Effective Date: 26 September 2025
1. Coverage
1.1 What this GDPR Privacy Policy Covers
This International Independent Contractor Privacy Policy (“International Contractor Policy”) supplements our Independent Contractor Privacy Policy (“Contractor Policy”) and applies only to our collection, use, storage, disclosure, and otherwise processing of personal information covered by non-US data protection laws. Such laws might include the following:
- General Data Protection Regulation (GDPR);
- United Kingdom Data Protection Act and United Kingdom General Data Protection Regulation (UK DPA and UK GDPR);
- Swiss Federal Act on Data Protection (FADP); and
- Philippines Data Privacy Act (DPA).
Because GDPR, UK GDPR, and FADP are similar, we will refer to each of them “GDPR” in this International Contractor Policy.
1.2 What is Covered Elsewhere
In this International Contractor Policy, we address only matters specific to independent contractors covered by GDPR, DPA, and other international laws and that our Contractor Policy does not already describe. Please see our Contractor Policy to learn more about the following:
- The categories of personal information we process
- Sources of personal information we process; and
- What policies we have on storing personal information
1.3 Checkr as Controller
For much of the personal information we collect from independent contractors, we act as a controller under the GDPR. This means we decide how and why that information is processed. For example, we may process personal information you create or provide in the course of your work, such as data used to optimize our website, handle candidate inquiries, or improve our internal processes.
In some cases, we may also receive personal information in the course of your work that is controlled by another entity, such as the company that directly contracts with you. In those situations, that company will be the controller for that personal information. If you have questions about personal information handled under that company’s controllership, please contact that company directly.
2. Under What Legal Bases We Process Your Personal Information
In most cases, we will process your personal information as necessary for the following lawful bases:
- To perform a contract with you (“Contract”);
- To protect your or someone else’s vital interest (“Vital Interest”); and
- For our legitimate interests in carrying out our business (“Legitimate Interest”).
Under those lawful bases, we process your personal information when acting as a controller for the below purposes.
| Lawful Basis | Purpose |
|---|---|
| Contract | |
| Vital Interest | |
| Legitimate Interest |
Where we listed Legitimate Interest as the lawful basis in the above table, you can find the specific interests we rely on listed below.
| Purpose | Legitimate Interest |
|---|---|
| Creating and maintaining your independent contractor account | Setting up and managing your profile so we can engage you for current and future work and keep your account information updated. |
| Auditing and monitoring of transactions and engagement | Making sure work is performed correctly, detecting irregularities, and maintaining accurate records for quality and compliance purposes. |
| Workplace safety, fraud prevention, security, and protection of property | Protecting people, systems, and property from harm, theft, or misuse and to safeguard confidential information. |
| Business analyses, such as analytics, projections, identifying areas for operational improvement | Understanding how our business is performing, forecasting needs, and finding ways to operate more efficiently. |
| Improving and developing our products and services | Enhancing the quality, usefulness, and reliability of what we offer and could offer and addressing feedback or problems. |
| Complying with applicable laws and regulatory guidance | Meeting our legal obligations under non-EU, EEA, UK, or Swiss law and responding to legal requests. |
3. Necessary Disclosures to Checkr
If you fail to provide certain information when requested, we might not be able to perform the obligations of our contractual relationship with you, such as paying you.
4. Your Rights
Under GDPR, you may have the following rights regarding your personal information:
- Access. You may confirm whether we process personal information about you, request access to that information, and receive details about how we process that information. We may charge a fee for exercising this right if you ask for more than one copy of your personal information.
- Erasure. You may request deletion of your personal information in certain circumstances, such as where you withdraw your consent to processing or where your personal information is no longer needed to fulfill the purpose for which it was processed.
- Rectification. You may request that we correct your personal information if inaccurate or otherwise required by GDPR.
- Restriction. You may restrict our processing of your personal information in certain instances, such as where you have disputed the accuracy of your personal information we hold or where you object to our processing of your personal information for a Legitimate Interest. In the latter case, we will restrict the processing of your information while we determine whether we may continue processing the information under compelling legitimate grounds or as necessary to establish, exercise, or defend a legal claim.
- Portability. You may request to receive your personal information in a structured, commonly used, and machine readable format and, where permitted by GDPR, to have it transferred to someone else. This right applies only where you have provided us with the personal information and we relied on your consent or the performance of a contract with you to justify our processing of that information.
For each of these rights, we may charge a fee or refuse your request if it is manifestly unfounded or excessive.
Additionally, you have the right to object to our processing of your personal information under the Legitimate Interest lawful basis or for direct marketing. In the former case, we may continue processing your personal information if we determine we have compelling legitimate grounds to do so or if necessary to establish, exercise, or defend a legal claim.
5. Automated Decision Making
We do not use any automated decisionmaking technologies or algorithms that affect your legal rights in processing your personal information, as regulated by GDPR. That said, if you are employed by a company providing services to Checkr, that company might use such technologies to make a decision about you. These processes would be separate from any in which we are involved. Please contact that company if you have questions about its use of automated decision making.
6. International Transfers
6.1 Possibility of International Transfers
As a global company, Checkr has affiliates and customers around the world. As a result, Checkr may transfer your personal information to countries outside your home country, including to countries whose privacy laws might not offer the same level of personal information protection as your own. Such countries could include the United States, Chile, Canada, Colombia, the Philippines, and Romania.
6.2 What Safeguards We Have for These Transfers
When we transfer your personal information to countries outside the EEA, Switzerland, or the UK, we use certain legal mechanisms that are required or permitted under GDPR or similar laws. These mechanisms include the following:
| Mechanism | Description |
|---|---|
| Adequacy Decisions | We may transfer your personal information to countries that the European Commission or relevant governmental authorities have determined offer an adequate level of data protection. You can read the full list of countries with adequacy decisions on the European Commission’s website. To that end, for transfers to the United States, Checkr participates in the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework. You can learn more about our participation here. Under these frameworks, when we transfer your personal information to the United States, the GDPR will treat that transfer as if it were made to a country with adequate protection. |
| Standard Contractual Clauses | We use standard contractual clauses approved by the European Commission and other relevant authorities. These clauses help ensure that your personal information remains protected during international transfers in accordance with the GDPR. If you would like a copy of Checkr’s standard contractual clauses or have any questions about them, you may contact us at dpo@checkr.com. |
| Derogations | In limited circumstances, we may use other legal ways under GDPR to transfer your personal information. For example, we may transfer your personal information if you have given explicit consent or where the transfer is otherwise permitted or required by law. |
7. Questions and Complaints
If you have a question or complaint about Checkr’s privacy practices, you can contact us at dpo@checkr.com.
You may also contact the following data protection authorities if you have a complaint about Checkr’s privacy practices:
- UK Information Commissioner’s Office
- Swiss Federal Data Protection and Information Commissioner
- If you live in the EU or EEA, the data protection authority in your home country.
You can visit the European Data Protection Board’s website for a list of EU and EEA data protection authorities and their contact details. For those in other countries, such as the Philippines, you can contact your country's data protection authority.
In any case, before complaining to a data protection authority, we would be grateful if you contacted us first so we can try to resolve your complaint for you.