Log in Contact
Trust Center

Security and compliance you can verify

Trust is earned with evidence. This is where we document exactly how Pescheck protects candidate and customer data, the certifications we hold, and the controls behind our background-screening platform. Everything here is open for your security and procurement teams to review.

Documentation last reviewed 1 July 2026

Overview

Welcome to Pescheck's Trust Center. Our commitment to data privacy and security is embedded in every part of our business. Use this page to review our security posture and access our security documentation.

Independent security grades

Verify these yourself, the links run a live external scan.

Risk profile

Data access level
Restricted
Impact level
Substantial
Recovery time objective
24-48 hours
Security posture

Our controls, in the open

Every control we operate, with its current status, across 15 domains. 62 in total, nothing hidden.

Status Implemented 41 In progress 1 Not applicable 20

Product Security

8

Security built into the platform itself, from access controls to audit trails.

  • Audit Logging

    Our product logs all user activity to enable easy auditing of usage patterns.

  • Data Security

    We have implemented several measures to ensure that your data remains safe and protected. Here are some of the security features and policies we have in place: - Multi-Factor Authentication (MFA) - Password Policies - Customer-Specific Data Retention Policies

  • Integrations

    We use webhooks to facilitate seamless integrations with various third-party services, making our platform even more versatile. Webhooks are an essential part of our integration strategy. They enable real-time communication between our SaaS application and external services, allowing data to flow bi-directionally. This means that when specific events occur within our platform, such as user actions or updates, we can automatically trigger actions in external services or vice versa.

  • Multi-Factor Authentication

    As part of our commitment to safeguarding valuable assets and ensuring the highest level of security within our organization, we have a mandatory implementation of Two-Factor Authentication (2FA) for all employee accounts. It is a requirement for all employees to enable and utilize 2FA (if possible) when accessing our internal systems, applications, and services. This additional layer of security is crucial in mitigating the risk of unauthorized access, protecting sensitive information, and preserving the integrity of our digital infrastructure.

  • Product Architecture

    Hardware and Services: Kubernetes Cluster: We run containerized applications with DigitalOcean Kubernetes (DOKS), a managed service that allows us to conveniently run and manage Kubernetes clusters. Managed Databases: We use DigitalOcean Managed Databases that provide support for PostgreSQL and Redis, enabling us to focus on our applications while letting DigitalOcean handle database management tasks. Object Storage: For hosting assets and files, we utilize Amazon S3 from AWS, a scalable object storage service known for data archiving, backup and recovery, and more. Private Networking: On DigitalOcean, we make use of the VPC service for secure, private networking, which helps to isolate our resources and traffic, further securing our data. Other Features: Terraform Provider: DigitalOcean offers a mature Terraform provider, allowing us to manage our infrastructure efficiently. Data Centers in Central Europe: With DigitalOcean, we have access to data centers in Frankfurt and Amsterdam, located in central Europe. High Availability/Distributed Database: Our setup supports high availability with DigitalOcean's Managed Databases. They can be deployed with standby nodes across different data centers for failover support.

  • Role-Based Access Control

    We use Role-Based Access Control (RBAC) to enhance the security of our systems and protect your data. While we have integrated RBAC into many areas, it's important to note that full implementation is an ongoing process. Rest assured, we have other robust security measures in place to safeguard your information. Our team is actively working to extend RBAC across all systems for comprehensive protection.

  • Service-Level Agreement

    We offer a Service Level Agreement for our product. More information can be provided upon request.

  • Team Management

    Our product supports team management capabilities to help administrators manage user needs and permissions.

Data Security

6

How candidate and customer data is protected, encrypted, and recovered.

  • Access Monitoring

    The following systems contain and need to be reviewed for their user rights: - The Network of Pescheck (Unifi, The specific members are registered and deregistered in Unifi by the CTO.) - The Dashboard (The specific members are registered and deregistered in Microsoft Entra ID (before known as Azure AD) by the CTO) - Sharepoint (The specific members are registered and deregistered in Microsoft Entra ID (before known as Azure AD) by the CTO.) - 1 Password (Password system, The specific members are registered and deregistered in 1Password by the CTO.)* - Hardware (Automatically synchronized with Microsoft Entra ID, the specific members are registered and deregistered in Microsoft Entra ID by the CTO.).

