Our Commitment to Privacy
Group Family of Companies includes Kreller Business Information Group, Inc.
(dba Kreller Group), Kreller Solutions, Inc. (dba Kreller Credit) and The
Kreller Consulting Group, Inc. As a global company which conducts business in
the electronic marketplace, we believe that it is our responsibility to set
industry‐leading standards in our approach to the protection of Personal
Information. Not only do we strive to collect, use and disclose Personal
Information in a manner consistent with the laws of the countries in which we
do business, but we also aim to uphold the highest ethical standards in our
business practices. We comply with the Fair Credit Reporting Act (FCRA) and all
federal, state and country‐specific legal requirements.
Kreller complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S.
Privacy Shield Framework as set forth by the U.S. Department of Commerce
regarding the collection, use, and retention of personal information
transferred from the European Union and Switzerland to the United States,
respectively. Kreller has certified to the Department of Commerce that it
adheres to the Privacy Shield Principles. If there is any conflict between the
Shield Principles shall govern. To learn more about the Privacy Shield program,
and to view our certification, please visit https://www.privacyshield.gov/.
part of our commitment to privacy, Kreller complies with the principles of the
EU General Protection Regulation (‘GDPR’) in respect of any personal data we
process either in our own right or on behalf of our clients.
of Terms Used
Information” means information that is transferred from the EU or Switzerland
to the U.S.; is recorded in any form; and pertains to a specific individual or
can be used to identify an individual, either directly or indirectly.
“Sensitive Personal Information” means Personal Information specifying medical
or health conditions, racial or ethnic origin, political opinions or
philosophical beliefs, trade union memberships or information concerning the
sex life of the individual.
“Agent” means any third party that uses Personal Information provided by
Kreller to perform tasks on behalf of or at the instruction of Kreller and who
is bound by a Confidentiality Agreement.
“Processing” of Personal Information means any operation or set of operations
which is performed upon personal data, whether or not by automatic means, such
as collection, recording, organization, storage, adaptation or alteration,
retrieval, consultation, use, disclosure by transmission, dissemination or
otherwise making available, alignment or combination, blocking, erasure or
Choice & Accountability for Onward Transfer
not collect Personal Information about individuals through its websites except
when such individuals specifically provide such information on a voluntary
basis such as through our subscription registration for news or blog updates, a
request for samples or Whitepapers, employment submissions via the website or
via an email sent to us through our website.
by a website you visit that is stored on your computer either temporarily or
permanently. Cookies do not store Personal Information about you, unless you
knowingly provide it. Cookies provide a way for the website to recognize you
and keep track of your preferences. For example, cookies allow our websites to
recognize your browser as a previous visitor, and thus save and remember any
preferences that may have been set while you were previously browsing our
to accept cookies by default. If you prefer, you can choose to set your browser
to remove cookies and to reject cookies. If you choose to remove cookies or
reject cookies, this could affect your Internet experience, disabling certain
functions. You can also erase cookies that are already on your computer.
Currently, various browsers offer a “do not track” or “DNT” option that relies
on a technology known as a DNT header, which sends a signal to websites visited
by the user about the user's browser DNT preference setting. At this time,
Kreller does not respond to DNT signals, whether that signal is received on a
computer or on a mobile device. It should be noted that if you click on a link
to a third party website or service provided on our website, a third party may
by any third parties, and we aren’t responsible for their privacy policies and
practices. Please be aware that cookies placed by third parties may continue to
track your activities online even after you have left our Services, and those
third parties may not honor “Do Not Track” requests you have set using your browser
Kreller enters into agreements with client organizations that provide us with
individuals’ Personal Information in order for us to provide investigative or
business credit services in a manner consistent with, and limited to the
purpose for which the data subject provided their Personal Information. Kreller
is committed to safeguarding our client confidences, including any Personal
Information received from or about our clients or from or about their third
party business associates, including information which is hosted on KOL
(Kreller’s risk management system) and Kreller’s Case Management System.
Kreller will not share Personal Information with third parties for purposes
other than those in support of Kreller’s business operations and as necessary
to facilitate the purpose for which it was provided. Kreller personnel, third
party agents and third party administrators are required to treat this
information confidentially and to use and disclose it only to provide the
services for which Kreller was retained. Accordingly, Kreller has in place
written agreements with client organizations using our services, as well as our
third party agents and administrators which require, amongst other things, that
parties safeguard Personal Information, abide by all applicable laws, as well
as have a permissible basis for the onward transfer of Personal Information
from the EU, EEA or Switzerland to the United States. Except as set forth in
this privacy statement, Kreller does not disclose Personal Information received
from its clients to third parties without its clients’ consent. To the extent
permitted by Privacy Shield, the FCRA and other applicable laws, Kreller
reserves the right to process Personal Information in the course of our
internal business operation without the knowledge of the individuals involved.
