Privacy Policy

1. INTRODUCTION

Smart Screen is committed to protecting the confidentiality of information and the privacy of our candidates, clients, and other users of our websites and services.

All organizations that process personal data must comply with the data protection legislation in their respective countries. This includes the following:

• Personal Data Protection Act 2010 (PDPA 2010)
• Personal Data Protection Act E. 2562 (2019) (PDPA) – Thailand [If Applicable]

The Data Protection Laws give individuals (known as data subjects) certain rights over their data, whilst imposing certain obligations on the organizations that process their data.

The Group considers Client right to privacy and the careful handling of Client personal data extremely important. We make every effort to ensure that the information Client provides us with remains private and is only used strictly under the policy detailed below.

This document details the Group’s Privacy Policy and the measures taken to ensure that Client personal information is managed with due care and attention.

This policy will be reviewed from time to time to take into account new laws and technology, changes to our operations and practices, and to make sure it remains appropriate to the changing environment. Any information we hold will be governed by the most current version of the Group Privacy Policy.

2. PURPOSE

The purpose of this Data Protection Policy is to ensure that the IT department manages, processes, and stores personal data in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and local regulations.

3. SCOPE

This policy applies to all employees, contractors, and third-party partners who access, manage, or process data through the company’s IT systems.

4. DEFINITION

Throughout this policy, the following terms have the following meanings:

• Personal Data: means any information relating to an identified or identifiable individual. An identifiable individual can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that individual. Company registration numbers, generic email addresses, and anonymized data are not considered Personal Data
• Processing means any operation or set of operations performed on personal data, such as collection, recording, organization, structuring, storage(including archiving), adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction
• Data Controller: means any Staff Member who has the authority to determine, alone or jointly with others, the purposes, conditions, and means of the processing of Personal Data on behalf of the Smart Screen
• Data Processor: means any Staff Member or other individual, legal entity, public authority, or similar body, authorized to process Personal Data on behalf and under the direct authority of the Data Controller
• Personal Data Breach: means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted
• Sensitive Data: means data relating to or revealing the national registration number, genetic data, judicial data (such as litigations, suspicions, prosecutions, criminal convictions, ), data revealing racial or ethnic origin, data concerning health or sex life, political opinions, trade union membership, and religious or philosophical beliefs;

• Consent: means the freely given, specific, informed, and unambiguous permission expressed by an individual by which he or she agrees with the processing of his/her
• Personal Data: means any information relating to an individual who can be identified, such as by a name, an identification number, location data, or an online identifier.

• Staff Members: means any staff member of the Smart Screen
• Employment Background   Verification  –    Smart   Screen   verifies   candidates’ professional history, which includes:
  • Employment history – previous job roles, responsibilities, and duration Education verification – degrees, institutions, and attendance
  • Criminal record checks / Security vetting
  • Other relevant checks – Bankruptcy, Civil Litigation, Business Interests/Directorship, Media, Credit, Anti-Corruption, Travel Blacklist, Global Integrity, Industrial Court, References, and Professional Memberships

All of these definitions are italicized throughout this policy to remind the reader that they are defined terms.

5. COLLECTING PERSONAL DATA

To carry out our business as a screening agency, Smart Screen may collect Client personal information from Client, including but not limited to Client name, contact information details, qualifications, work history, Client right to work in a particular country, language skills, professional qualifications, and memberships, Client work objectives and other information from Client Curriculum Vitae (CV). If Clients are to be considered, we may also collect references from Client nominated referees for a particular position.

6. PROCESSING PERSONAL DATA

In most cases, the Smart Screen collects personal data directly from the client by telephone or email. For example, data will be collected from Client when Client:

• To verify the accuracy of information provided by job candidates, including employment history, educational qualifications, and criminal
• Fill out and submit a registration form
• To confirm the identity of individuals and prevent identity
• Submit any other information in connection with Client application for registration

Our website is for informational purposes only and does not collect personal data from visitors. Any personal data provided directly to Smart Screen by clients (e.g., via signed agreements, forms, or email) is processed in accordance with this Privacy Policy.

