EmploymentCheck Privacy Notice
Who are we?
EmploymentCheck is an online system for Disclosure and Barring Service (DBS) and Disclosure Scotland disclosures, provided by Cantium Business Solutions (a company owned by Kent County Council). Kent County Council collects, uses and is responsible for certain personal information about you. When we do so we are regulated under the General Data Protection Regulation which applies across the European Union (including in the United Kingdom) and we are responsible as ‘controller’ of that personal information for the purposes of those laws. Our Data Protection Officer is Benjamin Watts.
About the information we collect and hold
The table set out below summarises the information we collect and hold for this service, how and why we do so, how we use it and with whom it may be shared.
We seek to ensure that our information collection and processing is always proportionate. We will notify you of any changes to information we collect or to the purposes for which we collect and process it.
|
How we collect the information |
Why we collect the information |
How we use and share the information |
|
|
Your identity data including title, name(s), date of birth, NI number, nationality, address history and place of birth |
From you |
To comply with our legal obligations
To perform the employment contract
Legitimate interest: to verify your identity
|
To comply with DBS / Disclosure Scotland application requirements in order to submit your application to the DBS / Disclosure Scotland
To enable validation of your identity as part of your application
To complete barred list checks where required
Information shared with the DBS, Disclosure Scotland, the Police and other regulatory authorities as required
Information shared with Experian for external ID validation if required (where you are unable to provide sufficient evidence to meet DBS requirements) |
|
Your contact details including email address, telephone number(s) and postal address |
From you |
To perform the employment contract
Legitimate interests: to progress your application and keep you informed of progress and outcomes |
To enable us to keep you informed of the progress of your application and outcome
Information shared with the DBS, Disclosure Scotland, the Police and other regulatory authorities as required
Information shared with Experian for external ID validation if required (where you are unable to provide sufficient evidence to meet DBS requirements) |
|
ID verifier / manager name and email address |
From the individual requesting the disclosure |
To perform the employment contract
Legitimate interests: to progress your application and inform nominated individuals of disclosure outcomes |
To enable us to keep ID verifiers / managers informed of the progress of an application and outcome |
|
Your declaration of whether you have any convictions, cautions, reprimands or warnings |
From you |
To comply with our legal obligations
To perform the employment contract
Legitimate interests: For reasons of substantial public interest (protecting the public against dishonesty, safeguarding children and individuals at risk)
Your consent
|
To comply with DBS / Disclosure Scotland application requirements in order to submit your application to the DBS / Disclosure Scotland
Information shared with the DBS, Disclosure Scotland, the Police and other regulatory authorities as required
For further information see below* |
|
Information from your ID documents |
From you and the ID verifier who has checked your ID documents |
To perform the employment contract
To comply with our legal obligations
Legitimate interest: to verify your identity
|
To comply with DBS / Disclosure Scotland application requirements in order to submit your application to the DBS / Disclosure Scotland
To enable validation of your identity as part of your application
Information shared with the DBS, Disclosure Scotland, the Police and other regulatory authorities as required
Information shared with Experian for external ID validation if required (where you are unable to provide sufficient evidence to meet DBS requirements) |
|
The outcome of your external ID validation check (pass/fail) |
From Experian |
To perform the employment contract
To comply with our legal obligations
Legitimate interest: to verify your identity
|
To comply with DBS application requirements in order to submit your application to the DBS / Disclosure Scotland
To enable validation of your identity as part of your application
Information shared with the DBS |
|
Your disclosure certificate information |
From the DBS / Disclosure Scotland |
To perform the employment contract
To comply with our legal obligations
Legitimate interest: to verify the criminal records information provided by you
Legitimate interest: to confirm KCC as a registered body has undertaken a check on the applicant and complete re-checks in line with KCC policy (Disclosure Certificate number and Disclosure Certificate issue date only)
For reasons of substantial public interest (protecting the public against dishonesty, safeguarding children and individuals at risk)
Your consent
|
To make an informed recruitment / retention decision
To carry out statutory checks
Information shared with DBS, Disclosure Scotland, the Police and other regulatory authorities as required
Information shared with the nominated manager, KCC HR and other KCC departments e.g. Safeguarding as required in order to make an informed recruitment / retention decision
Certificate number and date of issue information may be shared with other organisations for the purpose of validating that KCC as a registered body has undertaken a check on you
For further information see below* |
* We will comply with the additional conditions set out in the Data Protection Act 2018 which relate to criminal convictions and other special categories of personal data (sensitive personal information).Further details on how we handle sensitive personal information (and information relating to criminal convictions and offences) are set out in our Data Protection Policy and DBS Procedure (Criminal Records Policy).
We may less frequently use your criminal information for legal claims, where required to do so by a Court or where you have made the information public.
As there is a statutory and contractual basis for collecting your personal data if you do not provide the following we may be unable to progress your DBS/Disclosure Scotland disclosure application which may affect your ability to commence/continue in a job role or voluntary position.
- Personal Data: Title, Name(s), Date of Birth, Address History, NI Number, Contact Details, Nationality, Gender, Town & Country of Birth, ID documents to verify your identity
- Personal Sensitive Data: If any Convictions, Cautions, Reprimands or Warnings
How long your personal data will be kept
We will hold your personal information for a period of up to 6 months following receipt of your disclosure and a recruitment (or other relevant) decision has been made and the application archived.
