Personal identification information
We may collect personal identification information from Users in a variety of ways, including, but not limited to, when Users visit our site, place an order, subscribe to the newsletter, fill out a form, and in connection with other activities, services, features or resources we make available on our Site. Users may be asked for, as appropriate, name, email address. Users may, however, visit our Site anonymously. We will collect personal identification information from Users only if they voluntarily submit such information to us. Users can always refuse to supply personally identification information, except that it may prevent them from engaging in certain Site related activities.
Non-personal identification information
We may collect non-personal identification information about Users whenever they interact with our Site. Non-personal identification information may include the browser name, the type of computer and technical information about Users means of connection to our Site, such as the operating system and the Internet service providers utilized and other similar information.
How we use collected information
NDF Associates may collect and use Users personal information for the following purposes:
- To improve customer service
Information you provide helps us respond to your customer service requests and support needs more efficiently.
- To personalize user experience
We may use information in the aggregate to understand how our Users as a group use the services and resources provided on our Site.
- To improve our Site
We may use feedback you provide to improve our products and services.
- To process payments
We may use the information Users provide about themselves when placing an order only to provide service to that order. We do not share this information with outside parties except to the extent necessary to provide the service.
- To send periodic emails
We may use the email address to send User information and updates pertaining to their order. It may also be used to respond to their inquiries, questions, and/or other requests. If User decides to opt-in to our mailing list, they will receive emails that may include company news, updates, related product or service information, etc. If at any time the User would like to unsubscribe from receiving future emails, we include detailed unsubscribe instructions at the bottom of each email.
How we protect your information
We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of your personal information, username, password, transaction information and data stored on our Site.
Sharing your personal information
We do not sell, trade, or rent Users personal identification information to others. We may use third party service providers to help us operate our business and the Site or administer activities on our behalf, such as sending out newsletters or surveys. We may share your information with these third parties for those limited purposes provided that you have given us your permission.
Your acceptance of these terms
By using this Site, you signify your acceptance of this policy and terms of service. If you do not agree to this policy, please do not use our Site. Your continued use of the Site following the posting of changes to this policy will be deemed your acceptance of hose changes.
Data Protection Policy
Statement of Policy
NDF Associates is a company which collects and processes personal data for the purposes of;
- Assessing the suitability of applicants for employment via CV screening.
- Attaining and renewing DBS Certificates.
- Checking an Individuals credit rating.
NDF Associates regards the lawful and correct treatment of personal information as being of paramount importance and therefore ensures that all personal information is treated lawfully and correctly. To this end the company fully endorses and adheres to the principles of data protection, as detailed in the GDPR and associated legislation and Codes of Practice.
Summarised, the principles require that personal information;
- Shall be processed lawfully, fairly, in a transparent manner and shall not be processed unless specific conditions are met.
- Shall be obtained only for one or more specified and lawful purposes and shall not be further processed in any manner incompatible with that purpose or those purposes.
- Shall be adequate, relevant, and not excessive in relation to the purpose or purposes for which they are processed.
- Shall be accurate and, where necessary, kept up to date.
- Shall not kept for longer than is necessary for that purpose or for those purposes.
- Shall be handled, stored, retained, and disposed of in line with the requirements of the GDPR.
- Shall be processed in a manner which ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing of, and against the accidental loss, destruction of, or damage to personal data, using appropriate technical or organisational measures.
- Shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
- Shall be processed in accordance with the rights of the data subject under the GDPR.
NDF Associates will, through appropriate management;
- Observe fully conditions regarding the fair collection and use of information.
- Meet its legal obligations to specify the purposes for which information is used.
- Collect and process appropriate information, and only to the extent that it is needed to fulfil operational needs or to comply with any legal requirements.
- Ensure the quality of information used.
- Apply strict checks to determine the length of time information is held.
- Ensure that the rights of individuals about whom information is held can be fully exercised. These are; The right to be informed, The right of access, The right to rectification, The right to erasure, The right to restrict processing, The right to data portability, The right to object, and rights in relation to automated decision making and profiling.
- Take appropriate technical and organizational security measures to safeguard personal information.
- Ensure that personal information is not transferred abroad without suitable safeguards.
- Treat people justly and fairly whatever their age, religion, disability, gender, sexual orientation or ethnicity when dealing with requests for information.
- Set out clear procedures for responding to requests for information.
NDF Associates will also ensure that;
- There is an identifiable individual with specific responsibility for Data Protection.
- All staff and others contracted to the company and responsible for managing and handling personal information understand that they are contractually responsible for following good data protection practice.
- All individuals managing and handling personal information are appropriately trained to do so.
- All individuals managing and handling personal information are appropriately supervised.
- Any individual seeking to make enquiries about handling personal information has access to the Data Protection Officer.
- Queries about handling personal information are promptly and courteously dealt with.
- Methods of handling personal information are clearly described.
- A regular review and audit is made of the way personal information is held, managed and processed.
