1-513-984-1800 Find a Role
Home  /  Policies  /  Privacy

Privacy
Notice.

How Sterling Medical Corporation collects, uses, shares, and protects personal information about clinicians, candidates, partners, and visitors to this site.

Effective date: 2026-05-20  ·  Last updated: 2026-05-20  ·  Version: 1.0

Sterling Medical Corporation ("Sterling Medical," "Sterling," "we," "our," or "us") respects your privacy. This Privacy Notice describes how we collect, use, share, and protect personal information when you visit sterlingmedcorp.com, apply for a placement, work with us as a clinician, or interact with us as a partner facility, supplier, or visitor.

This Notice applies to information we process as a controller. Where we process information on behalf of a federal, commercial, or international healthcare facility under a staffing or services contract, that facility may be a separate or joint controller of certain data; in those cases the facility's own privacy notices and the terms of our agreement with that facility also apply.

Contents

  1. Who we are
  2. Information we collect
  3. Sources of information
  4. How we use information
  5. Legal bases (EEA / UK / Switzerland)
  6. How we disclose information
  7. International transfers
  8. Retention
  9. Security
  10. Your privacy rights
  11. Sensitive personal information
  12. HIPAA and protected health information
  13. Cookies and similar technologies
  14. SMS / text messaging
  15. Children
  16. Third-party sites
  17. Changes to this Notice
  18. Contact us

1. Who we are

The data controller is Sterling Medical Corporation, a federal contractor headquartered at 411 Oak Street, Cincinnati, OH 45219, United States. You can reach our legal team at legal@sterlingmedcorp.com or by mail at the address above, attention: General Counsel.

2. Information we collect

The categories of personal information we collect depend on your relationship with us. We collect, and in the prior twelve (12) months have collected, the following categories of personal information (categories defined under the California Consumer Privacy Act, as amended ("CCPA")):

From clinicians, candidates, and applicants

  • Identifiers: name, address, email, telephone, date of birth, government identifiers (e.g., Social Security number where required for credentialing or payroll), professional license numbers, National Provider Identifier (NPI), DEA registration number.
  • Records described in California Civil Code §1798.80(e): education, employment, employment history, signatures, references.
  • Protected-classification characteristics under federal or state law: where collected solely to satisfy required Equal Employment Opportunity, Section 503, or VEVRAA reporting (voluntary self-identification of veteran status, disability, race, ethnicity, gender).
  • Professional or employment-related information: CV/resume, work authorization, board certifications, malpractice history, NPDB and OIG/SAM.gov screening results, primary-source verification records, references, prior engagement performance.
  • Education information: transcripts, training, continuing-education credits.
  • Internet or electronic network activity: IP address, device identifiers, log files, pages visited, referring URLs, time spent on pages.
  • Geolocation data: approximate location derived from IP address; precise location only with consent (e.g., when using mobile features that require it).
  • Sensory data: recordings of telephone calls or video interviews where you have been notified and consented.
  • Inferences: placement preferences, specialty fit, role suitability.

From partner facilities, client representatives, and other business contacts

  • Name, business email, business phone, role, agency or facility, and information you choose to provide in correspondence or contracts.

From website visitors

  • IP address, browser and device information, pages visited, referring URL, and other usage data collected through cookies and similar technologies (see Cookies).
  • Information you submit through forms, including any free-text content.

3. Sources of information

  • Directly from you: when you submit forms, apply for a placement, sign onboarding paperwork, communicate with a recruiter, or use the SMS opt-in.
  • From third-party sources used to confirm credentials: state licensing boards, the National Practitioner Data Bank (NPDB), the U.S. Drug Enforcement Administration (DEA), the U.S. Department of Health and Human Services Office of Inspector General (OIG) List of Excluded Individuals/Entities, the System for Award Management (SAM.gov), state abuse registries, and similar primary-source verifiers, used as part of the credentialing process either at our initiative or at the direction of the contracting facility.
  • From references: employment, professional, and clinical references that you list.
  • From facilities and client representatives: in connection with placements, engagement performance, and credentialing.
  • From service providers: background-check vendors, applicant-tracking systems, payroll, benefits, and similar processors that we engage.
  • Automatically: from cookies, log files, and similar technologies on this website.