  • Data Backups

    We ensure that data is backed up across multiple locations and can be retrieved within our recovery time objective if a failure does occur. Primary data centers are located in Amsterdam, the Netherlands / Frankfurt, Germany (back-up)/ Paris, France (back-up).

  • Data Erasure

    We provide a service option to delete customer data upon request and will ensure that the data is erased within a set timeframe of two years. Hardware: The deletion of data happens when the hardware is no longer functioning. Or the hardware is not functioning for all of our internal users within PESCHECK. Then the CTO within the company will remove the hard disks from the laptops. After removing from the device he will totally erase them with the following tools: Scrub Wipe Shred DD We are following this article for overwriting hard disks with the new standards: https://www.blancco.com/resources/blog-many-overwriting-rounds-required-erase-hard-disk/ So, how many times should you overwrite a hard disk for complete data erasure? The answer: One pass is enough. To make sure there is no data left to recover. The hard disk will be checked afterwards if it contains any data.

  • Encryption-at-rest

    We have chosen to store our sensitive data in secure S3 buckets provided by Amazon Web Services (AWS). We have opted for AES 256-bit encryption, known as one of the most secure encryption methods available. Our data is distributed across two AWS regions to ensure redundancy and availability. We store a portion of our data in Frankfurt, Germany, and another portion in Paris, France. These locations were strategically chosen to meet regional and compliance requirements while remaining within the European Union. For added protection against data breaches, we have enabled AES 256-bit server-side encryption. This means that the data is always encrypted during transport and at rest, and only authorized personnel can read it.

  • Encryption-in-transit

    All of our communications at transit external or internal are done via secure and encrypted channels.

  • Physical Security

    We implement physical and operational security measures including CCTV surveillance at key access points, controlled visitor and third-party access, and restricted entry procedures for employees and external personnel. Access to the office is managed through secured systems, with employees responsible for locking procedures in and outside working hours. Equipment protection is ensured through minimal on-site storage of valuable assets, as most systems are cloud-based with servers hosted externally in Europe. Remaining hardware, such as laptops, is securely stored, encrypted, and either locked on-site or taken home by employees to reduce risk of loss or theft.

Application Security

6

Secure engineering practices across our software development lifecycle.

  • Responsible Disclosure

    To support this commitment to security, we have established a Responsible Disclosure policy. This policy invites security researchers, ethical hackers, and concerned users to report any discovered security flaws or vulnerabilities directly to us. We encourage those who come across such issues to follow the guidelines outlined in our Responsible Disclosure policy. You can find the following information regarding responsible disclosure and a point of contact:

    pescheck.io/security.txt
  • Bot Detection

    We use bot detection to protect our web application from automated login attacks.

  • Code Analysis

    Available upon request.

  • Credential Management

    We manage all secrets using the Hashicorp Vault.

  • Secure Development Training

    We conduct a yearly security awareness training for all our employees.

  • Software Development Lifecycle

    We prioritize security and code quality throughout the Software Development Life Cycle (SDLC). We implement various measures to ensure robust and reliable software, free from vulnerabilities. These practices include: - Branch protection on main branches. - Vulnerability scanning in the CI/CD pipeline. - Peer review for major changes. - Automated Testing. - Code Analysis Tools. - Secure Coding Guidelines. - Regular Security Training. - Penetration Testing. - Secure Third-Party Libraries.

Infrastructure

8

The hosting, networks, and environments that run our services.

  • Status Monitoring

    This page provides real-time updates on the status of our services and any incidents or maintenance activities that may affect your experience. By subscribing to our status monitoring page, you will receive instant notifications and alerts directly to your preferred communication channels, ensuring you stay informed about any potential disruptions or changes..

    IT Security Policy
    status.pescheck.io
  • Anti-DDoS

    Our Anti-DDoS policy includes advanced measures to protect our network and services from distributed denial-of-service attacks. These measures ensure continuous availability and performance, even under attack..

