Privacy Notice
This privacy notice explains how we, CDD Services Ltd, Spotlite Business Services Ltd, and SafeGuarden Ltd, use personal data.
The contact details for us, and our DPO, are:
Heron House,
DiSH Manchester,
47 Lloyd Street,
Manchester,
M2 5LE
+44 (0) 161 511 5399
[email protected]
Our services, systems and systems must not be used for fraudulent, illegal, criminal, unauthorised or inappropriate purposes.
Contents
How Do We Process Data?
If you visit our website:
If you need a check for regulatory purposes:
If you engage us on behalf of your business:
Processing Data
Your Personal Data Rights
What Else?
How Do We Process Data?
If you visit our website:
We process data about your electronic device, pages visited and time stamps to monitor website performance and to prevent and detect cybercrime as a legitimate business interest.
If you contact us via the website, we will process any data you provide to help us respond as a legitimate business interest.
If you need a check for regulatory purposes:
If you have applied to one of our clients (a Reliant Party) for a service, and that client needs a digital check to comply with their legal obligations, we provide technologies to help perform that digital check.
These digital checks are provided in accordance with the UK Digital Identity and Attributes Trust Framework (UKDIAFT) rules, as set out by the UK Government’s Department for Culture, Media and Sports (DCMS). These rules cover digital DBS, Right to Work and Right to Rent checks.
Our digital check provides a single use verification, so we do not create an account for you.
Our client will pay us for this digital check, so that you don’t have to.
We will share the data you provide to us, and associated information about your identity that we obtain, with the client who requested the check.
If you do not agree to our checks or do not agree to provide the required information, we will notify our client who will seek other ways to perform the necessary checks, which may include face to face meetings with you and additional document checks.
This service must not be used by anyone below 16 years of age.
With your agreement, our client will send you an invite to download the Spotlite identity check app, via SMS from 07480 569386 or by email from [email protected].
It is very important that you only download Spotlite from the official Google Play Store or Apple App Store.
When you download Spotlite and agree to our Terms of Use, you will enter an agreement with us, to perform the check that has been requested by our client.
We will only process personal data that is necessary for our agreement with you, such as your phone number, email address, selected identity documents, nationality, age, address, a live photo of your face, and details about the device you are using. When you provide these details, it is very important that you ensure they are correct.
If we need to process biometric data for the check, such as digital facial recognition templates or age estimates, we will require your explicit consent. If you do not want to consent, and it is entirely your choice, we can continue with other checks under the agreement with you, but our client may require you to complete additional verifications to meet their legal obligations.
As part of our checks, we engage specialist third-party organisations, to help prevent fraud and money-laundering, and to help verify your identity. We will share the data you provide with those organisations, which include credit bureaus and fraud prevention agencies. If any party determines that you pose a fraud, money laundering or legal risk, they may refuse to provide the services you have requested, or they may stop providing existing services to you. We are part of a network who are working for a safer community, so a record of any fraud or money laundering alerts will be retained by the fraud prevention agencies, as independent data controllers, and may subsequently result in others refusing to provide services, financing or employment to you. We will appear in their systems as Spotlite Business Services. For further information please visit those organisations’ privacy notices at:
Equifax: https://www.equifax.co.uk/About-us/Privacy_policy.html
Experian: https://www.experian.co.uk/privacy/privacy-and-your-data
GB Group (GBG): https://www.gbgplc.com/en/legal-and-regulatory/privacy-policy/
DBS Privacy Policies: DBS Privacy Policies – GOV.UK (www.gov.uk)
If the processing triggers any alerts for further investigation, we will process them under the UK Data Protection Act’s exemption for crime and taxation.
Once the identity checks are complete, we will share all the information you have provided to us, and our findings, with our client who you originally applied to. Our client is required to manually review the information before making any decisions that may deny you access to a service.
As part of our service, we also anonymise your data and aggregate use of our services, which is essential to check that our systems are working correctly and improve our services. We do not use any personally identifiable information in our analytics.
If you engage us on behalf of your business:
This includes clients, agents, reliant parties, vendors, processors, fraud prevention services, etc.
We process your contact details and relevant details in relation to your company and role, in order to provide our services to your business as a legitimate business interest.
Processing Data
We only retain data for as long as is needed, for the purposes as defined above and associated legal, regulatory or crime prevention purposes.
We only process personal data in countries that are deemed to have adequate data safeguarding under GDPR, or where an EU Standard Contractual Clause for International Transfers has been agreed.
We do not sell personal data to third parties.
We operate a wide range of security controls to help protect your data and we are certified under the ISO 27001 Information Security Management System.
We only share data with our third-party processors under written agreement for our own purposes, or with other data controllers if needed for safeguarding, legal, regulatory, law enforcement or crime prevention purposes.
Your Personal Data Rights
We fully respect your rights to request that we:
- Allow you to opt-out of any process that you previously consented to, at any time
- Provide a copy of data we hold relating to you, or pass it to a third party on your behalf
- Amend, delete or restrict processing of your data
- Explain and review any automated decision making or profiling
- Provide further information about our processing activities
If you wish to raise a Data Subject Request or contact us about any another matter, please send us a request using the details provided at the top of this page.
When we receive a request, we will take steps to verify your identity and will normally complete the request within one month after that is complete.
Please let us know if you are not happy with how we are handling your data. We will do our best to resolve the matter, but if you have further concern, it is your right to ask us to escalate the matter to our Data Protection Officer (DPO), to make a complaint to the UK Information Commissioner’s Office at https://ico.org.uk/global/contact-us/ or to take independent legal action. However, we will aim to help you directly if you ask.
What Else?
This privacy notice was drafted with brevity and clarity in mind, so that it is easier to read.
If you would like more details, please let us know, using the contact details provided above.
We keep our privacy notice under regular review and reserve the right to update our privacy notice at any time.
