This document demonstrates our commitment to protecting the privacy and security of your personal information. It contains information regarding how we collect and use personal data or personal information about you in accordance with the General Data Protection Regulation (GDPR) and all other data protection legislation currently in force.

Pursuant to that legislation, when processing data we will;

  • process it fairly, lawfully and in a clear, transparent way
  • collect your data only for reasons that we find proper for the course of your employment in ways that have been explained to you
  • only use it in the way that we have told you about
  • ensure it is correct and up to date
  • keep your data for only as long as we need it
  • process it in a way that ensures it will not be lost or destroyed or used for anything that you are not aware of or have consented to (as appropriate)

GA Professional Healthcare is a “data controller”. This means that we are responsible for determining the purpose and means of processing personal data relating to you.

“Personal data”, or “personal information”, means any information relating to an identified, or identifiable individual in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

There are “special categories” of sensitive personal data, meaning data relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health conditions, sex life or sexual orientation, genetic data, and biometric data which require a higher level of protection.

This data protection compliance statement (privacy notice) applies to current and former employees, workers and contractors.


The list below identifies the kind of data that we will hold about you:

  • personal contact details such as name, title, addresses, telephone numbers, and personal email addresses
  • date of birth
  • your photograph
  • gender
  • marital status
  • next of kin and their details
  • national Insurance number
  • bank account details, payroll records and tax codes
  • salary, pension and benefits information
  • leave records including annual leave, family leave, sickness absence etc
  • start date
  • location of employment or workplace
  • copy of driving licence
  • information included on your CV including references, education history and employment history
  • documentation relating to your right to work in the UK
  • information used for equal opportunities monitoring about your sexual orientation, religion or belief and ethnic origin
  • medical or health information including whether or not you have a disability
  • current and previous job titles, job descriptions, pay grades, training records, hours of work, professional membership and other terms and conditions relating to your employment with us
  • compensation history
  • internal performance information including measurements against targets, formal warnings and related documentation with regard to capability procedures and appraisal forms
  • information and relevant communications regarding disciplinary and grievance issues
  • CCTV footage and other information obtained through electronic means such as building entry card records
  • information about your use of our information and communications systems

The following list identifies the kind of data that that we will process and which falls within the scope of “special categories” of more sensitive personal information:

  • information relating to your race or ethnicity, religious beliefs, sexual orientation, sex life and political opinions
  • trade union membership
  • information about your health, including any medical conditions and disabilities
  • information about criminal convictions and offences
  • genetic information and biometric data


Your personal information is obtained through the application and recruitment process, this may be directly from candidates, via an employment agency or a third party who undertakes background checks. Further information will be collected directly from you when you complete forms at the start of your employment, for example, your bank and next of kin details. Other details may be collected directly from you in the form of official documentation such as your driving licence, passport or other right to work evidence. Data may be collected during the course of your engagement with us to enable its continued existence or development.

Personal data is kept in personnel files or within our HR and IT systems.


We will only administer personal information in accordance with the lawful bases for processing. At least one of the following will apply when we process personal data:

  • consent: You have given clear consent for us to process your personal data for a specific purpose.
  • contract: The processing is necessary for a contract we have with you, or because we have asked you to take specific steps before entering into a contract.
  • legal obligation: The processing is necessary for us to comply with the law (not including contractual obligations).
  • vital interests: the processing is necessary to protect someone’s life.
  • public task: the processing is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law.
  • legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect your personal data which overrides those legitimate interests.


We consider that the basis for which we will process the data contained in the list above (see section above – details of information we will hold about you) is necessary for the performance of the contract we have with you and to enable us to comply with our legal obligations. Occasionally, we may process personal information about you to pursue legitimate interests of our own or those of third parties, provided there is no good reason to protect your interests and your fundamental rights do not override those interests.

The circumstances in which we will process your personal information are listed below.

  • making decisions about who to offer initial employment to, and subsequent internal appointments, promotions etc.
  • responding to requests from third parties such as a reference request or mortgage approval etc.
  • making decisions about salary and other benefits
  • providing contractual benefits to you
  • maintaining comprehensive up to date personnel records about you to ensure, amongst other things, effective correspondence can be achieved and appropriate contact points in the event of an emergency are maintained
  • effectively monitoring both your conduct and your performance and to undertake procedures with regard to both of these if the need arises
  • offering a method of recourse for you against decisions made about you via a grievance procedure
  • assessing training needs
  • implementing an effective sickness absence management system including monitoring the amount of leave and subsequent actions to be taken including the making of reasonable adjustments
  • gaining expert medical opinion when making decisions about your fitness for work
  • managing statutory leave and pay systems such as maternity leave, pay etc.
  • business planning and restructuring exercises
  • dealing with legal claims made against us
  • preventing fraud
  • ensuring our administrative and IT systems are secure and robust against unauthorised access

There may be more than one reason to validate the reason for processing your personal information.


