Our website uses cookies. By continuing to browse the site, you are agreeing to the use of these cookies. You can find out more here.

Hide this notice

 

EmploymentCheck Privacy Notice

 

Who are we?

Employment Check is an online system for Disclosure and Barring Service (DBS) and Disclosure Scotland disclosures, provided by Kent County Council.  Kent County Council collects, uses and is responsible for certain personal information about you. When we do so we are regulated under the General Data Protection Regulation which applies across the European Union (including in the United Kingdom) and we are responsible as ‘controller’ of that personal information for the purposes of those laws. Our Data Protection Officer is Benjamin Watts.

About the information we collect and hold

The table set out below summarises the information we collect and hold for this service, how and why we do so, how we use it and with whom it may be shared.

We seek to ensure that our information collection and processing is always proportionate. We will notify you of any changes to information we collect or to the purposes for which we collect and process it.

Information we collect

How we collect the information

Why we collect the information

How we use and share the information

Your identity data including title, name(s), date of birth, NI number, nationality, address history and place of birth

From you

To comply with our legal obligations

 

To perform the employment contract

 

Legitimate interest: to verify your identity

 

To comply with DBS / Disclosure Scotland application requirements in order to submit your application to the DBS / Disclosure Scotland

 

To enable validation of your identity as part of your application

 

To complete barred list checks where required

 

Information shared with the DBS, Disclosure Scotland, the Police and other regulatory authorities as required

 

Information shared with Experian for external ID validation if required (where you are unable to provide sufficient evidence to meet DBS requirements)

Your contact details including email address, telephone number(s) and postal address

From you

To perform the employment contract

 

Legitimate interests: to progress your application and keep you informed of progress and outcomes

To enable us to keep you informed of the progress of your application and outcome

 

Information shared with the DBS, Disclosure Scotland, the Police and other regulatory authorities as required

 

Information shared with Experian for external ID validation if required (where you are unable to provide sufficient evidence to meet DBS requirements)

ID verifier / manager name and email address

From the individual requesting the disclosure

To perform the employment contract

 

Legitimate interests: to progress your application and inform nominated individuals of disclosure outcomes

To enable us to keep ID verifiers / managers informed of the progress of an application and outcome

Your declaration of whether you have any convictions, cautions, reprimands or warnings

From you

To comply with our legal obligations

 

To perform the employment contract

 

Legitimate interests:

For reasons of substantial public interest (protecting the public against dishonesty, safeguarding children and individuals at risk)

 

Your consent

 

 

To comply with DBS / Disclosure Scotland application requirements in order to submit your application to the DBS / Disclosure Scotland

 

Information shared with the DBS, Disclosure Scotland, the Police and other regulatory authorities as required

 

For further information see below*

Information from your ID documents

From you and the ID verifier who has checked your ID documents

To perform the employment contract

 

To comply with our legal obligations

 

Legitimate interest: to verify your identity

 

 

To comply with DBS / Disclosure Scotland application requirements in order to submit your application to the DBS / Disclosure Scotland

 

To enable validation of your identity as part of your application

 

Information shared with the DBS, Disclosure Scotland, the Police and other regulatory authorities as required

 

Information shared with Experian for external ID validation if required (where you are unable to provide sufficient evidence to meet DBS requirements)

The outcome of your external ID validation check (pass/fail)

From Experian

To perform the employment contract

 

To comply with our legal obligations

 

Legitimate interest: to verify your identity

 

To comply with DBS application requirements in order to submit your application to the DBS / Disclosure Scotland

 

To enable validation of your identity as part of your application

 

Information shared with the DBS

Your disclosure certificate information

From the DBS / Disclosure Scotland

To perform the employment contract

 

To comply with our legal obligations

 

Legitimate interest: to verify the criminal records information provided by you

 

Legitimate interest: to confirm KCC as a registered body has undertaken a check on the applicant and complete re-checks in line with KCC policy (Disclosure Certificate number and Disclosure Certificate issue date only)

 

For reasons of substantial public interest (protecting the public against dishonesty, safeguarding children and individuals at risk)

 

Your consent

 

 

To make an informed recruitment / retention decision

 

To carry out statutory checks

 

Information shared with DBS, Disclosure Scotland, the Police and other regulatory authorities as required

 

Information shared with the nominated manager, KCC HR and other KCC departments e.g. Safeguarding as required in order to make an informed recruitment / retention decision

 

Certificate number and date of issue information may be shared with other organisations for the purpose of validating that KCC as a registered body has undertaken a check on you

 

For further information see below*

 

* We will comply with the additional conditions set out in the Data Protection Act 2018 which relate to criminal convictions and other special categories of personal data (sensitive personal information).Further details on how we handle sensitive personal information (and information relating to criminal convictions and offences) are set out in our Data Protection Policy and DBS Procedure (Criminal Records Policy).

