Will you actually contact my previous employers and referees?

Yes, if the screening service includes career history (i.e. BS7858, BPSS or the application requires you to enter previous employment history), we will contact all career contacts including previous employers and education departments (unless you have requested us not to) both orally and by written communication to verify the information you have provided us. As an example this may be to confirm a period of employment/unemployment or confirming a gap in the career history. This information may be shared with the referee’s you include in your vetting application form for confirmation.

Who will see my information and final report?

The data submitted by you will be viewed by your employer/sponsor company before they submit your application to us as part of their recruitment or compliance programme. Our Screening Officers will also view your data as this is required as part their screening role. The final report which includes all documents, application form, results, credit report, references etc. is sent to your employer or sponsor.

Why am I uploading my consent for the application?

As part of our process we only apply for your checks on your behalf and on behalf of your sponsor with your explicit consent. This consent is used to verify that we have permission to request data from our partners on your behalf.

What if I am unsure about signing my consent form?

Going through vetting can be sometimes stressful however we are not an investigation organisation we simply verify information you provide to us. If you have any concerns we recommend you speak to your sponsor organisation, you can also contact us for further information of the process we carryout.  You do not have to sign the consent form however we will not process your vetting application which may have implications relating to your sponsor.

What is a Subject Access Request (SAR)?

Individuals (e.g. employees) have a right to be informed by an organisation (e.g. their employer) whether or not it is processing personal data that relates to them and, if so, to be told:

  • What personal data it is being processed.
  • The purposes for which the personal data is being processed.
  • Who, if anyone, the personal data is disclosed to.
  • The extent to which it is using the personal data for the purpose of making automated decisions relating to the data subject and, if so, what logic is being used for that purpose.

Employers are required to respond to an SAR by providing, in an intelligible form, copies of the personal data and any information about the sources of the data.  There is currently a 30 calendar day time limit to respond to the request.

How long will you keep my data?

From 25th May 2018 in most cases we will keep your data approximately 28 days (subject to our audit and compliance requirements) after the service provision has been completed for that unit of work. The data will be deleted and/or nullified which will remove all but the core data including name, consent, customer name and submittal date will be retained.

What is the GDPR?

The General Data Protection Regulation is a new, European-wide law that replaces the Data Protection Act 1998 in the UK. It places greater obligations on how organisations handle personal data. It came into effect on 25 May 2018.

What is Staffvetting doing regarding GDPR?

Staffvetting has always taken data privacy and security practices very seriously. With the introduction of GDPR we have reviewed our systems, processes and procedures to ensure we were fully compliant by May 25, 2018. For example :

  • we have updated all of our electronic systems increasing data integrity, confidentiality and availability.
  • a new Data Processing Agreement which we and you agree to undertake from May 25, 2018 onwards.
  • updating our Privacy Policy to ensure our compliance in respect of the data we hold about you.
  • reviewing Staffvetting’s functionality to make Staffvetting more efficient for users who are subject to the GDPR.
  • making all our consents clearer and understandible.

What information does the GDPR apply to?

The GDPR applies to ‘personal data’, which means any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.

What data will you keep relating to me?

We are required to retain certain information for audit, legal and compliance purposes. The data retained will be your name, the customer name and consent data.