’s privacy controls and policies; to ensure that DISA follows all Safe Harbor principles; and to protect the privacy rights of all European consumers/employees, including EU and Swiss consumers/employees to the highest level possible.
c. To facilitate the investigation and resolution of complaints, DISA fully cooperates and complies with any advice or guidelines of the EU Data Protection Authorities (“DPAs”), as well as the Swiss Federal Data Protection and Information Commissioner.

8. Privacy Complaints by European Union and Swiss Citizens: In compliance with the Safe Harbor Principles, DISA commits to resolve complaints about consumers’/ employers’ privacy and our collection or use of that personal information. European Union and Swiss citizens with inquiries or complaints regarding this privacy policy should first contact DISA at:

Sean O’Donnell, Director of Background Screening Services
sean.odonnell@disa.com
DISA Global Solutions, Inc.
12600 Northborough Dr., Suite 300
Houston, Texas 77067
800-752-6432

DISA has further committed to refer unresolved privacy complaints under the Safe Harbor Principles to an independent dispute resolution mechanism, the BBB EU Safe Harbor, operated by the Council of Better Business Bureaus. Any EU or Swiss consumer/employee that does not receive timely acknowledgment of their complaint, or if that complaint is not satisfactorily addressed by DISA, may contact: 

www.bbb.org/us/safe-harbor-complaints

Responsibilities
It is the responsibility of DISA’s V.P./Chief Operations Officer (“VP/COO”) to oversee the internal processes and procedures related to the transmission and handling of all personal data, as well as DISA’s adherence to the herein described Safe Harbor Principles. Any and all questions pertaining to DISA Safe Harbor Data Protection Policy and the transmission to the U.S of the personal data belonging to EU and Swiss consumers/employees should be directed to DISA’s VP/COO at safeharbor@disa.com

Notification of Change
If for any reason DISA has cause to change its privacy policy, it will post those changes on its website at www.disa.com.