DBS Statement of Fair Processing
By accessing the E-bulk system and providing thirtyone:eight with your personal details, you agree to accept and be bound by the terms of this fair processing statement, summarised here.
We operate our online DBS service using the Security Watchdog, E-bulk system. This system is produced by Security Watchdog and built from the IT specification supplied by the Disclosure and Barring Service (DBS).
Our online service is committed to protecting the privacy of our users. When you supply any personal information to this site we have legal obligations towards you in the way we deal with your data as follows:
- We will hold your personal information on our systems for as long as needed to meet the service you have requested and remove it in the event that the purpose has been met.
- We will ensure that all personal information supplied is held securely, in accordance with the UK Data Protection Legislation (Data Protection Act 2018 and UK GDPR).
- We will provide a safe and secure experience for users of this site.
- We will ensure that the information you submit to us remains private, and is only used for the purposes set out below.
Fair Processing Principles:
- Your personal information is only processed with your knowledge.
- Only information that we actually need is collected and processed.
- Your personal information is only seen by those who need it to do their jobs.
- Personal information is retained only for as long as it is required.
- Decisions affecting you are made on the basis of reliable and up to date information.
- Your information is protected from unauthorised or accidental disclosure.
- Inaccurate or misleading data will be corrected as soon as possible.
- Procedures are in place for dealing promptly with any dispute.
All information requested is used solely for the purpose of producing a DBS certificate and is collected, stored and processed by Thirtyone:eight,& Security Watchdog and the DBS in accordance with the UK Data Protection Act (Data Protection Act 2018 and UK GDPR). We will treat your personal information as confidential and we will not disclose it to any third party except: (i) with your prior agreement; (ii) as necessary for providing our eBulk online disclosure service to you and your employer (those involved in your recruitment process/responsible for safeguarding at an organisational level); or (iii) as required by law.
Any organisation which uses our online DBS service is obliged to sign a service contract requiring them to:
- Abide by the UK Data Protection Legislation and GDPR
- Have a policy for secure storage, handling, use, retention and disposal of Disclosures and Disclosure Information
Our online ebulk solution is hosted within an ISO27001, Capita owned data centre and all components of the service are protected by intrusion detection and intrusion prevention devices. Completed applications are fully encrypted and securely transferred to Disclosure Scotland and DBS using the E-BulkPlus Interface.
In the event that your application requires a Route Two identity check Thirtyone:eight will submit your name, address and date of birth to a third party, Equifax, in order to carry out an identity check. The recruiter for your organisation will seek your agreement to this and you will receive a confirmation email that this id check has taken place. Thirtyone:eight will hold your data for no longer than six months from application to answer any queries that may arise.
In the event that your organisation offers the option of your ID Check being completed Digitally through Ebulk, this would be carried out using our certified identity service provider (IDSP), TrustID Limited. More information on how they process your data can be found at trustid.co.uk/privacy-policy-data-subjects.
The Disclosure and Barring Service will refer the details provided on this application form to government and law enforcement bodies in accordance with any relevant legislation. The details provided to these bodies will be used for identifying possible matches to records held by them. Where such a match is established, data may be released to the DBS for inclusion on any certificate issued. The details provided on this form may be used to update the records held by the bodies specified above. The details provided on the application form may be used to verify your identity for authentication purposes. The DBS may use any information provided by the DBS on a certificate or otherwise held by the DBS to inform any of its barring decisions made under its powers within the Safeguarding Vulnerable Groups Act 2006.
E-Bulk Recruiter Agreement
All organisations using the E-bulk system must agree to:
- Ensure that all personal information supplied is held securely, in accordance with the UK Data Protection Legislation (Data Protection Act 2018 and UK GDPR).
- Continue to ensure that all users follow the instructions contained within Thirtyone:eight guidance.
Not proceed with any online Enhanced DBS check application until the applicant has completed and returned a self-declaration form /confidential declaration to the Recruiter.
- Ensure that all User Accounts and other details are kept safe and secure.
- Not share User Account Details with any party not explicitly authorised by Thirtyone:eight.
- Request Thirtyone:eight to withdraw the Account details from any user acting in a malicious manner or otherwise outside of the DBS Code of Practice or users no longer authorised to access the System.
- Not divulge the User Account details to Thirtyone:eight (except for support purposes) or any third party.
- Ensure that any DBS checks requested or carried out are justified and allowable as per the DBS Code of Practice and other relevant legislation.
- Ensure that Disclosures are not kept any longer than necessary to make a suitable decision and in all cases not longer than 6 months from the date of issue (other than in relation to social care or OFSTED registered settings where audit requirements mean that Disclosure results must be retained as per inspectors requirements as agreed by the DBS). For the avoidance of doubt the Recruiter shall be responsible for the secure handling and destruction of the Disclosure.
- Ensure identity verification is done with due diligence and in full compliance with the DBS Code of Practice, DBS guidance or any other applicable guidance or legislation.
- Comply with any new or revised DBS guidance notified Thirtyone:eight or other relevant legislation.
- Ensure all applicants have awareness of and have read the Thirtyone:eight statement of fair processing.
- Acknowledge that Thirtyone:eight can hold no responsibility and will not support Users accessing the service if any issue of liability arises from use of the Customer’s or User’s equipment.
- Ensure that User computers have appropriate up to date anti-virus software, anti-malware, and an active firewall.
- Ensure the utmost security of the e-bulk system and encourage all users to use as secure an email address as they can by using strong passwords and two factor authentication and users must not divulge email passwords or log in details to anyone else.
- Ensure all Users have received appropriate training to use the System.
- Not use the System in a manner that may harm or impair any other party’s use of it.
- Not use the System in an attempt to gain unauthorised access to any service, network, account or data by any means.