the processing of your personal information when you make contact with us or use one of
2016/679 (“GDPR”) and any EU national laws implementing or supplementing the same
(the “Data Privacy Laws”).
2. About us and our privacy commitment
2.1. The iCOVER Group (“iCOVER” or “We”) is specialized in international verification services
under the brands “iCOVER” and “Square Facts”, is headquartered in France and operates
through a number of legal entities around the world in order to provide its clients
background screening, due diligence and compliance services on behalf of our clients
(“Services”) through a Service Agreement or Terms of Services agreed upon between
iCOVER and you (“Service Agreement”).
2.2. We are firmly committed to respect your right to privacy and take seriously our
responsibilities in relation to the processing of personal information. We do not collect or
process personal information unnecessarily and we do not solicit or receive information
relation to the processing of your personal information in the course of using our services.
The Policy also outlines the basis on which any personal information, we collect from you
or that you provide to us, will be processed in connection with your use of our services.
3. What information do we collect?
3.1. The Policy is primarily related to personal information collected and processed in order to
operate our business.
3.2. We may collect personal information from you in the course of our business, including
through your use of our website, when you contact or request information from us, when
you engage our team to provide Services.
3.3. We collect information as name and contact details in order to communicate and facilitate
the provision of our services with our clients, potential clients or suppliers. Initial
information about you can be provided by the company you are working for. You may
provide us information by using our services or by corresponding with us by phone, e-mail
or otherwise. Other occasions during which you provide us information is when searching
for a product, place an order, report a problem or engage with any other form of
communication with us. We may collect information to respond to inquiries regarding our
products and services or to provide you with information, reports, or updates.
3.4. When you visit our website or use our platforms, we may collect, as a data controller,
information about your visit such as your IP address, login information, browser type, time
zone setting and the pages you visited and when you use our Services we may collect
information on how you use those services. Our websites and online platforms may use
cookies from time to time. Cookies may be used to save your personal preferences so you
do not have to re-enter them each time you access our services. For more about our use of
3.5. In the course of providing our Services to our clients, they engage us on a wide range of
matters to help them mitigate risk such as conducting due diligence on a potential partner,
employee or client through reports.
3.5.1. The personal information we process in the performance of Services for and on behalf
of our clients, as a data processor, includes but is not limited to any information
relating to an identified or identifiable individual (“Data Subject”), for example, the
individual’s name, contact information, education information, work history,
directorships, financial information, as well as, where necessary, data concerning
criminal convictions and offences. We treat all such information within the strict
confines of the GDPR.
3.5.2. The lawful bases for such data processing are defined by our client in their privacy
policy or another document and will vary depending on the nature of the information
and the project. Prior to ordering, iCOVER’s client has assessed the necessity,
permissibility, and relevance of the service prior to ordering. iCOVER’s client warrants
to iCOVER that: (1) the personal data is processed in a lawful, fair and transparent
manner in relation to the data subject; (2) the personal data is collected for specified,
explicit and legitimate purposes and not further processed in a manner that is
incompatible with those purposes; (3) the personal data is adequate, relevant, and
limited to what is necessary for the purposes for which it is processed; and (4) if
applicable after seeking appropriate legal advice, information notice or authorization
form or any other mandatory document, has been duly provided to/required from the
3.5.3. iCOVER warrants the legality of the access to the information expected to be verified
and defines the scope. iCOVER does not guarantee compliant use of the data in this
report by the client. iCOVER has used its professional care and diligence to verify
information against authorized public and/or private sources. iCOVER cannot be held
responsible for the content provided by the sources. iCOVER cannot certify that no
change has occurred since the preparation of the report.
4. What we do with your information?
4.1. We will only process personal information when the law allows us to.
4.2. We may use your information for the following purposes: Fulfilment of Services, Client
services, Business administration and legal compliance or Recruitment:
4.2.1. Where we process your personal information to register you as a customer/user,
accept your orders, deliver Services to you, collect our fees; we do so on the basis
that it is necessary to perform our obligations under contract with you or a
company you work for. It may also be necessary to comply with certain legal
4.2.2. Where we process your personal information to send you newsletters, respond
to your questions, improve the contents of our website and marketing efforts,
conduct research and analysis and display content based on your interests; we
do so on the basis that it is necessary for our legitimate business interests. These
interests include the interests of ensuring our clients receive premium service,
growing our business to best satisfy changing market needs, and ensuring
continual improvements to our Services.
4.2.3. Where we process your personal information for business administration and
legal compliance, we comply with our legal obligations (including Know Your
Client and Anti-Money Laundering or similar obligations), to enforce our legal
rights, in connection with a business transaction; we do so on the basis that we
have a legal obligation to do so.
4.2.4. Where we process your personal information for recruitment purposes to assess
your suitability for any position for which you may apply at iCOVER whether such
application has been received by us online, via email or by hard copy or an in-
person application; we do so in connection with us taking steps at your request
to enter a contract we may have with you or it is in our legitimate interest to use
personal information in such a way to ensure that we can make the best
recruitment decisions for iCOVER. We will not process any special category data
except where we are able to do so under applicable legislation. You may request
at any point of the recruitment process iCOVER’s background screening policy.
