Zinc Privacy Policy

Zinc Work Limited (“Zinc”, “we”, “us”, “our”) provides the Zinc Service. You should refer to Zinc Platform Terms & Conditions for further information on Zinc and how the Zinc Service works.

We take your privacy seriously and are committed to protecting and respecting your personal data. This privacy policy (“Privacy Policy”) sets out the basis on which the personal data collected from you, or that you provide to us, will be processed by us. Please read the following carefully to understand how we will use your personal data.

For the purpose of data protection legislation in the UK, we are generally the controller of the personal data collected through your use of the Zinc Service and the terms of this privacy policy apply, in addition to any contractual terms in place between an Employer and us. However, there are circumstances when we are a processor of the personal data, meaning that we only process it on behalf of an Employer. In such circumstances, only the contractual terms in place between the Employer and us apply, and you should contact the Employer if you have any questions. If there is any conflict between this Privacy Policy and any contractual terms in place between us and an Employer, the contractual terms will take precedence.

1. What personal data do we collect and process, and how do we use it?

When you use the Zinc Service, you may provide us with the following personal data, and we may collect and process such personal data in accordance with this Privacy Policy and for the following purposes:

What personal data do we process?
Why do we process this personal data?
What is our lawful basis for processing?
Identity data.
This includes your full name, date of birth, identity documentation, nationality, country of residence, dates of birth.
To set up your account and enable you to use the Zinc Service. To maintain comprehensive and accurate records.
To fulfil our contractual obligations (including as a processor where the Employer is the controller). To satisfy our legitimate interests.T o comply with a legal obligation.
Contact data.
This includes your address, phone number, email address and any other contact details you may provide.
To set up your account and enable you to use the Zinc Service.

To contact you if you have any problems or queries.

To inform you of any changes we make to the Zinc Service, applicable legal terms or this Privacy Policy.

To maintain comprehensive and accurate records.

To inform you of any new features or products, or updates to the Zinc Service, we may make available from time to time.
To fulfil our contractual obligations (including as a processor where the Employer is the controller).

To comply with a legal obligation.

Zinc will only process your contact data for marketing purposes if you have provided your express consent for us to do so.
Background check status data.
This incudes data regarding the status of any background checks which an employer has requested.
If an employer or ATS provider requires background checks to be completed, Zinc or our outsourced providers will conduct the background checks and Zinc will share the status (e.g. complete) and a link to a report on with the employer and/or ATS provider.
To fulfil our contractual obligations (including as a processor where the Employer is the controller).

To satisfy our legitimate interests.
Qualification data.
This includes details of qualifications which you hold, e.g. degrees and diplomas and other exam results which you provide.
This information is collected if an employer requests details of your qualifications as part of a background check.
To fulfil our contractual obligations (including as a processor where the Employer is the controller).

To satisfy our legitimate interests.
Employment history data.
This includes organisations and/or businesses you have worked for, job titles you have held and references provided by referees.
Accessing details of your employment history is fundamental to the nature of the Zinc Service – i.e. to assist employers in the verification of your employment history.
To fulfil our contractual obligations (including as a processor where the Employer is the controller).

To satisfy our legitimate interests.
Criminal record data.
This includes details of any past criminal convictions.
If you apply for certain jobs, employers may require you to have passed a criminal background check. Zinc outsources these types of checks to specialist agencies.
To fulfil our contractual obligations (including as a processor where the Employer is the controller).

To satisfy our legitimate interests.
Sanctions data.
This includes details of any sanctions you may be subject to.
If you apply for certain jobs, employers may require verification that you are not subject to any sanctions. Zinc outsources these types of checks to specialist agencies.
To fulfil our contractual obligations (including as a processor where the Employer is the controller).

To satisfy our legitimate interests.
Financial data.
This includes details you provide when making payments to Zinc for the Zinc Service, e.g. payment card details and invoicing details.
To process your payments relating to the Zinc Service.
To fulfil our contractual obligations (including as a processor where the Employer is the controller).

To satisfy our legitimate interests.
Usage data.
We may process data regarding your use of the Zinc Service, including which features you are using and how you are interacting with the Zinc Service. This may also include technical details such as your IP address, and details of your device (e.g. operating system).
To identify any problems, defects or issues with the Zinc Service.

To optimise the performance of the Zinc Service to ensure you have the best user experience.

To provide and improve the Zinc Service.
To fulfil our contractual obligations (including as a processor where the Employer is the controller).

To satisfy our legitimate interests.
  1. How do we protect your personal data?

We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorised access, alteration, disclosure or destruction of any personal data we collect or you provide.

We store your personal data securely on our computers in the UK and elsewhere in the world where our service providers are located (for more information on data transfers see section 4 below).

Additionally, we pseudonymise certain personal data from reports generated via the Zinc Service (e.g.email addresses).

3. Who do we share your personal data with?

When you use the Zinc Service, we may need to disclose your personal data to the following categories of third parties:

  • employers who have requested background checks on candidates (“Employers”);
  • referees who have been asked to provide references;
  • candidates who are responding to background check requests;
  • providers of third party applicant tracking systems;
  • payment processing service providers;
  • specialist outsourced background checking providers and agencies;
  • our other service providers which we use from time to time including technology providers; and
  • other third parties with your express consent or instruction to do so.

