Risk Management Intelligence (RMI) is engaged to provide background screening services (the “Service”) to its clients (“Clients”). For the purposes of compliance with relevant data privacy laws, the Client is the Data Controller and RMI is the Data Processor.
RMI respects your privacy and is committed to protecting your personal data. This privacy notice explains how your personal data is processed and used by RMI during the course of the Service.
How do the Service work?
RMI acts under the instructions of its Client who will determine what personal data is collected and processed in order to provide the Service that they require.
On what basis do you process my personal data?
You will be asked to provide your consent for RMI to collect and process your personal data on behalf of our Client. You will be provided with enough information to ensure that you are aware of what you are consenting to and you may withdraw your consent at any time throughout the process. You may wish to contact your prospective employer if you have any questions relating to the nature of the Service and the use of your personal data.
What personal data do we collect?
In order to provide the Services, and to ensure that any information reported back to a Client is accurate, your personal data must be collected. You will be asked to provide only personal data that is required to perform the Service.
The types of personal data that may be requested could include:
- Name as per Government issued Identity Card or Passport
We require this information to identify you when performing the Service. Collecting this information increases the accuracy of the results provided by the sources. Sources may include education institutes, professional bodies, previous employers, credit agencies, data providers, regulators and authorities.
- Identity Number
We require this information to identify you when performing the Service. Collecting this information increases the accuracy of the results provided by the sources.
- Date of birth
Collecting this information increases the accuracy of the results provided by the sources.
- Address and Address history
Your Address and Address History will help RMI identify which locations should certain verification checks are to be conducted. Collecting this information increases the accuracy of the results provided by the sources.
- Contact Details
RMI will use this information to keep in touch with you. This information will not be used for any Marketing purposes and will only solely be used by RMI to provide the Service.
- Education history
RMI will use this information to verify the education certificates that you have attained.
- Employment history
RMI will use this information to verify your professional work experiences.
- Name as per Government issued Identity Card or Passport
If you have access to RMI’s screening platform, the platform collects session cookies only which are stored on your computer only during your web session. They are automatically deleted when the browser is closed. The platform does not collect any information from your computer.
What personal data will be processed?
The personal data processed during the Services will be determined by RMI’s Client. RMI’s Client may request for education and employment history to be validated, financial checks, court records, criminal records, watchlist and sanctions database checks, media reviews and any other publicly available information to be verified. These checks are global and will be based on where you have worked and lived in the past.
When does RMI transfer data?
Your personal data may be transferred in these circumstances:
To RMI’s client in the form of a Screening Report as part of the Service;
To a third party who requires this information in order to supply, provide or respond to RMI’s enquiry as part of the Service.
To a third party:
The third parties are organisations, education institutions, professional bodies, credit agencies, individuals, government agencies, media agencies, data providers or repositories, regulators and authorities from which information is collected for the purposes of fulfilling the Service only.
In respect to a transfer of your personal data to a Source or Sources outside of the EU, this will be dependent on your footprint during the screening period set by RMI’s Client. Where your footprint is outside the EU, your personal data will need to be transferred to the relevant Source(s).
How do we ensure your personal data is safe?
RMI is committed to protecting your personal data and have measures are in place to protect personal data from accidental loss, from unauthorised access, use, alteration or disclosure. Information security measures are in place, including access controls, physical security and robust information collection, storage and processing practices. RMI also ensure that where electronic transfer of Personal Data to/from its representatives takes place that such transfers are also appropriately protected and are in compliance with relevant data protection legislation and in accordance with any instructions provided by a data source. As contracted with RMI’s Clients provisions are in place within RMI in order to ensure an adequate level of data protection for all transfers of personal data outside of the EU.
RMI’s platform is ISO 27001 certified and meets PCI DS (Pay card Industry Data Security standard) and FISMA (Federal Information Security Management framework)
Does RMI use personal data for any reason other than the provision of the Services?
No: your personal data is used only to provide the Services. Once the Services are completed your personal data will be deleted from the Service Platform in accordance with pre-determined data retention periods.
How long is personal data retained for?
RMI’s standard data retention policy on the Service Platform is 6 years from the date that the Screening Report is completed. However, a Client may set their own customised retention period which they will make available to you on your request.
How can you exercise your rights under relevant privacy laws?
You have certain rights in respect to the personal data that will be processed as part of Service, such as rights of access, rectification and erasure. Under privacy legislation your rights are exercisable against the Data Controller, RMI’s Client and you should direct your requests to them at the address they provide to you.
How can I withdraw my consent for RMI to process my personal data?
You can withdraw your consent for the use of your personal information at any time. In the event that you withdraw your consent we will cease to process your personal data, whether that be all your personal data or a specific component to which the withdrawal of consent relates to. Processing will only recommence if you reinstate your consent.
RMI will contact the relevant Client to notify them that your consent has been withdrawn. We encourage you to speak to your prospective employer to discuss any concerns or reasons that led to the withdrawal of your consent.
How do I make a complaint?
We commit to handle your personal data in a way that provides you comfort and confidence. However, if at any time you have concerns over the handling of your personal data you are encouraged to contact your prospective employer and RMI will cooperate with any investigation to resolve any issues.
If you wish to contact RMI directly then please do so at firstname.lastname@example.org We are committed to protecting your personal data and resolving any complaints about our collection or use of your personal data.
Last Updated January, 2020