Data Privacy Agreement

Last Updated September 2024

Secure Screening Services Ltd will only process data on the written instruction of its clients. While this is seamless and fully managed by our client portal, it ensures we are complying with GDPR rules. Secure Screening Services Ltd will co-operate with supervisory authorities as and when required.

Secure Screening Services Ltd will ensure that all its data processing is secure. This will include, but is not limited to, encryption of hardware, secure online and offline storage of sensitive data and ensuring data protection and GDPR regulations are built into its processes from Day 1.

Records of data processing activity will be securely stored in accordance with Article 32 GDPR

Should any data protection breaches occur, Secure Screening Services Ltd will report this to the client within 48 hours or becoming aware of the breach. This will ensure that the ICO can be reported to within 72 hours.

Secure Screening Services Ltd have appointed Martin Price as the Data Protection Officer in accordance with Article 37 of GDPR.

Secure Screening Services Ltd will:

only act on the written instructions of the controller (Article 29);
not use a sub-processor without the prior written authorisation of the controller (Article 28.2);
co-operate with supervisory authorities (such as the ICO) in accordance with Article 31;
ensure the security of its processing in accordance with Article 32;
keep records of its processing activities in accordance with Article 30.2;
notify any personal data breaches to the controller in accordance with Article 33;
employ a data protection officer if required in accordance with Article 37; and
will appoint (in writing) a representative within the European Union if required in accordance with Article 27.

List of Data Sub-processors

Our commitment to protecting your personal data extends to the partners we work with. In accordance with the GDPR, we use carefully selected sub-processors to help us deliver our services. These third-party providers process personal data on our behalf, ensuring that it is handled securely and in compliance with all applicable regulations.

Sub Processor	Purpose	Further information
Amazon Web Services	Data Storage	Data Privacy
Credit Safe	Candidate Screening Processor	Product Privacy Notice
Disclosure & Barring Service	Candidate Screening Processor	DBS Privacy Policies
Disclosure Scotland	Candidate Screening Processor	Privacy Policy
Equifax	Candidate Screening Processor	Privacy Hub
Fathom AI	Customer data and Communications	Privacy Policy
First Advantage	Candidate Screening Processor	Privacy Centre
GB Group PLC	Candidate Screening Processor	Trust Centre
Google Inc	Analytics Data	Privacy Notice
Helpscout	Customer data and Communications	Policies & Procedures
Hubspot	Customer data and Communications	Privacy Policy
Konfir	Candidate Screening Processor	Privacy Policy
Microsoft	Productivity and Communications	Privacy Statement
Mitek (Hooyu)	Candidate Screening Processor	Privacy Policy
Qualification Check	Candidate Screening processor	Privacy Notice
Rudderstack	Analytics Data	Privacy Policy
Sendgrid (Twilio)	Communications	Privacy Center
SP Index	Candidate Screening Processor	Data Protection & Privacy Policy
Stripe	Payment Processor	Privacy & Terms
Trust ID	Candidate Screening Processor	Privacy Notice
Twilio	Communications	Privacy Center
Xero	Customer Accounts and Financial Data	Privacy Policy