Privacy Policy

This privacy notice is a public declaration of how Security Watchdog (Part of Capita plc) applies the Data Protection Principles & Rights afforded to individuals by the GDPR, to the personal data that we process in the undertaking of our services including pre-employment screening, criminal record disclosures, online identity and age verification (CIS) and risk consultancy.

Security Watchdog is committed to complying to the 6 principles relating to the processing of personal data under the GDPR in all that we do. These principles are:

1. Lawfulness, fairness & transparency.
2. Purpose limitation.
3. Data minimisation.
4. Accuracy.
5. Storage limitation.
6. Integrity and confidentiality.


1. WHAT INFORMATION DO WE COLLECT AND WHO IS COLLECTING IT?

We may collect, store and use the following kinds of personal information:

  • information about your computer and about your visits to and use of this website including your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views, website navigation;
  • information relating to any transactions carried out between you and us on or in relation to this website, including information relating to any purchases you make of our goods or services;
  • information that you provide to us for the purpose of carrying out employment screening and related services with us include, but is not limited to; name, date of birth, address, email address, contact numbers, employment history, qualifications, financial and criminal information, identity and eligibility to work, directorships and sanctions data. Information gathered is strictly related to the level of employment screening an individual is assigned, the level of criminal disclosure being applied for or the level of identity verification required by our clients to meet their regulatory obligations. No unnecessary information is obtained from data subjects that is not specifically required for the purpose of their checking process.
  • information that you provide to us for the purpose of subscribing to our website services, email notifications and/or newsletters;
  • any other information that you choose to send to us
  • Data is being collected by Capita Resourcing Limited trading as Security Watchdog who's registered address is 30 Berners Street, London, W1T 3AB . Registered in England No. 3949686. Capita Identity Solutions is a wholly owned subsidiary of Security Watchdog.
  • Security Watchdog's Data Privacy Team can be contacted by email at GDPR_SAR@securitywatchdog.org.uk or by post at Cross & Pillory House, Cross & Pillory Lane, Alton, Hampshire, GU34 1HL. Capita Plc’s Data Protection Officer can be contacted at privacy@capita.co.uk

2. USING YOUR PERSONAL INFORMATION

Personal information submitted to us via this website or our product portals will be used for the purposes specified in this privacy statement or in relevant parts of the website and Security Watchdog's proprietary systems including but not limited to; VOLT, eBulkPlus and Authenticate.

We may use your personal information to:

  • Process the appropriate employment screening background checks for the data subject based on their appointed levels.
  • Report adverse findings relating to data subjects in line with our contractual obligations and agreed risk frameworks.
  • Conduct criminal record disclosure checks for the purposes of safeguarding and risk mitigation.
  • Conduct identity, age verification and credit checks as required by clients in order to enable data subjects to access the goods and services of our clients as customers.
  • administer the website;
  • improve your browsing experience by personalising the website;
  • enable your use of the services available on the website;
  • send statements and invoices to you, and collect payments from you;
  • send you general (non-marketing) commercial communications;
  • send you email notifications which you have specifically requested;
  • send to you our newsletter and other marketing communications relating to our business [or the businesses of carefully-selected third parties] which we think may be of interest to you by post or, where you have specifically agreed to this, by email or similar technology (you can inform us at any time if you no longer require marketing communications);
  • deal with enquiries and complaints made by or about you relating to the website; and where you submit personal information for publication on our website, we will publish and otherwise use that information in accordance with the license you grant to us.

We will not without your express consent provide your personal information to any third parties for the purpose of direct marketing.

All our website financial transactions are handled through our payment services provider, Sage Pay. You can review the Sage Pay privacy policy at www.sagepay.co.uk. We will share information with Sage Pay only to the extent necessary for the purposes of processing payments you make via our website and dealing with complaints and queries relating to such payments.

3. LEGAL BASIS FOR PROCESSING INFORMATION

Security Watchdog is required to process personal information of data subjects as part of it's client contractual obligations in the performance of conducting employment screening, criminal disclosures and identity checks on behalf of it's client(s). The checks that we undertake are typically carried out as a result of regulatory or legal obligations for the client or as part of a best practice risk mitigation process and policy which also comes under Legitimate Interest under GDPR. All processing of personal data by Security Watchdog is carried out with the full and explicit consent of each data subject. 

4. DISCLOSURES

We may disclose information about you to any of our employees, officers, suppliers insofar as reasonably necessary to fulfil our obligations for the purposes as set out in this privacy statement.

In addition, we may disclose your personal information:

  • to the extent that we are required to do so by law;
  • in connection with any legal proceedings or prospective legal proceedings;
  • in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk);
  • to the purchaser (or prospective purchaser) of any business or asset which we are (or are contemplating) selling; and
  • to any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information.

Except as provided in this privacy statement, we will not provide your information to third parties.

5. INTERNATIONAL DATA TRANSFERS

Information that we collect may be stored and processed in and transferred between any of the countries in which we operate in order to enable us to use the information in accordance with this privacy statement.

