General
1. We will check your details against the Cifas Databases established for the purpose of allowing organisations to record and share data on their fraud cases, other unlawful or dishonest conduct, malpractice, and other seriously improper conduct ("Relevant Conduct") carried out by their Staff and potential Staff. "Staff" means an individual engaged as an employee, director, trainee, homeworker, consultant, contractor, temporary or agency worker, or self-employed individual, whether full or part time or for a fixed-term.
In certain circumstances, information we collect about you will be used by us and recorded with Cifas. This may include, for example:
Attending a disciplinary hearing
Should our investigations during these proceedings identify fraud or any other Relevant Conduct by you either when applying for or during the course of your engagement with us, we will record details of this with Cifas.
Dismissal
As a result of your actions and our investigations, and in line with previous notifications, details relating to your conduct will be recorded with Cifas.
Who We Are
The esure Group is made up of a mix of different companies. In this Privacy Notice, "esure", "we", "us" or "our" refers to the esure Group company you have a relationship with, and who processes your personal information as a result. For a full list of the relevant esure Group companies, please see the esure Group companies section here.
New Information Becomes Available After Employment or Contract Has Ended
If, following the termination of your engagement with us, we become aware of actions that suggest fraud or any other Relevant Conduct during the period of your engagement, we will give you the opportunity to respond to the allegations. If we do not hear from you within the timescales set out in our communication to you, we will assume that you do not wish to respond to the allegations. Unless you can satisfy us that the conclusions we have reached in our investigations are incorrect, we will record the details relating to your conduct with Cifas.
2. The personal data you have provided, we have collected from you, or have received from third parties will be used to prevent fraud and other relevant conduct and to verify your identity.
3. Details of the personal information that will be processed include name, address, date of birth, any maiden or previous name, contact details, document references, National Insurance number and nationality. Where relevant, other data including employment details will also be processed.
4. We and Cifas may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.
5. We process your personal data on the basis that we have a legitimate interest in preventing fraud and other Relevant Conduct, and to verify identity in order to protect our business and customers and to comply with laws that apply to us. This processing of your personal data is also a requirement of your engagement with us. Cifas has published its assessment of the legitimate interests in relation to the Internal Fraud Database.
6. Cifas will hold your personal data for up to 6 years if you are considered to pose a fraud or Relevant Conduct risk.
Consequences of Processing
7. Should our investigations identify fraud or any other Relevant Conduct when you apply for, or during the course of, your engagement with us, your engagement may be refused or existing engagement terminated or other disciplinary action taken (subject to your rights under your existing contract and under employment law generally).
8. A record of any fraudulent or other Relevant Conduct by you will be retained by Cifas and may result in others refusing to employ you. If you have any questions about this, please contact us using the details provided here.
Attending a Disciplinary Hearing and/or Dismissal
It is our intention to record with Cifas relevant details regarding fraud other unlawful or dishonest conduct, malpractice and other seriously improper conduct carried out by our staff. Should a disciplinary hearing and/or dismissal investigation identify any of these by you when applying for a role with us or during the course of your engagement with us, we will record this with Cifas. The records containing your information will be retained by Cifas and may result in others refusing to employ you. If you have any questions about this, please contact us on the details provided here.
New information becomes available after employment or contract has ended
It is our intention to record with Cifas relevant details relating to your conduct in respect of the following allegations of fraud/other relevant conduct, including those coming to our attention after your employment or contract has ended. Where this is the case, you can respond to the allegations made within the period of time set out in our communication to you. If you do not contact us by this date, we will assume that you do not wish to respond to the allegations. This record will be retained by Cifas and may result in others refusing to employ you. If you have any questions about this, please contact us on the details provided here.
Data Transfer
9. Cifas may allow the transfer of your personal data outside of the UK. This may be to a country where the UK Government has decided that your data will be protected to UK standards, but if the transfer is to another type of country, then Cifas will ensure your data continues to be protected by ensuring appropriate safeguards are in place. Cifas has published more information about data transfers.
Your rights
10. Your personal data is protected by legal rights, which include your rights to object to our processing of your personal data, request that your personal data is erased or corrected and request access to your personal data.
11. For more information or to exercise your data protection rights, please contact us using the contact details provided in the privacy notice.
12. You also have a right to complain to the Information Commissioner's Office which regulates the processing of personal data.
Version
This Privacy Notice was last updated on 28/02/2022. Previous versions of the policy can be obtained by contacting our Data Protection Officer.