“Special categories” of particularly sensitive personal information require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information. We may process special categories of personal information in the following circumstances:

  • consent: You have given clear consent for us to process your personal data for a specific purpose.
  • contract: The processing is necessary for a contract we have with you, or because we have asked you to take specific steps before entering into a contract.
  • legal obligation: The processing is necessary for us to comply with the law (not including contractual obligations) and meets the obligations under our data protection policy.
  • vital interests: the processing is necessary to protect someone’s life.
  • public task: the processing is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law and meets the obligations under our data protection policy. (For example in the case of equal opportunities monitoring)
  • legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect your personal data which overrides those legitimate interests (For example to assess your capacity to work on the grounds of ill health)

Occasionally, special categories of data may be processed where you are not capable of giving your consent, where you have already made the information public or in the course of legitimate business activities or legal obligations and in line with the appropriate safeguards.

Examples of the circumstances in which we will process special categories of your particularly sensitive personal information are listed below (this list is non-exhaustive):

  • in order to protect your health and safety in the workplace
  • to assess your physical or emotional fitness to work
  • to determine if reasonable adjustments are needed or are in place
  • to monitor and manage sickness absence, family leave or other absences from work (including time off for dependents)
  • to administer benefits
  • In order to fulfill equal opportunity monitoring or reporting obligations

Where appropriate, we may seek your written authorisation to process special categories of data. Upon such an occasion we will endeavor to provide full and clear reasons at that time in order for you to make an informed decision. In any situation where consent is sought, please be advised that you are under no contractual obligation to comply with a request. Should you decline to consent you will not suffer a detriment


Information regarding criminal convictions may be processed in accordance with our legal obligations. Occasionally we may process such information to protect yours, or someone else’s interests and you are not able to give your consent or we may process such information in cases where you have already made the information public. Such information may be sought as part of the recruitment process or in the course of your employment with us. Where we process information regarding criminal convictions we will adhere to the guidelines currently in force regarding data security and data retention as determined by the appropriate governing body.

We anticipate that we will process information about criminal convictions.


We do not anticipate that any of our decisions will occur without human involvement. Should we use any form of automated decision making we will advise you of any change in writing.

NOTE: Examples of where such decisions may be made in the employment context are:

  • Automatic rejection of candidates in online recruitment systems if they do not have the requisite qualifications or grades.
  • A “trigger” is met in a sickness absence or disciplinary procedure.
  • A bonus decision is made on the basis of attendance data alone.
  • Automatic shift and holiday rota system.
  • Monitoring of employee emails and internet use.


Your data will be shared with colleagues within the Company where it is necessary for them to undertake their duties. This includes, for example, Booking team for their management of your bookings, the HR department for maintaining personnel records and the payroll department for administering payment under your contract of employment.

It may be necessary for us to share your personal data with a third party or third party service provider (including, but not limited to, contractors, agents or other associated/group companies).

Data sharing may arise due to a legal obligation, as part of the performance of a contract or in situations where there is another legitimate interest (including a legitimate interest of a third party) to do so.

The list below identifies which activities are carried out by third parties on our behalf:

  • payroll
  • pension providers/administrators
  • IT services
  • legal advisors
  • security
  • insurance providers
  • Service user

Data may be shared with 3rd parties in the following circumstances:

  • in the process of regular reporting activities regarding our performance,
  • with regards to a business or group reorganisation, sale or restructure,
  • in relation to the maintenance support and/or hosting of data
  • to adhere with a legal obligation
  • in the process of obtaining advice and help in order to adhere with legal obligations

If data is shared, we expect third parties to adhere and comply with the GDPR and protect any data of yours that they process. We do not permit any third parties to process personal data for their own reasons. Where they process your data it is for a specific purpose according to our instructions.

We do not anticipate that we will transfer data to other countries.


As part of our commitment to protecting the security of any data we process, we have put the following measures in place give details of any measures/policies/binding corporate rules. If you would like further details please contact the manager the Manager GAprofessional Healthcare by phone on +44(0)3333110172 or

In addition, we have put further security measures in place to avoid data from being accessed, damaged, interfered with, lost, damaged, stolen or compromised. In cases of a breach, or suspected breach, of data security, you will be informed, as will any appropriate regulator, in accordance with our legal obligations.

Any data that is shared with third parties is restricted to those who have a business need, in accordance with our guidance and in accordance with the duty of confidentiality.


We anticipate that we will retain your data for as long as we need it but for no longer than is necessary for the purpose for which it was collected.