4. How we use information

We use personal information for the following business and commercial purposes:

  • Recruiting and placement: to evaluate suitability for a role, to communicate with you about openings, to coordinate interviews, and to manage the placement lifecycle.
  • Credentialing: to obtain primary-source verification of licenses, certifications, registrations, and sanction status; to map privileges to a facility's scope; and to assemble and maintain credentialing files.
  • Onboarding and ongoing employment: payroll, benefits administration, time-and-attendance, tax reporting, work authorization, equal-employment reporting, and other lawful HR purposes.
  • Performing our contracts: with you, with facilities, and with the federal government, including Service Contract Act (SCA) compliance and contract reporting.
  • Communications: to respond to inquiries, send information you request, send job alerts (with your consent where required), and provide service updates.
  • Marketing: to share information about Sterling Medical with prospective candidates and partners. Where required, we obtain consent before sending marketing communications and you can opt out at any time.
  • Site operation and security: to operate, maintain, secure, and improve this website and our systems, including detecting and preventing fraud and abuse.
  • Compliance and legal: to comply with applicable laws (including federal contracting, employment, tax, immigration, and healthcare laws), respond to lawful requests, enforce agreements, and protect rights.
  • Aggregated and de-identified analysis: to produce statistics that do not identify you.

If you are located in the European Economic Area, the United Kingdom, or Switzerland, we process personal data on the following legal bases:

  • Performance of a contract with you (e.g., placement, employment).
  • Legitimate interests in operating and growing our business (e.g., evaluating candidates, securing our systems, marketing to business contacts) where those interests are not overridden by your rights.
  • Consent, where required (e.g., certain marketing or SMS messages).
  • Compliance with a legal obligation to which we are subject.
  • Vital interests in rare cases involving health or safety.

6. How we disclose information

We share personal information with the following categories of recipients, for the purposes described above:

  • Partner facilities and client organizations with whom we contract to place clinicians (e.g., hospital systems, outpatient clinics, community and provider-network health programs, and commercial healthcare facilities), to the extent needed for credentialing, onboarding, and engagement performance.
  • Service providers / processors: background-check vendors, applicant-tracking and CRM systems, payroll and benefits administrators, IT and cloud-hosting providers, communications platforms (including SMS aggregators), and professional advisors (legal, accounting, audit). We require service providers to use information only to perform services for us and consistent with this Notice and applicable law.
  • Government and regulatory bodies in response to lawful requests, audits, subpoenas, court orders, or to comply with law (including federal contracting, immigration, tax, and labor reporting).
  • In a corporate transaction: as part of a merger, acquisition, financing, reorganization, sale of assets, or similar transaction, subject to confidentiality obligations.
  • To protect rights and safety: to enforce contracts, investigate fraud or abuse, or protect the rights, property, or safety of Sterling, our personnel, our placed clinicians, partner facilities, or the public.
  • With your direction or consent: in any other case where you direct us to share information.

We do not "sell" personal information for money. We do not knowingly disclose personal information for cross-context behavioral advertising. To the extent that the use of certain analytics or advertising cookies could be deemed "sharing" or "selling" under California or other state privacy laws, we honor opt-out preference signals (such as Global Privacy Control) and provide an opt-out mechanism described under Your privacy rights.

7. International transfers

Sterling Medical operates from the United States. If you are located outside the United States — including in countries where we maintain placements at client facilities or commercial sites — your information will be transferred to and processed in the United States and in other countries that may not have the same level of data-protection law as your country.

For transfers of personal data from the EEA, the United Kingdom, or Switzerland to the United States, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, and equivalent instruments, as applicable. You can request a copy of the safeguards we use by contacting us at legal@sterlingmedcorp.com.

8. Retention

We retain personal information only for as long as needed for the purposes described in this Notice and to comply with our legal, contractual, accounting, audit, and tax obligations. Specific retention periods depend on the type of information and the legal context — for example:

  • Credentialing records: retained for the duration of the placement and for the period required by the contracting facility, federal regulations, and applicable statutes of limitation, typically not less than seven (7) years after the end of the placement.
  • Payroll, tax, and benefits records: retained for the periods required by the Internal Revenue Code, the Fair Labor Standards Act, ERISA, and similar laws.
  • Federal contract records: retained as required by the Federal Acquisition Regulation (FAR), agency-specific clauses, and the Service Contract Act, typically not less than three (3) years after final payment, and longer where the contract or agency requires.
  • Marketing contacts: retained while a relationship is active and for a reasonable period thereafter, unless you opt out.
  • Web logs and analytics: retained for a limited period (typically up to 13 months) and then deleted or aggregated.

When we no longer need personal information, we delete, destroy, or de-identify it.

9. Security

Sterling maintains administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, and destruction. These include access controls, encryption in transit, secure-data-handling training for our personnel, and contractual safeguards with our service providers. No system is 100% secure; if you have reason to believe that your interaction with us is no longer secure, please contact us at legal@sterlingmedcorp.com.