All personal data stored and processed by Security Watchdog is securely hosted within the European Union. There is no systematic transfer of data at rest outside of the EU for any other purpose. Based on the international demographic of candidates and applicants it may be necessary to transfer elements of personal data to countries for the purposes of conducting background and identity checks, including Australia, The United States, Japan, China and other countries) which do not have data protection laws equivalent to those in force in the European Economic Area. Security Watchdog is committed to using EU model clauses and full GDPR Contract Addendums in all contracts where data may be transferred to the USA or outside of the EEA.

In addition, personal information that you submit for publication on the website (this does not include the system portals which do not get published and are secure) will be published on the internet and may be available, via the internet, around the world. We cannot prevent the use or misuse of such information by others.

You expressly agree to such transfers of personal information.

6. SECURITY OF YOUR PERSONAL INFORMATION AND RETENTION

Security Watchdog is an ISO27001 Accredited business and therefore takes information security extremely seriously. Significant investment has been made in all of our systems to create the most secure environment possible.

We continue to take all reasonable technical and organisational precautions to prevent the loss, misuse, or alteration of your personal information.

We will store all the personal information you provide on our secure (password- and firewall- protected) servers. All electronic transactions you make to or receive from us will be encrypted.

Of course, data transmission over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.

You are responsible for keeping your password and user details confidential. We will not ask you for your password (except when you log in to our systems).

Security Watchdog retains your personal information for only as long as stipulated within client contracts and does not seek to retain data for any longer than necessary to carry out our service and fulfil our statutory and contractual obligations.

Security Watchdog will never process your personal information without your explicit consent and engagement in the process. If you choose not to provide personal information or consent we will be unable to carry out our checks and therefore unable to start the employment screening or identity checking process. Where clients have made employment screening conditional upon the issuance of an employment contract there may be implications for failing to complete the employment screening process. Security Watchdog takes no liability in the failure for individuals to engage with any employment screening or identity checking process on behalf of a client.

We do not store your credit or debit card details.

7. STATEMENT AMENDMENTS

We may update this privacy statement from time-to-time by posting a new version on our website. You should check this page occasionally to ensure you are happy with any changes.

We may also notify you of changes to our privacy statement by email.


8. YOUR RIGHTS

You may instruct us to provide you with any personal information we hold about you. Provision of such information will be subject to:

  • The subject access request under the UK Data Protection Legislation is submitted to your nominated employer contact who will then liaise with Security Watchdog.
  • the supply of appropriate evidence of your identity (for this purpose, we will usually accept a photocopy of your passport certified by a solicitor or bank plus an original copy of a utility bill showing your current address).
  • The description of the exact information you are seeking.
  • Please refer to your new rights under GDPR – Right to Access

Security Watchdog will work collaboratively with our clients to ensure that we fulfil all obligations under the UK data protection legislation in regards to subject access requests and Right to Access under the GDPR. We may withhold such personal information to the extent permitted by law.

Security Watchdog recognises the further rights of data subjects under the GDPR which include;

The Right to be Informed

Individuals have the right to be informed about the collection and use of their personal data. This is a key transparency requirement under the GDPR.

This privacy policy clearly outlines what data we collect and the purpose of processing. We also provide additional information to all candidates through the candidate zone (screening candidates) and our website.

The Right to Erasure

  • The GDPR introduces a right for individuals to have personal data erased. The right to erasure is also known as ‘the right to be forgotten’.
  • Individuals can make a request for erasure verbally or in writing however Security Watchdog require all requests to be made in writing for both audit and security identification purposes.
  • Should you wish to invoke your Right to Erasure you must submit your request in writing to GDPR_SAR@securitywatchdog.org.uk. with the subject title ‘Right to Erasure’
  • The Security Watchdog Privacy Team will need to effectively identify you as the data subject in question to ensure the security of that data. You will be asked to provide your identity documents and current address so that they may perform their security checks.
  • Security Watchdog have 30 days from the date the request was qualified to supply you with your information.

The Right to Restrict Processing

Under the GDPR individuals have the right to request the restriction or suppression of their personal data.

This is not an absolute right and only applies in certain circumstances.

  • You contest the accuracy of your personal data and we are verifying the accuracy of the data;

or

  • You have objected to us processing your data under Article 21(1), and we are considering whether our legitimate grounds override those of the individual.

When processing is restricted, companies are permitted to store the personal data, but not use it.

An individual can make a request for restriction verbally or in writing however Security Watchdog will always require the request in writing for audit and security identification purposes.

Should you wish to invoke your Right to Restrict Processing you must submit your request in writing to GDPR_SAR@securitywatchdog.org.uk. with the subject title ‘Right to Restrict Processing’

Security Watchdog have 30 days to respond to your request.

The Right to Object

  • The GDPR gives individuals the right to object to the processing of their personal data in certain circumstances.
  • Individuals have an absolute right to stop their data being used for direct marketing. Security Watchdog never use candidate data for direct marketing purposes or share data with third party marketing agencies.
  • In other cases where the right to object applies we may be able to continue processing if you can show that we have a compelling reason for doing so.