    IT Security Policy
  • BC/DR

    Our Business Continuity and Disaster Recovery (BC/DR) policy ensures that business operations continue smoothly and data is recovered quickly in the event of a disaster. This integrated approach minimizes disruption and maintains service quality..

    Backup and Restore Policy IT Security Policy
  • Cloud Workload Protection

    Our cloud workload protection policy ensures that workloads and applications running in cloud environments are secure. This includes continuous monitoring, threat detection, and automated response capabilities..

    IT Security Policy
  • Data Center

    Our data centers provide secure, reliable, and scalable infrastructure for our IT operations. They are equipped with advanced security measures, continuous monitoring, and redundant systems to ensure optimal performance and availability..

    Configuration Management Policy IT Security Policy
  • Infrastructure Security

    Our infrastructure security policy includes measures to protect our IT infrastructure from various threats, ensuring continuous availability and integrity of our systems and data. This includes firewalls, intrusion detection, and regular security audits..

    IT Security Policy
  • Network Time Protocol

    We use Network Time Protocol (NTP) to ensure accurate time synchronization across all systems and devices. This is crucial for logging, auditing, and coordination of processes within our IT environment..

    IT Security Policy
  • Separate Production Environment

    We have implemented a separate production environment that consists of three key stages: Test, Staging, and Production. This setup is designed to ensure the smooth and efficient delivery of our services while maintaining the highest standards of quality. Test Environment: The Test environment is the initial stage of our production process. It is where our development team conducts thorough testing, debugging, and quality assurance procedures on new features, updates, and enhancements. This environment allows us to identify and rectify any issues or inconsistencies before moving forward. Staging Environment: The Staging environment serves as an intermediary phase between testing and final deployment to the production environment. Here, we perform comprehensive end-to-end testing, verifying the compatibility and stability of the software across various systems, configurations, and datasets. Staging is a crucial step that ensures everything is functioning as expected before it goes live. Production Environment: The Production environment is the final destination where our services are made available to our clients and end-users. This environment is optimized for performance, reliability, and scalability to handle real-time user interactions and operational demands. It is continuously monitored and managed to ensure the highest levels of availability, security, and overall service quality.

Network Security

10

Defences at the network layer, from firewalls to zero trust.

  • Data Loss Prevention

    Our DLP policy focuses on preventing data loss through comprehensive monitoring and encryption strategies, as outlined in our Cryptography Policy. It includes continuous monitoring for anomalies and regular testing to ensure data security..

    IT Security Policy Cryptography Policy
  • DNSSEC

    DNSSEC is enabled to ensure the authenticity and integrity of our DNS responses. This enhances the security of our internet-facing services by preventing DNS spoofing and other related attacks..

    IT Security Policy Cryptography Policy
  • Firewall

    Our network is protected by a firewall with an integrated Intrusion Prevention System (IPS). This combination ensures continuous monitoring and defense against unauthorized access and potential security threats, maintaining the integrity and availability of our network services..

    IT Security Policy Network Security
  • IDS/IPS

    Our IDS/IPS policy ensures continuous network monitoring and threat mitigation using advanced intrusion detection and prevention technologies. This aligns with our IT Security Policy to safeguard against unauthorized access and data breaches..

    IT Security Policy
  • Security Information and Event Management

    Our SIEM policy involves real-time monitoring and analysis of security events to detect and respond to threats swiftly. It is supported by our IT Security and Incident Evaluation Policies..

    IT Security Policy Incident Evaluation Procedures
  • Spoofing Protection

    Our spoofing protection policy includes measures like SPF, DKIM, and DMARC to secure email communications, preventing phishing and spoofing attempts..

    IT Security Policy Cryptography Policy
  • Traffic Filtering

    Our traffic filtering policy ensures that only authorized traffic can access our networks, utilizing firewalls and advanced filtering techniques to prevent unauthorized access..

    IT Security Policy Network Security
  • Virtual Private Cloud

    Our VPC policy ensures a secure and isolated cloud environment for our applications, with robust encryption and monitoring to maintain data privacy and security..

    IT Security Policy Cryptography Policy
  • Wireless Security

    Our wireless security policy includes WPA2/PSK encryption and network segmentation to protect wireless communications and prevent unauthorized access..

