MBD Consultants, LLC dba XG Consultants Group, Inc.

Privacy Policy

Updated as of May 10, 2023

MBD Consultants, LLC dba XG Consultants Group, Inc. (“Company,” “we,” “our,” or “us”) is committed to protecting the privacy of your personal information and keeping you informed of how we collect and use your personal information. This Privacy Policy (“Policy”) governs how the Company collects, uses, discloses and secures personal information collected from or about you through this website(s) and any online applications (collectively, the “Site”) owned and controlled by us, except as otherwise noted herein, as well as the personal information you submit or we collect through offline channels such as when you:

• Visit our locations or attend one of our events.
• Engage in phone, email, or mail communications with us.
• Through social media interactions on our websites and other third-party websites like Facebook, YouTube, Instagram, and Twitter.
• View our online advertisements.

The nature of our business involves the collection of personal information from individuals and entities to provide certain products and/or services (the “Services”) such as performing background checks. As a consumer reporting agency, we are subject to the Fair Credit Reporting Act (FCRA) and other applicable federal and state laws.

Depending on how you interact with us will determine the nature of the personal information we collect from you, the source of that information, how we use it, and how we may disclose or otherwise process it. For example, you might be an individual who provides personal information to us through the Site, directly or indirectly, through one of our Customers for the purpose of receiving a background check or other Services. In general, we would consider you a “Consumer.”  “Customers” are those entities, organizations, or individuals that purchase our Services which in most cases would involve the collection of personal information from Consumers. Consumers, Customers, or any individual accessing our Site or Applications are “Users” or also referred to as “you” or “your.”

Please review this Policy carefully. By accessing the Site, using the Services or otherwise providing your personal information, you consent and agree to the terms of this Policy and to the Company collecting, using, disclosing, and storing such information consistent with this Policy.

Changes to this Policy. The Company reserves the right to change the Policy at any time, in which event the Site will contain a notice of the change. Changes will be effective immediately upon posting to the Site. If you have any questions or concerns about the Policy, please contact us at 212-499-1480 or as provided below.

Information We Collect. We may collect personal information that you provide directly to us, such as information you submit when you visit the Site. We may also collect information that is passively or automatically collected from you, such as information collected from your browser or device when you visit the Site. We use this information to operate the Site and in certain circumstances to perform Services, carry out our business, comply with laws and for other purposes described herein.

As described below, we may collect or have collected in the preceding 12 months the following categories of personal information. We may add to the categories of personal information we collect. In that case, we will inform you.

1. Examples include real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, or other similar identifiers.
2. Other elements. Examples include signature, characteristics or description, address, telephone number, education, bank account number, credit card number.
3. Characteristics of protected classifications under state or federal law. Examples include race, religion, and age.
4. Commercial information. This includes services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. This could include information collected in connection with the Services, such as information or materials and activities involved in the processing of information regulated by the Fair Credit Reporting Act.
5. Education information. This includes information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. section 1232g, Sec. 1232g; 34 C.F.R. Part 99).
6. Internet or other electronic network activity. Examples include browsing history, search history, a consumer’s interaction with an internet website, application, or advertisement.
7. Geolocation data. This might include location information while using one of our apps.
8. Audio, electronic, visual, thermal, olfactory, or similar information. Examples of this category including identifiable information obtained about you while speaking with our customer service representatives on the telephone and/or by video camera.
9. Professional or employment-related information.
10. Sensitive personal information. This includes but is not limited to personal information that would reveal identifiers such as Social Security, driver’s license, state identification card, or passport numbers, as well as log-in, financial account, debit card, or credit card number plus any required security or access code and other information that would permit access to an account. It also would include precise geolocation and racial or ethnic origin, religious or philosophical beliefs, biometric information, union membership, information regarding sex life or sexual orientation, or a consumer’s genetic or medical information.
11. Consumer profile. This includes inferences drawn from any of the information identified above to create a profile about a consumer reflecting the consumer’s preferences, characteristics, and behaviors.

Personal information excludes information that is not defined as personal information or is excluded from the definition of personal information (or similar terms) under applicable federal or state law. For example, personal information as defined under the California Consumer Privacy Act (“CCPA”) would not include the following information:

• Publicly available information.
• De-identified or aggregated consumer information.
• Certain personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), the California Confidential Medical Information Act, the Health Insurance Portability and Accountability Act, and the Driver’s Privacy Protection Act of 1994.

