Log in Contact
Back to Privacy
Privacy For organisations 2 min read

How does Pescheck handle the privacy of my employees?

Same controls, same data protection, same level of care as we apply for any candidate. Here is what you can tell your team.

Last updated

In short: Every screening we run is held to the same privacy standard. ISO 27001 certified, GDPR compliant, data stored in the EU, minimum-necessary collection, defined retention. You can tell your team that their data is treated the same way you would expect your own to be.

What we ask employees for

Only what is needed for the checks the organisation has authorised. We never:

  • Ask for medical information unless legally required for a specific check
  • Collect data on protected characteristics (religion, political belief, sexual orientation, union membership)
  • Run checks the candidate has not consented to
  • Retain data longer than necessary

For each screening, the employee can see exactly which checks have been authorised and what data each one requires. They consent on a per-check basis.

How long we keep employee data

Per our privacy policy:

  • Personal data processed by Pescheck as data controller for the screening is deleted within 60 days of the assignment completing
  • General retention is up to 24 months, extended only where legal obligations or the client require it
  • Supporting uploads (ID scans, certificates) are anonymised on a defined schedule after the screening completes; only the verified outcome remains
  • Audit logs are retained as required by our screening licence; these contain metadata only, not the underlying personal data

Employees can request earlier deletion via [email protected], subject to legal retention obligations.

What your employees can tell you

Sometimes employees have concerns about being screened. They can ask us directly (via the support form) about:

  • What data we have collected and held about them
  • Who at Pescheck has accessed it
  • Whether it has been shared with anyone other than your organisation (it has not)
  • How long it will be kept

We respond within one month as required by GDPR. We will copy you in only if the employee asks us to.

Processor, not data broker

Under GDPR and per our standard processing agreement, Pescheck acts as the processor on behalf of your organisation (the controller). We do not aggregate data, build profiles, or repurpose it. The data exists for one purpose only: to deliver the report you commissioned.

If you audit our data handling, our Trust Centre hosts ISO 27001 documentation, current sub-processor list, and TOMs. Larger customers can also request a copy of the sample DPIA and incident response procedures via [email protected].

Feedback
Was this article helpful?

Related articles

Privacy · Candidate

What data does Pescheck collect about me?

Only the data that's necessary for the specific checks you've consented to. Here is what we collect, why, and how long we keep it.

2 min read
Privacy · Candidate

How does Pescheck protect my data?

We process your data under a Dutch Ministry of Justice POB licence and ISO 27001 certification, with encryption in transit and at rest and EU-only storage.

1 min read
Privacy · Candidate

Your rights under GDPR

As the person being screened, you have specific legal rights over your data: access, correction, deletion, and the right to object. Here is how to use them.

2 min read
Still stuck?

Get a personal answer from our team.

Contact support Book a call