 

We may less frequently use your criminal information for legal claims, where required to do so by a Court or where you have made the information public.

 

As there is a statutory and contractual basis for collecting your personal data if you do not provide the following we may be unable to progress your DBS/Disclosure Scotland disclosure application which may affect your ability to commence/continue in a job role or voluntary position.

 

  • Personal Data: Title, Name(s), Date of Birth, Address History, NI Number, Contact Details, Nationality, Gender, Town & Country of Birth, ID documents to verify your identity

 

  • Personal Sensitive Data: If any Convictions, Cautions, Reprimands or Warnings

 

How long your personal data will be kept

We will hold your personal information for a period of up to 6 months following receipt of your disclosure and a recruitment (or other relevant) decision has been made and the application archived.

In very exceptional circumstances where it is considered necessary to keep Disclosure information for longer than six months, we will consult the DBS about this and give full consideration to the Data Protection and Human Rights of the individual subject before doing so.

 

The following information is retained for the purposes of disclosure renewals and portability requests where we are required to confirm that KCC as the registered body has completed an disclosure check:

  • Application ID
  • Username
  • Forename
  • Surname
  • ID Verifier Username
  • DBS Vulnerable Adults checked
  • DBS Children’s Barred List checked
  • Position working with children or adults at the applicant’s home address
  • Volunteer
  • Workforce
  • Type of check required
  • DBS Application Reference
  • Disclosure number
  • Disclosure issue date
  • Separate barred list check required?
  • Recruitment decision
  • Certificate of Good Conduct required?
  • Certificate of Good Conduct received?
  • Position for which certificate was requested

 

Upon expiry any personal data will be securely destroyed.

Who we share your personal information with

 

We will share personal information with law enforcement or other authorities if required by applicable law.

We will share your personal information with our professional advisers if required for the purposes of establishing, exercising or defending legal proceedings.

We engage the following third party providers, with whom data may be shared (as required) to enable the delivery of this service:

Access to data is only granted where authorised by KCC and specifically required in line with our contract with them. System data is hosted within the UK by an ISO 27001 accredited supplier and supplier information security standards meet DBS requirements.

Where an external ID check is required in order to meet the DBS’s ID verification requirements we will share your personal data with Experian in order to undertake this check. When a search is made please be advised that:

  1. Experian may check the details you supply, against any particulars on any database (public or otherwise) to which Experian has access in order to carry out the relevant verification service,
  2. A specific (non-credit) footprint is left by Experian, and
  3. A record of the decision made is available for us (Experian’s Client) to retrieve for auditory purposes.

For further information please see Experian’s Information Notice

 

Your Rights

Under the GDPR you have a number of rights which you can access free of charge which allow you to:

·         Know what we are doing with your information and why we are doing it

·         Ask to see what information we hold about you

·         Ask us to correct any mistakes in the information we hold about you

·         Object to direct marketing

·         Make a complaint to the Information Commissioners Office

 

Depending on our reason for using your information you may also be entitled to:

·         Ask us to delete information we hold about you

·         Have your information transferred electronically to yourself or to another organisation

·         Object to decisions being made that significantly affect you

·         Object to how we are using your information

·         Stop us using your information in certain ways

 

We will always seek to comply with your request however we may be required to hold or use your information to comply with legal duties. Please note: your request may delay or prevent us delivering a service to you.

 

 

For further information about your rights, including the circumstances in which they apply, see the guidance from the UK Information Commissioners Office (ICO) on individuals’ rights under the General Data Protection Regulation.

If you would like to exercise a right, please contact the Information Resilience and Transparency Team at data.protection@kent.gov.uk.

Consent  - Withdrawal

In some circumstances where you have provided your consent for the processing of your criminal records information you have the right to withdraw your consent at any time by notifying us in writing via email to data.protection@kent.gov.uk.  On receipt of notification that you have withdrawn your consent we will no longer process your information for that purpose, unless we have another legitimate basis for doing so in law.

