Privacy Policy: Candidate (UK)
This Privacy Policy describes how Avvanz with company registration number: [_____] (“Avvanz”) in accordance with EU General Data Protection Regulation (GDPR) and UK GDPR, And, as required pursuant to the Data Protection Legislation (Article 32 of the GDPR); and other measures necessary in order for the Processor to comply with the data privacy requirements and the Data Protection Act 2018 is all about transparency, and thus it requires a Privacy Policy respects and protects the privacy of our employees, clients, service providers, stakeholders, and the general public (data subjects) apply to all “personal data,” which includes any information relating to a living, identified or identifiable person.
This Policy applies to information that Avvanz collects about its clients for the purpose of a background screening, job applicants, and employees (as well as other individuals who have given their written authorization for Avvanz to conduct a background investigation on them). We will only use this information in a way that is consistent with applicable laws.
We commit to ensuring compliance with the strictest standards of security and confidentiality regarding all personal or sensitive personal information submitted to us by our data subjects.
All Requesting Organizations must follow the DBS/DS Code of Practice, the General Data Protection Regulation (GDPR), and the UK GDPR, and have a policy for hiring ex-offenders as well as a policy for the secure storage, handling, use, retention, and disposal of Disclosure Certificates and Disclosure Information. Please go to the Requesting Organization’s privacy notice or agreement for more information on how they may use your data.
The principles of data protection
The Legislation stipulates that anyone processing personal data must comply with six data protection principles of good practice. These Principles are legally enforceable.
The Principles are:
- Lawfulness: this principle is about having a good justification for collecting and using personal data;
- Fairness: data collected must be relevant with the purpose of the processing;
- Transparency: data subject must be informed and the data processed in a transparent manner;
- Purpose Limitation: data must only be collected where there is a legitimate purpose for processing and not be processed in a manner that is incompatible with the original purposes;
- Data Minimisation: the type and scope of the processed data must be adequate, relevant and limited to what is necessary in relation to the purpose;
- Accuracy: data must be accurate and where possible kept up to date;
- Storage Limitation: data may be stored no longer than necessary for the specified purposes;
- Integrity and Confidentiality: this principle is about keeping personal data secure, not just from unauthorized access but from accidental damage or deletion;
- Accountability: besides complying with the Legislation, it is necessary to demonstrate compliance. (a) an identifier such as a name, an identification number, location data or an online identifier, or (b) one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of the individual.
Personal data means any information relating to an identified or identifiable living individual:
“Identifiable living individual” means a living individual who can be identified, directly or indirectly, in particular by reference to:
Data Controller and Data Processor
In the processing of personal data for its own employment purposes, Avvanz shall act as a data Controller.
Avvanz shall act in the capacity of data Processor for the processing of personal data on behalf of its clients, pursuant to the provision of the background screening services as per its core activity. In these circumstances, Avvanz’ clients shall be considered the data Controllers, unless they specifically inform that they are also Processors, in which case their own end-clients shall be regarded as the data Controllers. For the avoidance of any doubt, Avvanz shall always follow the instructions given by its Clients, regardless of if they are Processors or Controllers.
For the purpose of this policy, the terms data Controller and data Processor shall be understood in accordance with the relevant definitions set out in the Legislation.
- Application of this Privacy Policy
- 1.”Personal Data” The term “data” refers to information about an individual, such as their telephone number, email address, NRIC number, home address, employment details, educational qualifications, and transaction activity in relation to the purchase of services from us or from that data in combination with other information to which we may have access.
- 2.By using any, services, or campaigns offered by Avvanz or submitting information to or otherwise communicating with Avvanz, you agree and consent to Avvanz and our related entities, affiliates, and subsidiaries (individually and collectively, “Companies”), as well as their respective representatives and/or agents (collectively referred to herein as “Avvanz”, “us”, “we” or “our”) collecting, using, and disclosing your Personal Data in accordance with this Privacy Policy. “You” or “your” means any individual to whom the Act applies and includes an individual actual or prospective customer, but excludes any corporate entity (including corporate customers) and any other entity that is excluded under the Act.
- 3.This Privacy Policy does not override any other consents you may have provided to us with respect to your Personal Data, and your consent to this Privacy Policy is in addition to any other rights the Companies may have at law to collect, use or disclose you’re Personal Data.
