Version 1.5 updated 25/05/2018
Customer means any organisation that is registered to use the Portal and Services provided by Know Your Candidate.
KYC means Know Your Candidate Ltd, registration number 6872627 and whose registered office is at 1st Floor, 1 City Approach, Albert Street, Eccles, Manchester, M30 0BG.
Services means the provision of employment screening services and includes the provision of Information by Know Your Candidate to the Customer in respect of a Data Subject for whom the Customer is considering employing or already employs.
Authorised User is an individual who has been issued with login credentials to access the Portal on behalf of the Customer.
Primary User is the Authorised User who has overall responsibility for the Customer Account on the Portal.
Customer Account means the details stored on the Portal relating to the customer, including but not limited to the name and address and contact details of the organisation, it’s company registration and data protection numbers, details of Authorised Users, transaction history and receipts.
Fee means the sums payable by the Customer for the provision of the services by KYC.
Information means the information, data, reports that KYC provides to customers regarding the Data Subject.
Data Supplier means organisations or individuals from whom information is obtained for the purpose of providing the services.
Terms and Conditions means the terms and conditions of use applicable to the Services as provided by KYC applicable to all customers using the Portal.
Portal means the website provided by KYC and all its contents found at www.knowyourcandidate.co.uk
URN means the 8-digit number assigned to each Information request created on the Portal.
Controller means the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of processing are determined by EU or Member State Laws, the Controller (or criteria for nominating the Controller) may be designated by those law.
Data Subject means an identifiable natural person about whom a Controller holds Personal Data. For the purposes of the agreement this may include an individual whose details are provided to KYC by the Customer as part of the request for Information or whose details are contained within the Information provided to KYC by Data Suppliers.
GDPR means the Data Protection Act 1998 and the General Data Protection Regulations (EU) 2016/679 as applicable time to time and as amended, replaced or superseded from time to time, including laws implementing or supplementing GDPR.
Personal Data shall have the meaning set out in the GDPR, specifically this means any information relating to a Data Subject; who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
User Guide means the document provided by KYC to assist the Customer in ordering, administering, processing and interpreting the Services and Information.
Sub-Processor means a natural or legal person, public authority, agency or any other body contracted by KYC to process Personal Data for the purpose of carrying out a specific processing activity.
Reference/References means any Information provided about the Data Subject from a current or previous employer, character referee, education establishment or membership body.
Government Agency Fees means the fees of Disclosure and Barring Service (DBS), Disclosure Scotland (DS) and Access Northern Ireland (ANI).
2.1 These are the Terms and Conditions applicable to the Services provided by KYC.
2.2 In order to use the Services it is necessary for you to register as a Customer and by accessing the Portal, using the Services or by registering as a Customer, you agree that you have read these Terms and Conditions, you understand these Terms and Conditions and that you are bound by these Terms and Conditions. If you do not agree to these Terms and Conditions you may not use the Portal or access the Services.
2.3 These Terms and Conditions apply to all of the Services provided by KYC and override all previous agreements and representations made between KYC and any Customer.
3.1 Any organisation requiring the services provided by KYC must complete the registration process on the Portal. No request for Information or orders for the Services will be considered or accepted until the Customer Account on Portal has been authorised.
3.2 Individuals cannot register as a customer.
3.3 In order to register, customers must provide details regarding their organisation such as its name, address, phone number, website address, company and data protection registration numbers. KYC will make checks to verify the organisation and information is genuine.
3.4 KYC reserves the right to refuse any application for registration without providing any reason for the same.
3.5 To become an Authorised User on the Portal a person specific email address must be provided by the Customer. Generic or department email addresses e.g. info@ or humanresources@ are not permissible. The email address must be linked to a domain owned by the Customer and cannot be a web email service such as Gmail, Yahoo, Hotmail etc.
4.1 KYC will provide the Customer with passwords to facilitate receipt of the Services. The Customer shall be responsible for protecting the safe keeping of such passwords against unauthorised use or disclosure to persons who are not Authorised Users.
4.2 The Customer shall:
b) not encourage or facilitate exchange or disclosure of user names and passwords between the Authorised Users of the Portal.
c) ensure that the Authorised Users keep their user names and passwords strictly confidential.
d) ensure that all devices used by the Customer to order or access the system are placed in a secure location and accessible only by Authorised Users, and that such devices are secured when not in use through such means as screen locks, shutting power controls off, or other reasonable security procedures.
5. Consent and Data Protection
5.1 The Customer must have the explicit consent of the Data Subject to place an order for the Services. The consent declaration must be provided to KYC before any request for Information on the Data Subject can commence.