7.  PURPOSE OF USE

Smart Screen companies need personal data to perform their primary functions, which involve verifying and validating information about individuals, usually job candidates or existing employees. More specifically, the Group may use Client information for the following reasons:

Background Verification

● Employment History: To confirm the accuracy of the candidate’s employment history, including previous job roles, duration, and responsibilities.
● Education Verification: To validate the candidate’s educational qualifications, including degrees, institutions attended, and dates of attendance.
● Criminal Record Checks: To ensure that the candidate does not have a criminal record that could affect their suitability for the role.
● Identity Validation – Verification of candidate’s identity and personal details.
● Employment Background Verification – Confirmation of previous job roles, responsibilities, and employment duration.
● Education Verification – Validation of educational qualifications, degrees, institutions attended, and dates of attendance.
● Criminal Record Checks / Security Vetting – Screening for criminal records, security, or other relevant risk factors.
● Bankruptcy Verification – Checking for personal or corporate bankruptcy records.
● Civil Litigation Checks – Identification of involvement in civil lawsuits.
● Business Interest / Directorship Verification – Verification of business ownership, directorships, or company affiliations.
● Media Search – Screening for negative or relevant media coverage.
● Credit Check / CCRIS Check – Assessment of financial stability and credit history.
● Anti-Corruption Checks – Screening against anti-corruption and regulatory lists.
● Travel Blacklist Checks – Verification against global travel restrictions or sanctions lists.
● Global Integrity Check – Screening for international sanctions or integrity issues.
● Industrial Court Check – Verification of employment-related legal disputes.
● Reference Checks – Contacting referees to confirm work performance and professional behavior.
● Professional Membership / Qualification Verification – Validation of professional licenses, memberships, or certifications.

Identity Verification
● Personal Identification: To verify the identity of the individual through personal details such as name, date of birth, and address, which helps prevent identity fraud.
● Document Verification: To authenticate official documents such as passports, driver’s licenses, or national ID cards.
Credit Checks
● Financial Background: For roles that involve financial responsibilities, screening companies may check the candidate’s credit history to assess their financial stability and responsibility.
Compliance and Risk Management
● Regulatory Compliance: To comply with legal and industry regulations that require background checks and verification of candidates for specific roles.
● Risk Assessment: To identify any potential risks associated with hiring a particular candidate, such as the history of financial mismanagement or criminal behavior.

Candidate Assessment
● Fit for Role: To assess whether the candidate’s background, qualifications, and experience match the position requirements they are applying.
Protecting the Organization
● Security: To ensure that individuals who are hired do not pose a security risk to the organization or its assets.
● Reputation Management: To avoid reputational damage from hiring individuals with undisclosed negative backgrounds.

8. LEGAL BASIS

Smart Screen processes personal data about its own staff and candidates, and is a data controller for the Data Protection Laws. The Group will only process personal data where it has a legal basis for doing so.

9. INTEREST

As a background screening company, it is in both the Group’s interest and Clients, as a candidate, for The Group to process Client information in order to provide Client with the most effective and efficient service. This basis for processing is in accordance with regulations necessary for the purposes of the legitimate interests pursued by Smart Screen or by a third party, except where such interests are overridden by the interests or fundamental rights or freedoms of Client which require protection of personal data.”

10. DISCLOSURE OF PERSONAL DATA

Smart Screen may disclose Client personal data to third parties:

● Service Delivery: To provide and improve services, such as verifying identities or processing applications, which may involve sharing data with service providers or partners.
● Legal Proceedings: To respond to legal requests or court orders, such as subpoenas or discovery requests, which require the company to disclose personal data.
● Background Checks: To verify the credentials, employment history, or criminal records of individuals as part of pre-employment screening or tenant screening.
● Contractual Obligations: To fulfill agreements with clients or partners who need access to the data for their own purposes, such as verifying the suitability of potential employees or business partners.
● Risk Management: To mitigate risks by sharing information with clients or other stakeholders, such as identifying potential fraud or assessing the reliability of individuals.
● Research and Analysis: To conduct research or analysis that involves personal data, which may be shared with research partners or consultants.

11. SECURITY OF PERSONAL DATA

Smart Screen takes the responsibility for the management and security of Client personal data extremely seriously. Smart Screen, acting as a data controller and data processor, follows the key principles of data protection below:

Data Collection

• Personal data will only be collected for specific, legitimate purposes related to background screening, including but not limited to:
  • Identity Validation
  • Employment Background Verification – confirming previous job roles, responsibilities, and duration
  • Education Verification – validating degrees, institutions attended, and dates
  • Criminal Record Checks / Security Vetting
  • Bankruptcy Verification
  • Civil Litigation Checks
  • Business Interest / Directorship Verification
  • Media Search – review of public and online information
  • Credit Check / CCRIS Check
  • Anti-Corruption Checks
  • Travel Blacklist Checks
  • Global Integrity Checks
  • Industrial Court Checks
  • Reference Checks
  • Professional Membership / Qualification Verification

All personal data collected will be processed solely for these background verification purposes and will not be used for any unrelated activities.

