Policy paper

Online Account Privacy Policy

Published 14 March 2019

1. Introduction

1.1 This is the privacy policy relating to online accounts set up with the Disclosure and Barring Service (DBS). It tells you how we will use and protect any information we require from you to set up an online account.

1.2 You can set up an online account with DBS to access the services available and to contact DBS.

1.3 This policy explains your rights as a user of DBS’ online account service. There are other DBS privacy policies which cover the services provided which can be found here.

1.4 These policies include information about how we will use your personal data to contact you when you are using DBS services.

1.5 If your query is regarding the use of cookies, please see the GOV.UK Cookies Policy.

1.6 We use Google Analytics as part of our ongoing user research. This helps us to:

• check our service is meeting users’ needs so we can make improvements
• understand how users get to the site
• understand what they click on while they are using our service

No personal details (for example, names or addresses) are stored with this information, so users can’t be identified.

Your data is collected in line with Google’s privacy policy. If you do not want Google Analytics to collect your information when using our service, you can opt out.

2. Your personal information

2.1 When you’re setting up an online account with DBS, you’ll be asked for a range of information including your name, date of birth and email address.

Information you enter online will be held on a secure system.

2.2 Please note that if you have an online account with the DBS and your personal information changes, it is your responsibility to contact DBS to confirm the change. Changes can be made via your online account.

3. Protecting your information

3.1 DBS will protect your data rights in line with the General Data Protection Regulation (GDPR). We will:

• keep your information safe and secure
• only ask for what is needed
• only keep your information for as long as it’s needed

3.2 Your information won’t be made available for commercial use without your permission.

4. Your individual rights and how we protect them

4.1 We are committed to protecting your rights under GDPR and the right to be informed about how your data is processed.

4.2 You can read about your individual rights here.

5. Who we will share data with

5.1 We will share information with ‘relevant authorities’ such as the police, government departments etc. under UK Data Protection Act Prevention and Detection of Crime (Sch2, Part 1 Paragraph 2).

5.2 We will also share information under UK Data Protection Act (Sch2 Part 2 Paragraph 5 (2)) where disclosures are required by law or made in connection with legal proceedings.

6. Storage of data

6.1 Your data, once received, is held in secure computer files with restricted access. We have approved measures in place to stop unlawful access and disclosure. Our IT systems are subject to formal accreditation in line with Government policy. They also align with the security required within GDPR to protect against unauthorised or unlawful processing.

7. Inactive online accounts

7.1 When setting up an online account, you will receive an e mail requesting that you take action to activate the online account. If the online account is not activated within 24 hours, it will be deleted.

7.2 If an online account is not logged into in the 28 days after activation, the online account will be deleted.

7.3 Other online accounts (online accounts that were activated and accessed within 28 days) that have then been inactive for a period of 18 months are deleted.

8. Who is the data controller?

8.1 DBS is the data controller of information held by DBS for the purposes of GDPR. A data controller determines the purposes for which, and the manner in which, any personal data is to be processed (either alone or jointly or in common with others).

8.2 We have the responsibility for the safety and security of all the data we hold.

9. Who are the data processors?

9.1 Any supplier that works on behalf of DBS is one of our data processors. A data processor is any organisation that processes data on behalf of DBS. We make sure that our data processors comply with all relevant requirements under data protection legislation. This is defined in the contractual arrangements.

10. Contacting the Data Protection Officer

10.1 The DBS Data Protection Officer can be contacted via telephone on 0151 676 1154, via email at dbsdataprotection@dbs.gov.uk, or in writing to:

DBS Data Protection Officer
Disclosure and Barring Service
PO Box 165
Liverpool
L69 3JD

11. Our staff and systems

11.1 All our staff, suppliers and contractors are security vetted by the Home Office security unit prior to taking up employment. All staff are data protection trained and are aware of their responsibilities and this is refreshed on an annual basis.

11.2 We conduct regular compliance checks on all DBS departments and systems. Additionally, continual security checks on our IT systems are undertaken.

12. How to complain

12.1 If you’re unhappy with the way DBS handles your personal data, you can email dbscomplaints@dbs.gov.uk.

12.2 You’ll receive confirmation that your complaint has been acknowledged within 3 working days. We’ll aim to provide you with a satisfactory response within 10 working days.

12.3 If you’re unhappy with the answer you receive, or need any advice about the use of your personal data, you can also contact the Information Commissioner at:

The Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

https://ico.org.uk/

13. Notification of changes

13.1 If we decide to change our privacy policy, we will add a new version to our website.