Privacy Statement
Flairnow CRB Service is committed to compliance with the Data Protection Act. We hold a legal duty to do so. We will take every reasonable precaution to protect your data.
Flairnow CRB Service will safeguard the information received from employers concerning their businesses and the personal details of the applicants.
The Flairnow CRB operation is conducted from a single office. All papers and documents are put through a cross-cut shredder before disposal.
The following principles will apply when we process your personal data:
Your data is only processed with the knowledge of the employer [Disclosures Officer];
Only data that we actually need is collected and processed;
Your data is seen only by those who need to do so;
Your data is retained on computer only for as long as it is required;
Every attempt is made to ensure that your data is accurate and is only used for the intended purpose;
Your data is password-protected from unauthorised or accidental disclosure;
We do not retain any of your personal information on paper.Please Note: On-line applications should be encrypted.
What personal data we hold and obtain by disclosure
We will only hold your data if you have applied for a job that requires a Disclosure Application.
If you have a police record [including a caution], the details will show on the Disclosure. These details are taken from the Police National Computer (PNC) extract that is held by the CRB. The extract is not a full police record. Only basic identifying details such as name and address are held on the extract.
The extract is used for securing a match with the PNC when dealing with a Disclosure application.The Disclosure will also hold some of your details if you are included in the 'Department of Health' or the 'Department for Education and Skills' lists. The lists are maintained for the protection of children and vulnerable adults. The lists contain the names of those people considered unsuitable to work with these groups.
Responsibility for your personal data
Flairnow CRB Service is a 'Data Controller' of your data. This means that we hold responsibility for the safety of your data in our custody.
Organisations that are involved with the Disclosure service
The following 'Data Processors' work with the CRB in the course of processing your application:
Capita plc - a CRB partner in the Disclosure service. Involved in procedures processing your data;
Police Forces in England, Wales and Northern Ireland, the Isle of Man and the Channel Islands - data may be passed to local police forces in the area where you live, or have previously lived;
Department of Health/Department for Education and Skills (DH/DfES) - the list held will be checked if your job involves working with children or vulnerable adults;
Scottish Criminal Record Office (SCRO) - if you have spent any time living in Scotland, your details may be referred;
Experian Ltd - with your consent, your data may be passed to Experian Ltd. The company holds databases commonly used in the commercial sector for validating identity;
Any member of staff that has access to your data will be thoroughly checked by a governmental security unit. All CRB staff are data protection trained and are aware of their responsibilities under the Act.
The CRB conduct regular compliance checks on all CRB departments and systems. All checks are to the standard set out by the Information Commissioners office. In addition continual security checks on CRB IT systems are undertaken.
Reasons for requesting personal data
The data contained in a Disclosure is often sensitive. It may be that it contains details of offences or convictions. For this reason we must collect enough information to be sure of the identity of an applicant. We have a duty to take reasonable measures to ascertain that any data disclosed is both accurate and relevant. It is important that we collect sufficient information as required by the CRB to ensure a complete and accurate check of each applicant. Your data is requested for the sole reason that it is necessary to the Disclosure process.
CRB Retention periods and privacy
The CRB has a formal retention policy in place. They will hold your data for 3 years after your application. This is to allow for repeat applications, complaints and disputes. After this time, the data they hold about you will be reduced to basic details as follows:
Name;
Date of birth;
Postcode;
National insurance number;
Gender.
Type of Disclosure issued;
Issue date and reference number.These details will be held in their archives for 10 years. Data is usually archived after 6 months. Archives are not readily accessible. If your Disclosure shows convictions, the CRB will retain this data for 10 years before storing it in their archives. It is important that they keep a record of the Disclosures they have issued and to whom.
Storage of data
Your data is held in secure computer files, which have restricted access. The CRB have approved measures in place to stop unlawful access and disclosure.Individual rights
The Data Protection Act states that data should only be processed in accordance with the rights of an individual.
These rights include:
To know what data the CRB hold about you and
To ask the CRB to amend any data if incorrect.The right to subject access of personal data
You are entitled to be told if an organisation holds any data about you and if so to be given a copy. The data must be provided in a clear form. This right is the 'right to subject access'. You are entitled to be told what your data is used for and if it is disclosed to others.Exemptions to the right to subject access
You are entitled to see any data that the CRB hold about you, with some specific exceptions as set out in the Act. For example, thet are allowed to refuse requests where providing data would be likely to prejudice:
The prevention or detection of crime, or
The privacy rights of a third party.How to apply for subject access
You can contact the CRB to request a copy of the data they hold. The fee is £10.00.Transfer outside the European Economic Area
If you have recently lived in the Channel Islands or the Isle of Man, it is likely that your data will be passed to police forces in the that area. If your data needs to be transferred there or anywhere else, the CRB will make sure that an adequate level of protection is in place.Notification of changes
If the CRB change their privacy policy, they will post those changes on their web site.
Click here for CRB web site
Flairnow Retention period
Flairnow CRB Service will retain data from the point the Disclosure Application details are entered into our computer to a maximum of 3 months after the Disclosure is received. Thereafter the only information that is retained are the dates of submission and receipt of disclosures and ISA Adult First requests for the purposes of performance statistics only. Data entered into the computer that does not result in an application being made [eg if the applicant does not take up employment] will be deleted on advice from the employing organisation.
Employer Responsiblities
Employers and Organisations which are clients of Flairnow CRB Service are required to abide by the CRB Code of Practice concerning data and disclosures.