    IT Security Policy Network Security
  • Zero Trust

    Our Zero Trust policy mandates strict verification and access controls, ensuring that all users and devices are continuously authenticated and authorized..

    IT Security Policy Access Control

Corporate Security

5

The internal practices that keep the company itself secure.

  • Asset Management Practices

    At PESCHECK, we implement Snipe IT, a robust asset management solution, to track, monitor, and manage our assets throughout their lifecycle. This centralized platform provides a comprehensive view of assets, including mobile devices, laptops, servers, and networking equipment, enabling informed decisions on allocation, maintenance, and replacement to ensure optimal resource utilization..

    Configuration Management Policy
  • Email Protection

    Our email protection policy includes measures such as SPF, DKIM, and DMARC to secure email communications, prevent phishing and spoofing attempts, and ensure that outgoing email traffic is encrypted using opportunistic TLS..

    IT Security Policy Cryptography Policy
  • Employee Training

    Our annual Security Awareness Training program covers IT Security, Compliance/Legal, and Physical Security. Employees learn about the latest threats, vulnerabilities, and best practices, including password management, safe internet browsing, recognizing phishing attempts, email security, secure data handling, compliance with regulations, privacy laws, and physical security measures. This training ensures employees are well-equipped to minimize cyber threats and protect sensitive information..

    IT Security Policy Employee Training Guidelines
  • HR Security

    Internal screening includes checks such as integrity statements, ID verification, international PEP, sanction and watchlists checks, criminal record checks, online presence analysis, data checks, qualification and diploma verification, credit checks, work-reference CV checks, and letters of consent. These measures ensure that new employees are trustworthy and compliant with our security standards..

    HR Policy
  • Incident Response

    Our security incident management process guides the identification, assessment, mitigation, and resolution of security incidents. It details the steps, roles, responsibilities, and communication channels involved, promoting accountability and minimizing the impact of security events on business operations..

    IT Security Policy Business Continuity Policy

Risk Management

2

How we identify, assess, and manage security and supply-chain risk.

  • Risk Assessments

    PESCHECK conducts a risk assessment every three months in accordance with ISO 27001:2022. This process identifies, analyzes, and evaluates potential risks to our information security management system (ISMS). Based on the assessment, we implement appropriate controls to mitigate these risks and ensure the security of your data.

  • Supply Chain Risk Management

    Security controls governing PESCHECK's third party relationships are detailed by PESCHECK's Supplier Management Policy and enforced by approval measures and oversight. External parties pursuing business relationships with PESCHECK, including but not limited to contractors, vendors, outsourced service providers, or partners, are assessed for their own security posture against industry standard frameworks for effective security controls maturity before approval and onboarding. Compensating controls are documented, enforced, and monitored in cases involving sensitive or strategic data access, and vendors are re-evaluated for changes in security posture on the occasion of any contract renewal.

Business Continuity

1

Keeping the service available and recoverable when things go wrong.

  • Business Continuity Plan (BCP)

    PESCHECK maintains a comprehensive Business Continuity Plan (BCP) to ensure the continuity of critical business functions and minimize the impact of potential disruptions on our operations and customers. The BCP is regularly reviewed, tested, and updated to ensure its effectiveness in the face of evolving risks and changing business requirements.

Training

1

Keeping our people trained and aware of security responsibilities.

  • Security Awareness Training

    PESCHECK conducts mandatory security awareness training for all employees. The training covers topics such as information security policies, data protection, secure handling of sensitive information, and identifying and reporting suspicious activities. Employees must complete the training and pass an assessment to ensure their understanding of the covered topics.

Change Management

1

Governance over changes to systems and configurations.

  • Change Advisory Board (CAB)

    The CAB reviews and approves non-standard (features) and emergency (critical bug fixes) changes before development. Approved changes are described in the dashboard repository and tracked via Agile Kanban (To Do, Doing, Testing, Done). Stakeholders test changes in a staging environment before production deployment. Emergency CAB meetings can fast-track critical fixes if needed, ensuring minimal risk and alignment with security standards like ISO 27001 and GDPR.

Policies

1

The documented policies that govern our security programme.