In very exceptional circumstances where it is considered necessary to keep Disclosure information for longer than six months, we will consult the DBS about this and give full consideration to the Data Protection and Human Rights of the individual subject before doing so.
The following information is retained for the purposes of disclosure renewals and portability requests where we are required to confirm that KCC as the registered body has completed an disclosure check:
- Application ID
- Username
- Forename
- Surname
- ID Verifier Username
- DBS Vulnerable Adults checked
- DBS Children’s Barred List checked
- Position working with children or adults at the applicant’s home address
- Volunteer
- Workforce
- Type of check required
- DBS Application Reference
- Disclosure number
- Disclosure issue date
- Separate barred list check required?
- Recruitment decision
- Certificate of Good Conduct required?
- Certificate of Good Conduct received?
- Position for which certificate was requested
Upon expiry any personal data will be securely destroyed.
Who we share your personal information with
We will share personal information with law enforcement or other authorities if required by applicable law.
We will share your personal information with our professional advisers if required for the purposes of establishing, exercising or defending legal proceedings.
We engage the following third party provider, with whom data may be shared (as required) to enable the delivery of this service:
- UK Fast.Net Ltd Privacy Policy (system hosting)
Access to data is only granted where authorised by KCC and specifically required in line with our contract with them. System data is hosted within the UK by an ISO 27001 accredited supplier and supplier information security standards meet DBS requirements.
Where an external ID check is required in order to meet the DBS’s ID verification requirements we will share your personal data with Experian in order to undertake this check. When a search is made please be advised that:
- Experian may check the details you supply, against any particulars on any database (public or otherwise) to which Experian has access in order to carry out the relevant verification service,
- A specific (non-credit) footprint is left by Experian, and
- A record of the decision made is available for us (Experian’s Client) to retrieve for auditory purposes.
For further information please see Experian’s Information Notice
Your Rights
Under the GDPR you have a number of rights which you can access free of charge which allow you to:
· Know what we are doing with your information and why we are doing it
· Ask to see what information we hold about you
· Ask us to correct any mistakes in the information we hold about you
· Object to direct marketing
· Make a complaint to the Information Commissioners Office
Depending on our reason for using your information you may also be entitled to:
· Ask us to delete information we hold about you
· Have your information transferred electronically to yourself or to another organisation
· Object to decisions being made that significantly affect you
· Object to how we are using your information
· Stop us using your information in certain ways
We will always seek to comply with your request however we may be required to hold or use your information to comply with legal duties. Please note: your request may delay or prevent us delivering a service to you.
For further information about your rights, including the circumstances in which they apply, see the guidance from the UK Information Commissioners Office (ICO) on individuals’ rights under the General Data Protection Regulation.
If you would like to exercise a right, please contact the Information Resilience and Transparency Team at data.protection@kent.gov.uk.
Consent - Withdrawal
In some circumstances where you have provided your consent for the processing of your criminal records information you have the right to withdraw your consent at any time by notifying us in writing via email to data.protection@kent.gov.uk. On receipt of notification that you have withdrawn your consent we will no longer process your information for that purpose, unless we have another legitimate basis for doing so in law.
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Who to Contact
Please contact the Information Resilience and Transparency Team to exercise any of your rights, or if you have a complaint about why your information has been collected, how it has been used or how long we have kept it for.
You can contact our Data Protection Officer, Benjamin Watts, at dpo@kent.gov.uk.
The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority. The supervisory authority in the UK is the Information Commissioner who may be contacted with any concern on telephone 03031 231113
Further information can be found by visiting Kent County Council's Privacy Statement
Experian Data Services End User Terms
When establishing the true identity of an applicant an external ID verification check may be used as an alternative to Route 1/1a. This will require us to provide an applicant’s details (as presented on the application form) to our chosen supplier Experian, who will compare the data obtained from the applicant against a range of independent, external data sources.
Please take a moment to read the Experian Terms and Conditions with regards to the core terms concerning the nature and use of the services, confidentiality, data protection, compliance and audit.
Disclosure Scotland Basics Privacy Policy
Disclosure Scotland (“we”) are an agency of the Scottish Government and the services we provide are governed by the Police Act 1997 and the Protection of Vulnerable Groups (Scotland) Act 2007.
Questions, queries and comments in relation to how we process your personal information are welcome and should be addressed to our Data Protection Officer at DataProtectionOfficer@gov.scot.
Disclosure Scotland is fully committed to compliance with all applicable data protection legislation and our operations and processes are in accordance with law. Where you provide us with consent to do so, we will collect personal information about you which you provide to us in your application, from police forces and from police records. Our services are used to prevent crime and protect the vulnerable. The information we collect will only be disclosed to legitimate organisations who have a legal right to access this information. Disclosure Scotland reserves the right to share information with the police where it believes a crime may have been committed.
We will retain your data for a period of ten years. We protect your data in line with UK government information security standards and regularly test the security of our systems. All staff processing Disclosure Scotland applications are background checked before they are provided access to our systems.
We only process your information where you have provided us with your consent to do so.
For more details about how we process your personal information, please see our privacy policy