Kreller does not provide Personal Information to third parties for their
marketing purposes. In cases of onward transfer to third parties of data of EU
individuals received pursuant to the EU-US Privacy Shield, Kreller is
Kreller will offer individuals the opportunity to choose (opt out) whether
their Personal Information is (a) to be disclosed to a non-Agent or non-third
party administrator or (c) to be used for a purpose other than the purpose for
which it was originally collected or subsequently authorized by the individual.
For Sensitive Personal Information, we will give individuals the opportunity to
affirmatively and explicitly (opt in) consent to the disclosure of the information
to a non-Agent third party or non-third party administrator or the use of the
information for a purpose other than the purpose for which it was originally
collected or subsequently authorized by the individual.
In the event you decide that you want to opt out from Kreller’s use of your
Personal Information that you previously provided to Kreller, notify us by
email at: email@example.com.
We may also be required to disclose your Personal Information in response to
lawful requests by public authorities having jurisdiction over Kreller,
including to meet national security or law enforcement requirements. We may
also use or disclose your Personal Information if necessary to protect and
defend the rights or interest of Kreller or others.
Kreller may, as a result of a sale, merger, consolidation, change in control,
transfer of assets, reorganization or liquidation of our company, transfer,
sell or assign your Personal Information to third parties involved in the
Data Integrity and Purpose Limitation
combines technical and physical safeguards with employee policies and
procedures to protect your Personal Information from loss, misuse, unauthorized
access, disclosure, alteration and destruction. Kreller employs Secure Socket
Layer (SSL) data encryption when data is transmitted over the Internet to our
Website. We have installed layered firewalls and other security technologies to
help prevent unauthorized access to our systems. The servers used to store
Personal Information are maintained in a secure environment with appropriate
security measures. Password protection protocols are utilized on all computers.
Furthermore, only employees and agents who need the information to perform a
specific job are granted access to Personal Information and all employees and
agents undergo a thorough background screening and/or vetting process and are
trained to ensure that information is handled responsibly and in accordance to
Kreller will use your Personal Information only in a manner that is compatible
with the purpose for which it was collected or authorized by the individual.
Kreller will take commercially reasonable measures to ensure that Personal
Information is accurate, complete, current, and otherwise reliable with regard
to its intended use. Data will be retained only for as long as it serves its
relevant purpose and in consideration of correlated compliance and legal
acknowledges that EU individuals have the right to access the personal
information that we maintain about them. Upon request, and with proof of
identity, we will grant individuals reasonable access to their Personal
Information that Kreller holds about them in response to a lawful request by
public authorities having jurisdiction over Kreller. Under such circumstances,
Kreller will allow individuals to correct, amend, or delete that information
that is demonstrated to be inaccurate or incomplete except where providing such
access would be unreasonably burdensome or expensive in the circumstances or
where the rights of persons other than the individual would be violated as a
result. Additionally, access to Personal Information will be granted under the
terms of the Fair Credit Reporting Act when information is processed or
obtained related to a request which qualifies under the Fair Credit Reporting
Act. Although we make every effort to ensure that the data we collect and store
about you is as accurate as possible, we cannot guarantee that third parties
are accurate in information that they transmit and therefore we are not
responsible for the accuracy of the data that may be supplied by any
third-party sources of information or our clients.
Enforcement and Liability
subject to the investigatory and enforcement powers of the Federal Trade
Commission in connection with the processing of your Personal Information under
the Privacy Shield Framework.
In compliance with the EU-US and Swiss-US Privacy Shield Principles, Kreller is
committed to resolve complaints about your privacy and our collection and/or
use of your Personal Information. European Union or Swiss individuals with
Privacy Officer, Harvey Rosen, at firstname.lastname@example.org.
Resolution for EU and Swiss Individuals
further committed to refer unresolved privacy complaints under the EU-US and
Swiss-US Privacy Shield Principles to BBB EU PRIVACY SHIELD, a non-profit
alternative dispute resolution provider located in the United States and
operated by the Council of Better Business Bureaus.
If you do not receive timely acknowledgment of your complaint, or if your complaint
is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a
Please note that if your complaint is not resolved through the above channels,
under limited circumstances, a binding arbitration option may be available
before a Privacy Shield Panel.