4.3. We will only use your personal information for the purposes for which we collected it,
unless we reasonably consider that we need to use it for another reason and that reason is
compatible with the original purpose. If we need to use your personal information for an
unrelated purpose, we will notify you and we will explain the legal basis which allows us to
do so. Please note that we may process your personal information without your knowledge
or consent, in compliance with this Policy, where this is required or permitted by law.
5. Disclosure of your information
5.1. We only share your personal information with your consent or in accordance with this
Policy. We will not otherwise share, sell or distribute any of the information you provide to
us except as described in this notice.
5.2. We may disclose information to any department or authorized person within our company
or any affiliated company within iCOVER and selected third-parties only in the
circumstances where it is necessary and the supplier has agreed to the same standards and
terms of privacy as set out in the Policy.
5.3. iCOVER is a global corporation and any information that we collect or that you
provide to us may be shared and processed by any iCOVER entity and affiliated. You
can find out more about the iCOVER entities and locations in Appendix 1.
5.4. We may also share personal information with a variety of the following categories of
third parties as necessary:
5.4.1. Professional advisers such as lawyers and accountants.
5.4.2. Government or regulatory authorities.
5.4.3. Professional indemnity or other relevant insurers.
5.4.4. Regulators/tax authorities/corporate registries.
5.4.5. Third parties to whom we outsource certain services such as, without limitation,
translation services, confidential waste disposal.
5.4.6. Third parties engaged in the course of the services we provide to clients such as
5.4.7. Third party service providers to assist us with client insight analytics, such as
5.5. A list is provided in Appendix 1, there may be other examples where we need to share
with other parties in order to provide the Services as effectively as we can.
5.6. We will disclose your personal information to third-party recipients in the event that we sell
or buy any business or assets, in which case we will disclose your personal information to
the prospective seller or buyer of our business or assets or if we are under a duty to disclose
or share your personal information in order to comply with any law, legal obligation or
6. International transfers
6.1. In order to provide the Services we may need to transfer your personal information to
locations outside the jurisdiction in which you provide it.
6.2. If you are based within the European Economic Area (EEA), please note that where
necessary to deliver the Services we will transfer personal information to countries outside
the EEA (including to the United States, Mexico, Tunisia, India).
6.3. All iCOVER entities have signed a data sharing agreement which is based on the EU
standard contractual clauses to ensure we will comply with our legal and regulatory
obligations in relation to personal information, including having a lawful basis for
transferring personal information and putting appropriate safeguards in place to ensure an
adequate level of protection for the personal information.
7. How long we keep your personal information for?
7.1. We will only retain your personal information for as long as necessary to fulfil the purposes
we collected it for, including for the purposes of satisfying any legal, accounting, or
reporting requirements. The period of time for which we store your personal information
may depend on the type of information we hold.
7.2. To determine the appropriate retention period for personal information, we consider the
amount, nature, and sensitivity of the personal information, the potential risk of harm from
unauthorised use or disclosure of your personal information, the purposes for which we
process your personal information and whether we can achieve those purposes through
other means, and the applicable legal requirements. For example, we may hold personal
data as needed for our accounting or tax compliance purposes or where needed for our
compliance with anti-money laundering regulations in accordance with the respective
7.3. For Data Subjects, we store their personal information for as long as the data controller
(our client) has instructed us to in the Service Agreement.
8. Security measures
8.1. We use accepted standards of physical and technical measures and require our hosting
partners to use the same standard of care in order to protect personal information. Despite
our best effort to protect personal information, the transmission of information via the
internet is not completely secure. Once we have received your information, we will use
strict procedures and security features to try to prevent unauthorized access.
8.2. You will find an excerpt of our security measures in Appendix 2.
9. Your rights
9.1. You have the following rights in relation to the personal information we hold about you:
9.1.1. Your right of access: If you ask us, we’ll confirm whether we’re processing your
personal information and, if necessary, provide you with a copy of that personal
information (along with certain other details). If you require additional copies, we may
need to charge a reasonable fee.
9.1.2. Your right to rectification: If the personal information we hold about you is inaccurate
or incomplete, you are entitled to request to have it rectified. If you are entitled to
rectification and if we’ve shared your personal information with others, we’ll let them
know about the rectification where possible. If you ask us, where possible and lawful
to do so, we’ll also tell you who we’ve shared your personal information with so that
you can contact them directly.
9.1.3. Your right to erasure: You can ask us to delete or remove your personal information in
some circumstances such as where we no longer need it or if you withdraw your
consent (where applicable). If you are entitled to erasure and if we’ve shared your
personal information with others, we’ll let them know about the erasure where
possible. If you ask us, where it is possible and lawful for us to do so, we’ll also tell you
who we’ve shared your personal information with so that you can contact them
9.1.4. Your right to restrict processing: You can ask us to ‘block’ or suppress the processing
of your personal information in certain circumstances, such as where you contest the
accuracy of that personal information or you object to us. If you are entitled to
restriction and if we’ve shared your personal information with others, we’ll let them
know about the restriction where it is possible for us to do so. If you ask us, where it is
possible and lawful for us to do so, we’ll also tell you who we’ve shared your personal
information with so that you can contact them directly.
