Screening - Privacy Notice

Data protection and the safeguarding of your data is the highest priority for all team at Giant. The processing of personal data is necessary, and we obtain consent from you the data subject.

The processing of personal data of a data subject shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to giant screening. By means of this data protection declaration, we would like to inform you of the nature, scope, and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed, by means of this data protection declaration, of the rights to which they are entitled.

As the processor, Giant has implemented numerous technical and organisational measures to ensure the most complete protection of personal data we hold and process.

Giant Screening Limited is registered with the UK Information Commissioner’s Office (Registration Number: ZA242124) in compliance with the GDPR. Giant is committed to excellence and protection of the privacy of individuals.

Privacy Policy

This privacy notice is a public declaration of how Giant Screening Limited applies the Data Protection Principles & Rights afforded to individuals by the GDPR, to the personal data that we process. Giant Screening Ltd ("Giant") is committed to complying with the 7 principles relating to the processing of personal data under the GDPR in all that we do.

These principles are:

1. Lawfulness, fairness & transparency
2. Purpose limitation
3. Data minimisation
4. Accuracy
5. Storage limitation
6. Integrity and confidentiality
7. Accountability

1. What information do we collect and who is collecting it?

We may collect, store and use the following kinds of personal information:

Information that you provide to us for the purpose of conducting employment screening and related services with us including but not limited to; name, address, email address, contact numbers, financial and criminal information, identity, eligibility to work, employment, education, directorships and sanctions data. Information gathered is strictly related to the level of employment screening an individual is assigned. This information may be collected through an internet-based application form, via a paper application form, inbound or outbound telephone calls that are recorded, email or other means such as postal.

No unnecessary information is obtained from a data subject which is not specifically required for the purpose of their employment screening.

Giant has developed consent that clearly identifies the purpose for which personal information is collected. The purpose of collecting personal information is to complete components of a background check during the recruitment process or during your employment. When conducting a background check, Giant does not complete any services without the consent of the individual concerned.

Compliance with our consent is continually monitored. Giant does not use personal information for reasons other than those specified in the consent that individuals sign or agree to during the background screening process, or where otherwise required by law.

Giant only provides background information about individuals for approved clients who have been deemed corporations in good standing. We do not release personal information to individuals other than those who are clearly designated by our clients.

Any other information that you choose to send to us.

Data is being collected by Giant Screening Limited, registered address: Fourth Floor, 90 High Holborn, London, WC1V 6LJ Registered in England No. 10656083.

Giant Screening Limited is registered with the Information Commissioner’s Office: ZA242124.

Giant’s Data Protection Officer is Mark McAllister and can be contacted by email at dpa@giantscreening.com or by post at Fourth Floor, 90 High Holborn, London, WC1V 6LJ2.

Using your personal information

Personal information submitted to us will be used for the purposes specified in this privacy statement or in relevant parts of the website and Giant’s systems.

We may use your personal information to:

Process the appropriate employment screening background checks for data subject based on their appointed levels.
In connection with our performing these services, Giant may employ other companies and individuals, as our subcontractors, to perform functions on our behalf. All such subcontractors are obligated to use and maintain the confidentiality of the information that you provide in a manner consistent with this Privacy Policy. These companies may not share any such information with any third party other than other Giant’s employees, subcontractors, or clients.
Report the results of the background checks carried out to the data subject’s current employer or prospective employer or organisations acting on their behalf in line with our contractual obligations and agreed risk frameworks.
Send you email notifications which you have specifically requested.
Deal with enquiries and complaints made by or about you relating to the screening system or process; and where you submit personal information for publication on our system, we will publish and otherwise use that information in accordance with the license you grant to us.
We will not, without your express consent, provide your personal information to any third parties for the purpose of direct marketing.
Some of the checks that we conduct are carried out inflight, meaning they are conducted during the time you are completing the screening application form.

Please note that as part of supporting you through this process Giant and authorised users will have access to any information you enter prior to the point you give your final consent at the end of the screening form.

3. Legal basis for processing information

Giant is required to process personal information of data subjects as part of its client contractual obligations in the performance of conducting employment screening on behalf of its client(s). Employment screening is typically carried out as a result of regulatory or legal obligations for the client or as part of a best practice risk mitigation process and policy. All processing of personal data by Giant is carried out with the full and explicit consent of each data subject.

4. Disclosures

We may disclose information about you to any of our employees, officers, suppliers insofar as reasonably necessary to fulfil our obligations for the purposes as set out in this privacy statement.

