Data Privacy Principles

Fresh Haystack is committed to the responsible use of information and protecting individual privacy rights. Fresh Haystack strives to provide services to businesses, individuals, nonprofit organizations and government agencies that help reduce fraud, mitigate risk, facilitate more informed decisions, and make society safer, in ways that protect individuals’ privacy. We aspire to protect individuals’ privacy through the design of our products, by credentialing, monitoring, and auditing our customers as appropriate, and through other information security safeguards. We also strive to promote transparency through education initiatives, privacy principles and policies, and appropriate opportunities for choice, access, and correction with respect to personal information about individuals.

The Fresh Haystack Data Privacy Principles speak to the personally identifiable information, including sensitive personally identifiable information, collected, maintained, used or disseminated in connection with services offered by Fresh Haystack (meaning Fresh Haystack, a division of Reed Elsevier Inc., Fresh Haystack Risk Solutions Inc., and its or their affiliated companies) (hereinafter referred to individually or collectively as “Fresh Haystack”)).

Fresh Haystack applies these Principles to our domestic U.S. products and services where appropriate. In addition, other uses or disclosures may occur as required by applicable law, such as the Fair Credit Reporting Act and its state analogues (“FCRA”), the Driver’s Privacy Protection Act and its state analogues (“DPPA”), and the Gramm-Leach-Bliley Act (“GLB”). If the law requires or upon request of law enforcement, or, if necessary, to prevent fraud or to protect our company systems, these principles may not apply. Fresh Haystack also, from time to time, may revise our Data Privacy Principles by posting changes on its Web site

Data security is a company imperative. Fresh Haystack strives to protect personally identifiable information that we maintain or disseminate, including through the use of appropriate administrative, physical, and technical safeguards.

Fresh Haystack strives to provide additional safeguards for sensitive personally identifiable information, such as Social Security numbers and driver’s license numbers. Fresh Haystack strives to limit the availability and access to full Social Security Numbers (“SSNs”), Driver’s License Numbers and State Identification Numbers. Fresh Haystack strives to protect the confidentiality of SSNs by limiting access to SSNs to certain legitimate and authorized users, such as: state, local and federal government entities; financial institutions; insurers; employers; creditors; debt collectors and other user types to which Fresh Haystack may decide to provide such access. A limited number of public records may contain SSNs that are already available to the public and, if such public records are accessed through Fresh Haystack services, our services may provide access to such SSNs. Fresh Haystack prohibits the unlawful disclosure of SSNs. Fresh Haystack also takes steps to limit the availability of Driver’s License Numbers (“DLNs”) and state identification card numbers.

Fresh Haystack strives to accurately report information in its products. Fresh Haystack also strives to accurately report information that it receives from its data sources. Fresh Haystack recognizes, however, that reporting errors may occur and offers individuals opportunities, where applicable, to dispute and correct information that we report as discussed further in Principle 9 on Access and Correction.

Fresh Haystack strives to provide additional safeguards for sensitive personally identifiable information, such as Social Security numbers and driver’s license numbers. Fresh Haystack strives to limit the availability and access to full Social Security Numbers (“SSNs”), Driver’s License Numbers and State Identification Numbers. Fresh Haystack strives to protect the confidentiality of SSNs by limiting access to SSNs to certain legitimate and authorized users, such as: state, local and federal government entities; financial institutions; insurers; employers; creditors; debt collectors and other user types to which Fresh Haystack may decide to provide such access. A limited number of public records may contain SSNs that are already available to the public and, if such public records are accessed through Fresh Haystack services, our services may provide access to such SSNs. Fresh Haystack prohibits the unlawful disclosure of SSNs. Fresh Haystack also takes steps to limit the availability of Driver’s License Numbers (“DLNs”) and state identification card numbers.

Fresh Haystack strives to inform its employees, users and the general public about appropriate use of Fresh Haystack products and services. Fresh Haystack strives to inform its users and employees about:

• Privacy and security issues associated with Fresh Haystack information products and services; and
• The responsible use of personally identifiable information.

Fresh Haystack strives to inform the public about:

• The responsible use of personally identifiable information;
• Measures Fresh Haystack has undertaken to enhance privacy; and choices available to individuals regarding information access and the ability to opt-out of certain products and services which utilize personally identifiable information.

Fresh Haystack strives to acquire personally identifiable information from established, reputable sources in the government and private sectors. In support of this Principle, Fresh Haystack takes reasonable steps to assess the reputation and reliability of its private sector data sources before incorporating personally identifiable information from the source into its products and services. Fresh Haystack also strives to obtain assurances from its data suppliers that they have the legal right to license or sell the data to Fresh Haystack.

Fresh Haystack makes its Data Privacy Principles publicly known. Fresh Haystack publicly posts these Data Privacy Principles.

For additional information about the Fresh Haystack Data Privacy Principles, contact the Fresh Haystack Privacy Manager at 1-855-552-2632 or by mailing to:

Privacy Manager
10500 Little Patuxent Pkwy | Suite 620 | Columbia, MD 21044

Fresh Haystack strives to allow individuals the opportunity to opt-out of the dissemination of personally identifiable information from certain Fresh Haystack owned databases used solely for marketing services. We also allow individuals to opt-out of Fresh Haystack’ information products and services as required by law and permitted by Fresh Haystack policy.

Fresh Haystack strives to provide individuals with a central point of contact regarding their questions about Fresh Haystack and its commitment to the responsible use of personally identifiable information. Fresh Haystack strives to inform individuals about the nature of the public records, nonpublic information, and publicly available information that Fresh Haystack makes available in its information products and services. Fresh Haystack also strives, whenever practicable, to provide individuals, upon request, with meaningful opportunities to review personally identifiable information we maintain about them. Fresh Haystack also strives, as appropriate and practicable, to provide opportunities for individuals to dispute and correct information by assisting them in identifying the potential information sources at which corrections should be made. Fresh Haystack strives to direct individuals to the government and private entities that collect and maintain public records and publicly available information to correct any claimed inaccuracies found in that data, and to direct individuals to consumer reporting agencies where such agency is the source of the information about the individual and where the individual seeks to correct claimed inaccuracies found in that data.

Fresh Haystack supports accountability of information industry standards and practices, responsible and effective federal regulation of the data industry, and legislation governing the practices of all data providers. Fresh Haystack also supports industry oversight and active engagement with the privacy community. Fresh Haystack believes that strong privacy and information security protections are vital for an effective and trusted data industry.

Fresh Haystack strives to protect the privacy of personally identifiable information obtained over the Internet and strives to apply our Data Privacy Principles and evolving standards to the online environment.

Fresh Haystack strives to prevent the acquisition of information from its products and services for improper purposes, such as identity theft. Fresh Haystack believes that it is important that individuals who may have had their sensitive personally identifiable information acquired by an unauthorized individual be notified as follows: Where a state law requires notice, Fresh Haystack complies with the law. In those states where notification laws do not exist, Fresh Haystack follows its Information Security Breach Response and Notification Policy, which provides that affected individuals will be notified when sensitive personally identifiable information owned or licensed by Fresh Haystack is acquired by an unauthorized individual and whenever Fresh Haystack has a reasonable basis to believe the breach has resulted in, or there is a significant risk that it will result in, identity theft to the consumer to whom the information relates.

Fresh Haystack will obtain assessments from a qualified, objective, independent third-party, who uses procedures and standards generally accepted in the profession to assess Fresh Haystack’ administrative, technical, and physical safeguards, as appropriate.

Latest Revision: June 2020
Copyright © 2020 CANDA Solutions, LLC