top of page

Privacy Policy

Last updated 22/02/2025

1. Introduction

Carextra Staffing ("we," "us," or "our") is committed to protecting the privacy and security of our clients, staff, and website visitors. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

By using our services, you consent to the collection and use of your information in accordance with this policy.

 

2. Information We Collect

We collect and process the following types of personal data:

 

2.1 Job Applicants and Employees

  • Full name, date of birth, and contact details (email, phone number, address).

  • National Insurance Number, passport details, and right-to-work documentation.

  • Professional qualifications, employment history, and references.

  • Enhanced DBS (Disclosure and Barring Service) checks and medical records (where applicable).

  • Bank details for salary payments.

 

2.2 Clients (Healthcare Providers, Care Homes, NHS, Private Institutions, etc.)

  • Organisation name, address, and contact details.

  • Key contact names and job titles.

  • Service requirements and contractual agreements.

  • Payment and invoicing details.

 

2.3 Website Visitors and General Enquiries

  • Name, email, and phone number (if provided via contact forms).

  • IP address, browser type, and browsing behaviour on our website.

 

3. How We Use Your Information

We use personal data for the following purposes:

 

3.1 Recruitment & Employment

  • To assess job applications and verify professional credentials.

  • To conduct background checks (DBS, reference checks, and right-to-work verification).

  • To process payroll, tax, and pension contributions.

  • To comply with legal obligations, including safeguarding and health & safety laws.

 

3.2 Client Services

  • To provide staffing solutions and manage contracts with healthcare providers.

  • To process invoices and payments.

  • To maintain records for compliance and auditing purposes.

 

3.3 Marketing & Communication

  • To send relevant job opportunities to registered candidates.

  • To send newsletters, updates, and service information (only with consent).

  • To respond to enquiries and requests submitted via our website or email.

 

3.4 Website Analytics & Security

  • To analyse website usage and improve our services.

  • To detect and prevent fraud, cyber threats, or misuse of our platform.

 

4. Legal Basis for Processing Personal Data

We process personal data based on the following legal grounds:

  • Contractual necessity – to provide services to our clients and staff.

  • Legal obligations – compliance with employment law, tax, DBS checks, and right-to-work verification.

  • Legitimate interests – recruitment, client relationship management, and business development.

  • Consent – where required for marketing and promotional communications (you may withdraw consent at any time).

 

5. Data Sharing & Third Parties

We may share personal data with:

  • Regulatory authorities (e.g., the CQC, HMRC, DBS) for compliance purposes.

  • Payroll and pension providers to process salary payments.

  • Healthcare clients (hospitals, care homes, etc.) for staffing arrangements.

  • IT service providers for data security and website management.

  • Legal and accounting firms for compliance and audit purposes.

We do not sell, rent, or trade personal data to third parties.

 

6. Data Security

We implement strict security measures to protect personal data from unauthorised access, loss, or misuse, including:

  • Encrypted storage of sensitive information.

  • Restricted access to personal data on a need-to-know basis.

  • Regular security audits and compliance checks.

  • Secure disposal of personal data when no longer required.

 

7. Data Retention

We retain personal data only for as long as necessary to fulfil legal, contractual, and operational requirements.

  • Employee records – retained for up to 6 years after employment ends.

  • Client records – retained for up to 7 years for tax and compliance purposes.

  • DBS and background checks – stored for the legally required period and securely disposed of thereafter.

 

8. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

  • Right to access – Request a copy of your personal data.

  • Right to rectification – Correct inaccurate or incomplete information.

  • Right to erasure ("right to be forgotten") – Request deletion of your data, subject to legal limitations.

  • Right to restrict processing – Request a temporary halt to processing your data.

  • Right to data portability – Receive your data in a commonly used format.

  • Right to object – Object to direct marketing or processing based on legitimate interests.

  • Right to withdraw consent – opt out of marketing communications at any time.

 

To exercise these rights, contact us at info@carextrastaffing.com

 

9. Cookies & Website Tracking

We use cookies to enhance your browsing experience. You can manage cookie settings through your browser.

Types of cookies we use:

  • Essential cookies – Necessary for website functionality.

  • Analytics cookies – Help us analyse website traffic and improve user experience.

  • Marketing cookies – Used for targeted advertising (only with your consent).

For more details, refer to our Cookie Policy

 

10. Complaints & Contact Information

If you have concerns about our use of your data, you may contact:

Data Protection Officer (DPO)
 

Carextra Staffing
Paramount House

1 Delta Way

Egham

TW20 8RX


Email: info@carextrastaffing.com

Phone: 01784 849004

 

If you are not satisfied with our response, you can lodge a complaint with the UK Information Commissioner’s Office (ICO):

 

11. Changes to This Privacy Policy

We may update this policy periodically to reflect changes in legal requirements or business practices. Any significant updates will be communicated via our website.

Last updated: 22/02/2025

bottom of page