Privacy and data Protection Policy

Who we are

Careline the Agency for Care Staff Limited (Careline) is an employment agency which provides personnel to care and nursery settings. We also provide staff to support people in their own homes.

Our Policy

Careline is committed to your privacy. We will only use information collected lawfully in accordance with General Data Protection Regulation (GDPR) and we undertake not to use any information we may hold about you for any purpose other than for which it was collected, unless we have obtained your consent. We may use a combination of practices and technology to ensure that your information is kept confidential and secure. We do not sell personal information

All Careline staff have contractual obligations of confidentiality, enforceable through disciplinary procedures. Staff with access to client identifiable information receive appropriate information and/or training to ensure that they are aware of their responsibilities.

Our staff are granted access to personal data on a need-to-know basis only.


What kind of information do we hold?

In order to ensure that we can provide appropriate personnel to our care clients we keep records about the services and people we support.

To register and employ staff we keep records of employment.

Careline’s records may be electronic, paper or a mixture of both.

Your Information: What do we hold?

We keep records about the services and people we support including details of the health needs of clients and the care we provide or plan to provide. We record personal data such as who the care is for, what care is required and

how we will deliver the care. This will usually be by way of a referral form, an initial assessment and a Care Plan.

We also keep records of Careline employees including name, address, evidence of identity (passport, driving licence and/or birth certificate), DOB, NI number, previous experience, work history, qualifications, training, health and any other details required to comply with current legislation.

Further data may be collected to complete an Enhanced Disclosure through the Disclosure and Barring Service (DBS).

What purposes do we collect and use data for?

We collect data which allows Careline to provide appropriate workers to each care setting. We also collect data which allows us to fulfil our obligations as an employer.

The functions for which the data may be used include:

  • Staff administration, i.e. pay, discipline, work management
  • Service improvement purposes, i.e. Quality Control Forms, staff or client satisfaction audits, training feedback forms, Equal Opportunity Monitoring forms.
  • Training purposes to ensure staff are adequately trained to carry out their role
  • To conduct an investigation in response to a complaint or police enquiry
  • Accounts and records, i.e. keeping accounts related to business activity, staff and clients financial management
  • Performance monitoring and analysis to help us assess the quality and standard of our recruitment processes and delivery of care.

Information sharing

We will not share information about you for any reason except:

  • Where you ask us to
  • Where a formal court order has been served on us to do so
  • Where it is necessary to do so in order to assist the police in the prevention and detection of crime
  • Where it is necessary to do so in order to protect children and vulnerable adults
  • For matters of Health & Safety of others
  • As required by the Care Quality Commission or any other regulatory body
  • As required by any other legislation or Law of England and Wales.

We work with a number of other organisations to provide care services;

for example NHS, Local Authorities and private care providers.

We may be required to provide de-identified statistical information with them for improving local services.

We contract out our payroll services and we are therefore required to share information such as staff name, NI Number, bank account details and other information as required by Her Majesty's Revenue and Customs (HM Revenue and Customs or HMRC).

We do not send your information overseas.

How long do we keep data?

We collect a wide range of data and only keep it for as long as is absolutely necessary or as required by legislation – see table below:


Type of document Description of document Retention period
Recruitment documentation

·  Application form including name, address, DOB and NI details

·  CV

·  Copies of ID documents (passport, driving licence, birth certificate)

·  Work experience

·  Full work history (EH1 form)

·  Qualifications/training certificates

·  Bank details

·  References

·  Risk assessments

·  Details of disciplinary procedures

·  Any other recruitment documentation

·  ID photo


During employment/ registration and for a maximum period of two years thereafter
Recruitment documentation ·  Equal opportunity form During recruitment process and for maximum of 3 months
Recruitment documentation ·  Equal opportunity monitoring form (de-identified) Permanently retained
Criminal history and inclusion on lists held by Independent Safeguarding Authority (ISA) ·  DBS certificate Copies of a DBS certificate will be held for a maximum period of one year
Interview register

·  Name, address, DOB, NI number, date of interview

·  Disciplinary and/or dismissal information

·  Police investigations

·  ISA referrals

Entry on to our internal interview register (database) retained permanently.

·  Timesheets

·  Receipts

·  Expenses forms

Minimum of 7 years
Other staff records

·  Correspondence letters, emails

·  Complaints

·  Meeting minutes

·  Disciplinary documents

·  Annual leave

During employment/ registration and for a maximum period of two years thereafter
Client personal information

·  Referral form

·  Care needs assessment

·  Care Plan

·  Risk assessments

During the period care services are provided and then in line with relevant legislation relating to children or vulnerable adults.
Client services information

·  Financial payments



Minimum of 7 years
Client database

·  Name, address, DOB, brief details of care required or provided.

·  Payment details

Entry on to our internal database retained permanently.
Other information

·  Complaints book

·  Accident & incident book

·  Restraint book

Permanently retained


How do we store information?

Electronic information is stored on an internal server and can only be accessed by authorised personnel based in the head office. All information is password protected.

All manual files are stored in fire proof, lockable filing cabinets and can only be accessed by authorised personnel.

DBS certificates are stored in a fire proof, lockable filing box kept in a lockable filing cupboard and can only be accessed by authorised personnel.

How do we destroy information?

Most personal information is confidentially shredded onsite however in the past we have used a registered waste carrier to confidentially destroy bulk waste off site.

What we need from you

Please tell us as soon as possible if there are any changes, such as a new address. This helps us keep your information reliable and up to date.


What are your rights?

If at any point you believe the information we process on you is incorrect you can request to see this information and even have it corrected or deleted. If you wish to raise a complaint on how we handled your personal data, you can contact our Data Protection Officers who will investigate the matter.


Our Data Protection Officers are:

Mr David Fisher – Managing Director

Mrs Lorraine Lucas – Manager


If you are not satisfied with our response or believe that we are processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office (ICO).

Information Commissioner's Office
Wycliffe House
Water Lane

Tele: 0303 123 1113