Risk Management Intelligence (RMI) is engaged to provide background screening services (the “Service”) to its clients (“Clients”). For the purposes of compliance with relevant data privacy laws, the Client is the Data Controller and RMI is the Data Processor.
RMI respects your privacy and is committed to protecting your personal data. This privacy notice explains how your personal data is processed and used by RMI during the course of the Service.
How does the Service work?
RMI acts under the instructions of its Client who will determine what personal data is collected and processed in order to provide the Service that they require.
On what basis do you process my personal data?
You will be asked to provide your consent for RMI to collect and process your personal data on behalf of our Client. You will be provided with enough information to ensure that you are aware of what you are consenting to and you may withdraw your consent at any time throughout the process. You may wish to contact your prospective employer if you have any questions relating to the nature of the Service and the use of your personal data.
What personal data do we collect?
In order to provide the Services, and to ensure that any information reported back to a Client is accurate, your personal data must be collected. You will be asked to provide only personal data that is required to perform the Service.
Type of personal data collected
Where (or who) we collect this personal data from
Reasons for collection
Full Name (including former names)
To identify you. We may need your current and former names to access all relevant records for background checking.
Date and place of birth
To identify you.
Sex or gender
To complete some background checking services that require information about gender in order to identify you.
To complete some background checking services (e.g. criminal history checks and credit checks) that require this information.
We may collect your postal address, email address and telephone number in order to contact you in relation to performing the services requested by our client.
Some of the services we use and provide require us to provide information about your nationality.
Copies of photograph ID (often the original copies may need to be signed or the copies certified)
Some services, particularly those provided by government agencies, require a photograph ID, including as part of confirming our authorisation to request information from them about you.
Copies of Identity documents
To verify your identity or address where requested to do so by our client or a third party who we are requesting your information from.
Government issued identifiers (e.g. local ID number, social security number; national insurance number; driving license number; Passport number etc.)
To conduct searches, or request searches, from third parties where the records being searched are associated with a government identifier
Criminal history information and police records
This information is often provided as part of the background screening process, in particular for certain positions or roles.
Credit or bankruptcy history
Some clients request financial or identity information from credit files held by credit reference agencies or in public record information. This type of information is particularly relevant for some positions of trust.
Civil court records
Some clients request information about your litigation history in the civil courts.
Some clients disclose this information to us and/or request that we verify this information.
Government watch, enforcement or sanctions lists
To check whether or not you appear on any government watch, enforcement or sanctions lists. This may be particularly relevant for specific roles or positions of trust.
Directorship; shareholding and corporate governance history
To provide to our client the opportunity to review your history or current status as a director, officer, trustee or shareholder with corporations and charities and to confirm that you are not barred from holding such positions and that there are no conflicts of interests
To verify your employment history, as requested by our clients.
To verify your education qualifications
Professional memberships; licenses; designations; awards; credentials; sanctions or disciplinary decisions
To verify your membership of a professional association; your standing as a member of a profession; your completion of professional development.
Information about your activity during periods of absence form work or study
To verify your activity history, for example to confirm reasons you have provided for a gap in employment or study history (i.e. travel).
Media, including social media posts
As part of our services provided to our client, we may search for media content about you, assess your publicly available social media activity, or search for references to you that appear online.
If you have access to RMI’s screening platform, the platform collects only session cookies which are stored on your computer and only during your web session. They are automatically deleted when the browser is closed. The platform does not collect any information from your computer.
What personal data will be processed?
The personal data processed during the Services will be determined by RMI’s Client. RMI’s Client may request for education and employment history to be validated, financial checks, court records, criminal records, watchlist and sanctions database checks, media reviews and any other publicly available information to be verified. These checks are global and will be based on where you have worked and lived in the past.
When does RMI transfer data?
Your personal data may be transferred in these circumstances:
To RMI’s client in the form of a Screening Report as part of the Service;
To a third party who requires this information in order to supply, provide or respond to RMI’s enquiry as part of the Service.
To a third party:
The third parties are organisations, education institutions, professional bodies, credit agencies, individuals, government agencies, media agencies, data providers or repositories, regulators and authorities from which information is collected for the purposes of fulfilling the Service only.
In respect to a transfer of your personal data to a Source or Sources outside of the EU, this will be dependent on your footprint during the screening period set by RMI’s Client. Where your footprint is outside the EU, your personal data will need to be transferred to the relevant Source(s).
How do we ensure your personal data is safe?
RMI is committed to protecting your personal data and have measures are in place to protect personal data from accidental loss, from unauthorised access, use, alteration or disclosure. Information security measures are in place, including access controls, physical security and robust information collection, storage and processing practices. RMI also ensure that where electronic transfer of Personal Data to/from its representatives takes place that such transfers are also appropriately protected and are in compliance with relevant data protection legislation and in accordance with any instructions provided by a data source. As contracted with RMI’s Clients provisions are in place within RMI in order to ensure an adequate level of data protection for all transfers of personal data outside of the EU.
RMI’s platform is ISO 27001 certified and meets PCI DS (Pay card Industry Data Security standard) and FISMA (Federal Information Security Management framework)
Does RMI use personal data for any reason other than the provision of the Services?
No. Your personal data is used only to provide the Services. Once the Services are completed your personal data will be deleted from the Service Platform in accordance with pre-determined data retention periods.
How long is personal data retained for?
RMI’s standard data retention policy on the Service Platform is 6 years from the date that the Screening Report is completed. However, a Client may set their own customised retention period which they will make available to you on your request.
How can you exercise your rights under relevant privacy laws?
You have certain rights in respect to the personal data that will be processed as part of Service, such as rights of access, rectification and erasure. Under privacy legislation your rights are exercisable against the Data Controller, RMI’s Client and you should direct your requests to them at the address they provide to you.
How can I withdraw my consent for RMI to process my personal data?
You can withdraw your consent for the use of your personal information at any time. In the event that you withdraw your consent we will cease to process your personal data, whether that be all your personal data or a specific component to which the withdrawal of consent relates to. Processing will only recommence if you reinstate your consent.
RMI will contact the relevant Client to notify them that your consent has been withdrawn. We encourage you to speak to your prospective employer to discuss any concerns or reasons that led to the withdrawal of your consent.
How do I make a complaint?
We commit to handle your personal data in a way that provides you comfort and confidence. However, if at any time you have concerns over the handling of your personal data you are encouraged to contact your prospective employer and RMI will cooperate with any investigation to resolve any issues.
If you wish to contact RMI directly then please do so at email@example.com We are committed to protecting your personal data and resolving any complaints about our collection or use of your personal data.
Last Updated January, 2020