9.1.5. Your right to data portability: You have the right, in certain circumstances, to obtain
personal information you’ve provided us with (in a structured, commonly used and
machine readable format) and to reuse it elsewhere or to ask us to transfer this to a
third party of your choice.
9.1.6. Your right to object: You can ask us to stop processing your personal information, and
we will do so, if we are: (i) relying on our own or someone else’s legitimate interests to
process your personal information, except if we can demonstrate compelling legal
grounds for the processing; or (ii) processing your personal information for direct
9.1.7. Your right to withdraw consent: If we rely on your consent (or explicit consent) as our
legal basis for processing your personal information, you have the right to withdraw
that consent at any time.
9.1.8. Your right to lodge a complaint with the supervisory authority: If you have a concern
about any aspect of our privacy practices, including the way we’ve handled your
personal information, you can report it to the relevant Supervisory Authority.
9.2. Please note that some of these rights may be limited where we have an overriding interest
or legal obligation to continue to process the data.
10. Third party material
10.1.The website and/or Services may contain links to other sites whose information
practices may be different than ours. Visitors should consult the other sites’ privacy notices
as iCOVER has no control over information that is submitted to, or collected by, these third
11. Changes to this policy
11.1.Any changes made to this Policy from time to time will be published at the Platform.
Any material or other change to the data processing operations described in this Policy
which is relevant to or impacts on you or your personal data will be notified to you. In this
way, you will have an opportunity to consider the nature and impact of the change and
exercise your rights under the GDPR in relation to that change (e.g., to withdraw consent or
to object to the processing) as you see fit.
of your information, please contact iCOVER – Data Protection Office – 1rue de la Bourse,
75002 Paris or firstname.lastname@example.org.
12.2.For further information on the protection of personal data, you can consult the
website of the Commission Informatique et Liberté, www.cnil.fr.
Effective date: 1 May 2023
Appendix 1 – List of sub-processors that may have access to your personal data
● (BULGARIA) ICOVER SERVICES EOOD
● (MEXICO) I-COVER SCREENING MX SA DE CV
● (INDIA) ICOVER INDIA INFORMATION AND SERVICES PRIVATE LIMITED
● (SWITZERLAND) I COVER SWITZERLAND SARL
● (TUNISIA) ICOVER SARL
● (UNITED STATES) ICOVER INC.
● (UNITED KINGDOM) I-COVER (SCREENING) LIMITED
● (FRANCE) SQUARE FACTS SAS
● (BULGARIA) SQUARE FACTS
● (MOROCCO) SQUARE FACTS SARL
● Microsoft (Working tool)
● Google workspace (Working tool)
● Zoom (Communication platform)
● Atlassian (Jira, Confluence)
● Eurecia (HR services)
● Figma (Working tool)
● Monday.com (Working tool)
● Adobe (Working tool)
● Amazon webservice (hosting system)
● OVH (hosting system)
● Hetzner (hosting system)
● Online.net (hosting system)
● Slack (Communication platform)
● Zoho (Customer management)
Appendix 2 – Security measures
●ISO 27001 certified Information Security Program. iCOVER has developed and implemented
a comprehensive security program that includes reasonable administrative, technical, and
physical safeguards, which are reasonably designed to protect: the security and
confidentiality of Personal Data; against unauthorized access to or use of Personal Data.
●Procedures and Controls. iCOVER has developed, documented, and will maintain
procedures and controls: for the secure handling, transfer, and disposal of Personal Data,
whether in electronic or physical form; to protect against destruction, loss, or damage of
Personal Data due to human error, potential environmental hazards, or technological
failures; to restrict access to Personal Data at physical locations, such as buildings,
computer facilities, and records storage facilities; to authenticate and limit access to its
systems to authorized individuals; for the secure configuration and maintenance of
information systems (e.g., servers, network infrastructure devices, and networks), including
procedures for change management; the pseudonymization and encryption of Controller
Data; for detecting, preventing and responding to attacks, intrusions, or other systems
failures, including actions to be taken in the event of suspected or detected unauthorized
access to its systems.
●Safeguards. iCOVER has designed and implemented reasonable safeguards to control
reasonably foreseeable internal and external risks to its systems by restricting access to
those who have a business need to access various systems, via control of administrative and
user account privileges.
●Monitoring. iCOVER monitors security within its organization by: Using enterprise-grade
automated tools to monitor workstations, laptops, and servers for malware, with central
compilation of such logging; Leveraging firewalls and intrusion prevention systems to
monitor externally facing assets; Collecting and analyzing audit logs of events and
generated alerts, to help detect an attack; performing penetration testing on an annual
●Access. iCOVER manages and controls system access by: using Active Directory to control
administrative privileges for Windows servers and some applications; restricting user
account privileges to what is necessary in order to do their job.
●Disaster Recovery/Business Continuity and Incident Response Plans. iCOVER has designed
plans for responding to a: disaster, including processes and procedures for resuming
business operations; network and/or system attack, including incident handling.