We have given consideration to the following in order to decide the appropriate retention period:

  • quantity
  • nature
  • sensitivity
  • risk of harm
  • purpose for processing
  • legal obligations

At the end of the retention period, upon conclusion of any contract we may have with you, or until we are no longer legally required to retain it, it will be reviewed and deleted, unless there is some special reason for keeping it. Occasionally, we may continue to use data without further notice to you. This will only be the case where any such data is anonymised and you cannot be identified as being associated with that data


We commit to ensure that any data we process is correct and up to date. It is your obligation to make us aware of any changes to your personal information.

In some situations, you may have the;

  • Right to be informed. This means that we must tell you how we use your data, and this is the purpose of this privacy notice.
  • Right to request access. You have the right to access the data that we hold on you. To do so, you should make a subject access request
  • Right to request correction. If any data that we hold about you is incomplete or inaccurate, you are able to require us to correct it.
  • Right to request erasure. If you would like us to stop processing your data, you have the right to ask us to delete it from our systems where you believe there is no reason for us to continue processing it.
  • Right to object to the inclusion of any information. In situations where we are relying on a legitimate interest (or those of a third party) you have the right to object to the way we use your data where we are using it.
  • Right to request the restriction of processing. You have the right to ask us to stop the processing of data of your personal information. We will stop processing the data (whilst still holding it) until we have ensured that the data is correct.
  • Right to portability. You may transfer the data that we hold on you for your own purposes.
  • Right to request the transfer. You have the right to request the transfer of your personal information to another party.

Where you have provided consent to our use of your data, you also have the unrestricted right to withdraw that consent at any time. Withdrawing your consent means that we will stop processing the data that you had previously given us consent to use. There will be no consequences for withdrawing your consent. However, in some cases, we may continue to use the data where so permitted by having a legitimate reason for doing so.

If you wish to exercise any of the rights explained above, please contact give details of DPO or appropriate person.

Consequences of your failure to provide personal information

If you neglect to provide certain information when requested, it may affect our ability to enter into or continue with an employment contract with you, and it may prevent us from complying with our legal obligations.

Change of purpose for processing data

We commit to only process your personal information for the purposes for which it was collected, except where we reasonably consider that the reason for processing changes to another reason and that reason is consistent with the original basis for processing. Should we need to process personal information for another reason, we will inform you of this and advise you of the lawful basis upon which we will process.

Important note: We may process your personal information without your knowledge or consent, in compliance with the above rules (see above section – lawful basis for processing your personal information).

In the event that you enter into an employment contract with us, any information already collected may be processed further in accordance with our data protection policy, a copy of which will be provided to you.


It is the responsibility of our Data Protection Officer (DPO) to oversee compliance with this statement. Should you have any questions regarding this statement, or how we process your personal information, please contact The Manager on Telephone:+(44)3333110172 or email: .

The supervisory authority in the UK for data protection matters is the Information Commissioner (ICO). If you think your data protection rights have been breached in any way by us, you are able to make a complaint to the ICO.

Privacy Notice: Service User / Next of Kin

Information that we collect about customers and why we keep this

We collect personal information and keep records about you and the service that you receive so that we can;

  • Provide you with the right care and support to meet your individual needs and preferences and respond to any changes;
  • Answer any queries that you may have or deal with complaints;
  • Keep you safe from harm and abuse;
  • Check the quality of the service that we provide and improve it if necessary.

We will only ask for information that is relevant. This includes information about who you are, your home, what and who is important to you, your care and support needs and preferences and details of the service we provide to you.

What we do with this information

Your personal information is important so we make sure that all of the information that we have about you is safely and securely stored.

Most of this information is written in your care and support plans. The care worker will look at your care and support plan each time that they visit. They will make a note of the care and support they provide at the end of every visit. You have a copy of all these records in the care company’s Support Plan folder which we leave at your home.

We also keep copies of this information in:

– The care company office;

– With the ‘on call staff member’ who provides management support out of office hours.

We will not keep information about you for longer than is necessary. In most cases we will dispose of information 6 years after our service to you ceases.

Who else can see the information that we have about you?

The law says that you have a right to see any personal information that we have about you. To see a copy of any personal information that is not already at your home, or to correct any inaccuracies, please contact the Manager GA Professional Healthcare

We will also accept a request from a member of your family or a friend providing they have your written permission.

Usually we will not discuss or share your personal information with anyone else unless you have given us permission first. Occasionally, however, we may need to share information about you without asking your consent because the law says we must or because we are concerned about your safety or well-being. This includes:

  • The statutory regulator for health and social care;
  • Legal representatives that you have appointed such as attorneys;
  • A court appointed deputy, visitor or guardian;
  • The local authority social work or adult social care department or the Health and Social Care Trust;
  • An independent mental capacity advocate instructed by the local authority;
  • Other health or social care professionals in an emergency.