Privacy Notice

Who we are

National Security Screening Agency Limited. We are a company registered in England and Wales under registration number 08172945. Our registered office is at 4 Stirlin Court, Saxilby Enterprise Park, Saxilby, Lincoln, LN1 2LR.

Our Data Protection Officer is Victoria Hotchkin. Please contact us if you have any questions about how we use personal data on 0800 999 7858 or We review our policy every year or sooner if regulations change or if we change our date handling processes.

We are committed to ensuring that your privacy is protected and to developing suitable technology to provide you with a safe online experience. This privacy policy sets out our responsibilities under The Data Protection Act 2018 and The General Data Protection Regulation 2016 (GDPR) and other applicable laws in England and Wales relating to the processing and security of personal information.

This policy also explains how we use and secure your personal information when using this website or when we are processing screening checks for you.

Why do we collect Personal Information?

We collect personal data for the purpose of carrying out background screening services on behalf of our clients. Processing of data from our clients will be to fulfil our contractual obligations and processing of data received from applicants will be as a result of the consent we have obtained from them.

What Personal Information do we collect?

From our Clients:

Company information – Name, address and contact details; legal ownership and registration details; trading address;

Contact information – Contact name, job title, business address, business phone number/mobile number/email address.

User information – Contact name, job title, business phone number/mobile number/email address.

From Applicants:
Personal details including name and contact details. We will also ask about previous experience, education, referees and for answers to questions relevant to the role they have applied for or are already carrying out.

From Visitors to our website:

When someone visits we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.

If you use our contact form, we will collect your name, telephone number and email address so we can respond to your request for information.

From callers:
If you ring us we will collect your name and contact number so we can respond to your enquiry.

Who will we share your Personal Information with and why?

We will only share your personal data with a third party if we have your consent to do so, if it is necessary to fulfil contractual obligations to you, or if we are obliged to do so by law (e.g. Police investigation).

Below are the data processors we use during the screening process:

Disclosure and Barring Service

Criminal Record Disclosure applications are processed by the Disclosure and Barring Service and they will hold the information you submit and we will have access to it.

Here is a link to their Privacy Notice.


If we conduct a consumer information search for you, we use Equifax and we will send them your name, date of birth and address history. The information they return will be held by us and shared with our client.

Here is a link to their Privacy Notice.

GB Group – OnlineDisclosure

For some criminal record disclosure applications, we may use GB Group to collect and process the application on our behalf. If we do, then we will give them your name and email address so that they can email you and ask you to submit your data to them for the application. They will hold the information you submit and we will have access to it.

Here is a link to their Privacy Notice.

National Security Inspectorate

We are regulated by the National Security Inspectorate and during audit inspections they are given access to our screening files to ensure that we are carrying out screening in accordance with BS7858 and ISO 9001.

Here is a link to their Privacy Notice.

Security Systems and Alarms Inspection Board (SSAIB)

We are also regulated by the SSAIB and during audit inspections they are given access to our screening files to ensure that we are carrying out screening in accordance with BS7858.

Here are links to their Privacy Notices.—home-owner/

Marketing and the use of your Personal Information

We will only market services and products to you if we have your consent and at any time you can contact us and withdraw that consent and we will update our records accordingly.

Accuracy of your Personal Information

We work hard to make sure the data we hold is accurate, if you believe that the data we hold may be inaccurate then please contact us and we will correct any inaccuracies.

Your rights

Under The Data Protection Act 2018 and The General Data Protection Regulations 2016, you have rights as an individual which you can exercise in relation to the information we hold about you.

You can read more about these rights here –

Complaints or queries

We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.

This privacy policy was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of our collection and use of personal information. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to the address below.

If you want to make a complaint about the way we have processed your personal information, you can contact the ICO, the statutory body which oversees data protection law –

Access to Personal Information

We try to be as open as we can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’ under The Data Protection Act 2018 and The General Data Protection Regulations 2016. If we do hold information about you we will:

give you a description of it;

tell you why we are holding it;

tell you who it could be disclosed to; and

let you have a copy of the information in an intelligible form.

To make a request for any personal information call us on 0800 999 7858, email or write to us: NSSA, 4 Stirlin Court, Saxilby Enterprise Park, Saxilby, Lincoln, LN1 2LR.

If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.


You can read more about how we use cookies on our Cookies page.

Security of your Personal Information

Security of the information we hold is paramount. All databases are hosted on Microsoft Azure within the UK which are ISO27001, ISO 9001 and ISO 20000-1 certified and also has CSA STAR Certification. Information on these certifications can be found at Access to the database is restricted by IP address and requires unique username and strong passwords. All databases employ Microsoft’s encryption of data at rest and on critical data such as Personal Data we have deployed further encryption measures to protect the Confidentiality.

Our UK data centres are ISO27001, ISO 9001 certified and information on this can be found at

Enterprise level Unified Threat Management systems are deployed to control access to all applications and locations. Access to all data is limited based on a strict access control policy. Access and operational logs are retained and audited on a regular basis. Any systems that process credit card data are PCI-DSS Certified and subject to strict auditing procedures.

In addition to the above we have services that are Cyber Essentials accredited. This means our systems have been independently assessed and approved with regard to their ability to protect against common cyber-attacks.

Links to other websites

This privacy policy does not cover all the links within this site linking to other websites. We encourage you to read the privacy statements on the other websites you visit.

Changes to this privacy policy

We keep our privacy policy under regular review. This privacy notice was last updated on 28 November 2020

How to contact us

If you want to request information about our privacy policy you can call us 0800 999 7858, email us or write to:

4 Stirlin Court
Saxilby Enterprise Park