DATA PROTECTION POLICY
- Introduction
Everytime Care is committed to ensuring the protection and confidentiality of personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy outlines how we collect, process, store, and protect personal data within our recruitment and temporary staffing operations. - Scope
This policy applies to all personal data processed by Everytime Care, including data relating to clients, temporary workers, candidates, employees, and business contacts. It covers all data processing activities, whether electronic or paper-based. - Data Protection Principles
Everytime Care adheres to the following data protection principles:
Lawfulness, fairness, and transparency – Data is processed lawfully, fairly, and in a transparent manner.
Purpose limitation – Data is collected for specified, explicit, and legitimate purposes.
Data minimisation – Only the necessary data for the intended purpose is collected and processed.
Accuracy – Personal data is kept accurate and up to date.
Storage limitation – Data is retained only for as long as necessary and securely deleted when no longer needed.
Integrity and confidentiality – Appropriate security measures are in place to protect data against unauthorised access, loss, or damage.
- Personal Data We Process
Everytime Care processes the following types of personal data:
For candidates and temporary workers: Name, contact details, CVs, employment history, right to work documents, payroll information, references, and compliance data.
For clients: Business contact details, job role requirements, and contract details.
For employees: Personal details, payroll information, and employment records.
- Lawful Basis for Processing
Everytime Care processes personal data based on the following legal grounds:
Performance of a contract – To fulfil recruitment and staffing agreements.
Legal obligations – Compliance with employment laws, tax regulations, and right-to-work checks.
Legitimate interests – Business operations, service improvements, and fraud prevention.
Consent – Where required, such as for marketing communications.
- Data Sharing and Third Parties
Everytime Care may share personal data with:
Clients requiring staffing solutions.
Payroll and HR service providers for processing payments.
Government bodies, such as HMRC and the Home Office, where legally required.
Background check and compliance agencies.
We do not sell personal data to third parties.
- Data Retention
Everytime Care retains personal data for the following periods:
Candidate records: Up to 2 years after the last contact unless required for longer.
Payroll and financial records: 6 years for tax and compliance purposes.
Right-to-work documentation: 2 years after employment ends.
Data is securely deleted or anonymised once retention periods expire.
- Data Security Measures
To protect personal data, Everytime Care implements the following security measures:
Access controls and restricted data access.
Secure electronic storage and encryption.
Regular system monitoring and audits.
Employee training on data protection best practices.
- Individual Rights
Individuals have the right to:
Request access to their personal data.
Rectify inaccurate or incomplete data.
Request data erasure in certain circumstances.
Restrict or object to processing.
Request data portability.
Withdraw consent for processing where applicable.
Requests can be made by contacting our Data Protection Officer.
- Breach Reporting
Everytime Care has procedures in place to detect, report, and respond to data breaches. Any serious breach affecting individuals’ rights will be reported to the Information Commissioner’s Office (ICO) within 72 hours. - Policy Review
This policy is reviewed regularly to ensure compliance with data protection laws. Updates will be published on our website. - Contact Information
For any data protection inquiries, please contact our Data Protection Officer at:
Email: info@everytimecare.co.uk