- Methods of handling personal information are regularly assessed and evaluated.
- Performance with handling personal information is regularly assessed and evaluated.
- Any breach of the rules and procedures identified in this policy by an employee or other individual contracted to the company and responsible for managing and handling personal information will be dealt with promptly and seriously with disciplinary action.
The following policies detail how NDF Associates collect, store, handle, retain and dispose of personal information, as well as the procedure that will be followed in the instance of a Data Breach.
Conditions and Criteria for Data Processing
- Personal information shall only be processed through direct instruction from a data controller.
- Personal information shall only be processed with full consent from the data subject.
- Personal information shall only be processed for the specific purpose for which it was requested and for which the data subject’s full consent has been given.
- Personal information shall be accurate, relevant, and processed only to the extent that is needed to fulfil operational needs or to comply with any legal requirements.
In the course of its duties, NDF Associates will collect the following information;
- CV Screening: The name, date of birth, postal address and CV of the data subject. This information is provided by the relevant data controller with the consent of the data subject. If the data subject has chosen to provide an e-mail address, we may also contact them for further information if necessary.
- DBS Certification: The name, date of birth, postal address, other addresses from the last 5 years, National Insurance Number and, where applicable or provided, Passport Number, Driving License Number, telephone number and e-mail address. This information is provided by either the relevant data controller, with the consent of the data subject, or by the DBS Applicant.
- Credit Checking: The name, date of birth and postal address of the data subject. This information is provided by the relevant data controller with the consent of the data subject.
Storage, Handling, Use, Retention and Disposal of Personal Information
- Personal information is always kept securely, in lockable, non-portable storage containers with access strictly controlled and limited to those who are entitled to see it as part of their duties.
- Personal information retained in electronic form is within password protected files on a system with an appropriate level of firewall protection. Access is strictly controlled and limited to those who are entitled to see it as part of their duties.
- Personal information retained in electronic form is backed up by a UK based GDPR compliant company. All back up files are password protected with access strictly limited to those who are entitled to see them as part of their duties. These files are immediately recoverable in the event of a data disaster.
- Personal information is only passed to those who are authorized to receive it in the course of their duties and with full consent from the data subject. We maintain a record of all those to whom information has been revealed.
- Personal information sent electronically is encrypted.
- In the course of our business NDF Associates may be required to pass personal information to parties located outside of the European Economic Area in countries or territories which do not have data protection laws equivalent to those in the UK. Where this is the case reasonable steps will be taken to ensure the privacy of personal information.
- All completed CV screening reports or Credit Checks, sent by NDF Associates to the relevant data controller via e-mail, are sent as password protected documents.
- All information obtained during a screening enquiry is passed to our requesting client and we do not keep information for any longer than absolutely necessary once a screening has been completed to the satisfaction of that client. This is generally for a period of up to six months, to allow for the consideration and resolution of any disputes or complaints. Throughout this time, personal information will be stored in accordance with this policy.
- Once the retention period has elapsed, we will ensure that any personal information is immediately suitably destroyed by secure means, i.e. by shredding. Any electronic records and any backups will also be deleted after this period.
- In the case of an application for a DBS Certificate, the form will be processed within two days, unless there is a query on the application. Any personal documents sent by the data subject with the Application form will be returned by post in the pre-paid ‘Special’ or ‘Recorded’ Delivery envelope provided by the applicant.
- DBS Applications are not kept for any longer than necessary for the purposes of processing and copies are never made.
- The name, address and date of birth of the DBS applicant, along with job title, application reference number, application date and reference number will be retained electronically for up to 3 years for the purposes of tracking and future certificate renewals. The applicant may exercise their right to have this information rectified or erased.
- For CV verification and credit checking we do not keep any photocopy or other image of any personal data.However, we may keep a record of the date of issue of the screening report, the name of the subject and the unique reference number of the job for the purposes of invoicing and maintaining our records.
The GDPR defines a personal data breach as a security incident that has affected the confidentiality, integrity or availability of personal data. In short, there will be a personal data breach whenever any personal data is lost, destroyed, corrupted or disclosed if someone accesses the data or passes it on without proper authorization or if the data is made unavailable, for example, when it has been encrypted by ransomware, or accidentally lost or destroyed.
Whilst we follow strict measures to ensure the security of all the personal information we process, in the event of a data breach, NDF Associates will notify the relevant data controller immediately and without undue delay.
For further information regarding our Data Protection Policy, or to make a request regarding your personal data please contact;
Lee Townson (Data Protection Officer)
194 Skipton Road
All requests will be dealt with promptly and within one month of the request being made.
This policy will be updated as necessary to reflect best practice in data management, security and control and to ensure compliance with any changes or amendments made to the GDPR
Data Protection Registration Number Z9322840
NDF Associates Limited is registered in England. Company No 5316759. Registered Office :- 2 Woodside Mews, Leeds LS16 6QE