We may also need to disclose your personal data in the following limited circumstances:

  • to comply with a legal requirement, such as a law, regulation, subpoena, warrant, court order, legal proceedings or in response to a law enforcement agency or regulatory request;
  • if the disclosure of your personal data is or may be necessary to prevent physical harm or financial loss, to report suspected illegal activity or to enforce the terms of any agreement we may have with you; and
  • other third parties with your consent or direction to do so.

The personal data we share with these third parties and in these circumstances will in each case be limited to that strictly necessary to satisfy the reasons set out in the table above.

4. Transfers of your personal data

We will not transfer your personal data outside of the EU (or the UK to the extent the UK is no longer part of the EU) except to selected third parties that we have instructed to help us provide the Zinc Service to you. Such third parties may process and store your personal data in geographically distributed data centres.

We may also transfer your personal data outside the UK or EU if requested as part of a foreign background check. For example if Zinc was required to obtain a criminal record check from another jurisdiction e.g. the USA.

In the case of transfers of your personal data outside of the EU (or the UK to the extent the UK is no longer part of the EU), where the transfers are not to countries that provide an adequate level of protection, we will put in place appropriate safeguards to cover transfers of your personal data which may include, for example, signing standard contractual clauses/data protection clauses adopted by theEuropean Commission. Please click here for a link to the standard contractual/data protection clauses.

Where the Zinc Service is a controller in respect of personal data, and the service includes such personal data being transferred to an Employer for that Employer to use for its own purposes, upon receiving such personal data, the Employer will be an independent data controller and such transfer constitutes a controller to controller transfer of personal data (and therefore the Employer may itself determine the means and purposes of processing such personal data). Employers who receive personal data in this manner may only process such personal data fairly and lawfully based on legitimate grounds under applicable data protection legislation.

5. Cookies

Cookies are small text files that are placed on your device by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. The table below explains the cookies we use and why.

  • Strictly necessary cookies.
    These are cookies that are required for the operation of the Zinc website. They include, for example, cookies that enable you to log into secure areas of our portal, use a shopping cart or make use of e-billing services.
  • Analytical/performance cookies.
    They allow Zinc to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way the Zinc Service works, for example, by ensuring that users are finding what they are looking for easily.
  • Functionality cookies.
    These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences.

Most web browsers allow you to specify cookie preferences via browser settings. You may need to refresh webpages for your settings to take effect.

To opt out of being tracked by Google Analytics across all websites, please visit: http://tools.google.com/dlpage/gaoptout

6. Third party services

The Zinc Service may contain links to third party websites and apps. If you follow a link to a third party website or app, please note that this Privacy Policy does not apply to that website or app. We are not responsible or liable for the privacy policies or practices of any third party websites or apps, so check their policies before you submit any personal data to those websites.

7. Data retention

We store your personal data in line with legal, regulatory, financial and good-practice requirements, and unless we have a legal or regulatory obligation to keep that data, until it is no longer necessary to provide our services or until you ask us to delete your personal data. If you delete your account, we will delete the data you provided to us during the set up and operation of your account. We may be required to retain certain information in order to comply with local laws.

Zinc does not retain certain categories of personal data that you provide to us (e.g. your identity documentation). Once such data has been shared via our API, Zinc no longer retains such personal data. Additionally, Zinc deletes certain personal data after 30 days (this includes certain contact details for candidates and referees). We do retain your name, email address and the status of specific reference checks in accordance with the paragraph above.

For further details regarding how long we keep each specific category of personal data, please contact us in relation to our data retention policies.

8. Accessing your personal data and your rights

As a result of us collecting and processing your personal data, you have the following legal rights:

  • to access personal data held about you;
  • to request us to make any changes to your personal data if it is inaccurate or incomplete;
  • to request your personal data is erased where we do not have a compelling reason tocontinue to process such data in certain circumstances;
  • to receive your personal data provided to us as a data controller in a structured, commonlyused and machine-readable format where our processing of the data is carried out byautomated means, and it is based on: (i) your consent; (ii) our necessity for performance of acontract to which you are a party to; or (iii) steps taken at your request prior to entering into acontract with us;
  • to object to, or restrict, our processing of your personal data in certain circumstances;
  • if we ever use your personal data for direct marketing, you can ask us to stop and we will comply with your request;
  • if we use your personal data on the basis of having a legitimate interest (as set out in the table above), you can object to our use of it for those purposes, giving an explanation of your particular situation, and we will consider your objection;
  • to object to, and not be subject to a decision which is based solely on, automated processing (including profiling), which produces legal effects or could significantly affect you; and
  • to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

To exercise any of your rights set out above, including to withdraw your consent where we have stated we are processing your personal data based on your consent, please contact us at the address set out below.

9. Contacting us and changes to your personal data

If you have any questions, comments and requests relating to this Privacy Policy or your personal data, please contact us at contact@zincwork.com

Please keep us informed of any changes to your personal data at any time by updating your details in your account.

10. Changes to our privacy policy

Any changes we may make to this Privacy Policy in the future will be displayed within the Zinc Service, and, where appropriate, notified to you by email. Please check back regularly to keep informed of updates or changes to this Privacy Policy.

This Privacy Policy was last updated in March 2022.