Rightcheck - Simple, Secure, Digital Right to Work Solution

Privacy Policy: My Rightcheck App

Last Updated: 5th September 2023


Rightcheck take data privacy seriously and this policy will help you understand what personal information is collected from you and how it is used. Therefore, we encourage you to read this policy thoroughly.

It is important to make you aware that your prospective employer is the Data Controller of the Right to Work check and they have the GDPR obligations for the data that is collected, how it is stored and your rights. Your prospective employer, as data controller, is responsible to provide you with a privacy policy to outline your rights as the data subject.

Rightcheck is the software provider of the My Rightcheck app and is a Data Processor. Rightcheck use the My Rightcheck app to collect data on behalf of the prospective employer in order for them to fulfil a UK Right to Work Check and their other pre-employment, candidate background screening requirements.

How and why data is collected

Data is collected and used by your prospective Employer for the purpose of obtaining a Statutory Excuse against Civil Penalty, in line with UK’s Right to Work legislation. The data is collected via the My Rightcheck app downloaded by you.

The law on preventing illegal working is set out in sections 15 to 25 of the Immigration, Asylum and Nationality Act 2006 (the 2006 Act), section 24B of the Immigration Act 1971, and Schedule 6 of the Immigration Act 2016.

What information we collect

When you use the My Rightcheck app, you will be asked to provide some personal information and documents for a Right to Work check to be conducted. Depending on what documents are provided, the data and documents that may be collected include the following:

Name, Address, Phone Number, Email address, Date of Birth, Gender, Birthplace, IP Address, ID cards, Biometric Data, VISA, Registration cards, Adoption Certificate, Payslip, RTW Share code, Residence Card.

Data Storage

The data collected as part of the UK Right to Work check is retained for the period of employment and then for a further two years. The data is then destroyed by the Data Controller.

If the Data Subject is checked but not subsequently employed, the data is then to be deleted by the Data Controller at any time in accordance with their own GDPR data retention policies.

Once deleted, the data is physically retained for a further 90 days due to the platforms disaster recovery systems. After 90 days the data no longer exists.

All data is processed and stored in the UK.

Use of Personal Information

Personnel information that is collected is used to process a Right to Work Check on behalf of the Data Controller (your prospective employer) who has instructed to do so.

Who we share your personal information with

We do not share any data collected with any other parties. Only the Data Controller (your prospective employer) and Data Processor (Rightcheck) will have access to the data. 

How we keep your personal information secure

Privacy and security are the most important aspect of any service, and we take it extremely seriously.

We use a variety of the latest technologies and procedures to protect your personal information from unauthorised access, destruction, use or disclosure.

We have a comprehensive Global Security Policy based on internationally recognised standards of security (known as ISO27001 standard) and hold ISO27001 certification.

Changes to this Policy

We can update this Policy at any time and ideally you should check it regularly for updates. We won’t alert you to every little change, but if there are any really important changes to the Policy or how we use your information we’ll let you know and where appropriate ask for your consent.