Privacy, ethics and compliance

The General Data Protection Regulation (GDPR) 2018 regulates the collection, use, disclosure and processing of personal information of individuals in the EU. It replaces existing European legislation, such as Data Protection Directive (officially Directive 95/46/EC), and introduces new requirements, it alters existing concepts, which means that businesses will need to review their existing processes to make sure they are compliant.

Private investigative businesses and services they provide (be that plain investigations, background checks, due diligence, insurance claims, etc) can involve significant personal data processing.

It is important for businesses to raise awareness of the changes, review current privacy notices, background screening policies and in general, their approach to this new age of data protection.


Introduction to regulation frame

We fully understood and complied with the regulation frame of the 2018's General Data Protection Regulation. All our professional dealings and processes are calibrated to follow strictly this general frame and we periodically review the requirements and our meeting these.

CIDP “Tanase V. Iulian” (also trading as Background Check Romania) needs to gather and use certain information about individuals and / or businesses. These can include customers, suppliers, business contacts, employees and other people the organisation has a relationship with or may need to contact. This policy describes how this personal data must be collected, handled and stored to meet the company’s data protection standards — and to comply with the law.


.

Data Protection General Policy

We, at Background Check Romania, take extremely serious protection of any data we come in touch with. As such, we devised a solid privacy and compliance policy, which governs our business and relation with our clients since 1991, the year of our incorporation. For a full understanding on how we base our business and ethics on these policies, please check out our Data Protection Policy.

Consent - Seen as mandatory, we obtain a consent before acquiring, holding or using personal data. Our forms, whether paper or web-based, which are designed to gather personal data do contain a statement explaining what the information is to be used for and who it may be disclosed to. We do not engage in "blind research" and only process data expressly for the purpose mentioned in the accord.

Sensitive data - We are particularly careful when dealing with any sensitive personal data (i.e. information relating to race, political opinion, physical or mental health, religious belief, trade union membership, sexuality, etc). We do not engage in acquiring such data, and we do not process or otherwise handle, obtain or store such information.

Review files - We only create and retain personal data where absolutely necessary. Securely disposal of or deletion of any personal data which is out of date, irrelevant or no longer required is mandatory. We run regular reviews of old files and discard unnecessary or obsolete data systematically. Disposal of records - When discarding paper records that contain personal data we treat them confidentially (i.e. shred such files rather than disposing of them as waste paper). Similarly any unnecessary or out-of-date electronic records are deleted. We do not give away or sell our computers unless Information Services have ensured that all information stored on it has been removed or deleted. Accuracy - We keep all personal data up to date and accurate, noting any changes of data and other amendments. If there is any doubt about the accuracy of personal data then we do not use it.

Security - We keep all personal data as securely as possible (e.g. in lockable filing cabinets or in rooms that can be locked when unoccupied). We do not leave records containing personal data unattended in offices or areas accessible. We also keep in mind that e-mail is not necessarily confidential or secure so should be secured and/or encrypted to the best of our abilities.

Disclosing data - We never reveal personal data to third parties without the consent of the individual concerned, of the client, or other reasonable justification. We endeavor to co-operate with National Courts or the National Police, but steps are first taken to ensure that such requests are legitimated.

Our Service Agreement is bereft of any unnecessary data, which may negatively impact on Data Protection regulations or the views of the 2018's GDPR. If you require a sample of our SA, please let us know and we will send you a sample copy for your perusal.

Ethics - We always conduct our own services honestly and honourably, and expect our clients and suppliers to do the same. Our advice, strategic assistance and the methods imparted through our training, take proper account of ethical considerations, together with the protection and enhancement of the moral position of our clients and suppliers. If there appears to be a conflict between our Code of Conduct and the law, we always obey the law. But, if our COC sets a higher standard than the law requires, we understand that it must be the standard for behaviour.

Confidentiality - We are committed to maintaining the highest degree of integrity in all our dealings with potential, current and past clients, both in terms of normal commercial confidentiality, and the protection of all personal information received in the course of providing the business services concerned. We extend the same standards to all our customers, suppliers and associates.

Duty of care - Our actions and advice will always conform to relevant law, and we believe that all businesses and organizations, including this consultancy, should avoid causing any adverse effect on the human rights of people in the organizations we deal with, the local and wider environments, and the well-being of society at large.

Conflict of interest - Due to the sensitive nature of our particular consultancy services, we will not provide a service to a direct competitor of a client, and we generally try to avoid any dealings with competitor companies even after the cessation of services to a client. Started in 1991, we do maintain and keep a detailed database which enables us to identify any such possible conflicts of interest.

Quality assurance - We maintain the quality of what we do through constant ongoing review with our clients, of all aims, activities, outcomes and the cost-effectiveness of every activity. We encourage regular review meetings and provide regular progress reports.


.

Means of inquiry

If you have any questions or uncertainties regarding our privacy and compliance policy, or any queries at all regarding our general policies, we are here to help you better understand them. The same is valid if you need to better understand our data collection policy or professional approach to a background verification. Therefore, do not hesitate to contact us at your earlier convenience.