✔ Check criminal records   ✔ Fast verifications   ✔ Safe and secure (ISO)

EN / SE

Privacy Statement – version 2025.1

1.    Introduction

This notice regarding the processing of personal data contains information for you, as a registered person, about the reasons why and the manner in which Validata Group BV and Validata Group Sweden AB, trading as: DISA Global Solutions (hereinafter: ‘DISA’)process your personal data when screening candidates.

This notice applies to all processing of personal data in connection with the checks carried out by Validata. This notice does not cover data processed via the website www.disa.com/se/en. For more information on this subject, please click on this link.
 

employee working on laptop

2. Legal framework

As an organisation based in the Netherlands, DISA's processing of personal data is subject to the General Data Protection Regulation (“GDPR”). DISA only processes personal data in connection with a check carried out by the office located in the Netherlands. This means that the Dutch implementing legislation for the GDPR must be taken into account. With regard to verification services relating to Member States other than the Netherlands, such as Sweden, DISA also takes into account the laws applicable in those Member States, such as the Swedish Act (2018:218) containing supplementary provisions to the EU Data Protection Regulation.

 

3. Why does DISA process personal data?

DISA specialises in checking individuals using a digital verification process. We process personal data in order to verify relevant information at the request of a customer. “Relevant” means that only information relating to the service or reason that led to you entering into or intending to enter into a contract is verified.

 

4. Is DISA the data controller for this personal data?

DISA is the data processor in connection with the processing of personal data as defined in the GDPR. This means that we process data on behalf of and for the organization that requested a background check for you: the customer (usually your future employer).
We recommend that you also read the privacy policy and background check policy of the party that initiated the background check on you. The party that initiated the background check can best explain to you why you are being checked and why each of the check components was selected.

Contact details:

DISA Global Solutions

Apollolaan 151
1077 AR Amsterdam, Netherlands
+31 880 502 100
info@emea.disa.com
Chamber of Commerce registration number: 34346504

DISA Global Solutions AB

Vasagatan 28
111 20 Stockholm, Sweden
+46 844 138 40
info@emea.disa.com
Organisation number: 559338-7706

DISA has a data protection officer registered with the Dutch Data Protection Authority. The data protection officer can be contacted at privacy@emea.disa.com

 

5. On what legal basis does DISA process this data?

The customer determines the legal basis for the check. In some cases, the check may be required by law, while in other cases the organization requesting your check has a legitimate interest. You can find more information about the legal basis for the processing in the customer's privacy policy.

 

6. What personal data does DISA process?

During each check, DISA processes the following personal data, which we collect from you or from the customer:

  • Information such as name, address, gender, email address, and telephone number.

In addition, and depending on the customer's control policy and the parts selected for the control, the following personal data and/or documents may be processed:

  • Curriculum vitae (CV);
  • Date of birth, place of birth, nationality;
  • ID document;
  • Salary information;
  • Social security number and coordination number;
  • Driver's license;
  • Criminal record;
  • Information about educational background;
  • Information about work experience;
  • Information about references;
  • Information from industry and/or professional registers;
  • Information about drug use
  • Information about your financial situation, including information about your bank account, information from the register of persons under guardianship, information from the insolvency register, the ratio of personal debt to income or assets, and creditworthiness;
  • Information from social media and/or public sources;
  • Information from international watch lists of terrorists, lists of politically exposed persons, and sanctions lists;
  • Information relating to additional documents collected, verified or checked at the customer's request, such as pay slips, confidentiality agreements, employer statements, disciplinary statements and/or codes of conduct.

 

7. From whom does DISA obtain personal data?

In order to carry out specific parts of a check to verify information, DISA obtains personal data from the following parties:

  • You;
  • our customer;
  • data providers in connection with a check being carried out;
  • relevant educational institutions;
  • relevant industry and/or professional registers;
  • employers and/or other persons provided as references.

 

8. To whom does DISA disclose personal data?

In order to carry out specific parts of a check to verify information, DISA shares the necessary personal data with the following parties:

  • Data providers;
  • relevant educational institutions;
  • relevant industry and/or professional registers;
  • employers and/or other persons provided as references;
  • our customer.

 

9. Which data providers may access personal data?

DISA has entered into agreements with data providers who have taken measures to ensure the correct and secure processing of personal data. DISA's data providers are:

  • Creditsafe
  • Acta Publica AB ( 5161-1997 IMY)
  • Nuffic
  • Mitek Systems
  • Company.info
  • DataExpert
  • ICOVER
  • Provsvaret
  • Freshdesk


10. Are special categories of personal data processed?

In certain cases, DISA processes special categories of personal data. This depends on which parts are included in the check. The parts of the check have been determined by the customer based on the customer's policy, taking into account the possible risks associated with a specific service, membership, or specific work tasks. Before the check, you will be informed about the (special categories of) personal data that must be processed.

 

11. Processing of identity documents (ID documents)

DISA processes ID documents so that our customer can fulfill its legal obligation to verify a person's identity. This means that the authenticity of a scan of the ID document is checked based on a number of security details. In addition, the document number is checked to determine that the document has not been reported stolen or missing.

 

12. Is it mandatory to undergo a check?

You have the right to refuse to be checked. However, this will limit your chances of entering into a new agreement or receiving a service that requires a check.

Please contact the customer if you object to (all or part of) the check or have any questions. It is the customer who has determined how the check should be carried out in their policy.

 

13. Is my information secure?

DISA has taken appropriate technical and organizational measures to protect personal data against loss or any form of unlawful processing.

 

14. How long will personal data be stored?

Personal data is stored for 90 days after the check has been completed. After 90 days, the personal data is deleted, unless the customer has a different storage period for personal data with DISA.

The ID document and driver's license will be stored for 14 days after the check has been completed.

 

15. Will personal data be transferred to other countries within or outside the EEA?

DISA processes personal data within the European Economic Area (EEA).

Under certain circumstances, personal data (all or some) may be transferred to a “third country” outside the EEA. This is the case, for example, if you live in a third country outside the EEA, or if the customer, a data provider, or another party with whom we share the data is based in such a third country.

Under the GDPR, an adequate level of protection must be guaranteed when transferring personal data within the EEA. The transfer of personal data to a third country outside the EEA is permitted provided that an adequate level of data protection or appropriate security measures are guaranteed. In the absence of this, the transfer of personal data is permitted if the transfer is necessary for the performance of a contract concluded in your interest as a data subject between DISA and the customer (Article 49.1 c of the GDPR).

 

16. Read about your rights regarding confidentiality:

As a data processor, DISA forwards all requests from data subjects to the customer (the data controller). You can also send your request directly to the customer.

  • Right of access: Log in to your personal account with DISA to access the personal data collected about you by DISA.
  • Right to rectification: Send an email to DISA to request a change or addition to the personal data collected about you.
  • Right to erasure (“right to be forgotten”): You can request that DISA erase your personal data from DISA's systems if, for example, DISA no longer needs the personal data in connection with the business activities agreed with the customer.
  • Right to restriction of processing: You may request that DISA (temporarily) cease processing your personal data.
  • Right to object: You may object to the processing of your personal data.
  • Right to lodge a complaint: If you have a complaint about our services, you can lodge a complaint with DISA's support department by emailing support@global.disa.com
  • Please also note that you can submit a complaint to the Dutch Data Protection Authority and/or the Swedish Data Protection Authority (www.imy.se) about how DISA handles your personal data.

If you have any questions about the above information, please contact the support department at support@global.disa.com