Children. The Site is not directed to children under the age of 13 years old. The Company does not knowingly collect any personal information from children. If you are concerned about your child’s use of the Site, you may use web-filtering technology to supervise or limit access to the Site.

Cookies. As is true of most websites, we gather some personal information automatically and store it in log files. Small files called “cookies” may be attached to your web browser. These files identify your browser and save information such as passwords so that website can recognize you or process your requests. This information also may include the Internet Protocol (IP) address, browser type, language, internet service provider (ISP), referring and exit page, operating system, and date/time stamp.

In addition to the purposes above, we may use this personal information to understand and analyze trends, to administer the Site, to learn about user behavior on the Site, and to gather demographic information about our user base. To monitor use of the Site and improve its quality, we may compile statistical information concerning the use of the Site through third party analytics services. Examples of this information may include: the number of visitors to the Site or to sections or pages within the Site, patterns of traffic flowing through the Site, length of time spent on the Site, or in sections or pages of the Site, the other sites that refer visitors to the Site, the pages of the Site that visitors frequently use as entry and exit points, utilization of the browser and operating systems and versions used by visitors to the Site. This information generally is used for internal purposes, and we do not link your URL or IP address to any personal information unless you have logged into our Site with an established account login and password or accessed our page through a Customer provided link.

You may control cookies, including preventing or stopping the installation and storage of cookies, through your browser settings and other tools. Most browsers will allow you to block or refuse cookies. However, you may need to manually adjust your preferences each time you visit a site. For more information, see the Help section of your browser. Please note that if you block certain cookies, some of the services and functionalities of our Site may not work. Refer to the Help feature of your browser for information on disabling cookies.

Purposes We Use Personal Information. In general, we will use the personal information we collect about you only for the purpose it was collected and as otherwise provided in this Policy.  In the case of our background check and related services, we will not use your personal information to perform the background check service unless our Customer has certified to us that it has satisfied the requirements under FCRA and applicable state law. Set forth below are examples of business or commercial purposes for which we may have collected your personal information. We may change or add to the purposes we collect personal information. In that case, we will inform you and obtain your consent when required by law.

1. To operate our Site and Services.
2. To communicate with you and provide you with information, products, or services, including the Services, that you request or receive from us.
3. To fulfill or meet the reason for which the information is provided. For example, in the case of background checks, we might provide access to reports or functionality relating to use of such reports.
4. To contact you and/or provide you with email alerts, event registrations and other notices concerning our products or services, or events or news, which may be of interest to you.
5. To communicate with you in social media concerning our products and services.
6. To carry out our obligations and enforce our rights including those arising from any contracts entered into between you and us, including for billing, payment, and collections.
7. To review, improve, and monitor our website, applications, online services, and overall Consumer and Customer experience, including to provide customization to meet the specific needs, ensure a consistent experience, and to assess trends, interests, and the demands of Users.
8. To investigate, prevent or mitigate violations of our internal terms, agreements or policies; enforce our agreements with third parties and business partners; and for other purposes related to the Services, operation of our business, or your application for or employment with us.
9. To provide customer service and engage in quality control activities concerning our products and services.
10. For testing, research, analysis and product and service development.
11. To monitor, track and report Consumer use of Customer specific sections of the Site. For example, when one of our Customers directs you to our Site for a free background check or you visit a Customer specific section on your own, we collect information on your visit and provide it to the Customer.
12. To respond to law enforcement requests and as required by applicable law, court order, governmental regulations, or other lawful processes.
13. As described to you when collecting your personal information or as otherwise set forth in the CCPA or other applicable law.
14. To process applications for employment, as well as to evaluate and improve our recruiting efforts.
15. As necessary or appropriate to protect the rights, property, security, and safety of us, our employees, our Consumers, our Customers, our Users, our information systems, and the public.
16. To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us is among the assets transferred.

In addition, the Company may compile statistical information concerning the usage of the Site. This information allows the Company to monitor its utilization and continuously improve quality. Examples of this information with respect to the Site would include, but not be limited to, the number of visitors, the patterns of traffic flowing through, the length of time spent on the Site, or in particular sections or pages, the other sites that refer visitors, the pages Users frequently use as entry and exit points, utilization of the browser and operating systems and versions used by Users.

