Privacy Policy

At Sec Watchdog Limited, trading as Security Watchdog, we’re committed to ensuring that your personal information is protected. Your privacy is important to us and right at the heart of our business.

Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

1. CONTACT US
Security Watchdog's Data Protection Officer (DPO) can be contacted by email at privacy@securitywatchdog.org.uk. 
Security Watchdog is registered at 2nd Floor Partis House, Davy Avenue, Knowlhill, Milton Keynes MK5 8HJ No. 14616198.
Our ICO registration number is ZB557376.

2. HOW WE USE YOUR PERSONAL DATA AS A DATA CONTROLLER
When using the term “personal data” or “personal information” in this Privacy Notice, we mean information that relates to you and from which you could be identified, either directly or indirectly in combination with other information which we may have in our possession. 

We may collect, store, and use the following kinds of personal information:

3. THE TYPE OF INFORMATION WE PROCESS ABOUT YOU AS A DATA PROCESSOR
Where we are acting as a Data Processor on behalf of the client (the Data Controller), we may collect, store and use the following kinds of personal information:

•    Information provided to us for the purpose of carrying out employment screening and related services directly with us may include, but is not limited to: 
-    full name (including previous and aliases)
-    date of birth
-    current address (and address history)
-    email address
-    contact numbers
-    gender
-    place of birth
-    National Insurance number
-    copies of ID documentation such as passport and/or driving license, and the information contained within them (e.g., passport number, driving license number, etc.)
-    nationality (at birth and current)
-    employment history (including gaps)
-    educational and professional qualifications
-    financial information such as transactional data and details of bankruptcy, CCJs, where appliable
-    directorships and sanctions data. 

Information gathered is strictly related to the level of screening being carried out, or the level of identity verification required by our clients to meet their regulatory obligations. No unnecessary information is obtained from data subjects that is not specifically required for the purpose of their checking process.

The employment screening background checks conducted on behalf of a client may include, but is not limited to:

-    to verify that that you are eligible to work in the UK via a certified Identity Service Provider (IDSP), where applicable
-    to verify your identity via a certified Identity Service Provider (IDSP), where applicable
-    to obtain references relating to employment history, education, professional qualifications and personal references
-    to verify your employment (and/or gap employment) via the use of Open Banking
-    to carry out fraud checks, UK, and international criminal checks
-    to conduct credit checks, financial probity checks, UK, and international sanctions
-    to carry out adverse media, social media checks and Politically Exposed Person (PEP) checks
-    a search using your information to identify any past, present, or disqualified directorships.

•    Report adverse findings to the client: in line with our contractual obligations and agreed risk framework. This may include your name, email address and job title. 

•    Contacting us for an enquiry/information: if you contact us directly through the website or otherwise with regard to your screening application. This may include your name, email address and contact number.

•    General correspondence: we may collect personal information when you contact us either on the telephone or in writing. This may include your name, email address, contact number and information relating to your screening application.
•    Communications relating to your screening application: we may send you SMS and/or email alerts in line with our contractual obligations. This may include your name, email address and/or contact number. 

Lawful basis
It is not our responsibility to determine the lawful basis for processing your personal data where we are acting on the client’s instructions. As a Data Controller, the client will determine the lawful basis, purpose and reason for data processing. However, all processing of personal data by Security Watchdog is carried out with the full and explicit authorisation of each data subject. This authorisation does not alter the lawful basis for processing determined by our client.

If you fail to provide personal information
If you choose not to provide personal information or authorisation, we will be unable to carry out our checks and therefore unable to start the employment screening or identity checking process. Where clients have made employment screening conditional upon the issuance of an employment contract there may be implications for failing to complete the employment screening process. Security Watchdog takes no liability in the failure for individuals to engage with any employment screening or identity checking process on behalf of a client.

4. HOW WE COLLECT YOUR PERSONAL DATA

Different methods may be used to collect personal data about you, including:
Direct interactions: You may provide us with your information by filling in the forms on our website or our product portal or by corresponding with us by telephone, post, email or otherwise.
Client: Where the client instructs Security Watchdog to carry out the checks, they may provide your contact details to enable us to initiate the checks. 
Referees: We may contact your previous employer and/or education provider to confirm details of your activity history.   
Third parties: We may also collect personal data about you from our trusted third-party suppliers and publicly available sources to enable us to carry out the screening checks on behalf of the client. 

4. WHO WE MAY SHARE YOUR DATA WITH
We may disclose information about you to any of our employees insofar as reasonably necessary to fulfil our obligations for the purposes as set out in this privacy statement. 

