Zinc Work Limited (“Zinc”, “we”, “us”, “our”) provides the Zinc Service, for further information on the Zinc Service and how it works, you should refer to Zinc Platform Terms & Conditions (Committed and PAYG).
We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorised access, alteration, disclosure or destruction of any personal data we collect or you provide.
We store your personal data securely on our computers in the UK and elsewhere in the world where our service providers are located (for more information on data transfers see section 4 below).
Additionally, we pseudonymise certain personal data from reports generated via the Zinc Service (e.g.email addresses).
3. Who do we share your personal data with?
When you use the Zinc Service, we may need to disclose your personal data to the following categories of third parties:
We may also need to disclose your personal data in the following limited circumstances:
The personal data we share with these third parties and in these circumstances will in each case be limited to what is strictly necessary to satisfy the reasons set out in the table above.
4. Transfers of your personal data
We will not transfer your personal data outside of the UK or EEA except to selected third parties that we have instructed to help us provide the Zinc Service to you. Such third parties may process and store your personal data in geographically distributed data centres.
We may also transfer your personal data outside the UK or EEA if requested as part of a foreign background check. For example if Zinc was required to obtain a criminal record check from another jurisdiction e.g. the USA.
In the case of transfers of your personal data outside of the EEA or UK where the transfers are not to countries that provide an adequate level of protection, we will put in place appropriate safeguards to cover transfers of your personal data which may include, for example, incorporating the International Data Transfer Agreement and Addendum into our data processing agreements.
Where the Zinc Service is a controller in respect of personal data, and the service includes such personal data being transferred to an Employer for that Employer to use for its own purposes, upon receiving such personal data, the Employer will be an independent data controller and such transfer constitutes a controller to controller transfer of personal data (and therefore the Employer may itself determine the means and purposes of processing such personal data). Employers who receive personal data in this manner may only process such personal data fairly and lawfully based on legitimate grounds under applicable data protection legislation.
Cookies are small text files that are placed on your device by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. The table below explains the cookies we use and why.
Most web browsers allow you to specify cookie preferences via browser settings. You may need to refresh webpages for your settings to take effect.
To opt out of being tracked by Google Analytics across all websites, please visit: http://tools.google.com/dlpage/gaoptout
6. Third party services
7. Data retention
In keeping with Zinc's commitment to GDPR we store your personal data only for as long as it is necessary to provide our services to you unless we have a legal or regulatory obligation to keep your data.
Zinc collects the types of data set out in Clause 1 above. We delete most of the data we collect after 30 days but we do retain your name, email address and the results of the specific reference check(s) that we carry out on you. You may ask us to delete your personal data, or make any other request in line with Clause 8 below, and we shall ensure that your personal data is entirely removed from our system. Further, if you delete your account, we will delete the data you provide to us during the set up and operation of your account. As mentioned above, we may be required to retain certain data to comply with a legal or regulatory obligation.
Zinc does not retain your identity documentation or contact information details beyond 30 days unless you choose to reuse your right to work checks with Zinc. In this situation you will be provided with a clear option to opt out of having your data stored with Zinc.
In all other circumstances, once such data has been shared via our API, Zinc no longer retains such personal data. For all other categories of data that form the result of the specific check, such as criminal record data, employment history data, qualification data, etc., we encrypt this data and store it securely via MongoDB. As mentioned above, you can request a permanent and entire deletion of this data.
8. Accessing your personal data and your rights
As a result of us collecting and processing your personal data, you have the following legal rights:
To exercise any of your rights set out above, including to withdraw your consent where we have stated we are processing your personal data based on your consent, please contact us at the address set out below.
9. Contacting us and changes to your personal data
Please keep us informed of any changes to your personal data at any time by updating your details in your account.