10. Your privacy rights

Depending on where you live and your relationship with us, you may have rights under the CCPA/CPRA (California), VCDPA (Virginia), CPA (Colorado), CTDPA (Connecticut), UCPA (Utah), the Texas Data Privacy and Security Act, the Florida Digital Bill of Rights, the Oregon Consumer Privacy Act, the Montana Consumer Data Privacy Act, and similar laws, as well as under the EU GDPR and UK GDPR. Subject to applicable law and verification of your identity, these rights may include:

  • Right to know / access the categories and specific pieces of personal information we have collected, the sources, purposes, and categories of recipients, and to receive a copy in a portable format.
  • Right to correct inaccurate personal information.
  • Right to delete personal information, subject to legal exceptions (including federal-contractor record-keeping).
  • Right to opt out of "sale" or "sharing" for cross-context behavioral advertising, and of certain "targeted advertising" or "profiling" decisions.
  • Right to limit use of sensitive personal information to specified purposes.
  • Right to restrict or object to processing in certain cases (GDPR / UK GDPR).
  • Right to data portability.
  • Right to withdraw consent at any time, where we rely on consent.
  • Right to lodge a complaint with a supervisory authority (e.g., your state attorney general or, in the EEA/UK, your data protection authority).
  • Right to non-discrimination for exercising these rights.

How to exercise your rights

To make a request, contact us at legal@sterlingmedcorp.com, call us at 1-513-984-1800, or write to Sterling Medical Corporation, Attn: General Counsel, 411 Oak Street, Cincinnati, OH 45219. We will verify your request using information we already hold about you (for example, by matching to a recruiter file). You may use an authorized agent to submit a request on your behalf, with written authorization that we may verify.

Global Privacy Control

We honor the Global Privacy Control (GPC) and similar opt-out preference signals as a request to opt out of "sale" or "sharing" of personal information for cross-context behavioral advertising for the browser from which the signal is received.

Appeals (Virginia, Colorado, Connecticut, and similar)

If we deny your request, you may appeal by replying to our decision. We will respond within the timeframe required by applicable law. If your appeal is denied, you may contact your state attorney general.

11. Sensitive personal information

In the course of recruiting, credentialing, and placing clinicians, we collect personal information that may be considered "sensitive" under California or other state laws — for example, government identifiers (SSN), professional license details, and information about racial or ethnic origin or veteran/disability status collected for required EEO/Section 503/VEVRAA reporting. We use sensitive personal information solely for the purposes described in Section 4, including to perform our services, comply with law, and protect against fraud or unauthorized activity. We do not use sensitive personal information to infer characteristics about you for marketing.

12. HIPAA and protected health information

Sterling Medical is generally not a HIPAA "covered entity." In some engagements we act as a "business associate" of a covered entity (for example, when supporting a federal health facility's operations), and we handle protected health information ("PHI") only as permitted by a written Business Associate Agreement and applicable HIPAA rules. This Privacy Notice does not modify or replace any Business Associate Agreement or any covered entity's Notice of Privacy Practices.

13. Cookies and similar technologies

This site uses cookies and similar technologies. Cookies are small files placed on your device that help the site function and help us understand usage.

  • Strictly necessary cookies enable core functionality (e.g., security, form submission). These cannot be disabled.
  • Analytics cookies help us understand how visitors use the site (pages visited, time on page, referring source).
  • Functional cookies remember preferences (e.g., density / accent / regional settings).

You can manage cookies through your browser settings and, where available, through our cookie preference center. We honor Global Privacy Control as described above.

14. SMS / text messaging

If you opt in to receive SMS messages from us (for example, job alerts), the terms in our SMS Terms & Conditions apply. Mobile information will not be shared with third parties or affiliates for marketing purposes; information sharing with subprocessors who help deliver the SMS service is governed by this Notice. You can opt out at any time by replying STOP.

15. Children

This site is intended for adults. We do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal information, contact us at legal@sterlingmedcorp.com and we will delete it.

16. Third-party sites

This site may link to third-party websites or services (including our recruiting portal at enginehire.io). Their privacy practices are governed by their own notices, not this one.

17. Changes to this Notice

We may update this Notice from time to time. When we make material changes, we will update the "Last updated" date at the top and, where appropriate, provide additional notice (for example, by email or a prominent notice on this site).

18. Contact us

For questions about this Notice or our privacy practices:

Sterling Medical Corporation
Attn: General Counsel
411 Oak Street
Cincinnati, OH 45219
United States
Email: legal@sterlingmedcorp.com
Phone: 1-513-984-1800