Candidate Policy EMEA and APAC
Securecheck360 is engaged to provide pre-employment and employment background verification services (the “Services”) to its clients (“Clients”). For the purposes of compliance with relevant data privacy laws, the Client is the Data Controller and Securecheck360 is the Data Processor.
How do the Services work?
Securecheck360 always acts under the instruction of its Client who will determine what personal data is collected and processed in order to provide the Services. For more information about what information is being collected and why, please speak with your prospective employer
You will be invited to participate in the Services via a candidate invite generated by our Client. The Services are provided via a secure platform (the “Services Platform”) which will be accessed through a secure link provided in the candidate invite. Once you have accessed the Services Platform you will be asked to create an account accessible only by yourself using your unique user ID and a secure password which you create yourself.
Once your account is created you will be asked to read an Information Notice which will contain all the details you need to know about the Services. Only when you have read and understood the Information Notice will you be asked to enter any personal data into the Services Platform.
On what basis do you process my personal data?
You will be asked to provide your consent for Securecheck360 to collect and process your personal data on behalf of our Client. You will be provided with enough information to ensure that your consent is fully informed. You will not be asked to provide your consent until you have read and understood the Information Notice and you are encouraged to contact your prospective employer if you have any questions in respect to the nature of the Services and the extent of the processing of your personal data so that you can exercise choice and control.
You may withdraw your consent at any time and Securecheck360 work has processes in place to deal with this.
What personal data do we collect?
In order to provide the Services, and to ensure that any information reported back to a Client is accurate, your personal data must be collected. You will be asked to provide the personal data that is required to perform the Services. The types of personal data that may be requested could include:
|Type of Personal Data||Reason for Collecting|
|Name (and former names)||This is how we are able to identify you when performing the Services. We ask for your name as it appears on your government issued ID and also any names that you may also be known as, or have been formerly known by. This is important particularly where you may be known professionally by a name other than that shown on your government ID document.|
|Date of Birth||Collecting this information increases the accuracy of results provided by sources.|
|Contact Details||This is to ensure that Securecheck360 can keep in touch with you during the provision of the Services. Securecheck360 do not use your contact details for any other purpose and these details are deleted from the Services Platform in accordance with retention policies set by our Client.|
|Address history||Your prospective employer will ask Securecheck360 to perform verifications over a certain period of time (the “Search Depth”). Therefore Securecheck360 needs your address history covering the search depth to identify in which locations certain searches are to be conducted. Collecting address history also increases the accuracy of results returned from sources.|
|Employment history||Your prospective employer requires that this information be verified in accordance with the Search Depth.|
|Education history||Your prospective employer requires that this information be verified and in most cases requires the highest level of education achieved.|
|Referees||To support the verification of your employment history you may be asked to provide the contact details of a referee. You must always ensure that you have the referees consent to do so. These contact details are not shared with any third party.|
|ID Number||This may be required by sources from which information is obtained as the records kept by that source are associated with a government ID Number.|
|Gender||Some sources require that this information is provided in order to return results.|
|Supporting documents||You may be asked to provide supporting documents during the course of the Services. These supporting documents may include a number of items and will depend on the type of Services requested by Securecheck360’s Client. By way of example you may be asked to upload (where lawful to do so) a copy of your government issued ID; certificates showing professional qualifications; documents that verify any gaps in your employment history.|
The Information Notice that you will access when you log in to the Services Platform provides further detail of the personal data collected and what Services that personal data will be used for.
The Services Platform collects session cookies only which are stored on your computer only during your web session. They are automatically deleted when the browser is closed. They usually store an anonymous session ID allowing you to browse a website without having to log in to each page. They do not collect any information from your computer.
What personal data will be processed?
The personal data processed during the Services will be determined by Securecheck360’s Client. It is likely that Securecheck360’s Client will request your employment and education background be verified but may also request other bespoke services such as verification of any credit, criminal or open source information.
