Data Controller: The company or organisation (in most cases your employer or potential employer) or yourself requesting background screening services from Personnel Checks.
Data Processor: Personnel Checks Limited, One Cathedral Square, Cathedral Quarter, Blackburn, Lancashire, BB1 1FB. A registered umbrella body for the DBS and resale partner of Experian background screening products and services.
Registered Umbrella Body: Organisation registered with the DBS for the purposes of processing and submitting applications for DBS products from individual and employers not eligible to register with the DBS.
Personnel Checks are committed to protecting and respecting your privacy.
This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. This policy applies to your use of any of the Services we may provide to you and sets out the basis on which personal data you provide us, or we collect from you, will be used and/or processed by us.
We do not intend to process personal data collected from you for marketing purposes. If we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes, we will obtain your prior agreement.
Our legal basis for processing your information
Contractual Obligations: We process your personal information to provide the background screening services requested in order to fulfil contractual obligations entered into with the Data Controller. Should you decline to provide the requested information, this will affect our ability to provide the required services.
In order to provide our services, we process your information without consent when we are legally allowed to do so. This will only be where it is in our legitimate interests to do so and where we are confident that such processing is not likely to prejudice your legitimate interests or rights and freedoms. In some instances, where applicable, we will seek your consent to process your personal information.
Where we process your information on the basis of consent that you have given us, you are entitled to withdraw that consent at any time such that we can no longer rely on it as a basis for continuing to process your personal information.
We will process your data:
- To carry out our obligations arising from any commitment entered into between us and the Data Controller;
- To provide you with information, products and/or services that you request from us or, where you have consented to be contacted for such purposes, that we feel may interest you
- To allow you to participate in interactive features of our service when you choose to do so
- To notify you from time to time about any changes to any products and/or services that you have requested
What information does the organisation collect from you?
In order to fulfil its background screening obligation, the organisation collects a range of information about you. This includes:
- Your identification information including gender, nationality, place and date of birth, any previous names and national insurance number;
- Information relating to your right to work in the UK;
- Contact details including your full name/s, phone numbers and email addresses;
- Your current address and 5 year address history;
- Copies of your identification documentation in relevant combinations in order to meet back ground screening checks criteria – these could include but are not limited to driving licence details, passport, birth certificate, bank statements, utility bills, council tax statements;
- Where applicable to the service, your employer and previous employment details, including names and contact details of referees;
- Educational details including educational establishment/s, qualifications and grades;
- Details of transactions you carry out through our site;
- Payment transaction details for invoicing purposes.
The organisation may collect this information in a variety of ways.
For example, data might be contained in completed application forms, obtained from your passport or other identity documents submitted directly to ourselves by you via online website forms, emails, fax or text messages or collected through telephone or face to face interviews.
Data may also be submitted to us for processing by the company or organisation acting as the Data Controller, but only if you’ve given them permission to share your information.
We may collect information about you whenever you interact with us, for example when you:
- Enquire about our services, visit our website
- Sign up to receive updates from us
- Post content to our social media sites (including Twitter, Facebook and LinkedIn)
- Attend a meeting with us and provide us with information about you
- Meet through networking events or exhibitions
All information you provide to us will be stored in a range of different secure management systems applicable to the type of service we have been engaged to provide, on secure internal IT and email systems and within secure filing cabinets.
Where we have given you (or where you have chosen) a password that enables you to access certain parts of our management systems, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
We may also gather details of your visits to our website including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise, and the resources that you access.
Young person’s data
If a young person under the age of 18, or an organisation on their behalf, wishes to apply for a background screening check then we would process their information in the same way as any other applicant.
We are unable to offer background screening services to any individual under the age of 16.
Who has access to the data?
We do not sell, trade or rent any personal information to others. We may partner with third party service providers to help us provide our background screening products, operate our business and this site or administer activities on our behalf, such as surveys or sending out updates on services or industry information. Should we use a third party service provider, a Confidentiality & Non-Disclosure Agreement will be entered into by both parties to ensure compliance with data protection laws.
Your information may be shared internally for the purpose of the services being provided. All staff who access personal information have undergone relevant background screening checks and received appropriate training on the handling of confidential data. Access to all information is restricted by usernames and passwords.
