Privacy Policy
Last Updated: June 2026
1. Data Controller
The data controller responsible for your personal information is:
Remedy Support and Recruitment Group Ltd
Registered in England & Wales • Company No: YOUR-COMPANY-NUMBER
Registered Office: Observatory House, 25 Windsor Road, Slough, Berkshire, SL1 2EL
ICO Registration No: YOUR-ICO-REGISTRATION-NUMBER
Data Protection enquiries: info@remedysupport.co.uk
2. Introduction
At Remedy Support & Recruitment Group Ltd, we take your privacy and the security of your personal data seriously. This Privacy Policy explains how we collect, process, and protect your information in compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Data (Use and Access) Act 2025.
This policy applies to four groups of people: care service users, family members and representatives, job applicants and workers, and website visitors. Where sections are audience-specific, this is clearly indicated.
3. Information We Collect
- Identity Data: Name, title, date of birth, and proof of identity documents.
- Contact Data: Home address, email address, and telephone numbers.
- Special Category Health Data (care service users): Medical history, diagnoses, medication, care needs assessments, and care plans. Collected under UK GDPR Art.9(2)(h) — provision of health or social care — and with your explicit consent where required.
- Worker Data (job applicants & staff): Employment history, references, DBS certificate details, right-to-work documentation, NMC/NVQ/care certificates, and biometric ID (for verification purposes only).
- Technical Data (website visitors): IP address, browser type, pages visited, and cookies. See our Cookie Policy for full details.
4. Lawful Basis for Processing
We rely on the following lawful bases under UK GDPR:
| Purpose | Lawful Basis | Applies To |
|---|---|---|
| Delivering your care plan | Art.6(1)(b) — performance of a contract; Art.9(2)(h) — health & social care | Service users |
| Processing health & medical data | Art.9(2)(h) — health or social care provision | Service users |
| Recruitment & employment | Art.6(1)(b) — pre-contractual steps; Art.6(1)(c) — legal obligation (DBS, right to work) | Workers & applicants |
| CQC regulatory compliance & record-keeping | Art.6(1)(c) — legal obligation (HSCA 2008 Regs Reg.17) | All |
| Website analytics & performance cookies | Art.6(1)(a) — consent (PECR Reg.6) | Website visitors |
| Responding to enquiries | Art.6(1)(f) — legitimate interests | Website visitors |
5. How We Use Your Data
Care service users & family members
To create and deliver your personalised care plan, coordinate with healthcare professionals, maintain statutory care records, handle complaints, and share information with CQC inspectors on request.
Family members & Lasting Power of Attorney representatives
To keep you informed about your relative's care, obtain decisions where the service user lacks capacity, and update care plans. We will confirm your authority before sharing any personal data about your relative.
Job applicants & workers
To process your application, carry out background checks (DBS, right to work, biometric ID), issue employment contracts, manage payroll and professional development, and meet our CQC fit-and-proper-person obligations.
Website visitors
To respond to enquiries submitted via our contact form. Analytics cookies are set only after you provide consent via our cookie banner. We do not use your data for automated profiling.
6. How Long We Keep Your Data
We keep personal data only for as long as necessary for the purpose for which it was collected, or as required by law.
| Data Category | Retention Period | Legal Basis |
|---|---|---|
| Care records (service users) | 8 years from last contact (or age 25 if a child) | Legal obligation — CQC Regs 2014 Reg.17 |
| Employee & worker records | 6 years after employment ends | Legal obligation — Limitation Act 1980 |
| Unsuccessful job applications | 6 months from decision | Legitimate interest (equal-opportunities defence) |
| Website enquiry forms | 12 months | Legitimate interest — follow-up |
| Financial / invoicing records | 7 years | Legal obligation — HMRC |
| CCTV footage (if applicable) | 30 days | Legitimate interest — security |
7. Data Security
We apply appropriate technical and organisational measures to protect your personal data against accidental loss, unauthorised access, alteration, or disclosure. Access is restricted to staff who need the data to perform their role. All staff handling personal data receive annual data protection training. In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the ICO within 72 hours (UK GDPR Art.33) and, where required, inform affected individuals without undue delay (Art.34).
8. Sharing Your Data
We do not sell your personal data. We share it only in these limited circumstances:
- Healthcare professionals involved in your care (GP, hospital, district nurse) — with your knowledge.
- CQC — on inspection or as required by HSCA 2008 Regs.
- DBS & right-to-work verification services — for staff background checks.
- Law enforcement or safeguarding authorities — where required by law or to protect life.
- IT and hosting service providers — under data processing agreements (UK GDPR Art.28).
We do not transfer your data outside the UK. Where any processor is located in the EEA, the UK–EU adequacy decision (upheld 2025) applies.
9. Your Rights
Under UK GDPR and the Data (Use and Access) Act 2025, you have the following rights. To exercise any right, contact us at info@remedysupport.co.uk. We will respond within one calendar month.
Access (Art.15)
Request a copy of all personal data we hold about you (subject access request).
Rectification (Art.16)
Ask us to correct inaccurate or incomplete data.
Erasure (Art.17)
Request deletion where processing is no longer necessary, or where consent is withdrawn and no other lawful basis applies.
Restriction (Art.18)
Ask us to pause processing while accuracy or legitimacy is contested.
Portability (Art.20)
Receive your data in a structured, machine-readable format (applies to consent-based and contract-based processing).
Object (Art.21)
Object to processing based on legitimate interests, including direct marketing.
Withdraw consent (Art.7(3))
Where processing relies on consent, withdraw it at any time without affecting prior processing.
Automated decision-making (Art.22)
Not be subject to solely automated decisions that produce legal or similarly significant effects.
10. Data Complaints
Under the Data (Use and Access) Act 2025 s.68, if you have a concern about how we handle your personal data, you must first allow us the opportunity to resolve it internally before escalating to a supervisory authority:
- 1Contact us first at info@remedysupport.co.uk. We have 30 calendar days to acknowledge and provide a substantive response.
- 2If unresolved after 30 days, or if you are dissatisfied with our response, you have the right to escalate to the Information Commissioner's Office (ICO).
11. Contact Us
For questions about this Privacy Policy, to exercise your rights, or to make a data complaint, contact our Data Protection lead at: info@remedysupport.co.uk or by post to our registered office address above. Response time: 5 working days for general enquiries; 1 calendar month for rights requests.
Download policies
Official privacy & information documents
Easily download the policies that support our privacy, consent and accessible information standards.
For governance and workforce compliance documents such as whistleblowing and incident reporting, visit our Compliance page.
Accessible Information Standard Policy & Procedure
Guidance for making information accessible to everyone, including people with learning disabilities and communication needs.
Consent to Care Policy & Procedure
How we record and confirm informed consent before providing care or handling personal information.
Remedy Support Privacy Policy
The full privacy statement for Remedy Support and Recruitment Group, detailing our data handling and compliance commitments.
GDPR03: Data Security & Data Retention Policy
Our full data retention schedule and the technical and organisational measures we use to keep personal data secure.
Need help?
Speak to our privacy team today
If you would like assistance with your data rights or want a copy of our full privacy documentation, our team is ready to help.