5.2. The consent declaration must display the signature of the Data Subject either in handwriting or as captured by an electronic signing service such as DocuSign.
5.3 KYC will make available an electronic signing service to capture the consent of the Data Subject. A maximum of 2 signing requests will be sent to the Data Subject via the electronic signing service. If the Data Subject does not complete the signing request during the 2 attempts the responsibility of obtaining consent of the Data Subject will revert to the Customer.
5.4 The consent declaration must be dated within 90 days of the order for the Services for that Data Subject on the Portal.
5.5 The consent declaration of the Data Subject must be freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of Personal Data relating to him or her.
5.6 The consent declaration must make reference to the type of background checks which the Customer intends to carry out and any specific clauses as required by sub-processors. KYC reserves the right to reject any consent declaration which in its sole discretion deems unsuitable and request that a new declaration is signed by the Data Subject which includes the appropriate wording.
5.7 No liability shall attach to KYC in the event that the signature provided or email address provided for an electronic signing request is not that of the of the Data Subject and the Customer hereby indemnifies KYC in respect of all costs, expenses and losses that may be incurred by KYC in this regard.
5.8 The Data Subject has the right to withdraw their consent to the screening process at any time:
The Customer must notify KYC by sending an email to firstname.lastname@example.org providing the Data Subject’s name and the URN of the Information request from the Portal. On receipt of the email KYC will cease processing the Data Subject’s personal data and reply to the Customer to confirm data processing has ceased.
b) if the Data Subject notifies KYC:
On receipt of the notification from the Data Subject KYC will cease processing the Data Subject’s personal data and send an email to the Data Subject and the Customer to confirm data processing has ceased.
5.9 Both parties shall comply with the GDPR at all times.
5.10 Where KYC is the Data Processor of any Personal Data for the Customer it shall:
b) notify the Customer promptly if KYC becomes aware that any instructions of the Customer relating to the processing of Personal Data are unlawful;
c) ensure that any persons (including Sub-Processors) used by KYC to process Personal Data are subject to legally binding obligations of confidentiality in relation to the Personal Data;
d) be authorised to engage a sub-contractor to carry out any processing of Personal Data provided that KYC:
notifies the Client of the engagement of such subcontractor; and
ensures that obligations equivalent to the obligations set out in these Clause 5.9 and 5.10 ("the Processing Clauses") are included in all contracts between KYC and sub-contractors who will be processing Personal Data;
and notwithstanding KYC's compliance with sub-clauses (a) and (b) it shall remain liable for the acts of any sub-contractor and for compliance with all the requirements of this Agreement;
e) take appropriate technical and organisational measures against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data taking into account the harm that might result from such unauthorised or unlawful processing, loss, destruction or damage and the nature of the Personal Data to be protected;
f) taking into account the nature of the data processing activities undertaken by KYC provide reasonable assistance and co-operation (including without limitation putting in place appropriate technical and organisations measures) to enable the Customer to fulfil its obligations to respond to requests from individuals exercising their rights under the GDPR;
g) assist the Customer in ensuring compliance with the obligations set out in the GDPR (inclusive) taking into account the nature of the data processing undertaken by KYC and the information available to KYC; and
h) make available to the Customer all information necessary to demonstrate compliance with the Processing Clauses and allow for and contribute to audits, including inspections, conducted by or on behalf of the Customer or by the Information Commissioners Office pursuant to the GDPR.
5.11 The parties agree that the Customer shall indemnify KYC against any and all claims for a breach of the GDPR howsoever arising in respect of breach which was not the fault of KYC.
6.1 The standard method of payment for the Services shall be by debit/credit card.
6.2 The fees for the provision of the services shall be displayed on the Portal at https://www.knowyourcandidate.co.uk/pricing-for-employment-screening-checks
6.3 KYC reserves the right to alter the prevailing price list.
6.4 In certain circumstances Data Suppliers will charge additional fees for providing references. KYC will notify the Customer of such instances and will only proceed to incur such charges with permission of the Customer. KYC will pass these charges on to the Customer.
6.5 Should the Customer choose not to proceed with those Information requests which incur additional fees, the Fee paid to KYC for that component of the Services will not be refunded.
6.6 The Customer acknowledges and agrees that the part of the fees which relate to Government Agency Fees can be revised at any time by the particular government agency as the provider of that part of the Services. Any criminal record checks ordered by the Customer but where the application has not been made due to the Customer not supplying the required information, supporting documents or consent then the Customer will need to pay the difference in price in order for the application to be made.
6.7 Where KYC agrees to invoice the Customer for the Services, the Customer will pay the Fees within 30 days of the date on the invoice.