In order to compile this information, the Company may collect and store your IP address, your operating system version, your browser version, the pages you visit, the length of time you spend, the site from which you linked to ours, search terms you used in search engines which resulted in you linking to the Site, etc. While all of this information can be associated with the IP address your computer had while you visited the Site, it will not be associated with you as an individual, or associated with any other information you may submit, or that Company may store about you for any other purposes unless you have logged into our Site with an established account login and password or accessed our page through a Customer provided link.

• Sources of the Personal Information We Collect. As you are probably aware, we may collect personal information from a variety of sources. The categories of sources of personal information are described below. The examples provided are for illustration purposes and are not exhaustive.

 

You. Examples of when we collect that information include:

• When you contact us or request a consultation.
• During a Site visit, when you call us, or when you visit us at one of our locations or events.
• If you upload or share a photo, submit a request for a background check, or post other digital content through one of our Sites, Applications or via social media interactions on third party websites like Facebook or Twitter.
• If you apply or inquire about employment.
• In connection with your interactions with us as a registered user of our Site.
• Information Collected Automatically. As you navigate through and interact with our Site, we may compile statistical information concerning your usage of the Site through analytics services, such as those provided by Google Analytics. To do so, we may collect certain information about your equipment, browsing actions and patterns through tracking tools like browser cookies, flash cookies, and web beacons.
• Your employer. If your employer is a Customer, they may provide information to us to perform background check or other services we provide.
• Other Third Parties. We may collect information about you from third parties such as through your social media services consistent with your settings on the services or from other third-party sources that are lawfully entitled to share your data with us. We might authorize service providers to collect personal information on our behalf.
• Third party databases and information repositories.

Disclosing Personal Information. In general, we will not disclose your personal information for any purposes other than those in conjunction with the business activities requested of us unless otherwise permitted or required by law or by this Policy, or we have your authorization to do so.

To carry out such purposes, we may disclose your personal information to our Customers, affiliates, service providers and contractors, outside legal counsel and government entities.

We may also disclose your personal information to third parties, if necessary, to: (1) comply with federal, state, or local laws; (2) comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, state, or local authorities; (3) cooperate with law enforcement agencies concerning conduct or activity that we reasonably and in good faith believe may violate federal, state, or local laws; or (4) exercise or defend legal claims.

Lastly, we may transfer personal information to a third party as part of a merger, acquisition, bankruptcy, or other transaction in which the third party assumes control or acquires of all or part of the assets of our business.

With respect to the personal information acquired from you in connection with providing background check and related services, we will not disclose such personal information to a third party without your permission, except in connection with performing those services or as otherwise described in this Policy. For example, as permitted under applicable law, we would disclose information to third parties necessary to perform the check and disclose the results of the check to our Customer that ordered it.

We may disclose, including during the past 12 months, the following categories of personal information to the following categories of third parties:

Categories of Personal Information Disclosed

Categories of Third Parties to Whom Disclosed

Identifiers   Other elements   Characteristics of protected classifications under California or federal law   Commercial information   Education information     Internet or other electronic network activity   Geolocation data     Audio, electronic, visual, thermal, olfactory, or similar information   Professional or employment-related information   Sensitive personal information   Consumer profile

Third parties as directed by you. We will disclose your personal information to those third parties to whom you direct.   Our business partners and affiliates. For example, we might disclose your personal information to our business partners and affiliates for purposes of collaborating on providing services to you. These business partners and affiliates should also have their own privacy statements that set out the manner in which they will collect, use, and disclose personal information. Where applicable, we encourage you to review each such business partner and affiliate’s privacy statement before signing on with them.   Third parties who perform services on our behalf. For example, we disclose information to certain service providers who collect information from you to enable us to perform a background check, professional services providers, debt collectors, information technology providers, and data storage companies. As noted, we might authorize service providers to collect personal information on our behalf.   Third parties to whom we provide information related to conducting background checks, checking references, etc.   Customers to whom we provide Services, including data on user visits to sections of the Site relating to services offered on behalf of that Customer.   Governmental entities, legal service providers. We may disclose your personal information in order to comply with the law and in the course of providing our products and services. We may also disclose information if a government agency or investigatory body submits a request.   Successors to all or portions of our business. If all or part of our business is sold, we may disclose personal information in preparation for or as part of that transaction.

 

In no case do we disclose, sell or license personal information to third parties including for their direct marketing purposes, except as permitted by law.

