‘We’ are committed to protecting and respecting the privacy and security of your personal information.
In this Privacy Notice, references to ‘we’ ‘us’ or “our” means Protocol National Ltd t/a eSafeguarding. eSafeguarding is a company incorporated in England and Wales (registered number 3007851).
“our Group” includes Protocol National Ltd and Protocol Holdings as defined in section 1159 of the UK Companies Act 2006 and
“our websites” means www.esafeguarding.co.uk
This document explains how we collect and use personal information about you. For the purposes of this document “you” or “yours” refers to client or applicant users of the services provided by us.
“Service” or “services” means the service offered by eSafeguarding.
The General Data Protection Regulations (GDPR) was passed by the European Union (EU) and came into effect in 2018. It came into British law under the Data Protection Act 2018. Since Brexit the GDPR and the Data Protection Act have been updated to accommodate domestic areas of law, and is now known as the UK-GDPR. However, the core rules remain the same.
Please read the following, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal data about you, so that you are aware of how and why we are using your personal information.
For the purposes of data protection legislation in force from time to time the data controller is Protocol National Limited t/a eSafeguarding, of The Point, Welbeck Road, West Bridgford, Nottingham, NG2 7QW.
If you have any questions about your personal information, please email email@example.com
eSafeguarding is a DBS Registered Body and an umbrella body for the processing of DBS Criminal Record checks. Our service meets the requirements of the DBS in terms of how we collect, use and store your data. We provide our service via an online portal where clients, having first gained the consent of their DBS applicant will provide us with the personal data required to enable us to process your DBS check.
Our core business is the processing of online DBS checks for clients. DBS checks can only be requested by organisations who meet the DBS eligibility criteria. (the “Core Business”)
We collect information about you to carry out our Core Business.
1 Information that you give to us
This is information about you that you give us by filling in forms on our website, in paper format or by communicating with us by phone, e-mail, text, post or otherwise.
It includes information you provide when you register to use any of our websites, to enter our database, to subscribe to our services, to attend our events, to participate in discussion boards or other social media functions on our websites, enter a competition, promotion or survey, and when you report a problem with any of our websites.
Depending on the nature of our relationship with you the information you give us or we collect about you may include your name; address history; private and corporate e-mail address; phone number(s); financial information such as bank account details (clients only); compliance documentation (DBS ID documents); age/date of birth; nationality; place of birth; gender/gender identity; and general correspondence.
2 Information we collect about you when you visit any of our websites
As well as any information you give to us by filling in forms on our websites, on each of your visits to any one of our websites we will automatically collect the following information:
• technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information if applicable, browser type and version, browser plug-in types and versions, operating system and platform;
• information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), products you viewed or searched for’ page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call the company.
3 Information we obtain from other sources
We may obtain personal information about you from other sources such as when your employer requests a DBS check which may include name and email address, list of identification documents seen in support of the application, staff numbers and or other unique identifiers.
We are working closely with third parties including companies within our Group, business partners, sub-contractors in technical, professional, payment and other services, external validation check providers, analytics providers, search information providers, credit reference agencies, professional advisors. We may receive information about you from them for the purposes of our Core Business.
The majority of the processing of your data is performed by us for one of three reasons:
This means that we process your data in order to carry out our obligations arising from any contracts that we either intend to enter into or have entered into with you and to provide you with the information, products and services that you request from us.
Certain processing of your personal data is required to enable us or your employer to meet legal obligations. For example, when you apply for work within a regulated activity you are obliged to undergo a DBS check.
In certain cases, we may process your personal data in order to further our legitimate business interests, or to help our clients to satisfy their legitimate interests. We will only do this when we have considered whether there is any other way to fulfil the relevant legitimate interest and balanced our legitimate interests against your right to privacy/the impact the processing has on your privacy.
An example of processing to fulfil a legitimate interest is our practice of recording all calls made to and by us. We state on our website and on calls that they are recorded. The recordings are held securely for a limited time and a very limited number of people have access to them. We use the recordings where there has been a complaint or dispute, to enable us to verify what was actually said. This is a mutual benefit to both you and us, as it helps facilitate fair resolution of any issues and helps to protect all parties from being subject to false accusations.
We seek express applicant and candidate consent to the processing of your criminal record data and to the DBS providing an electronic result directly to eSafeguarding as the Registered Body which will be shared with your employer / requesting organisation.
In other cases, we may request consent by email, phone or by an online process for the specific activity we require consent for and record your response on our system. Where consent is the lawful basis for our processing you have the right to withdraw your consent to this particular processing at any time.
We will use this information:
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over the other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
We do not undertake automated decision making or profiling. We do use our computer systems to search and identify personal data in accordance with parameters set by a person and / or a client. A person will always be involved in the decision making process.
In the course of our Core Business we will share your personal information with:
We may also share client data with selected third parties including [we do not advertise services to individual users]:
Other circumstances in which we may disclose your personal information to third parties are:
The lawful basis for the third party processing will include:
Whenever data is shared with third parties we require that the third party takes appropriate security measures to protect your personal information in line with our policies. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
The data that we collect from you is currently stored within the EEA. However in the future should your personal data be transferred outside the EEA or countries recognised by the European Commission as having an adequate data protection regime we will put in place appropriate measures to ensure that your personal information is held in those locations in a way that is consistent with and which respect the EU and UK laws on data protection, including one or more of the following binding corporate rules; use in contracts of standard data protection clauses approved by the European Commission.
All information you provide to us is stored on our secure servers. Further we limit access to your personal information to those employees, agents, contractors or other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. Any payment transactions will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keepingthis password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
We comply with the DBS Code of Practice on Secure Storage, Handling and Retention of data. We understand our legal duty to retain accurate data and only to retain personal data for as long as we need it to fulfil the purposes we collected it for. Accordingly, we have a data retention policy and run data routines to remove data in line with the policy. To determine the appropriate retention period for personal data we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, as well as the applicable legal requirements.
We may archive part or all of your personal data or retain it on our financial systems only, deleting all or part of it from our main Customer Relationship Manager (CRM) system. We may pseudonymise parts of your data, particularly following a request for suppression or deletion of your data, to ensure that we do not re-enter your personal data on to our database, unless requested to do so.
For your information, Pseudonymised Data is created by taking identifying fields within a database and replacing them with artificial identifiers, or pseudonyms. Our current retention policy is available upon request.
You have the right to ask us not to process your personal data for marketing purposes. We will always aim to inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes and we will collect express consent from you if legally required prior to using your personal data for marketing purposes.
You can exercise your right to accept or prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by unsubscribing from emails or contacting us at firstname.lastname@example.org
Our site may, from time to time, contain links to and from the websites of our partner networks, /partner service providers, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
The Data Protection Act 1998 and the UK-GDPR give you the right to access information held about you. We also encourage you to contact us to ensure your data remains accurate and complete.
Your right of access can be exercised in accordance with the Act and the UK-GDPR.
A subject access request (SAR) should be submitted to email@example.com. No fee will apply since the introduction of UK-GDPR.
Any changes we make to our privacy notice in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy notice.
Questions, comments and requests regarding this privacy notice are welcomed and should be addressed to firstname.lastname@example.org