In addition, we may disclose your personal information:

To the extent that we are required to do so by law.
In connection with any legal proceedings or prospective legal proceedings.
In order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk).
To the purchaser (or prospective purchaser) of any business or asset which we are (or are contemplating) selling; and
To any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information. Except as provided in this privacy statement, we will not provide your information to third parties.

5. International Data Transfers

Giant shall only transfer and/or process your personal data outside the UK and outside the European Economic Area under circumstances where your personal data:

a) Requires verification by an overseas entity applicable to you (such as relevant overseas education and training providers and/or previous overseas employer(s))); In this circumstance your personal data is treated at all times in line with GDPR requirements and in particular of Article 49 of the GDPR. You expressly agree to such transfers of personal data and/or

b) Where Giant is carrying out the support services by any of its internationally based support teams in which case your personal data continues to be stored in Giant’s systems in the UK and is subject to a contract that includes at least provisions required by Article 28(3) of the GDPR. In this circumstance your personal data is treated at all times in line with GDPR requirements and in particular of Article 46 of the GDPR and is only transferred and/or processed internationally on an accepted lawful basis and where required in respect of b) above, in accordance with standard contractual clauses pursuant to Article 46(3) of the GDPR. You expressly agree to such transfers of personal data.

6. Security of your personal information and retention

We take the security of your personal information very seriously. We have advanced security measures in place to secure and protect your personal information to ensure your personal information is kept as secure as possible, specialist devices to detect and prevent intrusion attempts. We have located our data servers within a securely managed infrastructure in the UK which accredited to ISO 27001. Our secure online delivery system is password protected and ensures that unauthorised individuals are not given access to personal information.

We employ equally rigorous physical security policies to prevent physical access to the data centre. Any personal information in hard copy form is kept securely in lockable, non-portable storage systems that are accessible only to named individuals.

We continue to take all reasonable technical and organisational precautions to prevent the loss, misuse, or alteration of your personal information. Of course, data transmission over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.

You are responsible for keeping your user details confidential. Giant retains your personal information for only as long as stipulated within client contracts and does not seek to retain data for any longer than necessary to carry out our service and fulfil our statutory and contractual obligations.

7. Statement Amendments

Giant reserves the right to amend this Privacy Policy at any time without notice. If we decide to change this Privacy Policy, we will post those changes on our website so that you will always know how we will use the information that you submit.

8. Your Rights

You may instruct us to provide you with any personal information we hold about you. Provision of such information will be subject to: A subject access request under the GDPR is submitted to Giant.

The supply of appropriate evidence of your identity (for this purpose, we will usually accept a copy of your passport certified by a solicitor or bank plus an original copy of a utility bill showing your current address).

The description of the exact information you are seeking.

We may withhold such personal information to the extent permitted by law.

These requests should be addressed to: Data Protection Officer, Giant Screening Limited, 3 Harbour Exchange Square, London, E14 9TQ or via email: dpa@giantscreening.com

All requests will be acknowledged and responded to as quickly as possible, in conformity with applicable law.

Giant recognises the further rights of data subjects under the GDPR which include.

The right to be informed
The right of access
The right to rectification
The right to erasure
The right to restrict processing
The right to data portability
The right to object
More information on Direct Marketing
The right to withdraw consent
The right to complain to the Supervisory Authority
Rights related to automated decision making and profiling

Please note that should Giant receive a request relating to a background check conducted on behalf of a client, Giant, as a data processor, will notify the client (the data controller) and seek direction on how to handle the request.

Where an individual has given an employment reference, this information will only be released to the subject of that reference where we believe that this information would not cause a significant risk of harm to the referee or to other members of the public. When considering the release of an employment reference, Giant will take into account the wishes of the referee.

9. Updating of information

Please let us know if the personal information which we hold about you needs to be corrected or updated.

10. Accountability

Giant monitors compliance with data protection and privacy rules. We enter into data processor agreements with our clients which identifies the importance of strict data protection and accountability standards.

Giant continually updates and trains staff with regards to the importance of protecting personal information. Each representative has been thoroughly screened and has signed a confidentiality agreement. We have signed contractual agreements with third party service providers that may process information during the course of the background screening process. Giant only chooses service providers who prioritise the protection of personal information and who pass the strict organisational and technical security standards that we set.

Depending on the screening compliance package, parts of your data may be passed on to the following third parties to conduct relevant compliance checks and the results will be shared with your employer as soon as the checks are complete.

GDPR and Privacy Agreement