How Long We Retain Your Information. We retain your personal information for as long as necessary to achieve the purpose for which it was collected. This may include providing you with products and services, while you have an open account with us, or to perform Services requested by a Customer. We may retain your personal information for longer if it is necessary to comply with our legal or reporting obligations, resolve disputes, collect fees, etc. or as permitted or required by applicable law. We may also retain your personal information in a deidentified or aggregated form so that it can no longer be associated with you. To determine the appropriate retention period for your personal information, we consider various factors such as the amount, nature, and sensitivity of your information; the potential risk of unauthorized access, use or disclosure; the purposes for which we process your personal information; and applicable legal requirements.

Do Not Track. “Do Not Track” is a privacy preference that you can set in your Internet search browser that sends a signal to a website that you do not want the website operator to track certain browsing information about you. However, because our Site is not configured to detect Do Not Track signals from a user’s computer, we are unable to respond to Do Not Track requests.

Embedded Content and Social Media Widgets. The Site contains embedded content (e.g., videos) and Social Media Widgets (e.g., LinkedIn). Embedded content may place third party cookies on your device that track your online activity to enhance your experience or assess the success of their application.

Social Media Widgets allow us to integrate social media functions into the Site. These widgets may place third party cookies on your device for tracking and advertising purposes. We have no direct control over the information these cookies collect, and you should refer to their website privacy policy for additional information.

Links to Other Websites and Third Party Integrations. The Services may contain links to other websites. We may also provide links to third party integrations. Third party integrations are websites or platforms that synchronize with our Site to provide you with additional functionality, tools, or services such as maps, accepting job applications, sending newsletters, etc. Any personal information you provide to linked pages or third party integrations is provided directly to that third party and is subject to the privacy policy of that third party. We are not responsible for personal information provided by you to such a third party. Links and APIs are provided only as a convenience.

Transfers of Data: United States or Overseas. Personal information submitted to the Company for a background check or related services may at times be transferred outside of the United States in order to perform the background investigation. All personal information will be transmitted and stored in a secure manner in accordance with the terms of this Policy.

Safeguarding of Information. We take a number of steps to safeguard the security of personal information obtained through the Site. However, no system for safeguarding personal or other information is 100% and we cannot guarantee that data may not be accessed, disclosed, altered, or destroyed by breach of any of our safeguards.

If you create an account with us, you are responsible for safeguarding the password, security questions and answers, and other authentication information you use to access that account.

Applicable law. This Policy is governed by the internal substantive laws of New York, without regard to its conflict of laws principles. Jurisdiction for any claims arising under or out of this Privacy Policy shall lie exclusively with the state and federal courts within New York. If any provision of this Policy is found to be invalid by a court having competent jurisdiction, the invalidity of such provision shall not affect the validity of the remaining provisions of this Policy, which shall remain in full force and effect.

CALIFORNIA PRIVACY RIGHTS: This section of the Policy (“CA Policy”) supplements and amends the information contained in our Policy with respect to California residents. This CA Policy applies solely to Users who are natural persons and residents of the State of California (“consumers” or “you”) and is adopted in part to comply with the California Consumer Privacy Act (“CCPA”).  THIS ADDENDUM TO THE PRIVACY POLICY DOES NOT APPLY TO USERS WHO ARE NOT NATURAL PERSONS AND NOT CALIFORNIA RESIDENTS.

The CA Policy describes our policies and practices regarding the personal information we collect, use, and disclose about you, including personal information you submit or we obtain when you access the Site, Services or through other sources.  In general, personal information is information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household.

Any terms defined within the CCPA have the same meaning when utilized within this CA Policy. The other provisions of the Policy continue to apply except as modified in this CA Policy.

Selling or Sharing Personal Information.

• We do not “sell” or “share” your personal information as those terms are defined in the CCPA.
• We do not have actual knowledge that we have sold or shared personal information of minors under age 16.

Consumer Rights. Pursuant to the CCPA, and as detailed below, consumers have various rights with respect to their personal information.

Request to Delete. You have the right to request that we delete your personal information from our records, subject to certain exceptions. Upon receipt of a verifiable consumer request (see below), and as required by the CCPA, we will delete and direct any service providers, contractors, and third parties to delete your PI from their records.

