Fair Processing Notice For The Internal Fraud Database
WHEN DOES THIS FAIR PROCESSING NOTICE APPLY?
If you are selected for an assignment with one of our clients, we may have to carry out CIFAS background checks.
The personal information we have collected from you will be shared with Cifas who will use it to prevent fraud, other unlawful or dishonest conduct, malpractice, and other seriously improper conduct.
If any of these are detected, you could be refused certain services or employment. Your personal information will also be used to verify your identity.
Further details of how your information will be used by us and Cifas, and your data protection rights, can be found by clicking on the following links:
Definia Privacy Notice: https://www.definia.com/privacy-policy
CIFAS Fair Processing Notice: https://www.cifas.org.uk/fpn
GENERAL- WHAT DO WE DO WITH YOUR PERSONAL DATA?
- If you are happy for us to initiate the CIFAS check then we will check your details against the Cifas databases established for the purpose of allowing organisations to record and share data on their fraud cases, other unlawful or dishonest conduct, malpractice, and other seriously improper conduct (“Relevant Conduct”) carried out by their staff and potential staff. “Staff” means an individual engaged as an employee, director, trainee, homeworker, consultant, contractor, temporary or agency worker, or self-employed individual, whether full or part time or for a fixed-term.
- The personal data you have provided, we have collected from you, or we have received from third parties will be used to prevent fraud and other relevant conduct and to verify your identity.
- Details of the personal information that will be processed include: name, address, date of birth, any maiden or previous name, contact details, document references, National Insurance Number, and nationality. Where relevant, other data including employment details will also be processed.
- We and Cifas may also enable law enforcement agencies to access and use your personal data to detect, investigate, and prevent crime.
- We process your personal data on the basis that we have a legitimate interest in preventing fraud and other Relevant Conduct, and to verify identity, in order to protect our business and customers and to comply with laws that apply to us. This processing of your personal data is also a requirement of your engagement with us.
- Cifas will hold your personal data for up to six years if you are considered to pose a fraud or Relevant Conduct risk.
WHAT ARE THE CONSEQUENCES OF PROCESSING YOUR PERSONAL DATA?
- Should our investigations identify fraud or any other Relevant Conduct by you when applying for or during the course of your engagement with us, your new engagement may be refused or your existing engagement may be terminated or other disciplinary action taken (subject to your rights under your existing contract and under employment law generally).
- A record of any fraudulent or other Relevant Conduct by you will be retained by Cifas and may result in others refusing to employ you. If you have any questions about this, please contact us using the details provided.
WILL YOUR DATA BE TRANSFERRED OUTSIDE THE UNITED KINGDOM?
- Cifas may allow the transfer of your personal data outside of the UK. This may be to a country where the UK Government has decided that your data will be protected to UK standards, but if the transfer is to another type of country, then Cifas will ensure your data continues to be protected by ensuring appropriate safeguards are in place.
WHAT ARE MY RIGHTS?
- Your personal data is protected by legal rights, which include your rights to object to our processing of your personal data, request that your personal data is erased or corrected, and request access to your personal data.
- For more information or to exercise your data protection rights, please contact us by emailing GDPR@investigo.co.uk and we will respond back to you as soon as possible.
- You also have a right to complain to the Information Commissioner's Office which regulates the processing of personal data.