EU General Data Protection Regulation
section only applies if you reside in the European Union or European Economic
Kreller Business Information Group, Inc. provides
comprehensive business investigative services to help clients mitigate risk and
maintain their stock value and corporate reputation.
As a global company which conducts business in the
electronic marketplace, we believe it is our responsibility to set
industry-leading standards in our approach to the protection of your personal
data. Not only do we strive to collect,
use and disclose information in a manner consistent with the laws of the
countries in which we do business, but we also aim to uphold the highest
ethical standards in all our business practices.
In the context of both Kreller and our clients
complying with GDPR in relation to personal data relating to people in the EU /
EEA , this section explains:
- What information we collect and why
- How we use the information
- What choices you have with respect to the information
What information do we collect?
“Personal information” is any information that can
be used to identify you or that we can link to you.
We may collect and process personal information
about you in the course of our business:
- through your use of our website;
- if you apply for employment or become employed by us;
- if you are a supplier/partner;
- if you are a client;
- when we are engaged for investigative services;
- when we are engaged for our 3rd party compliance platform
- as a result of your relationship with one or more of our staff or
The following personal information may be collected
information: your name, position, role, company or
organization, telephone, email and postal address;
information: data identifying you in relation to matters
on which you instruct us or in which you are involved;
- Your logon ID
and password: for access to
Kreller’s KOL platform;
data: contact details and other information about
you or your company or organization where you provide products or services
- Social media: posts, Likes, tweets and other interactions with our social media
information: when you visit our website and other
platforms—information collected through cookies and other tracking
technologies such as IP address, URL, browser type and version, time zone
setting, traffic data, location data, browser plug-in types and versions,
operating system you are using, device type, hardware model, unique
identifiers and mobile network information, web logs, and the resources that
- Information from
public sources: such as LinkedIn and
other professional networks, online directories, internet publications,
- Identity data: first name, maiden name, last name, username, marital status,
title, date of birth, ID number, photograph, gender, etc.
- In relation to
candidates and employees: CV/resume,
certifications, licenses, references, education, criminal record, driver
record, employment history
- In connection
with investigative services: where this is
necessary to conduct the investigation or services;
- In connection
with our 3rd party compliance platform services: where this is necessary for our clients to manage their 3rd
party compliance including completion and storage of questionnaires,
screening through our sanction and watch lists database and management of
anti-bribery training data;
categories of personal data: information on
membership in political parties and trade unions and media reports
regarding political candidacy, political positions held or membership in
trade unions, specifically as it relates to being a Politically Exposed
Person or having political or other types of influence;
- Criminal record
data: where permitted by national law and
appropriate to do so
The legal basis for processing
your personal information
Kreller and its clients may process your information
- Processing is necessary for the performance of a contract with you
or to take steps to enter into a contract
- You have given explicit permission (consent) to do so
- Processing is necessary for compliance with a legal or regulatory
- Processing is necessary in order to protect your vital interests or
those of another person
- Processing is necessary for our legitimate interest or a third
party's legitimate interest in carrying out business
The following are examples of how we and our clients
may use your personal information:
- Providing investigative services such as: 3rd party
anti-bribery due diligence, pre-M&A and JV due diligence, litigation
support, pre-charitable contributions due diligence, franchise due
diligence, conflict of interest investigations, and ethics investigations;
- Providing our 3rd party compliance platform services;
- Managing our business and relationship with you or your company or
- Understanding and responding to inquiries and client feedback;
- Understanding how our clients use our services and websites;
- Improving our services and offerings;
- Ensuring our systems and premises are secure;
- Managing our supply chain;
- Direct marketing; and
- Fraud prevention
Where does the information we
collect come from?
Personal information may be provided to us by you,
your employer, a company or organization who is our client or our
Information may come from:
- Information you provide to us - such as contact details that you
provide when you request sample reports or request other services or when
you respond to our communications or apply for a job
- Information we may collect automatically-such as browser cookies and
- Information we collect from other sources, for example, we may
receive your personal information on a questionnaire provided by our
client in connection with our provision of investigative services and/or
client management platform services or we may obtain your personal data
from information held in the public domain such as at a corporate registry
Your rights about your personal
Under certain circumstances, and subject to local
law, you may have the following rights under data protection laws with relation
to the personal data we and our clients hold about you:
In summary, those include the:
- Right to be informed - you have the right to be informed about the collection and use of
your personal data
- Right of access – you have the
right to request a copy of the information that we hold about you.
