DBS Basic Check Privacy Policy For Applicants Who Use A Responsible Organisation
Introduction
This page explains the privacy policy for the Disclosure and Barring Service (DBS) function and how we will use and protect any information we are required to collect about you in regards to submitting a Basic check through a Responsible Organisation (RO).
This policy explains your rights as a Disclosure customer only of the DBS, there are further DBS privacy policies which cover other statutory functions undertaken by DBS. The policy explains why we require your personal data, what we will do with your data and, what you can expect from us in return. It explains how we will adhere to your rights under the Data Protection Act (DPA) 1998 when we collect and process your personal data and how you can obtain a copy of any personal data we may hold about you.
Why DBS collects and uses information
DBS Basic checks can be requested for any purpose by individuals and will contain unspent convictions and conditional cautions.
The DBS has 2 functions:
· disclosure which searches police records and, in relevant cases, information held by the DBS Barring function and issues a DBS certificate (Basic/Standard/Enhanced) to the applicant
· barring to help safeguard vulnerable groups including children from those people who work or volunteer with them who pose a risk of harm. The DBS may use any information on a certificate or otherwise held by the DBS to inform any of it’s barring decisions made under its powers within the Safeguarding Vulnerable Groups Act 2006.
Please note - the DBS will access previous applications to assist in the checking process.
Definitions
Data Controller
The DBS is the ‘data controller’ for the purposes of the DPA. This means that we hold full responsibility for the safety/security of all the data held within DBS. The DBS is also a ‘data processor’ of the data held by specified ‘data sources’ i.e. Police National Computer.
Data Processor
Any organisation that works on behalf of the DBS is referred to as our ‘data processor’. We assure that our ‘data processors’ comply with DPA through a variety of assurance audits however they will also have their own responsibilities for protecting your data. The assurance expected is to the same high standard as the DBS adheres to.
Processing your DBS Basic check
DBS was established under the Protection of Freedoms Act (PoFA) 2012 on 1 December 2012. Disclosure functions of DBS are contained within Part V of the Police Act 1997.
We provide a service which enables organisations in the public, private and voluntary sectors to make better informed, safer recruitment and other decisions. We do this by providing information to enable them to determine whether individuals are unsuitable or unable to undertake certain work.
We must have your consent to process your Basic check. If you do not give consent there is no legal basis for the DBS to process a Basic check.
What personal data we hold
We will only hold your data if you have:
· used the Disclosure service or
· been referred to the barring service and this will be in the form of a referral being made under the The Safeguarding Vulnerable Groups Act 2006 (SVGA) / Safeguarding Vulnerable Groups (Northern Ireland) Order 2007
The DBS also has access to personal details and conviction information on the Police National Computer (PNC).
The data we will hold will be the personal details required on your Disclosure application form and criminal information if held.
The DBS does not capture or store data about visitors to its website. However, you may choose to give us data such as your name, address, or email for enquiries. If this is the case, the data received will be kept for 6 months. The data is kept for this period to allow for any follow up enquiries and/or information.
If we ask you for personal information, we will:
· make sure you know why we need it;
· only ask for what we need;
· make sure nobody has access to it who shouldn’t;
· keep it securely;
· let you know if we share it with other organisations;
· ask you to agree to us sharing your information where you have a choice;
· only keep it for as long as we need to
· not make it available for commercial use (such as marketing) without your permission;
· provide you with a copy of data we hold on you, on request
· have procedures in place for dealing promptly with any disputes / complaints
In return, we ask you to:
· give us accurate information
· tell us as soon as possible if there are any changes, such as a new address
This helps us to keep your information reliable, up to date and secure and will apply whether we hold your data on paper or in electronic form.
Organisations that are involved in the DBS service
Data may also be passed to organisations and ‘data sources’ involved with the DBS where it is legally permitted to do so. These are:
· Tata Consultancy Services – a partner and data processor in the DBS service
· Police forces in England, Wales and Northern Ireland, the Isle of Man and the Channel Islands – searches will be made on the Police National Computer (PNC).
Other partners we may share information with
In certain circumstances we will share information with third parties where we a legally permitted to do so i.e.:
· prevention and detection of crime;
· apprehension and prosecution of offenders
ROs will obtain an electronic result once your application is completed containing the following wording ‘Certificate contains no information’ or ‘Please wait to view applicant certificate.’ If you do not wish to consent to this result being received you should not submit your application through a RO. If you still require a Basic check Disclosure Scotland can process your check up to the 31 December 2017; from 1 January 2018 you can process your Basic check with the DBS.
We may also share information with organisations or individuals you have provided consent for. This will only occur where you choose to allow the sharing to take place.
Within your application you will be asked the question ‘Is Consent Provided to RO’, which means ‘Do you wish to provide consent to lead contact of RO to view your online DBS certificate when it has been issued?’ If you select the ‘Yes’ option the Accountable Officer of the RO will be able to view an electronic image of your certificate and if applicable could make a recruitment decision based on that information. You can remove or amend consent once your Basic check has been completed from your DBS account which you will need to create.
Within your application you will be asked the question ‘Consented 3rd Party Email Address’ which means ‘Enter the third party email address to provide consent to view your DBS certificate once it is issued. This should match the email address registered for the recipients DBS online account’. Therefore if you enter an email address in response to this question the person that address belongs to will be able to view an electronic image of your certificate and if applicable could make a recruitment decision based on that information. You can remove or amend consent once your Basic check has been completed from your DBS account which you will need to create.
If you give consent on your application to an Accountable Officer and/or a 3rd Party and your DBS certificate contains conviction information, the consent to view an electronic image of your certificate will automatically be removed. You can reinstate this consent using your DBS online account.
Within your application you can choose to receive a paper certificate. This can be sent to your current address or you can send it to another address. This does not have to be your own address, you can send it to another recipient, for example your employer. If you choose to have your paper certificate sent to another person this person will be able to view your certificate before you have had an opportunity to check that your details on the certificate are correct.
Within your application you can choose to receive SMS messages to provide an update on the progress of your application. We will not send SMS messages to you for any other purpose.
Storage of Data
Your data is held in secure computer files, which have restricted role based access.
Retention of data
The DBS complies with the DBS Data Retention Policy to ensure that data is not held for longer than is necessary. However due to various ongoing inquiries there is a moratorium on the destruction of all information held by the Home Office group which includes DBS. As such, no paper files, including case files, or digital information held by the department may be destroyed. This moratorium is in place until further notice.
At the conclusion of the enquiries and/or lifting of the embargo by Home Office this information will be destroyed as soon as is practicable.
Individual rights
An individual has a number of rights under the DPA 1998 which include:
· to withdraw consent for the DBS to process the Basic check
· to ask us to amend any data if it is incorrect
· compensation for damage caused through a data protection breach
· access to the data we hold
· the right to stop unsolicited marketing
Restrictions
There are restrictions to the rights of individuals and these are:
· National Security (DPA para 28)
· Crime & Taxation (DPA para 29)
Our staff and systems
All our staff, suppliers and contractors are security vetted by the Home Office security unit prior to taking up employment. All staff are data protection trained and are aware of their responsibilities under the Act and this is refreshed on an annual basis.
We conduct regular compliance checks on all DBS departments and systems. All checks are to the standard set out by the Information Commissioners Office. In addition continual security checks on our IT systems are undertaken.
Notification of changes
If we decide to change this privacy policy, we will inform you.
DBS Basic Check Privacy Policy For Applicants Who Use A Responsible Organisation v1.0