- 4. This Privacy Policy and your use of this website are governed in all respects by the laws of UK GDPR.
- Collection & Consent
2.1. Your personal data may be collected from you in one or more of the following ways by verbal consent, by automated means, or by a combination of both:
We will use the information you submit in your application to execute the checks requested by the Requesting Organization. All information requested is used solely to create a Disclosure and is collected, stored, and processed in compliance with UK GDPR and GDPR. We will maintain the confidentiality of your personal information and will not disclose it to any third party except:
- As necessary for providing our Criminal Record online service to you; or
- As required by law. The sort of information gathered will be determined by the type of check requested and the documents You have on hand.
- When you communicate with our customer service officers, for example by meeting, email, or telephone call, you are hereby consenting to have these communications recorded;
- When you use some of our services, such as registering for an online account with us, you’re helping us create a better experience for our customers;
- When you request that we contact you, please include your name and contact information in an email or other mailing list;
- When responding to our promotions, campaigns, or other initiatives, or attending our events;
- When we receive references from business partners and third parties, e.g., where you have consented to be referred by them;
- When you visit our websites;
- when you participate in any survey or promotion conducted by us and/or our business partners (including by submitting photos);
- For video recordings, (CCTV) when visiting our premises or photo or video recordings at events;
- When we receive information about you from third-party social networking services, you choose to connect with them;
- our processing of that information for that specific reason.; and/or
- In order to authenticate Your identity, you will be requested to present identity verification. If you are unable to give the Disclosure and Barring Service with Route 1 documents, (also known as DBS), We will confirm Your identity by comparing the personal information You provide to the information stored about You on other databases to which we have access, such as those kept by credit reference agencies (CRAs), such as Equifax. Before this occurs, the Identity Verifier will notify You in advance.
- Checking your information with Equifax is solely for the purpose of confirming your identification. This is referred to as a soft search and is not a credit check. You can conduct an infinite number of soft searches on your credit record without affecting your credit report or score. These will appear on your credit record for a period of 12 months.
- Each CRA has created its own version of a notice that details how the three major credit reference agencies, Equifax, Experian, and TransUnion (previously Callcredit), (also referred to in the notice as “credit reference agencies” or “CRAs”) use and exchange personal data. This personal data, often known as ‘bureau data,’ that they obtain about you and/or your firm is used in credit activities.
The Equifax notice can be found at the following address: https://www.equifax.co.uk/crain.html
All data is kept in a secure environment that complies with ISO27001 and ISO 27701. Everything you need to know about disclosure is encrypted and transmitted to and from DBS through a secure government channel.
We shall forward Your information to either Disclosure Scotland or the Disclosure & Barring Service in order to conduct a criminal records check.
2.1.1 Criminal Record Checks
If Your application will include a criminal records check from the Disclosure & Barring Service, please read the information on Your rights as a Disclosure & Barring Service applicant. This information can be found at:
https://www.gov.uk/government/publications/dbs-privacy-policies
Avvanz will receive a result indicator from the Disclosure & Barring Service. This will be displayed as “Clear” or
“Please see Paper Certificate.” This information will also be provided to the Requesting Organization. We will ask You to confirm that You are happy for Us to obtain this information from the Disclosure & Barring Service before You submit Your application.
For basic checks, if you chose to obtain the certificate, a paper certificate will be printed and mailed to the address you provided in the application. Unless You choose to share this information with them by requesting that the paper certificate be directed to them or giving them a copy of the paper certificate, neither the Requesting Organization nor Avvanz will be able to see any of the conviction data. Otherwise, they will only see the indicator result as it is displayed online.
For Standard and Enhanced checks, a paper certificate will be printed and mailed to the address you specify in your application. Unless You opt to share this information with them by requesting that the paper certificate be directed to them or giving them a copy of the paper certificate, neither the Requesting Organization nor First Advantage will be able to see any of the conviction data. Otherwise, they will only see the indicator result as it is displayed online.
If Your application will include a criminal records check from Disclosure Scotland, We will ask You to confirm that You are happy for Us to receive your certificate from Disclosure Scotland before You submit Your application. We may give a copy to the Requesting Organization and keep a copy of the disclosure certificate for 6 months following completion.