The Company is not required to comply with your request to delete your personal information if it is necessary for the Company (or its service provider) to maintain your personal information in order to:

1. Complete the transaction for which the personal information was collected, provide a good or service requested by you, or reasonably anticipated by you within the context of our ongoing business relationship with you, or otherwise perform a contract between the Company and you.
2. Help to ensure security and integrity to the extent the use of the consumer’s personal information I is reasonably necessary and proportionate for those purposes.
3. Debug to identify and repair errors that impair existing intended functionality.
4. Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law.
5. Comply with the California Electronic Communications Privacy Act pursuant to Chapter 3.6 (commencing with Section 1546) of Title 12 of Part 2 of the Penal Code.
6. Engage in public or peer-reviewed scientific, historical, or statistical research that confirms or adheres to all other applicable ethics and privacy laws, when the Company’s deletion of the information is likely to render impossible or seriously impair the ability to complete such research, if you have provided informed consent.
7. To enable solely internal uses that are reasonably aligned with your expectations based on your relationship with the Company and compatible with the context in which the consumer provided the information.
8. Comply with a legal obligation.

Request to Know. You have the right to request that we disclose the following to you as it relates to the 12-month period preceding our receipt of your verifiable consumer request:

• The categories of personal information we have collected about you.
• The categories of sources from which the personal information is collected.
• The business or commercial purpose for collecting or selling personal information.
• The categories of personal information we sold or disclosed for a business purpose.
• The categories of third parties with whom we sold or disclosed personal information for a business purpose.
• The specific pieces of personal information we collected about you.

Upon receipt of a verifiable consumer request (see below), and as required by the CCPA, we will provide a response to such requests.

Request to Correct Inaccurate Information. You have the right to request that we correct inaccurate personal information that we maintain about you subject to certain limitations. Upon receipt of a verifiable consumer request (see below), and as required by the CCPA, we will provide a response to such requests.

Right to Limit the Use and Disclosure of Sensitive Personal Information. In certain circumstances, you have the right to limit our use and disclosure of the Sensitive Personal Information we collect about you. You may exercise this right by clicking this link: Limit the Use of My Sensitive Personal Information or submitting a request as directed below.

We will not discriminate against you in violation of the CCPA for exercising any of your CCPA rights. For example, we generally will not provide you a different level or quality of goods or services if you exercise your rights under the CCPA.

Submitting Consumer Rights Requests. To submit any of the Consumer Rights requests as outlined above, please contact us at 1-888-249-9399 or info@xgconsultantsgroup.com. We reserve the right to only respond to verifiable consumer requests.  A verifiable consumer request is one made by any individual who is:

• The consumer who is the subject of the request
• A consumer on behalf of the consumer’s minor child
• A natural person or person registered with the Secretary of State authorized to act on behalf of a consumer

If we request, you must provide us with sufficient information to verify your identity and/or authority to act on behalf of the consumer. In general, we may ask you to provide identifying information that we already maintain about you or we may use a third-party verification service. In either event, we will try to avoid asking you for sensitive personal information to verify your identity. We may not be able to respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. However, making a verifiable consumer request does not require you to create an account with us. Additionally, you will need to describe your request with sufficient detail to allow us to review, understand, assess, and respond. Personal information collected from an individual to determine whether a request is a verifiable consumer request may not be used or disclosed for any other purpose except as required by law. We will endeavor to respond to a verifiable consumer request within forty-five (45) calendar days of receipt, but we may require an extension of up to forty-five (45) additional calendar days to respond and we will notify you of the need for the extension.

If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the receipt of your verifiable consumer request. With respect to personal information collected on and after January 1, 2022, and to the extent expressly permitted by applicable regulation, you may request that such disclosures cover a period beyond the 12 months referenced above, provided doing so would not require a disproportionate effort by the Company.

The response we provide will also explain the reasons we cannot comply with a request, if applicable. To the extent permitted by the CCPA, we will respond to no more than two requests during any 12-month period.

Authorized Agents. You may authorize a natural person or a business registered with the California Secretary of State to act on your behalf with respect to the right under this CA Policy. When you submit a Request to Know, Correct or Delete, unless you have provided the authorized agent with a qualifying power of attorney, you must provide your authorized agent written permission (signed by you) to act on your behalf and verify the authorized agent’s identity with us. We reserve the right to deny requests from persons or businesses claiming to be authorized agents that do not submit sufficient proof of their authorization.

Accessibility. Persons with disabilities may obtain this Privacy Policy in alternative format upon request using the contact information below.

Contact Us. If you have any questions regarding this Policy or our policies, you may contact us at:

XG Consultants Group

110 East 42nd Street

Suite 1302

New York, NY 10017

info@xgconsultantsgroup.com

212-499-1480

4867-8698-1637, v. 2