DBS Privacy Notice

 

Employment Check is an online system for Disclosure and Barring Service (DBS) disclosures. The suffolk.employmentcheck.org.uk website is operated by Suffolk County Council (SCC) who are registered with the DBS as an umbrella body. SCC collects, uses and is responsible for certain personal information about you. When we do so we are regulated under the General Data Protection Regulation which applies across the European Union (including in the United Kingdom) and we are responsible as ‘controller’ of that personal information for the purposes of those laws.

About the information we collect and hold

The table set out below summarises the information we collect and hold for this service, how and why we do so, how we use it and with whom it may be shared.

We seek to ensure that our information collection and processing is always proportionate. We will notify you of any changes to information we collect or to the purposes for which we collect and process it.

Information we collect

How we collect the information

Why we collect the information

How we use and share the information

Your identity data including title, name(s), date of birth, NI number, nationality, address history and place of birth

From you

To comply with our legal obligations

 

To perform the employment contract

 

Legitimate interest: to verify your identity

 

To comply with DBS / Disclosure Scotland application requirements in order to submit your application to the DBS / Disclosure Scotland

 

To enable validation of your identity as part of your application

 

To complete barred list checks where required

 

Information shared with the DBS, Disclosure Scotland, the Police and other regulatory authorities as required

 

Information shared with Experian for external ID validation if required (where you are unable to provide sufficient evidence to meet DBS requirements)

Your contact details including email address, telephone number(s) and postal address

From you

To perform the employment contract

 

Legitimate interests: to progress your application and keep you informed of progress and outcomes

To enable us to keep you informed of the progress of your application and outcome

 

Information shared with the DBS, Disclosure Scotland, the Police and other regulatory authorities as required

 

Information shared with Experian for external ID validation if required (where you are unable to provide sufficient evidence to meet DBS requirements)

ID verifier / manager name and email address

From the individual requesting the disclosure

To perform the employment contract

 

Legitimate interests: to progress your application and inform nominated individuals of disclosure outcomes

To enable us to keep ID verifiers / managers informed of the progress of an application and outcome

Your declaration of whether you have any convictions, cautions, reprimands or warnings

From you

To comply with our legal obligations

 

To perform the employment contract

 

 

For reasons of substantial public interest (protecting the public against dishonesty)

 

Your consent

 

 

To comply with DBS / Disclosure Scotland application requirements in order to submit your application to the DBS / Disclosure Scotland

 

Information shared with the DBS, Disclosure Scotland, the Police and other regulatory authorities as required

 

For further information see below*

Information from your ID documents

From you and the ID verifier who has checked your ID documents

To perform the employment contract

 

To comply with our legal obligations

 

Legitimate interest: to verify your identity

 

 

To comply with DBS / Disclosure Scotland application requirements in order to submit your application to the DBS / Disclosure Scotland

 

To enable validation of your identity as part of your application

 

Information shared with the DBS, Disclosure Scotland, the Police and other regulatory authorities as required

 

Information shared with Experian for external ID validation if required (where you are unable to provide sufficient evidence to meet DBS requirements)

The outcome of your external ID validation check (pass/fail)

From Experian

To perform the employment contract

 

To comply with our legal obligations

 

Legitimate interest: to verify your identity

 

To comply with DBS application requirements in order to submit your application to the DBS / Disclosure Scotland

 

To enable validation of your identity as part of your application

 

Information shared with the DBS

Your disclosure certificate information

From the DBS / Disclosure Scotland

To perform the employment contract

 

To comply with our legal obligations

 

Legitimate interest: to verify the criminal records information provided by you

 

Legitimate interest: to confirm SCC as a registered body has undertaken a check on the applicant and complete re-checks in line with SCC policy (Disclosure Certificate number and Disclosure Certificate issue date only)

 

For reasons of substantial public interest (protecting the public against dishonesty)

 

Your consent

 

 

To make an informed recruitment / retention decision

 

To carry out statutory checks

 

Information shared with DBS, Disclosure Scotland, the Police and other regulatory authorities as required

 

Information shared with the nominated manager, HR and other departments e.g. Safeguarding as required in order to make an informed recruitment / retention decision

 

Certificate number and date of issue information may be shared with other organisations for the purpose of validating that SCC as a registered body has undertaken a check on you

 

For further information see below*

 

We will comply with the additional conditions set out in the Data Protection Act 2018 which relate to criminal convictions and other special categories of personal data (sensitive personal information).Further details on how we handle sensitive personal information (and information relating to criminal convictions and offences) are set out in our Data Protection Policy and DBS Procedure (Criminal Records Policy).