An individual can make a request for restriction verbally or in writing however Security Watchdog will always require the request in writing for audit and security identification purposes.

Should you object to us processing your data for the purposes of conducting our checks then you should withdraw consent and yourself from the process using your Right to Withdraw Consent and contact your prospective employer to explain.

Right related to Automated Decision Making and Profiling

  • The GDPR has provisions on:
  • Automated individual decision-making (making a decision solely by automated means without any human involvement); and
  • Profiling (automated processing of personal data to evaluate certain things about an individual). Profiling can be part of an automated decision-making process.
  • The GDPR applies to all automated individual decision-making and profiling.
  • Article 22 of the GDPR has additional rules to protect individuals if you are carrying out solely automated decision-making that has legal or similarly significant effects on them.

Security Watchdog does not engage in any automated decision making or profiling across its services. Security Watchdog provides its clients with the necessary information in order for them to make a decision on employment, engagement or customer on-boarding.

 

The Right of Access

  • Individuals have the right to access their personal data and supplementary information similar to a Subject Access Request under the UK DPA.
  • The right of access allows individuals to be aware of and verify the lawfulness of the processing.
  • Should you wish to invoke your Right of Access you must submit your request in writing to GDPR_SAR@securitywatchdog.org.uk. with the subject title ‘Right of Access’ You must be specific in your request in respect of what personal data you wish to obtain and for us to provide you.
  • The Security Watchdog Privacy Team will need to effectively identify you as the data subject in question to ensure the security of that data. You will be asked to provide your identity documents and current address so that they may perform their security checks.
  • Security Watchdog have 30 days from the date the request was qualified to supply you with your information.

The Right to Rectification

  • The GDPR includes a right for individuals to have inaccurate personal data rectified, or completed if it is incomplete.
  • An individual can make a request for rectification verbally or in writing.

It is essential that Security Watchdog have full and accurate information submitted through our data capture forms by individuals in order for us to conduct our checks. If you feel that you have made a mistake in the information you provided us or made an omission in error then please contact your operating team by telephone or email as soon as possible and they will make the amendment immediately.

Alternatively you can manage it through your formal right under the GDPR by contacting the Privacy Team at GDPR_SAR@securitywatchdog.org.uk with the subject title ‘Right to Rectification’ detailing your request.

The Right to Data Portability

  • The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services.
  • It allows them to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without affecting its usability.
  • The right only applies to information an individual has provided to a controller.

From a Security Watchdog perspective this would be the data you have submitted to us for verification via our online data capture portals and not the results of the checks. Should you need all of the data we hold on you then you will need to exercise your Right to Access.

Should you wish to invoke your Right to data Portability you must submit your request in writing to GDPR_SAR@securitywatchdog.org.uk. with the subject title ‘Right to Data Portability’.

Security Watchdog have 30 days to respond to your request.

The Right to Withdraw Consent

The GDPR gives individuals the right to withdraw consent for processing personal data at any time.

Security Watchdog will always obtain your explicit consent before processing your personal data and conducting the checks relevant to you.

Should you object to the processing of your data or you wish to prevent any further processing of your data or withdraw yourself from the process then you should formally contact the Privacy Team in writing at GDPR_SAR@securitywatchdog.org.uk and title the subject header ‘Right to Withdraw Consent’.

Security Watchdog have 30 days to respond to your request.

The Right to Complain to the Supervisory Authority

Every data subject should have the right to lodge a complaint with a single supervisory authority, in particular in the Member State of his or her habitual residence, and the right to an effective judicial remedy in accordance with Article 47 of the Charter if the data subject considers that his or her rights under the GDPR are infringed or where the supervisory authority does not act on a complaint, partially or wholly rejects or dismisses a complaint or does not act where such action is necessary to protect the rights of the data subject. 

Security Watchdog takes data privacy and the handling of personal data extremely seriously therefore should you have any concerns in relation to the manner in which we are processing your personal data please contact us immediately at GDPR_SAR@securitywatchdog.org.uk and outline your concerns. Our dedicated Privacy Team will respond to you as soon as possible.

Should you not be satisfied by our response or the actions we have taken you are entitled to complain to the Information Commissioners Office (ICO) www.ico.org.uk as the UK’s Supervisory Authority for the GDPR.


9. THIRD PARTY WEBSITES

The website contains links to other websites. We are not responsible for the privacy policies or practices of third party websites.

10. UPDATING OF INFORMATION

Please let us know if the personal information which we hold about you needs to be corrected or updated. You can do this informally or by using your Right to Rectification.

11. DATA CONTROLLER

The data controller responsible in respect of the information collected on this website is Security Watchdog. In respect to our services, in most cases Security Watchdog is acting as a Data Processor on behalf of our clients who are the Data Controllers and determining the purpose and reason for data processing.