  • Information Security Policy

    The purpose of the Security Policy is to set out PESCHECK's objectives in the area of Security & Compliancy for its stakeholders and to protect all of the information assets across the organization from threats, whether internal and external, deliberate or accidental. This security policy applies to all employees, suppliers and contractors who are part of PESCHECK.

Access Control

3

Who can reach data, and the controls that keep access least-privilege.

  • Data Access

    The Access Control policy applies to staff authorised to have access to the Pescheck infrastructure or facilities. The following applies: - Access rights are granted on the basis of a need-to-know principle. - The provision and deactivation of the user account follows a defined procedure. - Assigning, adjusting and withdrawing access rights follows a defined procedure. The following systems contain and need to be reviewed for their user rights: - The Network of Pescheck (Unifi, The specific members are registered and deregistered in Unifi by the CTO.) - The Dashboard (The specific members are registered and deregistered in Microsoft Entra ID by the CTO) - Sharepoint (The specific members are registered and deregistered in Microsoft Entra ID by the CTO.) - 1 Password (Password system, The specific members are registered and deregistered in 1Password by the CTO.)* - Hardware (Automatically synchronized with Azure AD, the specific members are registered and deregistered in Microsoft Entra ID by the CTO.).

  • Logging

    Our logging policy includes detailed and secure logging of critical events across all systems and devices. The central and secure log environment includes logging for capacity management, bug tracking, troubleshooting, and usage statistics for organizational and product development. This environment is secured according to the access policy, and users with access have only read rights.

    IT Security Policy
  • Password Security

    These are the written policy instructions for our employees regarding Password Security: - Every employee uses a personal login name and a password to protect the computer. - Ensure a good and strong composition of your password: at least 8 characters of which at least 2 digits, even if the system does not technically enforce this. - Use a password management system (1Password) to save your passwords. - 2FA should be enabled when available in the system or application. - NEVER give your username and password to anyone else, not even your immediate colleagues.

Endpoint Security

5

Protection for the devices our team uses to operate the service.

  • Disk Encryption

    We use LUKS and BitLocker to encrypt the data on our corporate laptops, ensuring the confidentiality and security of sensitive information stored on these devices..

    IT Security Policy Cryptography Policy
  • DNS Filtering

    Our DNS filtering policy includes blocking access to known malicious websites and harmful online resources, thereby protecting our network and users from potential threats..

    IT Security Policy Network Security
  • Endpoint Detection & Response

    Our EDR solutions continuously monitor endpoint activities to detect, analyze, and respond to cyber threats in real-time. This ensures quick identification and mitigation of potential security incidents..

    IT Security Policy Anti-Malware Policy
  • Mobile Device Management

    Devices are managed using an MDM solution where practicable. Devices not managed through MDM are manually checked for compliance with security policies. Notebooks and workstations must have an updated operating system and antivirus solution. Software installation restrictions are enforced via Intune, with exceptions approved by the CTO. IT laptops are exempt due to daily operational needs. Full disk encryption is implemented as a physical security measure on all mobile devices..

    IT Security Policy Configuration Management Policy
  • Threat Detection

    Our threat detection policy employs advanced tools and techniques to continuously monitor our network and systems for potential security threats. This proactive approach helps in early identification and mitigation of threats..

    IT Security Policy Incident Evaluation Procedures

Data Privacy

4

GDPR-aligned handling of personal data across the screening process.

  • Cookies

    We use various types of cookies on our website to improve the user experience: • Necessary Cookies: These cookies allow us to recognize you on a future visit, so your preferences are retained. You can delete these cookies via your browser settings. • Session Cookies: These enable us to monitor your browsing behavior during your visit and are deleted once you close your browser. • Tracking Cookies: With your permission, we place cookies that monitor your preferences and activities to tailor advertisements to your interests. • Google Analytics: We use this service to gain insights into website usage. The information collected is as anonymized as possible, and your IP address is not provided. The information is stored on servers in the United States and falls under Google's Standard Contractual Clauses. Your Rights: You have the right to request access to, correction, or deletion of data collected via cookies. Please contact us at [email protected] for requests or questions regarding our cookie policy. The cookielist is available on: https://pescheck.io/privacy-policy/

