Data Controller: The company, organisation or individual engaging umbrella functions from Personnel Checks – a registered umbrella body for the DBS.
Data Processor: Personnel Checks Limited, One Cathedral Square, Cathedral Quarter, Blackburn, Lancashire, BB1 1FB.
Registered Body: Employer or company registered with the DBS for the purposes of processing and submitting applications for DBS products.
Umbrella function: Registered Bodies processing and submitting applications for DBS products from employers not eligible to register with the DBS.
Personnel Checks are committed to protecting and respecting your privacy.
This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. This policy applies to your use of any of the Services we may provide to you and sets out the basis on which personal data you provide us, or we collect from you, will be used and/or processed by us.
We do not intend to process personal data collected from you for marketing purposes. If we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes, we will obtain your prior agreement.
Our legal basis for processing your information
In order to provide our services, we process your information without consent when we are legally allowed to do so. This will only be where it is in our legitimate interests to do so and where we are confident that such processing is not likely to prejudice your legitimate interests or rights and freedoms. In some instances, where applicable, we will seek your consent to process your personal information.
Where we process your information on the basis of consent that you have given us, you are entitled to withdraw that consent at any time such that we can no longer rely on it as a basis for continuing to process your personal information.
We will process your data:
- To carry out our obligations arising from any commitment entered into between you and us
- To provide you with information, products and/or services that you request from us or, where you have consented to be contacted for such purposes, that we feel may interest you
- To allow you to participate in interactive features of our service when you choose to do so
- To notify you from time to time about any changes to any products and/or services that you have requested
What information does the organisation collect from you?
In order to fulfil its obligation, the organisation collects a range of information about you. This includes:
- Your identification information including gender, nationality, place and date of birth, any previous names and national insurance;
- Information relating to your right to work in the UK;
- Contact details
- Your current address and 5 year address history;
- Copies of your identification documentation in relevant combinations in order to meet DBS criteria – these could include but are not limited to a driving licence, passport, birth certificate, bank statements, utility bills, council tax statements;
- Where applicable to the service, your employer details;
- Details of transactions you carry out through our site;
- Payment transaction details for invoicing purposes.The organisation may collect this information in a variety of ways. For example, data might be contained in application forms submitted directly to ourselves in hard copy or electronic format, obtained from your passport or other identity documents, submitted by yourself via online website forms, emails, fax or text messages, collected through telephone or face to face interviews.
We may collect information about you whenever you interact with us, for example when you:
- Enquire about our services, visit our website
- Sign up to receive updates from us
- Post content to our social media sites (including Twitter, Facebook and LinkedIn)
- Attend a meeting with us and provide us with information about you
- Meet through networking events or exhibitions
- We may also receive information from you from third parties – (such as renewal information) but only if you’ve given them permission to share your information.
All information you provide to us will be stored in a range of different secure management systems applicable to the type of service we have been engaged to provide, on secure internal IT and email systems and within secure filing cabinets.
Where we have given you (or where you have chosen) a password that enables you to access certain parts of our management systems, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
We may also gather details of your visits to our website including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise, and the resources that you access.
Young person’s data
If a young person under the age of 18, or an organisation on their behalf, wishes to apply for a DBS check then we would process their information in the same way as any other applicant.
We are unable to offer our services to any individual under the age of 16.
Who has access to the data?
We do not sell, trade or rent any personal information to others. We may use third party service providers to help us operate our business and this site or administer activities on our behalf, such as surveys or sending out updates on services or industry information. Should we use a third party service provider, a Confidentiality & Non-Disclosure Agreement will be entered into by both parties to ensure compliance with data protection laws.
Your information may be shared internally for the purpose of the service being provided. All staff who access personal information have received appropriate training on the handling of confidential data. Access to all information restricted by usernames and passwords.
Relevant information is shared with our sister company Cooke & Mellor Recruitment Limited for invoicing/receipting purposes and IT staff if access to the data is necessary for the performance of their roles.
The status of disclosures may be passed to authorised organisation Recruitment Decision Makers with instructions to contact you directly should they need further information.
We may disclose your personal information to third parties: If we are under a duty to disclose or share your personal data: (i) in order to comply with any legal obligation; (ii) in order to enforce or apply our terms of website use or any contracts formed through our site or as a result of visits made by you to our site for the supply of our e-bulk DBS check service; or (iii) in order to protect the rights, property or safety of Personnel Checks Limited, our customers or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction
We may legally be required to disclose your details if required to by the police or for regulatory reasons. We will only ever share your data in other circumstances if we have your consent to do so.
All information you provide to us is stored on our secure servers or on secure servers operated by third parties. where we have given you (or where you have chosen) a password which enables you to access certain parts of our sites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
How does the organisation protect data?
The organisation takes the security of your data seriously and will always try to take appropriate precautions to protect it.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
We ensure there are appropriate technical controls in place, for example SSL website security, secure and monitored internal security features including passwords protected networks and restricted access to our management systems for authorised personnel only.
We have internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the proper performance of their duties.
We do use external third party software to process personal data and distribute marketing materials. Before implementing third party software we ensure they meet all relevant regulations and legislation and that only we can access your data within these systems. Should a third party need to access a system to resolve an error or provide technical support this could only be carried out with our approval and supervision. Access is controlled through secure logins. We seek to provide maximum protection to your personal details.
For how long does the organisation keep data?
Record keeping is not only for operational reasons but because records are required by various governing bodies and pieces of legislation. We will retain your personal information for as long as is necessary for the relevant activity.
Information submitted via hard copy application forms is confidentially shredded after 3 months and confirmation of this sent to applicants.
Data submitted via email or stored on our online DBS management system is purged after 6 months.
For some services we retain your personal information for as long as the client organisation requires in order to meet their record retention requirements.
Should the organisation receive an erasure request from you then unless there are other legal grounds and obligations that require us to keep your personal data it shall be deleted.
Keeping your information up to date
Information is only retained to provide the contracted services and you supply all information. While compliance procedures are followed to ensure the accuracy of information provided we really appreciate it if you let us know if your details change.
You retain control of how we use your data and you have a number of rights. You can:
- Require the organisation to change incorrect or incomplete data;
- Require the organisation to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing;
- Object to the processing of your data where the organisation is relying on its legitimate interests as the legal ground for processing;
- The “right to be forgotten” if we are processing your data on the basis of consent, unless there are other legal grounds and obligations that require us to keep your personal data. In this case any personal data we hold would be erased and we would be unable to fulfil any requests about the information we had held retrospectively;
- The right to access and obtain a copy of your data on request. The right to data portability; and
- Rights in relation to automated decision making and profiling.
In some circumstances we may legally be required to retain your personal information. However this will be discussed with you depending on your requirements and does not apply if we are processing your data to contact you regarding, or sending you, marketing materials.
For more information of your rights under GDPR please read the relevant guidance issued by the ICO here
If you would like to exercise any of these rights, please contact Michelle Mellor, One Cathedral Square, Cathedral Quarter, Blackburn, Lancashire, BB1 1FB;
If you believe that the organisation has not complied with your data protection rights, you can complain to the Information Commissioner.
What if you do not provide personal data?
You are under no statutory or contractual obligation to provide data to the organisation. However, if you do not provide the information, the organisation may not be able to process your application.
We may collect information about your computer, including (where available) your IP address, operating system and browser type, for system administration. This is statistical data about our users' browsing actions and patterns, and does not identify any individual.
If you would like to raise a concern or make a complaint about how we process your personal data, please refer to our Dissatisfied Customer Procedure here.