The Data Controller is Agenda’s client (your employer / potential employer or organisation).
The Data Processor is Agenda and we process your information under written instruction from our client (Your employer / organisation or potential employer).
Agenda is registered in the UK with the Company Number 3295323.
Agenda’s registered address is Regents Court, Princess Street, Hull, HU2 8BA.
Agenda is registered with the Information Commissioner’s Office Certificate Number Z4680545.
You can contact Agenda’s Data Protection Officer (DPO) by
Email: dataprotection@agenda-rm.co.uk
Phone: 03456 44 55 45
Agenda is committed to protecting your privacy and personal data as defined in the Data Protection Act 2018, the General Data Protection Regulation ((EU) 2016/679), UK GDPR or any successor legislation in the UK to the GDPR or the Data Protection Act 2018.
As part of the management of data protection and privacy at Agenda, we have developed a Personal Information Management System which is compliant with BS 10012:2017 Data Protection and ISO 27701 Privacy Management.
Under the General Data Protection Regulation (GDPR) personal data is defined as:
“Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
Background checks, pre-employment screening or vetting is the process of validating the information that you provide as part of the recruitment or rescreen process is accurate.
Agenda use the personal information that we collect from you to perform a background screening check on you. This is based on our client’s requirements. This is done to validate that the information you have given to our client as part of your employment or potential employment is accurate.
The level of information we collect depends on the types of background checks agreed and ordered by Agenda’s client. This can include the following types of checks:
– ID Verification
– Qualification Check
– Work History
– Criminal Check
– Right to Work Check
– Fraud Database Check
– Sanctions Check
– Finance Check
– Online Reputation Check / OSINT (Open Source Intelligence)
The amount of personal information we collect from you will vary depending on the screening level and the types of checks our client has ordered. Agenda limits the amount of information that we collect from you to what is required for Agenda to be able to complete the background check that the client has ordered. The information Agenda collects from you is only used to carry out the screening and is never sold to third parties.
To carry out a background check, we collect “personal identifiable information” (i.e. information that could be used to identify you directly.) Examples of this type of information include full name, previous names, address, phone numbers, email addresses, date of birth or gender. Agenda may also ask for work, education, address and criminal record history if this is part of the background check ordered by the client.
Agenda Screening Services stores your data for a maximum period of 12 months, from the completion of your Screening. After 12 months your personal identifiable information is removed from our system.
Agenda fully appreciate how important and valuable personal identifiable information is and we take all possible steps to protect it. Data is held by Agenda in the UK and is not sold on to third parties.
Agenda is accredited to the internationally recognised ISO/IEC 27001:2013 standard for Information Security Management, ISO 27701 Privacy Information Management, BS10012 Personal Information Management and ISO 22301 Business Continuity Management these standards are audited by an independent certification body, every 6 months.
Agenda is accredited to the UK government and CESG backed Cyber Essentials scheme which is now a requirement for organisations that work with UK government organisations. Agenda’s premises hold the ACPO Secured by Design award.
Agenda is an umbrella body of the Disclosure and Barring Service and must be compliant with strict information security standards set out by the DBS. To remain a registered umbrella body, Agenda is subject to and must pass audits carried out by the DBS.
All personal information is handled by Agenda staff that have been through 22 background checks themselves and are fully trained in the requirements of Data Protection.
We are accredited to ISO 9001 Quality Management System standard that we use to ensure sure that our processes and services are fully audited and robust. To maintain this international standard, we are audited every 6 months by an independent certification body.
Agenda is processing your personal information to fulfil the contract and written instructions of our client to provide pre-employment screening / background checks / vetting.
The lawful basis for processing your information is the responsibility of our client (Your employer / organisation or potential employer)
If Agenda ask for your consent, this is for screening practicality reasons as some organisations will need your consent before they release your information to Agenda for validation. An example of this can be with a qualification awarding body when Agenda is required to confirm a qualification.
Please note that as a Data Processor Agenda only process your data on written instruction from the Data Controller (Agenda’s client) Subject Access Requests or a request to erase your data should be directed to the organisation that submitted you for screening. Agenda cannot action these requests without authorisation from our client, the Data Controller.
At any point whilst we are in possession of or processing your personal data, you, the data subject, have the following rights:
To support compliance with all relevant UK and EU data protection law and the requirements of the General Data Protection Regulation (GDPR), Agenda Resource Management have implemented a personal information management system (PIMS) in accordance with the British standard BS 10012 and ISO 27701 Privacy Management.
The objective of the implementation of the PIMS is to provide direction and support for compliance with data protection requirements and good practice. Agenda shall establish, implement, maintain, and continually improve the PIMS, including the processes needed and their interactions, in accordance with the requirements of the British Standard BS 10012 and ISO 27701.
Certification to ISO/IEC 27001 Information Security Management, BS EN ISO 9001 Quality Management, ISO 22301 Business Continuity and BS EN ISO 14001 Environmental Management and Cyber Essentials are used to support the PIMS as well as suitable qualified and experience personnel in the roles of data protection officer and information security and data owners. These roles will oversee and review data processing activities, maintain data inventories and data impact assessments to ensure that adequate organisational and technical measures are in place which are reviewed on a yearly basis.
We may change this Privacy Notice or Agenda’s Privacy Policy from time to time.
If we make significant changes in the way we treat your personal information, we will make that clear on our websites or by email, so that you are able to review the changes.
This Privacy Notice was last reviewed 15/11/2022
In the event that you wish to make a complaint about how your personal data is being processed by Agenda or how your complaint has been handled, you have the right to lodge a complaint directly with The Information Commissioner’s Office (ICO) and Agenda’s Data Protection Officer.
The details for each of these contacts are:
Data Protection Officer
PO BOX 24
Hull
HU12 8YJ
dataprotection@agenda-rm.co.uk
Information Commissioners Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
0303 123 1113