 

Keeping your personal information secure

We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Who to Contact

Please contact the Information Resilience and Transparency Team at data.protection@kent.gov.uk to exercise any of your rights, or if you have a complaint about why your information has been collected, how it has been used or how long we have kept it for.

You can contact our Data Protection Officer, Benjamin Watts, at dpo@kent.gov.uk.

The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns or telephone 03031 231113.

For further information visit https://www.kent.gov.uk/about-the-council/about-the-website/privacy-statement

 

EXPERIAN DATA SERVICES END USER TERMS

 

1. Definitions

 

1.1 The following words and phrases shall have the following meanings:-

 

  • "The Agreement" means these Experian Data Services End User Terms;
  • "Authorised Personnel" means an employee of Your company who You have authorised to access the Experian Data;
  • "Confidential Information" means the Experian Data and the provisions of the Agreement;
  • "Experian Data" means any of the data forming part of the Experian Data Service;
  • "Experian Data Charge" means the amount payable in respect of the Experian Data;
  • "Experian Data Service" means the service known as "Authenticate";
  • "Integrated Service" means employmentcheck;
  • "Managed Service" means the managed services as described in the contract and/or Service Level Agreement between the Service Provider and the End User;
  • "Services Provider" means Kent County Council;
  • "Term" means unless terminated earlier, the shorter of (i) the term of the contract between the Services Provider and You, or (ii) the term of the agreement between the Service Provider and Us;
  • "We" means Experian Limited (and "Us" and "Our" shall be construed accordingly);
  • "You" means the person to whom the Services Provider provides the Integrated Service (and "Your" shall be construed accordingly).

1.2 Terms defined in the Agreement will have the meanings ascribed to them in the Agreement.

 

2. Provision of Experian Data

 

2.1 We will provide Experian Data for the Term direct to the Services Provider for it to use on Your behalf for use as part of the Managed Service or Integrated Service (as the case may be). You are entitled to request searches during the Term at your discretion which involve Our provision of Experian Data only for Your use. We shall only provide You with Experian Data, that You are entitled to receive for the purposes of making an ID Verification check.

 

2.2 You will not use any Experian Data for any purpose other than the receipt of the Managed Service or Integrated Service (as the case may be) nor adapt, alter or modify the Experian Data.

 

2.3 You undertake that on each occasion that You wish to use the Managed Service or Integrated Service to carry out ID Verification checks You shall obtain a consent from the relevant individual in the following terms:

 

"You may undertake a search with Experian for the purposes of verifying my identity. To do so Experian may check the details I supply against any particulars on any database (public or otherwise) to which they have access. They may also use my details in the future to assist other companies for verification purposes. A record of the search will be retained."

 

If any such consent is not obtained by You, You undertake that You shall not attempt to use the Experian Data Services in respect of the relevant individual.

 

2.4 In order for Us to provide the Experian Data Services to You and in order for Us to comply with the licence terms which British Telecommunications plc and/or other third party suppliers of telephone number data require all users of such data similar to Us to accept, You:

 

2.4.1. Appoint Us, as Your agent under this Agreement for the purpose of using Your data to carry out directory enquiry searches for and on behalf of You;

 

2.4.2. Authorise and instruct Us to:

 

2.4.2.1 Use any retrieved telephone numbers resulting from such directory enquiries for the sole purpose of comparing such telephone numbers against any telephone numbers contained within the relevant and applicable data and producing a score based upon whether there was or was not a match of telephone numbers; and

 

2.4.2.2. Incorporate the score referred to in Clause 2.4.2.1 into the overall score delivered by the Experian Data Services;

 

2.4.3. Further instruct and confirm to Us that telephone numbers retrieved from such directory enquiry searches are for use as input into the comparison process described in Clause 2.4.2 only and We are not required to return such telephone numbers to You.

 

3. Intentionally left blank.

 

4. Liability

 

4.1 Your contract for the Managed Service or Integrated Services is between you and the Services Provider. Subject to Clause 4.2 below, We shall not have any liability to You arising out of or in respect of Your use of the Experian Data. Without prejudice to the foregoing, We shall not have any liability to you for any indirect or consequential loss.

 

4.2 Nothing in these Terms and Conditions shall limit or exclude Our liability to You for death or personal injury caused by Our negligence, or the negligence of our servants or agents.