6.8 KYC shall reserve the right to charge interest (both before and after judgment) at a rate of 5 per cent per annum above the Barclays Bank PLC base rate ruling from time to time on any payment which remains unpaid following the due date for payment and such interest to be compounded with monthly rests from the due date until the date of actual payment.
6.9 If a Customer pays via invoice KYC reserves the right to cease processing any current or future requests for Information submitted to the Portal until any outstanding balance is paid.
6.10 Except in the case of duplicate card payments no refunds will be provided by KYC. For the avoidance of doubt this means the full Fee will be applicable if:
b) The Customer has not provided either all of the Personal Data required for the background checks specified, the relevant supporting documents or an acceptable consent declaration from the Data Subject within 90 days of the order being placed on the Portal.
c) Where the Customer has ordered background checks outside of the geographical coverage stated on the Portal and User Guide.
d) The Data Subject withdraws their consent.
7. Provision of Services
7.1 KYC reserves the right to decline to provide the Services or Information to any Customer in the event that KYC, in its sole discretion and judgment, believes that the request for Information or the Services is not bona fide and the Customer hereby warrants that the Services and Information provided shall only be used forthe purposes of employment screening of prospective and current employees and for no other purpose and shall indemnify KYC in respect of any losses, damages, costs or penalties incurred by KYC as a result of any unauthorised use of the Services and Information.
7.2 The Customer provides their consent for KYC to use Sub-Processors in the delivery of the Services.
7.3 KYC will provide the Services based upon the Personal Data provided by the Customer or the Data Subject to KYC. The Customer is responsible for the validity and accuracy of all Personal Data provided by the Customer or the Data Subject to KYC and no liability shall attach to KYC in the event that it is found that the Personal Data supplied by the Customer or the Data Subject to KYC was incorrect or inaccurate.
7.5 The Customer is responsible for providing the Personal Data, supporting documents and consent declaration required to start any request for Information. KYC shall be under no obligation to prompt the Customer or Data Subject for any outstanding items.
7.6 Where the Information required for a Data Subject consists of several different background checks which are completed in differing time frames KYC shall not be required to provide the Information until all background checks are completed. Interim Information will be provided at the sole discretion of KYC.
7.7 The territories in which each background check can be provided by KYC will be displayed on the Portal and the User Guide and as such KYC reserves the right to reject any request for Information where the Data Subject’s current address or previous location means the Services cannot be provided.
7.8 KYC will only provide the Information in the format of a PDF report to be downloaded by the Customer from their account on the Portal. KYC will not provide hard copies or originals of any Information such as reports or certificates and nor will it provide Information via email, fax or any other means.
7.9 The format and Information included within the PDF report shall be determined by KYC. The Customer does not have the right to request the Information be displayed in a particular way or the Information from Data Suppliers or Sub-Processors to be included in its original format.
7.10 References obtained will vary in content and format. KYC shall not be under any obligation to request the Data Supplier provide additional Information or provide the reference in a specific format.
7.11 KYC shall use reasonable endeavours to obtain the Information relating to References and shall contact the Data Supplier on five separate occasions for the purposes of obtaining such Information. The Information shall be deemed unobtainable with the full Fee being payable if the Data Supplier does not respond to the five contact attempts.
7.12 A further Fee shall be payable by the Customer to KYC in the event that Information is unobtainable and the Customer requests further Information be obtained or further Services be provided, KYC shall be under no obligation to transfer fees to other requests for Information, provide further checks without charge or to issue any form of credit to a Customer.
7.13 KYC shall remove all Personal Data and Information for each Data Subject from the Customer Account 90 days after the end of the month the Information has first been made available to the Customer. A copy of the Information shall then be retained for an additional 90 days in an archive. After 180 days have elapsed the Information will be deleted permanently and KYC shall not be liable for any losses incurred by the Customer as a result of such Information no longer being available.
7.14 In respect of References KYC will select the most appropriate source from which to obtain the Information, which may be different to the source provided by the Customer or the Data Subject.
8. Limitation of Liability
8.1 KYC aims to provide the Customer with:
b) access to uninterrupted Services, but KYC are unable to guarantee the Services will be uninterrupted due to KYC’s reliance on third-party organisations, over whom KYC has not direct control.
8.2 KYC does not warrant the accuracy of the Information provided to the Customer and the Services provided and Information provided are not intended to be used as the sole basis for any business decision, and are based upon data which is provided by Data Suppliers, the accuracy and/or completeness of which will not be possible and/or economically viable for KYC to guarantee or warrant.
8.3 KYC specifically excludes any liability for any inaccuracy, incompleteness or other error in the Services and/or the Information which arises as a result of data provided to KYC by the Customer or any third party and any failure of the Services and/or Information to achieve any particular result for the Customer.