 

As there is a statutory and contractual basis for collecting your personal data if you do not provide the following we may be unable to progress your DBS/Disclosure Scotland disclosure application which may affect your ability to commence/continue in a job role or voluntary position.

 

  • Personal Data: Title, Name(s), Date of Birth, Address History, NI Number, Contact Details, Nationality, Gender, Town & Country of Birth, ID documents to verify your identity

 

  • Personal Sensitive Data: If any Convictions, Cautions, Reprimands or Warnings

 

How long your personal data will be kept

We will hold your personal information for a period of up to 6 months following receipt of your disclosure and a recruitment (or other relevant) decision has been made and the application archived.

In very exceptional circumstances where it is considered necessary to keep Disclosure information for longer than six months, we will consult the DBS about this and give full consideration to the Data Protection and Human Rights of the individual subject before doing so.

 

The following information is retained for the purposes of disclosure renewals and portability requests where we are required to confirm that SCC as the registered body has completed an disclosure check:

  • Application ID
  • Username
  • Forename
  • Surname
  • ID Verifier Username
  • DBS Vulnerable Adults checked
  • DBS Children’s Barred List checked
  • Position working with children or adults at the applicant’s home address
  • Volunteer
  • Workforce
  • Type of check required
  • DBS Application Reference
  • Disclosure number
  • Disclosure issue date
  • Separate barred list check required?
  • Recruitment decision
  • Certificate of Good Conduct required?
  • Certificate of Good Conduct received?
  • Position for which certificate was requested

 

Upon expiry any personal data will be securely destroyed.

Who we share your personal information with

We will share personal information with law enforcement or other authorities if required by applicable law.

We will share your personal information with our professional advisers if required for the purposes of establishing, exercising or defending legal proceedings.

We engage the following third party providers, with whom data may be shared (as required) to enable the delivery of this service:

Access to data is only granted where authorised and specifically required in line with our contract with them. System data is hosted within the UK by an ISO 27001 accredited supplier and supplier information security standards meet DBS requirements.

 

Your Rights

Under the GDPR you have a number of rights which you can access free of charge which allow you to:

         Know what we are doing with your information and why we are doing it

         Ask to see what information we hold about you

         Ask us to correct any mistakes in the information we hold about you

         Object to direct marketing

         Make a complaint to the Information Commissioners Office

 

Depending on our reason for using your information you may also be entitled to:

         Ask us to delete information we hold about you

         Have your information transferred electronically to yourself or to another organisation

         Object to decisions being made that significantly affect you

         Object to how we are using your information

         Stop us using your information in certain ways

 

We will always seek to comply with your request however we may be required to hold or use your information to comply with legal duties. Please note: your request may delay or prevent us delivering a service to you.

Requesting access tyour personal data

Under data protection legislation, individuals have the right to request access to information about them that whold. Tmake a request foyour personal information contacData.Protection@suffolk.gov.uk.

Keeping your personal information secure

We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

You also have other rights regarding your personal data which are set out in SCC’s corporate Privacy Noticewhich can be seen here: https://www.suffolk.gov.uk/about/privacy-and-data-protection/

If you have a concern about the way ware collecting or using your personal data, please contact us in thfirst instance, by writing to the Data Protection Manager at Constantine House, 5 Constantine Road, Ipswich IP1 2BX or by e-mailing data.protection@suffolk.gov.uk.

Alternativelyyou can contact thor the Information CommissionerOffice at

https://ico.org.uk/concerns/

Further information

SCC’s corporate privacy notice is available ahttps://www.suffolk.gov.uk/about/privacy-and- data-protection/Iyou would like further informatioabout this privacy notice, please contact: humanresources@suffolk.gov.uk

Confirm Deletion?

Are you sure you wish to delete this item?

Warning

Warning