Zinc candidate privacy notice

This Privacy Notice includes information about your personal data and we encourage you to read it carefully.

‍

Zinc Work Limited (“Zinc”, “we”, “us”, “our”) is a company registered and incorporated in England and Wales (company number is 10961635) with registered address at Eastcastle House, 27-28 Eastcastle Street, England, United Kingdom, W1W 8DH.

We take your privacy seriously and are committed to protecting and respecting your personal data and this privacy policy details how Zinc shall process your personal data.

For the purpose of data protection legislation in the UK, we are generally the data processor acting on behalf of your employer who is the data controller. However, if you choose to reuse your checks through Zinc then we become the data controller. This happens because Zinc duplicates your data and uses the duplicate copy, in line with your right to data portability, to offer you the chance to reuse your background checks when you move to your next job.

When you use the Zinc Service, you may provide us with the following personal data, and we may collect and process such personal data in accordance with this Privacy Policy and for the following purposes:

We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorised access, alteration, disclosure or destruction of any personal data we collect or you provide.

We store your personal data securely via Amazon Web Services having chosen data centres in the United Kingdom.

When you use the Zinc Service, we may need to disclose your personal data to the following categories of third parties:

• employers who have requested background checks on candidates (“Employers”);

• referees who have been asked to provide references;

We may also need to disclose your personal data in the following limited circumstances:

• to comply with a legal requirement, such as a law, regulation, subpoena, warrant, court order, legal proceedings or in response to a law enforcement agency or regulatory request;

• if the disclosure of your personal data is or may be necessary to prevent physical harm or financial loss, to report suspected illegal activity or to enforce the terms of any agreement we may have with you; and

• other third parties with your consent or direction to do so.

The personal data we share with these third parties and in these circumstances will in each case be limited to what is strictly necessary to satisfy the reasons set out in the table above. 

We will not transfer your personal data outside of the UK or EEA unless explicitly requested by you.

The primary circumstance in which this may arise is if you want to conduct a foreign background check, for example, if you wanted to obtain a criminal record certificate from a period in your life when you lived abroad, or if you wanted to verify your attendance at a university outside of the UK or EEA.

In the case of transfers of your personal data outside of the EEA or UK where the transfers are not to countries that provide an adequate level of protection, we will put in place appropriate safeguards to cover transfers of your personal data which may include, for example, incorporating the International Data Transfer Agreement and Addendum into our data processing agreements.

Where Zinc is a data controller in respect of personal data, and the service includes such personal data being transferred to an Employer for that Employer to use for its own purposes, upon receiving such personal data, the Employer will be an independent data controller and such transfer constitutes a controller to controller transfer of personal data (and therefore the Employer may itself determine the means and purposes of processing such personal data). Employers who receive personal data in this manner may only process such personal data fairly and lawfully based on legitimate grounds under applicable data protection legislation.

Cookies are small text files that are placed on your device by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. The table below explains the cookies we use and why.

• Strictly necessary cookies.
  These are cookies that are required for the operation of the Zinc website. They include, for example, cookies that enable you to log into secure areas of our portal, use a shopping cart or make use of e-billing services.

• Analytical/performance cookies.
  They allow Zinc to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way the Zinc Service works, for example, by ensuring that users are finding what they are looking for easily.

• Functionality cookies.
  These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences.

Most web browsers allow you to specify cookie preferences via browser settings. You may need to refresh webpages for your settings to take effect.

To opt out of being tracked by Google Analytics across all websites, please visit: http://tools.google.com/dlpage/gaoptout

The Zinc Service may contain links to third party websites and apps. If you follow a link to a third party website or app, please note that this Privacy Policy does not apply to that website or app. We are not responsible or liable for the privacy policies or practices of any third party websites or apps, and we suggest you read their policies before you submit any personal data to those websites.

In keeping with Zinc's commitment to GDPR we store your personal data only for as long as it is necessary to provide our services to you unless we have a legal or regulatory obligation to keep your data.

Zinc collects the types of data set out in Clause 1 above. We delete most of the data we collect after 60 days but we do retain your name, email address and the results of the specific reference check(s) that we carry out on you. You may ask us to delete your personal data, or make any other request in line with Clause 8 below, and we shall ensure that your personal data is entirely removed from our system. Further, if you delete your account, we will delete the data you provide to us during the set up and operation of your account. As mentioned above, we may be required to retain certain data to comply with a legal or regulatory obligation.

Zinc does not retain your identity documentation or contact information details beyond 60 days unless you choose to reuse your right to work checks with Zinc. In this situation you will be provided with a clear option to opt out of having your data stored with Zinc.

In all other circumstances, once such data has been shared via our API, Zinc no longer retains such personal data. For all other categories of data that form the result of the specific check, such as criminal record data, employment history data, qualification data, etc., we encrypt this data and store it securely via MongoDB. As mentioned above, you can request a permanent and entire deletion of this data.

‍

As a result of us collecting and processing your personal data, you have the following legal rights:

• to access personal data held about you;

• to be informed about the collection of your personal data;

• to request us to make any changes to your personal data if it is inaccurate or incomplete;

• to request your personal data is erased where we do not have a compelling reason to continue to process such data in certain circumstances;

• to receive your personal data provided to us as a data controller in a structured, commonly used and machine-readable format where our processing of the data is carried out by automated means, and it is based on: (i) your consent; (ii) our necessity for performance of a contract to which you are a party to; or (iii) steps taken at your request prior to entering into a contract with us;

• to object to, or restrict, our processing of your personal data in certain circumstances;

• if we ever use your personal data for direct marketing, you can ask us to stop and we will comply with your request;

• if we use your personal data on the basis of having a legitimate interest (as set out in the table above), you can object to our use of it for those purposes, giving an explanation of your particular situation, and we will consider your objection;

• to object to, and not be subject to a decision which is based solely on, automated processing (including profiling), which produces legal effects or could significantly affect you; and

• to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

To exercise any of your rights set out above, including to withdraw your consent where we have stated we are processing your personal data based on your consent, please contact us at the address set out below.

Zinc uses the following sub-processors when conducting background checks:

If you have any questions, comments and requests relating to this Privacy Policy or your personal data, please contact our DPO, Hamraj Gulamali available at hamraj@zincwork.com.

Please keep us informed of any changes to your personal data at any time by updating your details in your account.

Any changes we may make to this Privacy Policy in the future will be displayed within the Zinc Service, and, where appropriate, notified to you by email. Please check back regularly to keep informed of updates or changes to this Privacy Policy.

This Privacy Policy was last updated in January 2024.