Become a member Call our safeguarding helpline

DBS Statement of Fair Processing

By accessing the eBulk system and providing thirtyone:eight with your personal details, you agree to accept and be bound by the terms of this fair processing statement, summarised here.

We operate our online DBS service using the Security Watchdog, eBulk system. This system is produced by Security Watchdog and built from the IT specification supplied by the Disclosure and Barring Service (DBS).

Our online service is committed to protecting the privacy of our users. When you supply any personal information to this site, we have legal obligations towards you in the way we deal with your data as follows:

  1. We will hold your personal information on our systems for as long as needed to meet the service you have requested and remove it in the event that the purpose has been met.
  2. We will ensure that all personal information supplied is held securely, in accordance with the UK Data Protection Legislation (Data Protection Act 2018 and UK GDPR).
  3. We will provide a safe and secure experience for users of this site.
  4. We will ensure that the information you submit to us remains private and is only used for the purposes set out below

Fair Processing Principles:

  • Your personal information is only processed with your knowledge.
  • Only information that we actually need is collected and processed.
  • Your personal information is only seen by those who need it to do their jobs.
  • Personal information is retained only for as long as it is required.
  • Decisions affecting you are made on the basis of reliable and up to date information.
  • Your information is protected from unauthorised or accidental disclosure.
  • Inaccurate or misleading data will be corrected as soon as possible.
  • Procedures are in place for dealing promptly with any dispute.

All information requested is used solely for the purpose of producing a DBS certificate and is collected, stored and processed by Thirtyone:eight,& Security Watchdog and the DBS in accordance with the UK Data Protection Act (Data Protection Act 2018 and UK GDPR). We will treat your personal information as confidential and we will not disclose it to any third party except: (i) with your prior agreement; (ii) as necessary for providing our eBulk online disclosure service to you and your employer (those involved in your recruitment process and responsible for safeguarding at an organisational level); or (iii) as required by law.

For example, in the Church of England, where a parish has joined Thirtyone:eight via their diocese, applications are accessible to the diocese, as they are involved in the recruitment process and are responsible for safeguarding at an organisational level.

The result of a DBS check (either ‘certificate contains no information’ or ‘please wait to view certificate’) is purged after 180 days. 5 years after the completion date, the candidate’s title, gender, address history, place of birth and nationality is removed.

Any organisation which uses our online DBS service is obliged to sign a service contract requiring them to:

  • Abide by the UK Data Protection Legislation and GDPR
  • Have a policy for secure storage, handling, use, retention and disposal of Disclosures and Disclosure Information

Our online eBulk solution is hosted within an ISO27001, Capita owned data centre, and all components of the service are protected by intrusion detection and intrusion prevention devices. Completed applications are fully encrypted and securely transferred to DBS using the E-BulkPlus Interface.

The Disclosure and Barring Service will refer the details provided on this application form to government and law enforcement bodies in accordance with any relevant legislation. The details provided to these bodies will be used for identifying possible matches to records held by them. Where such a match is established, data may be released to the DBS for inclusion on any certificate issued. The details provided on this form may be used to update the records held by the bodies specified above. The details provided on the application form may be used to verify your identity for authentication purposes. The DBS may use any information provided by the DBS on a certificate or otherwise held by the DBS to inform any of its barring decisions made under its powers within the Safeguarding Vulnerable Groups Act 2006.

If you require an external ID verification for a Route Two identity check, the recruiter for your organisation will seek your agreement to this before submitting a request. Upon receipt of a request for external ID verification, Thirtyone:eight will submit your name, address and date of birth to a third party, Equifax, to carry out the external ID verification. Thirtyone:eight will hold the data used for the external ID verification for no longer than six months to answer any queries that may arise.

If your organisation offers the option of your ID check being completed digitally through Ebulk, this would be carried out using our certified identity service provider (IDSP), TrustID Limited. More information on how they process your data can be found at trustid.co.uk/privacy-policy-data-subjects.

If your organisation generated the invite to start this application through an API connection to a third-party system, they will be able to retrieve the result, certificate number and level of check from eBulk back into that system. If you are unsure whether this invite has been generated via API from a third-party system, please contact your organisation’s recruiter for clarification.

E-Bulk Recruiter Agreement

All organisations using the E-bulk system must agree to:
  1. Ensure that all personal information supplied is held securely, in accordance with the UK Data Protection Legislation (Data Protection Act 2018 and UK GDPR).
  2. Continue to ensure that all users follow the instructions contained within Thirtyone:eight guidance.
  3. Not proceed with any online Enhanced DBS check application until the applicant has completed and returned a self-declaration form /confidential declaration to the Recruiter.
  4. Ensure that all User Accounts and other details are kept safe and secure.
  5. Not share User Account Details with any party not explicitly authorised by Thirtyone:eight.
  6. Request Thirtyone:eight to withdraw the Account details from any user acting in a malicious manner or otherwise outside of the DBS Code of Practice or users no longer authorised to access the System.
  7. Not divulge the User Account details to Thirtyone:eight (except for support purposes) or any third party.
  8. Ensure that any DBS checks requested or carried out are justified and allowable as per the DBS Code of Practice and other relevant legislation.
  9. Ensure that disclosure results are not kept any longer than necessary to make a suitable decision and in line with your organisational policies. 
  10. Ensure identity verification is done with due diligence and in full compliance with the DBS Code of Practice, DBS guidance or any other applicable guidance or legislation.
  11. Comply with any new or revised DBS guidance notified Thirtyone:eight or other relevant legislation.
  12. Ensure all applicants have awareness of and have read the Thirtyone:eight statement of fair processing.
  13. Acknowledge that Thirtyone:eight can hold no responsibility and will not support Users accessing the service if any issue of liability arises from use of the Customer’s or User’s equipment.
  14. Ensure that User computers have appropriate up to date anti-virus software, anti-malware, and an active firewall.
  15. Ensure the utmost security of the e-bulk system and encourage all users to use as secure an email address as they can by using strong passwords and two factor authentication and users must not divulge email passwords or log in details to anyone else.
  16. Ensure all Users have received appropriate training to use the System.
  17. Not use the System in a manner that may harm or impair any other party’s use of it.
  18. Not use the System in an attempt to gain unauthorised access to any service, network, account or data by any means.

Page last updated: 01 October 2024

Change Cookie Choices