Privacy Policy

1. Introduction

MillerSoft ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, store, and protect your information in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

As a background screening service provider, we process personal data on behalf of our clients (employers and organizations) to conduct pre-employment and ongoing screening checks. We act as both a Data Controller (for our direct customers) and a Data Processor (when processing candidate data on behalf of our clients).

2. Data Controller Information

3. Personal Data We Collect

We collect and process the following categories of personal data:

3.1 Client Account Data

• Name and contact information (email, phone number)
• Company name and business details
• Account credentials (encrypted)
• Billing and payment information

3.2 Candidate Data (processed on behalf of clients)

• Full name, date of birth, and contact details
• Identity documents (passport, driver's license, national ID)
• Employment history and references
• Educational qualifications and certifications
• Criminal record information (where legally permitted)
• Financial information (for credit checks, where applicable)
• Right to work documentation
• Professional licenses and registrations

3.3 Technical Data

• IP address and browser information
• Device identifiers
• Usage data and interaction logs
• Cookies and similar technologies

4. Legal Basis for Processing

We process personal data based on the following legal grounds under GDPR Article 6:

• Consent: Where you have given explicit consent for specific processing activities
• Contractual Necessity: To perform our services as agreed with clients
• Legal Obligation: To comply with employment law, anti-money laundering regulations, and other legal requirements
• Legitimate Interests: For fraud prevention, security, and service improvement

For special category data (such as criminal records), we rely on explicit consent from candidates and/or statutory obligations under employment law (GDPR Article 9(2)(b)).

5. How We Use Your Data

We use personal data for the following purposes:

• Conducting background screening checks as requested by clients
• Verifying identity, employment history, and qualifications
• Managing client accounts and processing payments
• Communicating about our services and updates
• Complying with legal and regulatory requirements
• Improving our services and user experience
• Detecting and preventing fraud or unauthorized access

6. Data Sharing and Transfers

We may share personal data with:

• Our Clients: Screening results and reports as per service agreements
• Verification Sources: Educational institutions, previous employers, government agencies, and reference providers
• Service Providers: IT infrastructure, cloud storage, and payment processors (under strict data processing agreements)
• Legal Authorities: When required by law or to protect our legal rights

International Transfers

If we transfer data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission or transfers to countries with adequacy decisions.

7. Data Retention

We retain personal data only for as long as necessary:

• Client account data: Duration of the business relationship plus 7 years
• Screening reports: As specified in client agreements, typically 1-3 years
• Candidate consent records: 7 years for legal compliance
• Technical logs: 12 months for security purposes

After the retention period, data is securely deleted or anonymized.

8. Your Rights Under GDPR

You have the following rights regarding your personal data:

To exercise any of these rights, please contact us at office@millersoft.tech. We will respond within 30 days. If you are a candidate whose data was submitted by an employer, please contact your employer directly or reach out to us.

9. Cookies and Tracking

We use cookies and similar technologies to enhance your experience on our website. For detailed information about the cookies we use and how to manage them, please see our Cookie Policy.

Types of cookies we use:

• Essential Cookies: Required for the website to function properly
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Help us understand how visitors use our site

10. Data Security

We implement appropriate technical and organizational measures to protect personal data, including:

• Encryption of data in transit and at rest (TLS 1.3, AES-256)
• Access controls and authentication mechanisms
• Regular security assessments and penetration testing
• Employee training on data protection
• Incident response and breach notification procedures
• Secure data centers with ISO 27001 certification

11. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk to you, we will also notify you directly.

12. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on our website and, where appropriate, by email. The "Last updated" date at the top indicates when the policy was last revised.

14. Contact Us and Complaints

If you have questions about this Privacy Policy or wish to exercise your rights:

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority. In the EU, you can find your authority at https://edpb.europa.eu.