1. Who we are
This website is operated by OutsourceVerify ("we", "us", "our"). For the purposes of this Privacy Policy we are the data controller of personal data collected on our marketing website. Where we provide background verification services to client organisations, we operate as a data processor on their behalf, governed by a separate Data Processing Agreement.
For privacy enquiries: privacy@outsourceverify.com. Postal contact details available on request via the same address.
2. What data we collect
2.1 Information you provide
When you submit a form on this website (proposal request, booking request, report download, coverage assessment, calculator submission), we collect the personal data you enter, typically:
- Name, job title, company name, work email address, phone number (optional)
- Information you choose to provide about your organisation: industry, geography, hiring volume, programme requirements, screening preferences
- Free-text notes you include in optional message fields
2.2 Information collected automatically
When you visit this website we automatically collect technical information needed to deliver the page and understand site usage:
- Server log data: IP address, user agent, requested URL, referrer, timestamp. Retained for security and analytics for up to 90 days.
- Cookies and similar technologies: see Section 6 for the full cookie inventory and how to manage your consent.
- Analytics data: aggregated usage data (pages visited, time on page, device type, country-level geography). We do not collect granular behavioural profiles.
3. Why we use your data: lawful basis
We process your data only where we have a lawful basis to do so:
| Purpose | Lawful basis (GDPR Article 6) |
|---|---|
| Responding to your enquiry / proposal request / booking | Article 6(1)(b): performance of a contract or pre-contractual steps at your request |
| Sending you commercial communications you have requested | Article 6(1)(a): your consent |
| Operating and securing the website (logs, fraud prevention) | Article 6(1)(f): our legitimate interests, balanced against your rights |
| Aggregated analytics to understand and improve the site | Article 6(1)(f): legitimate interests; analytics are configured with anonymised data and IP truncation where the provider supports it |
| Compliance with legal obligations | Article 6(1)(c): legal obligation |
Equivalent lawful bases under DPDP Act 2023 (India), LGPD (Brazil), PDPA variants (Asia) apply where you are located in those jurisdictions.
4. Who we share your data with
We do not sell personal data. We share data only with:
- Our team: internal personnel who need the data to respond to your enquiry, governed by confidentiality obligations and access controls.
- Sub-processors providing the website infrastructure: limited to: cloud hosting (Microsoft Azure), email delivery (for transactional and commercial mail), analytics provider (configured for IP truncation and short retention), and form processing service (where used). We have data processing agreements with each.
- Authorities: where required by law, court order, or to defend legal claims.
We do not transfer data internationally without an appropriate safeguard (Standard Contractual Clauses, adequacy decision, or equivalent).
5. How long we keep your data
- Form submissions and enquiries: retained for the duration of our active conversation with you, plus up to 36 months after last contact. We do this so we can respond to follow-up enquiries and meet reasonable commercial-record obligations. After that, we delete or anonymise the data.
- Server logs: up to 90 days.
- Analytics data: retention period is configured per the analytics provider's settings, currently 14 months.
- Cookie consent records: retained for 12 months from your last consent action, after which we will ask again.
6. Cookies and similar technologies
This website uses a small number of cookies. On your first visit, you are presented with a consent banner that allows you to accept, reject, or customise cookie use. You can change your preferences at any time via the "Cookie preferences" link in the footer.
| Cookie | Purpose | Type | Retention |
|---|---|---|---|
ov_cookie_consent | Stores your cookie preferences so we don't ask repeatedly | Strictly necessary | 12 months |
ov_session | Maintains state during your visit (e.g. calculator selections) | Strictly necessary | Session |
| Analytics cookies | Anonymised usage measurement (pages, time, country) | Analytics: opt-in | Up to 14 months |
We do not use marketing cookies, behavioural advertising cookies, or third-party tracking pixels on this site. If that changes, we will update this page and prompt for fresh consent.
7. Your rights
Depending on your jurisdiction, you have the following rights regarding your personal data:
- Right of access: confirmation of whether we hold your data and a copy of it
- Right to rectification: correction of inaccurate data
- Right to erasure: deletion of data subject to applicable retention obligations
- Right to restrict processing: pause certain processing activities
- Right to data portability: receive your data in a structured, commonly used format
- Right to object: to processing based on legitimate interests, including direct marketing
- Right to withdraw consent: at any time, where processing is based on consent
- Right to lodge a complaint: with the supervisory authority in your jurisdiction (e.g. ICO in the UK, your national DPA in the EU, the Data Protection Board of India under DPDP, ANPD in Brazil)
To exercise any right, email privacy@outsourceverify.com. We respond within 30 days (GDPR/DPDP) or the shorter window required by your local law.
8. Security
We protect personal data with technical and organisational measures appropriate to the risk:
- TLS 1.2+ in transit; AES-256 at rest for sensitive data
- Access controls based on least privilege, with multi-factor authentication for our team
- Regular security testing, including annual VAPT against the website and operational systems
- Incident response procedures aligned to ISO 27001:2022 controls
If you believe you've identified a vulnerability, please email security@outsourceverify.com rather than disclosing publicly. We will respond within 5 business days.
9. International data transfers
Where personal data collected through this website is transferred outside your country of residence, we apply the appropriate safeguard for that transfer. For transfers from the UK or EEA, we use Standard Contractual Clauses (Decision (EU) 2021/914) or rely on an adequacy decision where one is in force. For transfers from Brazil, we use ANPD-approved Standard Contractual Clauses (Resolution CD/ANPD No. 19, 2024). For transfers from India, transfers are made consistent with the applicable provisions of the DPDP Act 2023 and supporting Rules.
10. Children
This website is intended for business users and is not directed at children. We do not knowingly collect personal data from individuals under 18. If you believe we have inadvertently collected such data, please contact privacy@outsourceverify.com and we will delete it promptly.
11. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The "Last updated" date at the top of this page indicates the latest revision. Material changes will be notified through a banner on the site. Continued use of the site after the effective date of an update constitutes acceptance of the revised policy.
12. Contact
For any privacy enquiry, including to exercise your rights or to lodge a concern: privacy@outsourceverify.com.
Our Data Protection Officer can be reached at the same address with the subject line "DPO".