Introduction
First Advantage Europe Ltd. and its affiliates (“First Advantage”) are committed to protecting the personal data of individuals located in the European Economic Area (EEA) and the United Kingdom (UK) in compliance with the EU General Data Protection Regulation (EU-GDPR) for the EEA region and with the UK General Data Protection Regulation (UK-GDPR) for the UK region. The term ‘personal data’ in this policy, and under the GDPR, refers to any information relating to an identified or identifiable natural person, which is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
The information presented in this Privacy Policy (“Policy”) should be read in conjunction with any privacy notice(s) presented to you by the employer/prospective employer on whose behalf First Advantage is performing a background check.
This Policy was published July 1, 2023. The content of this Policy may be updated from time to time. Please check our website regularly for the most current information.
Purposes for Processing Personal Data
First Advantage provides background screening services for the purposes of and at the direction of its clients (“Client”) to assist them in considering individuals for employment, changes in the level of responsibility and other circumstances where an employee’s background is relevant. This is achieved by preparing a background screening report for the Client.
The Client determines the lawful basis for such processing under the EU-GDPR or UK-GDPR, as the data controller. Further detail regarding the Client’s lawful basis is generally set forth in the Client’s privacy notice(s), which are presented, as appropriate, prior to the commencement of screening.
We recognise the importance of privacy and respect the confidentiality of the personal data individuals provide to us. As a data processor under both the EU-GDPR and the UK-GDPR, we process personal data in accordance with the instructions of our Client and comply with the requirements on processors under the EU-GDPR or UK-GDPR.
Data Processor and Data Controller Roles and Responsibilities
Both the EU-GDPR and the UK-GDPR differentiate between the “data controller” and the “data processor” of information and each have their own obligations under them with respect to the processing of your personal data. In general, our Client (i.e., your employer, or the entity with which you have applied for employment) is the data controller of personal data and determines the means and purposes for processing your personal data. First Advantage is the data processor for processing purposes. It is important to understand that, as the data processor, we act on the instructions from the data controller regarding your personal data.
Scope of Personal Data Processing
Clients determine the scope of the background checks conducted on each individual and First Advantage provides such checks upon the instructions of the Client. The personal data collected from you may include name, age, date of birth, contact details, address history, employment history, reference information, education, professional qualifications, residency, sanctions, immigration status, claims, judgments, insolvency, current and previous directorships, and such other information necessary to perform a background search or verification.
We may also process other categories of personal data (only where directed by our Client and permitted by applicable law) such as criminal records.
Sources of Personal Data
We receive your personal data from two primary sources: your employer/prospective employer and you. Based on the personal data we receive, we conduct a background check. In preparing the report, we may also receive personal data about you from third party data sources such as government agencies, law enforcement bodies, publicly available records, public registries, court or tribunal records, insolvency registers, educational institutions, your referees or references, current and/or previous employers, and regulatory and licensing bodies.
Use of Personal Data
First Advantage verifies your personal data by carrying out various types of checks for the purposes of preparing a background screening report.
First Advantage then compiles the personal data and search results into a report which is provided to the Client via a secure means. First Advantage does not use personal data for any reason other than to provide background screening services to our Client.
We do not use the PII which we receive from the candidate for any marketing or advertising purpose. Any data used for statistical purposes will be anonymised
Retention of Personal Data
First Advantage retains personal data only as long as it is required and in conformance with the Client’s requirements. Our Client, as the data controller, sets the data retention period. Certain legal requirements and/or government bodies may also require First Advantage to retain your personal data for a minimum or maximum period of time. In the absence of such predefined periods, First Advantage will delete your personal data two years from the date of completion of the background screening check.
Storage of Personal Data
Personal data for background checks conducted in the EEA and the UK is generally stored in the EU.
Cross Border Data Transfers
To the extent necessary in order to conduct the background check, your personal data may be transferred overseas (in other words, a “cross border transfer of data”) for processing purposes. The circumstances of cross border transfer may be as follows:
- To our affiliated entities and/or third-party fulfilment partners to fulfil the services to our Client. Affiliates and third parties may be located outside of the EEA or the UK; and/or
- To third party sources of information to the extent that you have lived or worked outside the EEA or the UK.
To affiliated entities and third-party fulfilment partners
We may need to transfer your personal data to our affiliates located outside the EEA and the UK for administrative purposes, operational and/or processing purposes in connection with the preparation of a report to the Client.
We also use a limited number of third-party fulfilment partners to assist us in providing our background screening services to customers. These third parties perform reference and credential verifications and complete portions of services requested by our Clients, such as by obtaining records from data sources.
In all circumstances of cross border transfers of data to a First Advantage affiliate and/or third-party fulfilment partner, a data transfer agreement is in place in the EEA region and in the UK region containing appropriate Standard Contractual Clauses as approved by the EU Commission or by the UK Information Commissioner’s Office (ICO).
To third party sources of information
We may need to transfer your personal data to sources outside the EEA and the UK region depending on your prior work or address history and the extent to which our Client requests us to verify certain information. For example, if you lived, studied or worked overseas, we may need to transfer certain limited personal data to liaise with sources, former employers, third party references, or educational institutions.
GDPR Data Subject Rights
First Advantage operates as the data processor on behalf of the data controller (i.e. your employer or prospective employer). If you are seeking to assert your rights either under the EU-GDPR or the UK-GDPR we ask that you do so through the Client at the address they have provided to you. Both the EU-GDPR and UK-GDPR provide rights such as the right of access, rectification, erasure, data portability, and restriction of processing. The Client (as data controller) will then instruct First Advantage on what action to take as necessary. As a reminder, the data controller will generally be your employer or the organisation to which you are applying for employment.
If you contact our Data Protection Officer (DPO) first via our GDPR mailbox (GDPR@fadv.com), we will ensure that the data controller is involved and aware of requests and/or concerns you send to us so that they have the opportunity to provide instruction to First Advantage.
Security of Information
First Advantage is committed to ensuring that your personal data is kept secure. We have a comprehensive data security program in place that implements appropriate technical and organisational measures and which at a minimum cover:
- Protection against loss, misuse, or unauthorised alteration of personal data.
- Our customer facing web applications utilise Secure Sockets Layer (SSL) encryption to protect all confidential data across the public network, reducing the risk of exposure.
- In addition, data is encrypted while at rest when it is stored in our data centres, further protecting the data from unauthorised access or loss.
- Access to personal data is strictly limited to those employees who need this access in order to carry out their job responsibilities.
When disposing of personal data, ensuring that information cannot be practicably read or reconstructed.
- Our Data Centre, located in the EU, is certified to meet ISO Standard 27001:2013 and is regularly audited to ensure that the security controls are effective and in place.
EU Representative
To comply with the General Data Protection Regulation (2016/679), we have appointed a European representative. If you wish to contact them, their details are as follows: EUrepresentative@fadv.com.
Questions or Complaints
If you have a query or complaint or wish to understand more about how your personal data is handled, please contact our Data Protection Officer by email at GDPR@fadv.com.
If you are not satisfied with the outcome of a complaint and you are located in the United Kingdom, you may refer the matter to the UK Information Commissioner’s Office at https://ico.org.uk/make-a-complaint/ or by calling their help line on +44 303 123 1113. Data protection authorities for other EU and EEA member countries can be located here: https://edpb.europa.eu/about-edpb/board/members_en
We are committed to protecting your personal data and investigating and resolving any complaints about our collection or use of your personal data.