  • Data Into System

    - CV data: name, address, gender, email address, telephone number, work history, education history, qualifications, certifications and skills - Identity data: ID card, passport or driving licence details, MRZ data, BSN number (where applicable), passport/ID number, nationality, passport nationality, date and place of birth, and document validity details - Address verification data: current and previous address information and supporting documents used to confirm identity and residence - Right to work data: information from visas, work permits or residence permits used to confirm legal right to work - VAR data: verification of labour relationship statements (VAR) or equivalent self-employment/tax registration documents - Criminal record data: certificates of good conduct, criminal record statements and related verification documents - Work and training history: employment history, job titles, duties, employment periods, education history, qualifications, diplomas, certifications, references and feedback from employers or institutions - Financial data: creditworthiness information, insolvency and bankruptcy records, debt-related information and credit scores obtained via third parties - Integrity data: information relating to financial integrity, bankruptcy history, dismissal or suspension history, conflicts of interest, additional positions, accuracy of CV information, professional conduct, and criminal convictions or allegations where permitted - Online information: publicly available information such as social media profiles, news articles, websites, blogs, forums, professional networks, watchlists and sanctions lists - Professional registration data: information on licences, certifications, memberships and registrations with professional or regulatory bodies - Additional documents: documents requested by the client such as payslips, confidentiality agreements, employment contracts, certificates or other supporting evidence

  • Data Protection Impact Assessment (DPIA)

    We conduct Data Protection Impact Assessments (DPIAs) for projects or processing activities that involve personal data to identify and mitigate privacy risks and ensure compliance with GDPR.

  • Employee Privacy Training

    Employee Privacy Training is designed to ensure that all our team members understand the importance of safeguarding sensitive information and respecting your privacy. This training equips our employees with the knowledge and skills to handle your data responsibly and ethically. Key aspects of our Employee Privacy Training include: - Data Protection: Our employees are educated on the significance of data protection and the critical role they play in maintaining the confidentiality and integrity of your information. - Privacy Regulations: We provide insights into relevant privacy regulations and laws that impact how we handle and process your data. This ensures that our practices remain compliant with legal requirements. - Ethical Handling of Data: Our training emphasizes the ethical handling of data, promoting a culture of respect for your privacy rights and data ownership. - Incident Reporting: We educate our employees on the proper procedures for reporting any potential privacy or security incidents, ensuring swift action and resolution if an issue arises. By integrating Employee Privacy Training into our Security Awareness Training program, we foster a workforce that is dedicated to upholding the highest standards of privacy and security.

Reviewed and trusted by security teams at

Documentation

Documents and reports

Certifications, policies and reports. Public documents open directly; confidential documents are available to customers and prospects on request.

Knowledge base

Common security questions

Could you explain how you process judicial data as it is prohibited by Article 10 of the GDPR?