 

5. Compliance

 

5.1 Each of us shall in connection with the provision or use of the Experian Data (as appropriate) comply with all legislation, regulations and other rules having equivalent force which are applicable to each of us, including the Data Protection Act 1998 ("DPA"), and the Representation of the People Act 2000 and any regulations made thereunder (including the Representation of the People Regulations 2001) as amended from time to time ("ROPA Laws").

 

5.2 You will permit only expressly Authorised Personnel to have access to the Experian Data.

 

5.3 You will use the Experian Data Services, in accordance with any guidance that Services Provider issues to You.

 

5.4 If requested by Us, You agree to provide written evidence to Us evidencing the validity of Your search requests and Your compliance with the Data Protection Act 1998 in respect of each search.

 

6. Confidentiality

 

6.1 You will keep the Confidential Information strictly confidential and not disclose any part of the same to any person except as permitted by or required for the purposes of the receipt of the Integrated Services.

 

6.2 The provisions of Clause 6.1 above do not apply to any information to the extent is or comes within the public domain, or is required to be disclosed by law, court order or government.

 

6.3 For the purposes of the Freedom of Information Act 2000 ("FOIA") We believe that disclosure of the Confidential Information would prejudice our commercial interests, and would be in breach of confidence, and that the Confidential Information constitutes a trade secret. You will inform Us as soon as reasonably practical of any request for disclosure made to You under the FOIA in respect of the Confidential Information.

 

7. General

 

7.1 The copyright, database rights and all other intellectual property rights in the Experian Data will remain vested in Us (or Our third party licensors).

 

7.2 The provisions of these Terms and Conditions will.remain in force until either (i) the Service Provider’s agreement with Experian is terminated or (ii) You are no longer receiving the Experian Data Services as part of the Managed Service or the Integrated Services from the Services Provider, whichever is the earliest. However, We may terminate Your entitlement to have the Experian Data used as part of the Integrated Services on written notice to You and the Services Provider if You commit a material breach of any of these Terms and Conditions which is not remedied within 28 days after receipt of a notice from Us specifying the breach, requiring its remedy and making clear that failure to remedy may result in such termination.

 

7.3 If any part of these Terms and Conditions is found to be invalid or unenforceable by any Court or other competent body such invalidity or unenforceability shall not affect the other provisions of these Terms and Conditions and such other provisions shall remain in full force and effect.

 

7.4 If either of us fails to exercise a right or remedy which arises in relation to these Terms and Conditions, such failure shall not prevent the exercise of that right or remedy subsequently in respect of that or any other incident.

 

7.5 A waiver of any breach of these Terms and Conditions shall only be effective if it is made in writing and signed on behalf of the party who is waiving the breach or provisions. Any waiver of a breach of any terms of these Terms and Conditions shall not be deemed a waiver of any subsequent breach and shall not affect the enforceability of any other of these Terms and Conditions.

 

7.6 Nothing in this Agreement shall be construed as creating a right which is enforceable by any person who is not a party to this Agreement.

 

7.7 These Terms and Conditions and all matters arising out of them shall be governed by, and construed in accordance with the Laws of England. The English Courts shall have exclusive jurisdiction over any claim or matter which may arise out of or in connection with these Terms and Conditions.

 

Disclosure Scotland Basics Privacy Policy

Disclosure Scotland (“we”) are an agency of the Scottish Government and the services we provide are governed by the Police Act 1997 and the Protection of Vulnerable Groups (Scotland) Act 2007.

Questions, queries and comments in relation to how we process your personal information are welcome and should be addressed to our Data Protection Officer at DSDPO@gov.scot.  

Disclosure Scotland is fully committed to compliance with all applicable data protection legislation and our operations and processes are in accordance with law. Where you provide us with consent to do so, we will collect personal information about you which you provide to us in your application, from police forces and from police records. Our services are used to prevent crime and protect the vulnerable. The information we collect will only be disclosed to legitimate organisations who have a legal right to access this information. Disclosure Scotland reserves the right to share information with the police where it believes a crime may have been committed.

We will retain your data for a period of ten years. We protect your data in line with UK government information security standards and regularly test the security of our systems. All staff processing Disclosure Scotland applications are background checked before they are provided access to our systems.

We only process your information where you have provided us with your consent to do so.

For more details about how we process your personal information, please see our privacy policy at

https://www.mygov.scot/privacy/?via=http://www.disclosurescotland.co.uk/about/PrivacyPolicyandDisclaimer.htm