Relevant information is shared with our partner company Cooke & Mellor Recruitment Limited for invoicing/receipting purposes only and IT staff if access to the data is necessary for the performance of their roles.
The status or results of any background screening services we provide may be passed to authorised Recruitment Decision Makers within the company or organisation contracting with us to provide our services, with instructions to contact you directly should they need further information.
We may disclose your personal information to third parties: If we are under a duty to disclose or share your personal data: (i) in order to comply with any legal obligation; (ii) in order to enforce or apply our terms of website use or any contracts formed through our site or as a result of visits made by you to our site for the supply of our background screening services; or (iii) in order to protect the rights, property or safety of Personnel Checks Limited, our customers or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
We may legally be required to disclose your details if required to by the police or for regulatory reasons. We will only ever share your data in other circumstances if we have your consent to do so.
All information you provide to us is stored on our secure servers or on secure servers operated by our partner third party service providers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our sites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
How does the organisation protect data?
The organisation takes the security of your data seriously and will always try to take appropriate precautions to protect it.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
We ensure there are appropriate technical controls in place, for example SSL website security, secure and monitored internal security features including passwords protected networks and restricted access to our management systems for authorised personnel only.
We have internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the proper performance of their duties.
We do use external third party software to process personal data and distribute marketing materials. Before implementing third party software we ensure they meet all relevant regulations and legislation and that only we can access your data within these systems. Should a third party need to access a system to resolve an error or provide technical support this could only be carried out with our approval and supervision. Access is controlled through secure logins. We seek to provide maximum protection to your personal details.
For how long does the organisation keep data?
Record keeping is not only for operational reasons but because records are required by various governing bodies and pieces of legislation. We will retain your personal information for as long as is necessary for the relevant activity.
For some services we retain your personal information for as long as the client organisation requires as part of our contractual agreement in order to meet their record retention requirements.
Personal information submitted via hard copy application forms is confidentially shredded after 3 months and confirmation of this sent to applicants.
DBS applications not completed within 6 months of set up will be archived and system generated reminder notifications will stop. Data submitted and stored on our online DBS management system is purged 6 months after the application has been archived (whether completed or cancelled).
Personal information submitted and stored for background screening services undertaken via our third party partner, Experian, will be stored for 2 years then automatically deleted. Personnel Checks and the organisation who requested to view the results of any background checks will have secure access to this system during that time.
Should the organisation receive an erasure request from you then unless there are other legal grounds and obligations that require us to keep your personal data it shall be deleted.
Keeping your information up to date
Information is only retained to provide the contracted services and you supply all information. While compliance procedures are followed to ensure the accuracy of information provided we really appreciate it if you let us know if your details change.
You retain control of how we use your data and you have a number of rights. You can:
- Require the organisation to change incorrect or incomplete data;
- Require the organisation to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing;
- Object to the processing of your data where the organisation is relying on its legitimate interests as the legal ground for processing;
- The “right to be forgotten” if we are processing your data on the basis of consent, unless there are other legal grounds and obligations that require us to keep your personal data. In this case any personal data we hold would be erased and we would be unable to fulfil any requests about the information we had held retrospectively;
- The right to access and obtain a copy of your data on request. The right to data portability; and
- Rights in relation to automated decision making and profiling.
In some circumstances we may legally be required to retain your personal information. However this will be discussed with you depending on your requirements and does not apply if we are processing your data to contact you regarding, or sending you, marketing materials.
For more information of your rights under GDPR please read the relevant guidance issued by the ICO here.
If you would like to exercise any of these rights, please contact Alice Wrigley, One Cathedral Square, Cathedral Quarter, Blackburn, Lancashire, BB1 1FB;
If you believe that the organisation has not complied with your data protection rights, you can complain to the Information Commissioner.
What if you do not provide personal data?
You are under no statutory or contractual obligation to provide data to the organisation. However, if you do not provide the information, the organisation may not be able to process your application or perform any of the requested services.
We may collect information about your device, including (where available) your IP address, operating system and browser type, for system administration. This is statistical data about our users' browsing actions and patterns and does not identify any individual.
If you would like to raise a concern or make a complaint about how we process your personal data, please refer to our Dissatisfied Customer Procedure here.