2.2. Unless we are legally required to do so, we will not collect, use, or disclose your Personal Data (including your NRIC number or, where applicable, a copy of your NRIC) without your consent. We will only collect, use, and disclose your Personal Data to the extent necessary and relevant to the purposes for which they are needed and to which you have consented.
2.3. You warrant and represent to us that (a) the Personal Data which you disclose to us is accurate and complete; and (b) where you volunteer Personal Data of another person to us, that you are authorized by such other person to disclose such Personal Data to us, and that such Personal Data is accurate and complete.
2.4. You should consult your parent or guardian before giving us your personal data if you are under the age of eighteen.
- Purposes for which we collect, use, share and disclose your Personal Data
3.1. Your personal information may be collected, shared, used, and/or disclosed for the following purposes and to the extent allowed by law:
- Acts on the Requesting Organization’s directions and will use the information You give in Your application to conduct criminal records checks as authorized by them.
- To verify and process your personal particulars and payments;
- To provide goods and services to you;
- To respond and deal with inquiries, complaints, and other customer-care matters or otherwise communicate with you;
- To monitor or record phone calls and customer-facing interactions for quality assurance, employee training and performance evaluation, and identity verification purposes;
- To verify and manage payment, billing, account, credit checks, and debt-recovery matters;
- To send you information, promotions, updates, and marketing and advertising materials in relation to our goods and services and that of our group companies;
- To manage, develop and improve our business and operations to serve you better;
- To carry out market research and customer surveys;
- To conduct investigations or audits or carry out crime and fraud prevention and risk management activities;
- To comply with legal and regulatory requirements;
- To enforce our legal rights and obligations;
- To facilitate business asset transactions (which may extend to any mergers, acquisitions, or asset sales);
- For other purposes for which we have obtained your consent; and
- For any other legitimate purposes necessary, ancillary, or related to the above-specified purposes.
3.2. Your Personal Data may be shared with people who work for us, other companies, or groups that help us do our job. These people might include people like officers and employees, suppliers, and advisors:
- Banks, credit card companies, and payment vendors;
- Debt collection agencies;
- Credit information companies;
- Our business partners and authorized distributors, dealers, or resellers;
- Relevant government regulators or authorities or law enforcement agencies;
- Our insurers and advisors, including consultants, auditors, and lawyers;
- Data intermediaries; and
- Any other party to whom you authorize us to disclose your Personal Data.
Save for relevant government regulators and authorities or law enforcement agencies, we will ensure that such parties receiving your Personal Data (i) are under a duty of confidentiality to us with respect to the use, holding, processing, retention, and/or transfer of your Personal Data; and (ii) have the need to know or handle such Personal Data.
3.3. If you have provided us with your telephone number(s) and have indicated that you consent to receive marketing or promotional information via your telephone number(s), then from time to time, we may contact you using such telephone number(s) (including via voice calls, text, emails or other means) with information about our products and services.
3.4. Likewise, we will only collect, use and/or disclose your Personal Data for due diligence to background screening activities and/or marketing purposes where you have consented to us doing so after being informed of such purposes and the consequences of providing consent.
3.5 Avvanz does not rent, lease or sell to any third party its client list or any personal information it receives as a result of any service contracts it enters into with its clients.
3.6 Avvanz may share your personal information with trusted third-party service providers in order to provide some or all of the required screening services, to contact you for the purposes you have consented to, and to help us with our website or operations. The third-party service providers whom we engage will be contractually prohibited from using your personal information except to provide the required services to Avvanz and they are required to maintain the privacy and security of your personal information.
3.5. Your data may be transferred to a country or territory outside of the UK, but we will make sure that the Personal Data is protected at least as well as it is under the GDPR Data Protection Act. This means that the Personal Data will be protected from unauthorized access, use, or disclosure:
- Complies with the Act and accompanying guidelines issued by the relevant regulatory authorities, all applicable laws and regulations, and this Privacy Policy (“Data Standards”) and shall not do or permit anything to be done which might cause such party or us to breach the Data Standards;
- We take all appropriate steps to make sure that our customers comply with our data handling policies. We also take measures to protect the data in the same way as the law requires.; and
- Protects Personal Data by making reasonable security arrangements to prevent unauthorized access, use, disclosure, or modification.
