General Data Protection Regulations
This privacy notice is a public declaration of how DBS Services applies the Data Protection Principles and Rights afforded to individuals by the General Data Protection Regulation (GDPR), to the personal data that we process.
DBS Services is committed to complying with the 6 principles relating to the processing of personal data under the GDPR in all that we do.
These principles are:
- Lawfulness, fairness & transparency.
- Purpose limitation.
- Data minimisation.
- Storage limitation.
- Integrity and confidentiality.
What information is being collected? –
- We may collect, store and use the following kinds of personal data:
- (a) information about your computer and about your visits to and use of our websites, such as your IP address, geographical location, browser type, referral source, length of visit and number of page views;
- (b) information that you provide to us for the purpose of registering with us (including your name, email address, telephone number, postal address, and company details);
- (c) information relating to any transactions carried out between you and us on or in relation to our service including information relating to any purchases you make of our products; such as criminal record disclosures, credit checks, and id verification/validation.
- (d) information that you provide to us for the purpose of subscribing to our website services, email notifications, updates and/or newsletters;
- (e) Information relating to identifiable individuals, such as job applicants, current and former employees, agency, contract and other staff, clients, suppliers and marketing contacts.
- (e) any other information that you choose to send to us.
Who is collecting it?
The data is collected by staff members of DBS Services, partners, third party associates and co-organisers.
How is it collected?
The data is collected via our websites, 3rd party platforms, such as Disclosure and Barring Service, Disclosure Scotland, SagePay and Experian (this is an example of our platforms and is not an exhaustive list). It is further collected in person through personal connection by any of our staff, partners, associates and 3rd party co-organiser. We also collect data through our email, messaging services, via telephone and through other similar communication systems.
Why is it being collected?
The data is being collected in order to provide our service to our customers.
To send statements and invoices, to collect payments, and deal with enquiries and complaints.
To administer our website, improve your browsing experience by personalising the website and enable your use of the services available on the website;
We may analyse the data to better understand our customers, their demographics and understand how we can help them. It assists us in product development and training of staff. We further collect the data in order to contact individuals and organisations in order to fulfil our business activity.
If you choose not to give personal information
We may need to collect personal information by law, or under the terms of a contract we have with a client.
If an individual chooses not to give us this personal information, it may delay or prevent us from meeting our obligations. It may also mean that we cannot perform services the client has requested.
It could mean the necessity to cancel a product or service.
Where clients have made criminal record checks, credit checks, and employment screening conditional upon the issuance of an employment contract there may be implications for failing to complete the process.
DBS Services takes no liability for the failure of individuals to engage with any employment screening process on behalf of a client.
Any data collection that is optional would be made clear at the point of collection.
How will it be used?
Who will it be shared with?
The data will be shared with other partners and third-party organisations that we are working with to provide our services. We will never sell any data and only share data with partners who are working with us on a specific project. Those partners are not given access to any data for any project they are not a party to.
We will not without express consent from the individual provide personal information to any third parties for the purpose of direct marketing.
Our websites uses secure encrypted contact and registration forms provided by Kent County Council’s hosting provider; Daisy Group Plc. and are used solely for contact/registration purposes.
Third Party Websites
Our websites contain links to other websites. We are not responsible for the privacy policies or practices of third party websites.
Legal basis for processing information
DBS Services is required to process personal information of data subjects as part of its client contractual obligations in the performance of conducting criminal record disclosures and other related employment screening services on behalf of its client(s). Criminal record disclosures and other related services are typically carried out as a result of regulatory or legal obligations for the client or as part of a best practice risk mitigation process and policy. All processing of personal data by DBS Services is carried out with the full and explicit consent of each data subject.
We may disclose information about you to any of our employees, officers, suppliers insofar as reasonably necessary to fulfil our obligations for the purposes as set out in this privacy statement.
In addition, we may disclose your personal information:
- to the extent that we are required to do so by law;
- in connection with any legal proceedings or prospective legal proceedings;
- in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk);
- to the purchaser (or prospective purchaser) of any business or asset which we are (or are contemplating) selling; and
- to any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information.
- except as provided in this privacy statement, we will not provide your information to third parties.
International data transfers
No data will be transferred outside of the EEA without first discussing it with the data protection officer.
If you use our services while you are outside the EEA, your information may be transferred outside the EEA in order to provide you with those services.
Security of your Private Information
The application system is hosted by Daisy Communications Ltd who have successfully achieved ISO9001 certification for Quality Management, ISO 14001 certification for Environmental Management and ISO27001 certification for Information Security with backups run daily. We continue to take all reasonable technical and organisational precautions to prevent the loss, misuse, or alteration of your personal information. All electronic transactions you make to or receive from us will be encrypted. Of course, data transmission over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.
You are responsible for keeping your password and user details confidential. We will not ask you for your password (except when you log in to our systems).
We retain personal data only for so long as it may be required to help provide our Services or where we believe we are required to retain data for legal purposes and we will not transfer data to any 3rd party without prior permission from the individual concerned.
Updating of information
Please let us know if the personal information which we hold about you needs to be corrected or updated.
DBS Services recognises further rights of data subjects under the GDPR which include;
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- More information on Direct Marketing
- The right to withdraw consent
- The right to complain to the Supervisory Authority
- Rights related to automated decision making and profiling
Contact details of our data controller
DBS Services, 16 Arden Court, Horbury, Wakefield, West Yorkshire WF4 5A
We may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive. They help us to improve the Site and to deliver a better and more personalised service. Some of the cookies we use are essential for the site to operate. They enable us:
- to estimate our audience size and usage pattern;
- to store information about your preferences, and so allow us to customise the Site according to aggregate preferences;
- to speed up your searches; and
- to recognise you when you return to the Site.
The main cookies that we use provide us with valuable data about our website. These are from Google Analytics and are completely anonymous, telling us information such as how many people have visited our website and which pages are the most popular. This allows us to ensure that our website is doing its job and make improvements to help you use the site. If you would like to opt out, you can do so at http://tools.google.com/dlpage/gaoptout.
We also link to other websites, these sites are not controlled by us, we cannot guarantee the cookies that they are using and suggest that you read their privacy policies to be absolutely sure.
If you do not wish cookies to be used, the best way around this is to turn off cookies in your browser settings so that they are not used on any website. To do this, you can go to your privacy settings in either Tools or Options depending on your browser.