Privacy
Our privacy notice.
Who we are
NSA Group Limited. We are a company registered in England and Wales under registration number 08172945. Our registered office is
Suite 1 The Old Dairy
Elm Farm
Norwich Common
Wymondham
NR18 0SW
Our Data Protection Officer is Peter Silver. Please contact us if you have any questions about how we use personal data on 0800 999 7858 or dpo@nsagroup.co.uk.
We review our policy every year or sooner if regulations change or if we change our date handling processes.
We are committed to ensuring that your privacy is protected and to developing suitable technology to provide you with a safe online experience. This privacy policy sets out our responsibilities under The Data Protection Act 2018 and The General Data Protection Regulation 2016 (GDPR) and other applicable laws in England and Wales relating to the processing and security of personal information.
This policy also explains how we use and secure your personal information when using this website or when we are processing screening checks for you.
Why do we collect Personal Information?
We collect personal data for the purpose of carrying out background screening services on behalf of our clients. Processing of data from our clients will be to fulfil our contractual obligations and processing of data received from applicants will be as a result of the consent we have obtained from them.
What Personal Information do we collect?
From our Clients:
Company information – Name, address and contact details; legal ownership and registration details; trading address;
Contact information – Contact name, job title, business address, business phone number/mobile number/email address.
User information – Contact name, job title, business phone number/mobile number/email address.
From Applicants:
Personal details including name and contact details. We will also ask about previous experience, education, referees and for answers to questions relevant to the role they have applied for or are already carrying out.
From Visitors to our website:
When someone visits nsascreening.co.uk we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.
If you use our contact form, we will collect your name, telephone number and email address so we can respond to your request for information.
From callers:
If you ring us we will collect your name and contact number so we can respond to your enquiry.
Who will we share your Personal Information with and why?
We will only share your personal data with a third party if we have your consent to do so, if it is necessary to fulfil contractual obligations to you, or if we are obliged to do so by law (e.g. Police investigation).
Below are the data processors we use during the screening process:
Disclosure and Barring Service
Criminal Record Disclosure applications are processed by the Disclosure and Barring Service and they will hold the information you submit and we will have access to it.
Here is a link to their Privacy Notice.
If you do not live in the UK, we may use the equivalent relevant body in your country to obtain a criminal records disclosure.
Equifax
If we conduct a consumer information search for you, we use Equifax and we will send them your name, date of birth and address history. The information they return will be held by us and shared with our client.
Here is a link to their Privacy Notice.
https://www.equifax.co.uk/crain.html
If you do not live in the UK, we may use the equivalent relevant body in your country to carry out a financial check.
For applicants based in Spain, we use eInforma to request Solvency Reports for individuals. We will share your name and email address with eInforma and you will be sent an email requesting your consent before the check is processed.
Here is a link to their website.
https://app.einforma.com/servlet/app/prod/PRINCIPAL_IBERCHECK/TRC_1/W-IBERCH-PUBLIC/
OneID
We may attempt to digitally verify your identity, address and right to work. We use OneID for this service.
Here is a link to their Privacy Notice.
https://oneid.uk/business-privacy-notice
Professional Office Limited
If we conduct a search for you, we use Professional Office Limited. We will send them your name, date of birth and nationality. The information they return will be held by us and shared with our client.
Here is a link to their Privacy Notice.
PRIVACY POLICY
National Security Inspectorate
We are regulated by the National Security Inspectorate and during audit inspections they are given access to our screening files to ensure that we are carrying out screening in accordance with BS7858 and ISO 9001.
Here is a link to their Privacy Notice.
https://www.nsi.org.uk/privacy-statement/
Security Systems and Alarms Inspection Board (SSAIB)
We are also regulated by the SSAIB and during audit inspections they are given access to our screening files to ensure that we are carrying out screening in accordance with BS7858.
Here are links to their Privacy Notices.
https://ssaib.org/page/privacy-policy—home-owner/
https://ssaib.org/page/privacy-policy/
Marketing and the use of your Personal Information
We will only market services and products to you if we have your consent and at any time you can contact us and withdraw that consent and we will update our records accordingly.
Accuracy of your Personal Information
We work hard to make sure the data we hold is accurate, if you believe that the data we hold may be inaccurate then please contact us and we will correct any inaccuracies.
Your rights
Under The Data Protection Act 2018 and The General Data Protection Regulations 2016, you have rights as an individual which you can exercise in relation to the information we hold about you.
You can read more about these rights here – https://ico.org.uk/for-the-public/is-my-information-being-handled-correctly/
Complaints or queries
We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
This privacy policy was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of our collection and use of personal information. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to the address below.
If you want to make a complaint about the way we have processed your personal information, you can contact the ICO, the statutory body which oversees data protection law – www.ico.org.uk/concerns.
Access to Personal Information
We try to be as open as we can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’ under The Data Protection Act 2018 and The General Data Protection Regulations 2016. If we do hold information about you we will:
give you a description of it;
tell you why we are holding it;
tell you who it could be disclosed to; and
let you have a copy of the information in an intelligible form.
To make a request for any personal information call us on 0800 999 7858, email slr@nsagroup.co.uk or write to us: NSA Group, Suite 1 The Old Dairy, Elm Farm, Norwich Common, Wymondham, NR18 0SW.
If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.
Cookies
You can read more about how we use cookies on our Cookies page.
Security of your Personal Information
Security of the information we hold is paramount. All databases are hosted on Microsoft Azure within the UK which are ISO27001, ISO 9001 and ISO 20000-1 certified and also has CSA STAR Certification. Information on these certifications can be found at https://www.microsoft.com/en-us/trustcenter. Access to the database is restricted by IP address and requires unique username and strong passwords. All databases employ Microsoft’s encryption of data at rest and on critical data such as Personal Data we have deployed further encryption measures to protect the Confidentiality.
Enterprise level Unified Threat Management systems are deployed to control access to all applications and locations. Access to all data is limited based on a strict access control policy. Access and operational logs are retained and audited on a regular basis. Any systems that process credit card data are PCI-DSS Certified and subject to strict auditing procedures.
In addition to the above we have services that are Cyber Essentials accredited. This means our systems have been independently assessed and approved with regard to their ability to protect against common cyber-attacks.
Links to other websites
This privacy policy does not cover all the links within this site linking to other websites. We encourage you to read the privacy statements on the other websites you visit.
Changes to this privacy policy
We keep our privacy policy under regular review. This privacy notice was last updated on 09 March 2023.
How to contact us
If you want to request information about our privacy policy you can call us 0800 999 7858, email us info@nsagroup.co.uk or write to:
NSA Group
Suite 1 The Old Dairy
Elm Farm
Norwich Common
Wymondham
NR18 0SW