• Data Minimization: Only the data necessary for the intended purpose will be collected. Unnecessary or excessive data will not be requested.

Data Accuracy

• Accuracy and Completeness: Personal data will be processed based on the information provided and valid at the time of consent or Any updates or changes to the data should be communicated by the client or data owner to ensure continued accuracy.

Data Storage

• Secure Storage: Personal data will be stored in secure systems that use encryption and access controls to prevent unauthorized Physical records will be stored in locked, secure facilities.
• Retention Periods: Personal data will be retained only for as long as necessary to fulfill the purposes for which it was collected and to comply with legal Once the retention period expires, data will be securely deleted or anonymized

Access Control

• Role-Based Access: Access to personal data is restricted to authorized personnel based on their roles and responsibilities. Access rights are regularly reviewed and updated as necessary.
• Authentication and Authorization: Strong authentication mechanisms (e.g., passwords and multi-factor authentication) are employed to ensure that only authorized individuals can access personal data.

Data Encryption

• Encryption: Personal data is encrypted both in transit and at rest to protect it from unauthorized access or disclosure. Encryption protocols and standards are regularly updated to reflect industry best practices.

Data Integrity

• Data Protection Measures: Measures are in place to protect data integrity and prevent unauthorized alterations. Regular integrity checks and data validation procedures are conducted.
• Data Backup: Regular backups of personal data are performed and stored Backup data is also encrypted and protected against unauthorized access.

12. RETENTION OF DATA

Smart Screen will retain client-provided personal data only for the duration necessary to perform screening and verification activities, typically between 6 months to 1 year, depending on project requirements and client agreements.

Inactive or non-applicable candidate data will not be retained beyond the defined retention period, unless required by governing law or client instruction. All data disposal will follow secure deletion procedures in accordance with the Personal Data Protection Act 2010 (Malaysia).

13. CLIENT RIGHTS UNDER THE DATA PROTECTION POLICY

Under this policy, the data subject has certain important rights. These include (but are not limited to) the following:

Right to Access

Clients have the right to request access to the personal data we hold about Client. This includes the right to obtain:

• Confirmation that Client personal data is being processed.
• Access to Client personal data and related information, including the purpose of processing and the recipients of the data.

Right to Rectification

If Client believes that the personal data we hold about Client is inaccurate or incomplete, Client has the right to request that we correct or update it. This ensures that Client data remains accurate and up-to-date.

Right to Erasure

Client have the right to request the deletion of Client personal data when:

• It is no longer necessary for the purposes for which it was collected.
• Client withdraw Client consent on which the processing is based (and there is no other legal ground for processing).
• Clients object to processing based on legitimate interests, and there are no overriding legitimate grounds.
• Client personal data has been unlawfully

Right to Restriction of Processing – Change scope to client perspective

Client may request that we restrict the processing of Client personal data if:

• Clients contest the accuracy of the data (for a period allowing us to verify its accuracy).
• The processing is unlawful, and clients oppose erasure and request restriction instead.
• We no longer need the data for processing purposes, but clients require it for legal claims.
• Clients have objected to processing based on legitimate interests, pending verification of whether our legitimate grounds override Client rights.

However, the company is not in a position to audit those third parties to ensure that the rectification has occurred

Right to Data Portability

Clients have the right to receive Client personal data in a structured, commonly used, and machine-readable format, and to request that we transfer this data to another data controller, where technically feasible. This right applies when:

• The processing is based on Client consent or a contratc.
• The processing is carried out by automated means.

Right to Object

Client have the right to object to the processing of Client data based on:

• Legitimate interests or performance of a task carried out in the public interest or exercise of official authority.
• Direct marketing purposes.

If Client objects to processing, we will cease processing unless we have compelling legitimate grounds that override Client interests, rights, and freedoms.

Right Not to Be Subject to Automated Decision-Making

Client have the right not to be subject to decisions based solely on automated processing, including profiling, that significantly affect Client, unless:

• The decision is necessary for the performance of a contract between Client and us.
• The decision is authorized by law and provides suitable safeguards.
• Clients have given explicit constant.

Complaints / Feedback

If Client believes that we have not handled Client personal data in accordance with this policy or applicable data protection laws, Client has the right to lodge a complaint with the relevant supervisory authority or regulatory body.

14. REVIEW

The policy should be reviewed regularly and updated as needed to address emerging threats, changes in technology, or new business requirements.

15. APPENDIX

ISO 9001

ISO 27001