Connect Intelligent Technologies Ltd (trading as 'HirePass', 'we', 'us', or 'our') is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Notice explains how we collect, use, disclose, and safeguard your personal information in connection with our employment screening and background verification services.

We are registered with the Information Commissioner's Office (ICO) under registration reference ZB927026.

HirePass provides employment screening and background verification services to organisations ('Clients'). Through our platform, Clients can request pre-employment screening checks for prospective employees, contractors, and candidates.

For the purposes of data protection legislation, the Client (your prospective or current employer) is the 'Data Controller' and HirePass acts as a 'Data Processor'. This means that the Client determines the purposes and means of processing your personal data, and we process it on their behalf in accordance with their instructions.

We collect personal data from the following sources:

• Directly from you: When you complete our screening forms, upload documents, or communicate with us through our platform.

• From our Client: Your prospective or current employer provides us with your basic details to initiate the screening process.

• From third-party sources: Including educational institutions, previous employers, government databases, credit reference agencies, court records, and other official sources relevant to the checks being conducted.

• From referees: Individuals you have nominated to provide references about your employment or character.

We may share your personal data with the following categories of recipients:

• Our Client: Your prospective or current employer who requested the checks. We provide screening results and reports to the Client.

• Verification sources: Educational institutions, previous employers, and referees to verify the information you have provided.

• Government agencies and official bodies: Such as the Disclosure and Barring Service (DBS), HMRC, and the Home Office for relevant checks.

• Credit reference agencies: For financial background checks.

• Our sub-processors: Third-party service providers who assist us in delivering our services. A current list of our sub-processors is available at our Trust Center: https://security.hirepass.com

• Legal and regulatory authorities: Where required by law or to protect our legal rights.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes.

Your personal data may be transferred outside the United Kingdom in the following circumstances:

• Where you have previously resided or worked outside the UK and screening checks are required in that jurisdiction.

• Where we use specialist international service providers to conduct certain checks.

• Where our sub-processors are based outside the UK (details available at our Trust Center).

Where we transfer your data internationally, we ensure appropriate safeguards are in place, including:

• Transfers to countries deemed adequate by the UK Secretary of State

• UK International Data Transfer Agreement or UK Addendum to EU Standard Contractual Clauses

• Other approved transfer mechanisms under UK data protection law

Details of international transfers and the safeguards in place are available at our Trust Center: https://security.hirepass.com

We retain your personal data for two (2) years after completion of the screening checks, unless our Client instructs us otherwise in accordance with their own retention policy.

We may retain your data for longer where:

• We are required by law to retain it for longer

• Retention is necessary for the establishment, exercise, or defence of legal claims

Under UK data protection law, you have the following rights:

• Right of access: Request a copy of personal data we hold about you.

• Right to rectification: Request correction of inaccurate or incomplete data.

• Right to erasure: Request deletion of your data in certain circumstances.

• Right to restrict processing: Request limitation on how we use your data.

• Right to data portability: Request transfer of your data in a machine-readable format.

• Right to object: Object to processing based on legitimate interests.

• Rights related to automated decision-making: Rights regarding decisions made solely by automated means.

As HirePass acts as a Data Processor, we will typically refer your request to our Client (your employer or prospective employer) who is the Data Controller. However, we will assist in responding to your request as required by law.

To exercise any of these rights, please contact us at dpo@hirepass.com or write to us at the address provided above.

We have implemented appropriate technical and organisational measures to protect your personal data, including:

• AES-256 encryption for data at rest

• TLS 1.2 or higher for data in transit

• Multi-factor authentication for system access

• Role-based access controls with principle of least privilege

• Regular security assessments and penetration testing

• ISO 27001 certification

• CREST certified annual cyber security assessments

Full details of our security measures are available at our Trust Center: https://security.hirepass.com

If you have any concerns about how we have handled your personal data, please contact our Data Protection Officer at dpo@hirepass.com in the first instance.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):

We may update this Privacy Notice from time to time. The latest version will always be available on our website and at our Trust Center. We encourage you to review this notice periodically.