8.4 The Customer warrants that in connection with the provision or use of these Services the Customer will comply with all legislation, regulations, and other rules having equivalent force which are applicable to that party, including the GDPR.
8.5 All estimates published on the Portal for the completion times of the Services are for illustrative purposes only and time shall not be of the essence in relation to any of the obligations on behalf of KYC to provide the Services or Information. KYC relies upon the provision of Information from Data Suppliers and Sub-Processors and cannot be held responsible for any delays experienced in obtaining the Information from such parties.
8.6 KYC shall use all reasonable skill and care to provide the Services however, the Customer agrees that it is reasonable for KYC to limit its liability. KYC does not guarantee how accurate the Information is or how valid any advice or opinion given by KYC is and KYC shall not be responsible for any loss which the Customer suffers as a result of a claim made by any Data Subject about whom Information or Services have been provided by KYC to the Customer.
8.7 All documentation provided by KYC, including but not limited to, the provision of Information through the Services or via the Portal, marketing material or the User Guide, are for illustrative purposes only and KYC shall not be liable for any inaccuracies contained therein.
8.8 KYC shall not be liable to the Customer or any third party for any of the following in any circumstances whether as a result of negligence or breach of contract or any other liability or obligation:
b) loss of profit.
c) loss of business or business use.
8.9 The liability of KYC for any claim (whether in Contract, negligence, breach of statutory duty or under any indemnity or otherwise), shall be limited to the value of the Fee paid by the Customer to KYC for the provision of the Information and Services relating solely to the subject matter of any claim and not in respect of any previous or linked Information and Services.
8.10 KYC does not provide any representations, guarantees or conditions that:
b) the Services or the Information (or both) will not affect anyone else’s intellectual property.
c) the Services or the Information (or both) will meet the requirements of the Customer.
8.11 Nothing in these Terms and Conditions excludes the KYC’s liability for death or personal injury arising out of the KYC’s negligence.
8.12 The Customer hereby undertakes to fully indemnify KYC against any claims, actions or proceedings brought against KYC as a result of the Customer using the Services or the use of the Information or Services provided.
9.1 The Customer shall, in respect of the Information for which it is the recipient;
b) take all reasonable steps to prevent unauthorised access to the Information.
9.2 The Customer may disclose the Information to, and allow its use in accordance with these terms to:
b) as may be required by law, court order, or any governmental or regulatory authority.
c) to a third-party so long as the purpose of providing the Information is in relation to the purposes of employment screening of a prospective or current employee for a particular role or contract in relation to that third-party and that the Data Subject has consented to the Information transfer. The third-party must be made aware that any Information received from the Customer under the provisions of this clause must not be disclosed to any other party without the prior written consent of KYC and the Candidate.
9.3 The Customer shall not, without the prior written consent of KYC, disclose any Information to the Data Subject, save in circumstances whereby disclosure is required under any statutory provisions including, but not limited to, GDPR.
10. Force Majeure
10.1 KYC reserves the right to defer the date of performance of the Services to or cancel any request for the provision of Services and/or Information if it is prevented from or delayed in the carrying on of its business due to circumstances beyond the reasonable control of KYC including, without limitation, acts of God, governmental actions, war or national emergency, acts of terrorism, protests, riot, civil commotion, fire, explosion, flood, epidemic, lock-outs, strikes or other labour disputes (whether or not relating to either party’s workforce), or restraints or delays affecting carriers or inability or delay in obtaining supplies of adequate or suitable materials.
11.1 Any notices to be sent by one party to the other in connection with the provision of Services except for the service of Court proceedings shall be in writing and shall be delivered personally or sent by special delivery post (or equivalent service offered by the postal service from time to time) to the registered addresses of each party.
11.2 Notices shall be deemed to have been duly given; if delivered personally, upon delivery; if sent by post, two clear days after the date of posting; if sent by fax, when transmitted provided that a confirmatory copy is sent by special delivery by the end of the next business day after transmission.
12. Choice of Law and Jurisdiction
12.1 These Terms and Conditions and all matters arising out of them shall be governed by, and construed in accordance with, the laws of England. The English Courts shall have exclusive jurisdiction over any claim or matter which may arise out of or in connection with these Terms and Conditions.
13. Modern Slavery and Anti Bribery
13.1 Both parties shall:
b) not engage in any activity, practice or conduct which would constitute an offence under the Relevant Requirements if such activity, practice or conduct had been carried out in the UK;
c) have in place appropriate policies to comply with the Relevant Requirements; and
d) on the submission of a written request annually, certify to the other in writing, compliance with the Relevant Requirements.