- Right of rectification – you have a
right to correct data that we hold about you that is inaccurate or
- Right to erasure – in certain
circumstances, you can ask for the data we hold about you to be erased
from our records.
- Right to restrict processing –
where certain conditions apply, you have the right to restrict the
- Right to data portability – you have the
right to have the data we hold about you transferred to another
- Right to object – you have the
right to object to certain types of processing such as direct marketing.
- Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects
of automated processing or profiling.
- Right to withdraw consent–if we rely on your
consent as our legal basis for processing your personal information, you
have the right to withdraw that consent at any time.
- Right to complain –If you are not
satisfied with our use of your personal information or our response to any
request by you to exercise your data protection rights, or if you think
that we have breached any relevant data protection laws, then you have the
right to complain to the authority that supervises our processing of your
Sharing your personal
Kreller will not share any personal information with
third parties unless required by law, required to enable the fulfilment of the
purpose for which the personal information was originally supplied or as
otherwise set out in this policy. We may
share certain types of personal data with our affiliated companies, but only
the management and security of your personal information. Lastly, we may permit select third parties to
access your personal information for the purposes outlined in this privacy
policy. Kreller remains liable to you in
respect of our obligations concerning your personal data in cases of onward
transfers to third parties. Any transfer of your personal information will be
compliant with applicable data protection law.
In submitting personal information to our website,
the user is giving explicit consent for such usage. In the circumstances of a merger or sale of
part or all of our business, personal information held by us will be one of the
Protection and storage of the
information we collect
We use a combination of administrative, technical,
personnel and physical measures designed to comply with applicable legal
requirements to safeguard the Personal Data in our possession against
accidental, unlawful or unauthorized loss, use, access, disclosure or
modification. In addition, we limit access to your personal data to those
employees, agents, contractors and other third parties who have a business need
to know such data. They will only process your personal data on our
instructions and they are subject to a duty of confidentiality. Although we
will do our best to protect your personal information, we cannot guarantee the
absolute security of your personal information and any transmission is at your
own risk. Once we receive your personal information, we use strict procedures
and security features to try to prevent unauthorized access. We have put in
place procedures to deal with any suspected personal data breach and will
notify you and any applicable regulator of a breach where we are legally
required to do so.
We will retain your Personal Data for the period
longer retention period is required or allowed by law.
International data transfers
We are headquartered in the United States and we
will process your personal information in the United States. Your personal information will be transferred
to and stored in the United States. When
we transfer personal information outside the European Union (EU) or the
European Economic Area (EEA), we will implement appropriate and suitable
safeguards to ensure that such data will be protected as required by applicable
data protection law. Our Privacy Shield certification confirms this.
How can you contact us?
Kreller Business Information Group, Inc.
(Kreller) is registered in the state of
Ohio, USA under Charter Number 801410.
If as an EU / EEA resident you have any questions
contact us at:
Kreller Business Information Group, Inc.
817 Main Street, Suite 300
Cincinnati, OH 45202 USA
Phone: +1 513-723-8900
may contain links to third party sites which operate independently of Kreller.
We provide these links merely as a convenience and the inclusion of such links
does not necessarily imply an endorsement or warranty of those links or their
associated websites. These sites have established their own privacy and
security policies. For the best online experience, we encourage you to review
these policies before submitting any Personal Information through these sites.
Online Privacy Protection Rule (COPPA)
not knowingly collect information from children under the age of 13 and does
not target its websites to children under 13. Please contact us at email@example.com if you believe we have inadvertently
collected Personal Information of a child under 13 without proper parental
consents so that we may delete such data as soon as possible.
Online Privacy Protection Act (CalOPPA)
the first state law in the nation to require commercial websites and online
California to require a person or company in the United States (and conceivably
the world) that operates websites collecting personally identifiable
its website stating exactly the information being collected and those
individuals with whom it is being shared, and to comply with this policy. Learn
more about CalOPPA at the Consumer Federation of California’s website.
In compliance with CalOPPA, we certify to the following:
word “privacy,” and can easily be found on this page.
changes by re-visiting this web page.
- Users are able to change their Personal
Information by emailing us.
However, if we change how we use your Personal Information, we will post the
policy change notification on the website and we will update this Privacy
for the latest information on our privacy and security policies.
If you have
any concerns regarding the collection and use of your Personal Information or
any other privacy matters, please contact us at:
The Kreller Group Family of Companies
817 Main Street, Suite 700
Cincinnati, Ohio 45202
The foregoing policy is effective as of 25 May 2018.