- Withdrawal of Consent & Access
4.1. You can choose to stop us from using and sharing your personal data, or you can ask us for access to it (to a certain extent and as permitted by the Act), at any time by writing to the Office of our Data Protection Officer at dpo@avvanz.com. If you no longer want to receive our emails or other marketing messages, you can unsubscribe by using the unsubscribe options that are listed on our emails or on other marketing messages.
4.2. If you no longer want to get services from us, you agree that we may not be able to provide those services to you anymore, and we won’t be responsible if that happens. It could take up to thirty days for us to notice that you’ve withdrawn your consent within 30 days to be reflected on the system.
4.3. We will respond to your request in writing within 30 days how your personal data has been used or disclosed in the past year. If we can’t do that within that time, we’ll let you know as soon as possible and give you a reasonable administrative cost for getting the information you request under applicable laws.
- Accuracy & Correction
5.1. We will take reasonable steps to ensure that the Personal Data we use is sufficiently accurate and complete in making any decision that impacts you.
5.2. By informing us of any changes to your Personal Data, you help us keep it accurate and up-to-date. We will respond within 30 days with an update or correction.
- Protection, Policies, and Procedures
We will take steps to keep your Personal Data safe from people who might want to access or use it without your permission. We will use appropriate security measures to make sure that no one can access or use your Personal Data without your permission. We work to make sure our systems are safe and meet industry standards. To keep your information safe, we have put in place some safety measures, like keeping it in a secure place. We also make sure that the information is accurate and use it only for the right things. Notwithstanding our security measures for protecting your Personal Data, by providing your Personal Data, you are acknowledging that there is a risk of data transmission over the Internet not being completely secure and by providing your Personal Data, you are transmitting information at your own risk.
- Retention and Disposal of Personal Data
We shall retain your Personal Data only for the period necessary as long as you continue using our products or services and/or as required by any contract, and as necessary for our business or legal purposes. Thereafter, your information shall be disposed of in such manner that would prevent further processing, unauthorized access, or disclosure.
- Use of Cookies
8.1. We collect information on the activity on our website, such as how many visitors came and what pages they visited and for you to have a full and excellent user experience of the functionality of the website.
8.2. Cookies are small pieces of data that are automatically stored on an end user’s hard drive and are commonly used to track preferences regarding the subject matter of this website. If you enable these cookies, your web browser will add the text in a small file. If you want to be notified when we place cookies on your computer, you can either change your browser settings or refuse to accept cookies altogether. However, you may not be able to use some of the features on our website if you do this.
8.3. When you visit our website, we will store some information on your computer or mobile device. This includes cookies, which are small pieces of information that are stored on your device. We also use other technologies, to help us keep track of which pages you have visited and how long you have spent on them. We also allow our representatives or agents to access this information. This means that we can keep track of what you are doing on our website and improve it.
8.4 Rights as Data Subjects
Your rights under GDPR or UK GDPR will be determined by the cause for the check and the Requestor’s legal basis for processing Your data. If You require any information on the rights that apply to You for this check, You should contact them.
- Third-Party Links and Products on Our Services
Some of the things you can do on our website or using our services may involve linking to websites or services that are not controlled by us. For example, you may be able to share materials on our website or services with others through social networking services, such as Facebook. We don’t have control over the security or privacy of information that is collected by websites or other services. We don’t have control over the security or privacy of information that is collected by websites or other services. We can’t be responsible for what other websites do, or for how they use cookies. We’re not responsible for what anyone else does or for anything that happens on those websites. In order to protect you, we want to make it clear that we are not responsible for any damages you may suffer.
- Update/Changes to the Privacy Policy
We reserve the right to update this Privacy Policy at any time. You agree to be bound by the terms of this policy as updated at that time. This policy version date is stated below. For updates, you may check this policy regularly.
- Contact us
We have appointed a Data Protection Officer/s to oversee our compliance with the Information Rights. If you have any questions, requests, or feedback about your personal data, please contact us:
The Data Protection Officer
23 Austin Friars, London EC2N 2QP
United Kingdom
Tel:
Email: dpo@avvanz.com
For information on Your rights as an applicant and for information on how Your details will be used by the Disclosure & Barring Service, please visit:
https://www.gov.uk/government/publications/dbs-privacy-policies
Last updated: 16 May 2023