When providing this information to us Credence recognises the importance of looking after your data: keeping it secure and only using it for the purpose for which we have been engaged, to do your background screening checks. This document explains in more detail what information we require, what we will do with your data and what you can expect from us. It will also explain your rights under the Data Protection Act 2018, the GDPR and related legislation.
In the screening process Credence is the Data Processor and your employer or future employer is the Data Controller, please contact your employer to find out more about the specific Lawful Purpose on which they have based your data processing.
Credence will request, either directly or through your employer, for your Consent prior to commencing the background screening checks. The Consent is requested mainly for screening practical reason (e.g. to be able to obtain your employment/educational reference from former employers/educational institutions); for data transfers outside the EU (see below reasons and conditions of this transfers); and for criminal records checks.
You can, at any time, withdraw your consent and we will immediately restrict the processing of your data. We will notify your current or future employer that you have withdrawn your consent. To withdraw your consent you should notify Credence or the Data Controller. Credence’s contact details are included in the invitation email that you received with the link to the screening process.
Our online screening form is designed only to collect the information necessary in order to carry out the background checks that your current or future employer has asked us to undertake. In doing so it is important that you complete the form, providing as much information as possible to help us complete the screening process as quickly as possible.
In the course of our work we also collect information from other private and government organisations.
Depending on the Service Level Agreement set up between Credence and each of its Clients, it may be required to undertake a Credit Check on your financial activity (generally for the past 5 years). In order to vet for that information, we use TransUnion, a Credit Reference Agency compliant with the CRAIN Privacy Policies drawn up by the ICO and major financial services trade associations. The CRAIN privacy notice can be found at the following address: https://www.callcredit.co.uk/legal-information/bureau-privacy-notice
Credence will only disclose your personal information to individuals and private and government organisations where it is necessary for the purpose of undertaking background screening checks in accordance with the agreement with our client.
We will only use this information for the sole purpose for which it is collected, i.e. your background screening: specifically, we will not sell this information, transfer it to third parties unconnected with your screening or use it for marketing purposes.
As part of the background screening we may use other organisations to process data (sub-processors); for example, where we need assistance to obtain the results of your background screening checks. We only use sub-processors where it is either necessary to obtain the information required, or where due to language needs or time differences it makes sense to use a sub-processor. We use a very limited number of companies who are subject to a supplier evaluation review and with whom we have contracts in place to ensure your data protection rights.
In the course of processing your data it may be necessary for us to transfer some of it to other countries, including those outside the EEA. This will be because you have worked or lived outside the EEA during the period covered by your screening. Before doing so we will ask your permission which is included in the consent you are asked to sign prior to us commencing your background screening. If we need to send your personal data outside the EEA, we will only send the information required to complete that element of your background screening.
We have taken measures to ensure your data is protected from unauthorised access. Your data is stored in a secure ISO 27001 data centre located in the UK. Access to our online system is through unique user ids and passwords. Access to the internal processing application is linked to authorised IP addresses only. Our data host provider encrypts the data and we also have a second level of encryption of all personal data using AES 256 and our own private encryption key
In line with Data Protection regulations we will only keep your personal data for no longer than is necessary. This period is defined by the agreement between your employer/future employer and us; however, our standard retention period is 6 months following the completion of your background screening, after which all your personal data is automatically removed from our systems.
Where we are made aware of personal or sensitive personal data that has been processed by Credence that is incorrect, we will take reasonable steps to investigate whether the information is incorrect and, if so, update our records to reflect the correct position. We will also notify details of the changes to any parties with whom we have shared the data.
If you have any questions in connection with this Privacy Statement or concerns regarding privacy issues then email us at firstname.lastname@example.org or write to us at the following address:
Data Protection Officer,
1 Suffolk Way,
Kent TN13 1YL.
Should you wish to report a complaint or if you feel that Credence has not addressed your concern in a satisfactory manner, you may contact the Information Commissioner’s Office.