Who we are

DBS at CAS collects, uses and is responsible for certain personal information about you. When we do so we are regulated under the General Data Protection Regulation which applies across the European Union (including in the United Kingdom) and we are responsible as ‘controller’ of that personal information for the purposes of those laws.

Information collected by DBS at CAS

In the course of processing criminal record checks via the Disclosure and Barring Service (DBS) and Disclosure Scotland we collect the following personal information when you provide it to us:

DBS at CAS also obtain personal information from other sources as follows:

·        Notification of whether or not a disclosure certificate has content from the DBS

·        Disclosure certificate reference number

·        Disclosure certificate issue date

DBS at CAS do not receive or hold data on any other content disclosed by the DBS.

Young person’s data

If a young person under the age of 18, or an organisation on their behalf, wishes to apply for a DBS check then DBS at CAS would process their information in the same way as any other applicant.

We are unable to offer our services to any individual under the age of 16.

How DBS at CAS uses your personal information

DBS at CAS use your personal information to:

·        Process criminal record checks requests

·        Process payments where necessary

Who DBS at CAS share your personal information with

DBS at CAS shares information collected by with third-party suppliers, including the DBS, Disclosure Scotland, Home Office, police forces and Experian. This data sharing facilitates the processing of criminal record check applications.

DBS at CAS will share personal information with law enforcement or other authorities if required by applicable law.

DBS at CAS will not share your personal information with any other third parties.

Why is your personal information required?

The provision of personal data by you as set out in information collected by DBS at CAS is needed to enable us to facilitate the processing of criminal record check applications. DBS at CAS will inform you at the point of collecting information from you, whether you are required to provide the information to us.

How long your personal information will be kept

Record keeping is not only for operational reasons but because records are required by various governing bodies and legislation. DBS at CAS will retain your personal information for as long as is necessary for the relevant activity.

Information submitted via hard copy application forms is confidentially shredded after 3 months. Data submitted via our online DBS management system is purged after 6 months.

Why DBS at CAS collects and uses your personal information

DBS at CAS are a registered umbrella body with the DBS and Disclosure Scotland and are authorised to submit criminal record checks. DBS at CAS provides information to the DBS in order for your criminal record check to be processed.

In order to process your criminal record check application (Standard or Enhanced) we rely on the following reasons:

·        Processing is based on consent from you

·        Processing is necessary because of a legal obligation

·        Processing is necessary for the purpose of the legitimate interests pursued by DBS at CAS or a third party (e.g. we need to process your personal data to facilitate a criminal record check which is in the legitimate interest of all parties involved – us, you as the potential candidate and our client)

·        Processing is necessary for the performance of a task in the public interest

DBS at CAS will rely on your consent to obtain e-Bulk standard/enhanced check electronic results.

Where DBS at CAS processes your information on the basis of consent that you have given us, you are entitled to withdraw that consent at any time.

DBS at CAS will not transfer your personal data outside of the United Kingdom or to any organisation governed by public international law or which is set up under any agreement between two or more countries.

Your rights

Under the General Data Protection Regulation you have a number of important rights free of charge. In summary, these include rights to:

·        Fair processing of information and transparency over how DBS at CAS uses your personal information

·        Access to your personal information

·        Require DBS at CAS to correct any mistakes in your information which we hold

·        Require the erasure of personal information concerning you in certain situations

·        Receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations

·        Object at any time to processing of personal information concerning you for direct marketing

·        Object to decisions being made that significantly affect you

·        Object in certain other situations to our continued processing of your personal information

·        Otherwise restrict our processing of your personal information in certain circumstances

For further information on these rights, including the when they apply, please visit ICO guide to individual GDPR rights

If you would like to exercise any of these rights, please contact our appointed Compliance Officer, Peter Richardson, Brightspace, 160 Hadleigh Road, Ipswich, IP2 0HH.

If you believe that DBS at CAS has not complied with your data protection rights, you can complain to the Information Commissioner.

 Keeping your personal information secure

We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

DBS at CAS utilises a system developed by Kent County Council for processing e-DBS applications and all information is therefore stored on their servers.  These servers containing sensitive information are stored in accordance within ISO27001 standards. They are in secure, locked areas to prevent unauthorised access.

Who to contact

Please contact our Compliance Officer if you have any questions, queries or concerns about our use of your information. Please send an email to dbs@communityactionsuffolk.org.uk or write to, Peter Richardson, Brightspace, 160 Hadleigh Road, Ipswich, IP2 0HH.

The GDPR Regulation also gives you right to lodge a complaint with a supervisory authority. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone 0303 123 1113.

External ID Checks - Terms & Conditions for End Users

When establishing the true identity of an applicant an external ID verification check may be used as an alternative to Route 1/1a. This will require us to provide an applicant’s details (as presented on the application form) to our chosen supplier Experian, who will compare the data obtained from the applicant against a range of independent, external data sources.

Please take a moment to read the Experian Terms and Conditions with regards to the core terms concerning the nature and use of the services, confidentiality, data protection, compliance and audit.