Processing of Judicial Data under GDPR Article 10 Article 10 of the General Data Protection Regulation (GDPR) prohibits the processing of personal data relating to criminal convictions and offenses unless it is carried out under the control of an official authority or when authorized by Union or Member State law. PESCHECK's Legal Basis for Processing Special Categories of Personal Data. PESCHECK holds a Private Investigator (PI) license issued by the Ministry of Justice in the Netherlands. This license grants us the legal authority to process special categories of personal data, including judicial data. The PI license ensures that our data processing activities comply with stringent legal and regulatory requirements. https://www.justis.nl/registers/wpbr-register/pes-check Our license allows us to handle data related to criminal convictions and offenses, ensuring that all processing is conducted in a lawful and secure manner. This compliance framework enables us to provide comprehensive background checks while adhering to the highest standards of data protection and privacy. Our Commitment to Data Security At PESCHECK, we prioritize the security and confidentiality of the data we process. We implement robust security measures, including encryption, access controls, and regular audits, to protect the data from unauthorized access and ensure compliance with GDPR and other applicable regulations. By holding a PI license and following rigorous data protection protocols, PESCHECK is committed to providing reliable and secure background check services while maintaining compliance with legal requirements. ______________________________________ What could be reasons as a pi As a Private Investigator (PI) licensed by the Ministry of Justice in the Netherlands, PESCHECK has the legal authority to access and process special categories of personal data, including judicial data. Here's how this data can be accessed and the possible reasons for doing so: Accessing Judicial Data 1. Legal Framework and Authorization: o PESCHECK operates under a PI license, which provides the legal basis for accessing and processing judicial data. o Access to this data is strictly regulated and must comply with all relevant laws, including the GDPR and national regulations. 2. Data Sources: o Judicial data may be accessed from official records, government databases, and other authorized sources. o PESCHECK ensures that all data is obtained lawfully and that proper permissions are secured. 3. Security Measures: o Robust security protocols are in place to protect the data from unauthorized access. o Encryption, access controls, and regular audits are used to safeguard the data. Reasons for Accessing Judicial Data 1. Background Checks: o Verifying the criminal history of candidates as part of pre-employment screening. o Ensuring that individuals do not have a history of offenses that could pose a risk to the organization. 2. Regulatory Compliance: o Ensuring that the organization complies with industry-specific regulations that may require background checks. o Meeting legal obligations to verify the criminal background of individuals in certain roles, such as positions of trust. 3. Risk Management: o Identifying potential risks associated with hiring individuals with a criminal background. o Making informed decisions to protect the organization's assets, reputation, and workforce. 4. Security Clearance: o Verifying the eligibility of individuals for security clearances or other sensitive positions. o Ensuring that individuals with access to sensitive information or assets meet the required security standards. Transparency and Consent 1. Candidate Notification: o Candidates are informed about the background check process and the types of data that will be accessed. o Explicit consent is obtained from candidates before accessing judicial data. 2. Right to Access and Rectification: o Candidates have the right to access the data collected about them and request corrections if there are inaccuracies. o PESCHECK provides clear procedures for candidates to exercise these rights. Conclusion PESCHECK's ability to access and process judicial data as a licensed PI is governed by strict legal and regulatory frameworks. This ensures that all data processing activities are conducted lawfully, securely, and transparently, with the primary purposes being background checks, regulatory compliance, risk management, and security clearance. By adhering to these principles, PESCHECK can provide reliable and legally compliant background check services that meet the needs of its clients while protecting the rights and privacy of individuals.

Is segregation of data maintained?

We use Role-Based Access Control (RBAC) in Django by assigning users to groups that represent roles (e.g., Admin, Manager). Each role has specific permissions (view, edit, delete) applied to data within their organization. When users log in, Django checks their group membership and restricts access to their organization's data using query filters and permissions. This ensures logical data segregation and secure access control.

Background checks in Spain / Belgium

Requesting individual criminal background checks in Spain appears to be a straightforward process. The Ministry of Justice website doesn't provide specific attention or details regarding this regulation. Obtaining the actual document seems to be easily accomplished through the government website. However, it's crucial to ensure compliance with the GDPR and the Spanish LOPDGDD when dealing with personal data in Spain. Regarding the legal implications: Link --> https://www.engage.hoganlovells.com/knowledgeservices/news/criminal-background-checks-in-spain Article 10 focuses on the handling of personal data associated with criminal convictions, offences, and security measures linked to these criminal activities. It specifies that the processing of personal data concerning criminal convictions or offences must adhere to the guidelines outlined in Article 6(1). This processing should take place only under the supervision or control of an official authority. Alternatively, processing can occur if it is explicitly authorized by laws established by the European Union or the respective Member States. These laws must incorporate adequate measures to protect the rights and freedoms of individuals whose data is being processed. Furthermore, the article emphasizes that any comprehensive register containing details of criminal convictions should be maintained solely under the supervision or control of an official authority. This control ensures that sensitive data related to criminal activities is managed securely and in compliance with legal safeguards to protect the privacy and rights of individuals. As PESCHECK, we hold a POB #1551 [Pi] license granted by the Dutch Ministry of Justice, enabling us to conduct investigative and detective work as a background screening provider and processing of the category: Special Personal Data (such as Criminal). Furthermore, to have measurements and safeguard the right and freedoms of individuals.

Need something specific?

Security questionnaires, a DPA, a sample DPIA or an under-NDA report, our privacy office is happy to help your due diligence.