Whilst undergoing employment screening, we may share your data with our (sub)-processors, who we instruct to carry out the following services on our behalf:
•    UK and/or international criminality checks
•    UK and/or financial probity checks
•    Digital Right to Work and/or identity checks
•    Education verification checks
•    Employment verification checks (which may also include OpenBanking)
•    Sanctions, Politically Exposed Persons (PEPs), directorship and adverse media checks
•    Identity and address checks for AML and KYC purposes
•    Social media checks
•    Provision of inbound/outbound mail services 

Your data may also be shared with referees declared by yourself in your screening application and with the client. In some circumstances, your data will also be shared with DocuSign for the purpose of obtaining signature from yourself, either to enter into a contract with Security Watchdog (as a client), or to proceed with your screening application (candidate).

In addition, we may disclose your personal information:
•    to the extent that we are required to do so by law
•    in connection with any legal proceedings or prospective legal proceedings
•    in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk); and
•    to the purchaser (or prospective purchaser) of any business or asset which we are (or are contemplating) selling.

Except as provided in this privacy statement, we will not provide your information to third parties.

5. WHERE WE TRANSFER YOUR DATA TO
Security Watchdog processes personal data in its operations centres based in the UK and India. Personal data will only be processed in India with the consent of our client (Data Controller). There is no systematic transfer of data outside of the UK or the EU for any other purpose. 

Based on the international demographic of candidates and applicants it may be necessary to transfer elements of personal data to countries for the purposes of conducting background, criminal record and identity checks, including The United States and other countries which do not have data protection laws equivalent to those in force in the European Economic Area or the UK. For the avoidance of doubt, data will be transferred to The United States where the candidate is undergoing international criminality checks. 

 
Security Watchdog has undertaken appropriate assessments to determine whether the international data transfer provides an adequate level of protection to candidates. We will only transfer personal data outside the UK where we are satisfied that the third country is able to provide such protection. 

Security Watchdog is committed to using appropriate transfer tools permitted under the UK GDPR in all contracts where data may be transferred outside of the EEA and UK or as otherwise required.

6. HOW LONG WE STORE YOUR DATA
Security Watchdog has a Data Retention Policy which mandates how long records, including personal data, must be retained.

Where we are acting as a Data Processor, Security Watchdog retains your personal information for only as long as stipulated within client contracts. Typically, cases relating to employment screening candidates are retained for 6 months from the date of completion, unless requested otherwise by the client. 

7. YOUR RIGHTS
Security Watchdog recognises the further rights of data subjects under the UK GDPR which include:

•    The Right to be Informed. This enables you to be informed about the collection and use of their personal data. This is a key transparency requirement under the UK GDPR.

•    Request access to your personal data. This enables you to receive a copy of the personal data we hold about you as well as information about how your personal data will be processed and the lawful basis for the processing.

•    Request deletion of your data. You can ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing. Please note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you at the time of your request.

•    The Right to Rectification. You can request to have any incomplete or inaccurate personal data we hold about you corrected, though we may need to verify the accuracy of the new personal data you provide to us.

•    Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party). You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

•    Request restriction of processing your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: 
(a) If you want us to establish the data's accuracy.

(b) Where our use of the data is unlawful, but you do not want us to erase it.

(c) Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.

(d) You have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.

•    Request transfer of your data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Please note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

•    Withdraw Consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
If you want to exercise any of these rights, please contact Security Watchdog’s Compliance team at GDPR_SAR@securitywatchdog.org.uk. 
Please note that exemptions set out in the Data Protection Act 2018 may apply meaning that we do not have to grant your request in full. However, we will always meet your request as far as we are able.

9. THIRD PARTY WEBSITES
The website contains links to other websites. We are not responsible for the privacy policies or practices of third-party websites.

10. UPDATING OF INFORMATION
Please let us know if the personal information which we hold about you needs to be corrected or updated by contacting gdpr@securitywatchdog.org.uk

11. STATEMENT AMENDMENTS
We may update this privacy statement from time-to-time by posting a new version on our website. You should check this page occasionally to ensure you are happy with any changes.
We may also notify you of changes to our privacy statement by email.

12. YOUR RIGHT TO COMPLAIN
If you have any concerns or complaints regarding the processing of your personal data, or our compliance with the UK GDPR and Data Protection 2018, you should contact Security Watchdog’s Data Protection Officer at privacy@securitywatchdog.org.uk. 

You also have the right to lodge a complaint with the Supervisory Authority
Their contact details in the UK are: 
1.    Website: www.ico.org.uk

2.    Telephone: 0303 123 1113

3.    Postal address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF