Zinc Privacy Policy

This Privacy Policy includes information about your personal data and we encourage you to read it carefully.

Zinc Work Limited (“Zinc”, “we”, “us”, “our”) provides the Zinc Service, for further information on the Zinc Service and how it works, you should refer to Zinc Platform Terms & Conditions (Committed and PAYG).

We take your privacy seriously and are committed to protecting and respecting your personal data and this privacy policy details how Zinc shall process your personal data.

For the purpose of data protection legislation in the UK, we are generally the controller of the personal data collected through your use of the Zinc Service and the terms of this privacy policy apply, in addition to any contractual terms in place between an Employer and us. However, there are circumstances when we are a processor of the personal data, meaning that we only process it on behalf of an Employer. In such circumstances, only the contractual terms in place between the Employer and us apply, and you should contact the Employer if you have any questions. If there is any conflict between this Privacy Policy for any contractual terms in place between us and an Employer, the contractual terms will take precedence.

1. What personal data do we collect and process, and how do we use it?

When you use the Zinc Service, you may provide us with the following personal data, and we may collect and process such personal data in accordance with this Privacy Policy and for the following purposes:

What personal data do we process?
Why do we process this personal data?
What is our lawful basis for processing?
Identity data.This includes your full name, date of birth, identity documentation, nationality, country of residence, dates of birth.
To set up your account and enable you to use the Zinc Service. To maintain comprehensive and accurate records.
To fulfil our contractual obligations (including as a processor where the Employer is the controller).

To comply with a legal obligation.
Contact data. This includes your address, phone number, email address and any other contact details you may provide.
To set up your account and enable you to use the Zinc Service.

To contact you if you have any problems or queries.

To inform you of any changes we make to the Zinc Service, applicable legal terms or this Privacy Policy.

To maintain comprehensive and accurate records.

To inform you of any new features or products, or updates to the Zinc Service, which we may make available from time to time.
To fulfil our contractual obligations (including as a processor where the Employer is the controller).

To comply with a legal obligation.

Zinc will only process your contact data for marketing purposes if you have provided your express consent for us to do so.
Background check status data.This includes data regarding the status of any background checks which an employer has requested.
If an employer or ATS provider requires background checks to be completed, Zinc or our outsourced providers will conduct the background checks and Zinc will share the status (e.g. complete) and a link to a report with the employer and/or ATS provider.
To fulfil our contractual obligations (including as a processor where the Employer is the controller).
Qualification data. This includes details of qualifications which you hold, e.g. degrees and diplomas and other exam results which you provide.
This information is collected if an employer requests details of your qualifications as part of a background check.
To fulfil our contractual obligations (including as a processor where the Employer is the controller).
Employment history data.This includes organisations and/or businesses you have worked for, job titles you have held and references provided by referees.
Accessing details of your employment history is fundamental to the nature of the Zinc Service – i.e. to assist employers in the verification of your employment history.
To fulfil our contractual obligations (including as a processor where the Employer is the controller).
Criminal record data. This includes details of any past criminal convictions.
If you apply for certain jobs, employers may require you to have passed a criminal background check. Zinc outsources these types of checks to specialist agencies.
To fulfil our contractual obligations (including as a processor where the Employer is the controller).

Candidate consent.
Biometric data.This may include images, videos and sound recordings of you.
If an employer requests certain checks it may be necessary to verify your identity, for example when checking your right to work status.
To fulfil our contractual obligations (including as a processor where the Employer is the controller). 

Candidate consent.
Sanctions data. This includes details of any sanctions you may be subject to.
If you apply for certain jobs, employers may require verification that you are not subject to any sanctions. Zinc outsources these types of checks to specialist agencies.
To fulfil our contractual obligations (including as a processor where the Employer is the controller).
Financial data. This includes details you provide when making payments to Zinc for the Zinc Service, e.g. payment card details and invoicing details.
To process your payments relating to the Zinc Service.
To fulfil our contractual obligations (including as a processor where the Employer is the controller).
Usage data. We may process data regarding your use of the Zinc Service, including which features you are using and how you are interacting with the Zinc Service. This may also include technical details such as your IP address, and details of your device (e.g. operating system).
To identify any problems, defects or issues with the Zinc Service.

To optimise the performance of the Zinc Service to ensure you have the best user experience.

To provide and improve the Zinc Service.
To fulfil our contractual obligations (including as a processor where the Employer is the controller).

To satisfy our legitimate interests.
  1. How do we protect your personal data?

We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorised access, alteration, disclosure or destruction of any personal data we collect or you provide.

We store your personal data securely on our computers in the UK and elsewhere in the world where our service providers are located (for more information on data transfers see section 4 below).

Additionally, we pseudonymise certain personal data from reports generated via the Zinc Service (e.g.email addresses).

3. Who do we share your personal data with?

When you use the Zinc Service, we may need to disclose your personal data to the following categories of third parties:

  • employers who have requested background checks on candidates (“Employers”);
  • referees who have been asked to provide references;
  • candidates who are responding to background check requests;
  • providers of third party applicant tracking systems;
  • payment processing service providers;
  • specialist outsourced background checking providers and agencies;
  • our other service providers which we use from time to time including technology providers; and
  • other third parties with your express consent or instruction to do so.

We may also need to disclose your personal data in the following limited circumstances:

  • to comply with a legal requirement, such as a law, regulation, subpoena, warrant, court order, legal proceedings or in response to a law enforcement agency or regulatory request;
  • if the disclosure of your personal data is or may be necessary to prevent physical harm or financial loss, to report suspected illegal activity or to enforce the terms of any agreement we may have with you; and
  • other third parties with your consent or direction to do so.

The personal data we share with these third parties and in these circumstances will in each case be limited to what is strictly necessary to satisfy the reasons set out in the table above. 

4. Transfers of your personal data

We will not transfer your personal data outside of the UK or EEA except to selected third parties that we have instructed to help us provide the Zinc Service to you. Such third parties may process and store your personal data in geographically distributed data centres.

We may also transfer your personal data outside the UK or EEA if requested as part of a foreign background check. For example if Zinc was required to obtain a criminal record check from another jurisdiction e.g. the USA.

In the case of transfers of your personal data outside of the EEA or UK where the transfers are not to countries that provide an adequate level of protection, we will put in place appropriate safeguards to cover transfers of your personal data which may include, for example, incorporating the International Data Transfer Agreement and Addendum into our data processing agreements.

Where the Zinc Service is a controller in respect of personal data, and the service includes such personal data being transferred to an Employer for that Employer to use for its own purposes, upon receiving such personal data, the Employer will be an independent data controller and such transfer constitutes a controller to controller transfer of personal data (and therefore the Employer may itself determine the means and purposes of processing such personal data). Employers who receive personal data in this manner may only process such personal data fairly and lawfully based on legitimate grounds under applicable data protection legislation.

5. Cookies

Cookies are small text files that are placed on your device by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. The table below explains the cookies we use and why.

  • Strictly necessary cookies.
    These are cookies that are required for the operation of the Zinc website. They include, for example, cookies that enable you to log into secure areas of our portal, use a shopping cart or make use of e-billing services.
  • Analytical/performance cookies.
    They allow Zinc to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way the Zinc Service works, for example, by ensuring that users are finding what they are looking for easily.
  • Functionality cookies.
    These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences.

Most web browsers allow you to specify cookie preferences via browser settings. You may need to refresh webpages for your settings to take effect.

To opt out of being tracked by Google Analytics across all websites, please visit: http://tools.google.com/dlpage/gaoptout

6. Third party services

The Zinc Service may contain links to third party websites and apps. If you follow a link to a third party website or app, please note that this Privacy Policy does not apply to that website or app. We are not responsible or liable for the privacy policies or practices of any third party websites or apps, and we suggest you read their policies before you submit any personal data to those websites.

7. Data retention

In keeping with Zinc's commitment to GDPR we store your personal data only for as long as it is necessary to provide our services to you unless we have a legal or regulatory obligation to keep your data.

Zinc collects the types of data set out in Clause 1 above. We delete most of the data we collect after 30 days but we do retain your name, email address and the results of the specific reference check(s) that we carry out on you. You may ask us to delete your personal data, or make any other request in line with Clause 8 below, and we shall ensure that your personal data is entirely removed from our system. Further, if you delete your account, we will delete the data you provide to us during the set up and operation of your account. As mentioned above, we may be required to retain certain data to comply with a legal or regulatory obligation.

Zinc does not retain your identity documentation or contact information details beyond 30 days unless you choose to reuse your right to work checks with Zinc. In this situation you will be provided with a clear option to opt out of having your data stored with Zinc.

In all other circumstances, once such data has been shared via our API, Zinc no longer retains such personal data. For all other categories of data that form the result of the specific check, such as criminal record data, employment history data, qualification data, etc., we encrypt this data and store it securely via MongoDB. As mentioned above, you can request a permanent and entire deletion of this data.

8. Accessing your personal data and your rights

As a result of us collecting and processing your personal data, you have the following legal rights:

  • to access personal data held about you;
  • to be informed about the collection of your personal data;
  • to request us to make any changes to your personal data if it is inaccurate or incomplete;
  • to request your personal data is erased where we do not have a compelling reason tocontinue to process such data in certain circumstances;
  • to receive your personal data provided to us as a data controller in a structured, commonlyused and machine-readable format where our processing of the data is carried out byautomated means, and it is based on: (i) your consent; (ii) our necessity for performance of acontract to which you are a party to; or (iii) steps taken at your request prior to entering into acontract with us;
  • to object to, or restrict, our processing of your personal data in certain circumstances;
  • if we ever use your personal data for direct marketing, you can ask us to stop and we will comply with your request;
  • if we use your personal data on the basis of having a legitimate interest (as set out in the table above), you can object to our use of it for those purposes, giving an explanation of your particular situation, and we will consider your objection;
  • to object to, and not be subject to a decision which is based solely on, automated processing (including profiling), which produces legal effects or could significantly affect you; and
  • to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

To exercise any of your rights set out above, including to withdraw your consent where we have stated we are processing your personal data based on your consent, please contact us at the address set out below.

9. Contacting us and changes to your personal data

If you have any questions, comments and requests relating to this Privacy Policy or your personal data, please contact our DPO, Hamraj Gulamali available at hamraj@zincwork.com.

Please keep us informed of any changes to your personal data at any time by updating your details in your account.

10. Changes to our privacy policy

Any changes we may make to this Privacy Policy in the future will be displayed within the Zinc Service, and, where appropriate, notified to you by email. Please check back regularly to keep informed of updates or changes to this Privacy Policy.

This Privacy Policy was last updated in May 2023.

zinc logo background check software
Support: contact@zincwork.com
Sales: hello@zincwork.com
Address: Eastcastle House, 27-28 Eastcastle Street, London, United Kingdom, W1W 8DH
©Zinc Work 2023. Zinc Work Ltd is a company registered in England and Wales no.10961635.
Product
Self Certification
Directorship
Criminal
Right to work
Identity
Education
References
Finance
Sanctions
Address
Adverse media
Credit
Integrations
Overview
Teamtailor
Greenhouse
Talenthub
Comeet
HiBob
Lever
Workable
Smartrecruiters
Resources
Blog
Events
Compare Zinc
Podcast
Background
check guide
Templates
Right to work
FAQ
ROI
Company
Why Zinc?
Candidates
Customers
Partners
Marketplace
Mission
Careers
Legal
Cookies privacy
Security
zinc iso 271001 certified
ISO 27001 Certificate number CFE/22/25209
G2 Leader Summit 2023