All relevant information will be set out in the Information Notice that you will access from the Services Platform so that you are fully informed of the nature of the Services.
When does Securecheck360 transfer data?
Your personal data may be transferred in these circumstances:
- To Securecheck360’s client in the form of a Screening Report at the conclusion of the Services;
- To a third party in order to fulfil the Services. The third party may be located outside the European Economic Area.
To Securecheck360’s Client:
As part of the Services Securecheck360 produces a Screening Report detailing the results of any verifications performed against the personal data you provide to us via the Services Platform. This Screening Report is accessed by the relevant Securecheck360 Client.
Each Securecheck360 Client has its own secure account and designates users of that account, including access rights to reports, to ensure maximum security of Screening Reports. Many clients chose to view the Screening Report directly from their secure account but some may choose to download a copy of the Screening Report and retain it on their own systems. You should contact your prospective employer for further information.
To a third-party:
The third parties are organizations, institutions, agencies or individuals from which information is collected for the purposes of fulfilling the Services only and may include local vendors, employers, educational establishments, referees, government agencies, courts, data providers or repositories (“Source” or “Sources”) or Securecheck360’s representatives (“Representatives”) who are performing specific research in connection with the Services (together “Third Parties”).
In respect to a transfer of your personal data to a Source or Sources outside of the EEA, this will be dependent on your footprint during the screening period set by Securecheck360’s Client. Where your footprint is outside the EEA, your personal data will need to be transferred to the relevant Source(s).
How do we ensure your personal data is safe?
Securecheck360 is committed to protecting your personal data. Measures are in place to protect personal data from accidental loss and from unauthorised access, use, alteration or disclosure and information security measures are in place, including access controls, physical security and robust information collection, storage and processing practices. Securecheck360 also ensures that electronic transfer of Personal Data to/from its representatives takes place that such transfers are also appropriately protected and are in compliance with relevant data protection legislation and in accordance with any instructions provided by a data source. As contracted with Securecheck360’s Clients provisions are in place within Securecheck360 in order to ensure an adequate level of data protection for all transfers of personal data outside of the EEA.
Does Securecheck360 operate any automated decision making?
No: we do not make any decisions at all in respect to you or your personal data whether that is automated or otherwise.
Does Securecheck360 use personal data for any reason other than the provision of the Services?
No: your personal data is used only to provide the Services. Once the Services are completed your personal data will be deleted from the Service Platform in accordance with data retention periods.
How long is personal data retained for?
Securecheck360’s standard data retention policy on the Services Platform is 6 months from the date that the Screening Report is completed. However, a Client may set their own customized retention period which they will make available to you on your request. The data retention period is clearly set out in the Information Notice.
How can you exercise your rights under relevant privacy laws?
You have certain rights arising from privacy legislation in respect to the personal data that will be processed in relation to the pre-employment screening, such as rights of access, rectification and erasure. Under privacy legislation your rights are exercisable against the Data Controller, Securecheck360’s Client and you should direct your requests to them at the address they provide to you.
How can I withdraw my consent for Securecheck360 to process my personal data?
You can withdraw or modify your consent for future collection or use of your personal information at any time.
In the event that you withdraw your consent we will cease to process your personal data, whether that be all your personal data or a specific component to which the withdrawal of consent relates.
Securecheck360 will contact the relevant Client to notify them that consent has been withdrawn. Processing will only recommence if you reinstate your consent.
We encourage you to speak to your prospective employer to discuss any concerns or reasons that led to the withdrawal of your consent.
How do I make a complaint?
We commit to handle your personal data in a way that provides you comfort and confidence. However, if at any time you have concerns over the handling of your personal data you are encouraged to contact your prospective employer and Securecheck360 will cooperate with any investigation to resolve any issues.
If you wish to contact Securecheck360 directly then please do so at firstname.lastname@example.org. We are committed to protecting your personal data and investigating and resolving any complaints about our collection or use of your personal data.