Privacy Notice & GDPR Statement

Introduction

Kindwell Group Limited (“Kindwell”) provides recruitment services to match care workers with suitable placements. This Privacy Notice explains how we collect, use, store, and share personal data, and how we comply with our legal obligations under UK data protection laws.

This Notice applies to:

  • Candidates: Individuals applying for or registering interest in roles with us.

  • Clients: Care providers who use our services to fill placements.

  • Suppliers: Contractors, freelancers, or organisations providing services to Kindwell.

  • Website Users: Visitors to our website.

  • Other individuals: Referees, emergency contacts, and others whose information we receive in connection with recruitment services.

We may update this Notice from time to time. The latest version will always be available on our website.

 

What Personal Data Do We Collect?

Candidates:

  • Contact details (name, address, phone, email)

  • CV/work history, work preferences

  • Professional qualifications, licences, right-to-work details

  • Identification (passport, driving licence, visas)

  • Date of birth, National Insurance number

  • Results of background checks (where required)

  • References, emergency contacts, medical/disability information (where relevant)

  • Payroll and tax details (if placed)

  • Diversity monitoring data (optional)

  • Communication logs with us

Clients:

  • Contact details of individuals at your organisation

  • Information about roles and requirements

Suppliers:

  • Contact details of relevant individuals

  • Bank/payment details

  • Service history

Referees & Emergency Contacts:

  • Basic contact details only

Website Users:

  • Usage data (e.g. IP address, browsing behaviour, cookie data)

How We Collect Data

  • Directly from you (e.g. applications, emails, phone calls, website forms)

  • From third parties (e.g. job boards, referrals, public sources, or clients)

  • Automatically (via cookies and analytics when you use our website)

How We Use Personal Data

Candidates: To match you with opportunities, confirm right-to-work status, obtain references, manage placements, process pay (if applicable), and comply with legal obligations.

Clients: To provide recruitment services and manage our business relationship.

Suppliers: To manage our relationship, including contracts, payments, and compliance.

Referees & Emergency Contacts: To confirm candidate suitability or to contact in emergencies.

Website Users: To improve site functionality, personalise content, and monitor performance.

Legal Bases for Processing

We rely on one or more of the following:

  • Consent (e.g. diversity data, marketing communications)

  • Contract (to deliver services to candidates, clients, and suppliers)

  • Legal obligation (e.g. right-to-work, HMRC requirements)

  • Legitimate interests (e.g. matching candidates with roles, maintaining business relationships)

Who We Share Data With

  • Prospective clients (to help candidates secure roles)

  • Service providers (e.g. IT, payroll, background check services)

  • Regulatory bodies where legally required

We do not sell personal data to third parties.

Data Security

We implement technical and organisational measures to protect data against unauthorised access, alteration, or loss. Our systems are hosted in the EEA in ISO27001-certified data centres. We also conduct regular security checks.

Data Retention

We only keep personal data for as long as necessary to provide our services, meet legal or regulatory requirements, or resolve disputes. In practice, this means:

  • Candidates: We retain records for the duration of your relationship with us. If your application is unsuccessful or incomplete, we usually delete your data within 12 months, unless you ask us to keep it on file for future opportunities (for a maximum of 2 years unless you renew your consent). Where you have worked with us, we typically retain records for up to 6 years after your last engagement, in line with legal and safeguarding requirements.

  • Clients and suppliers: We retain records for the length of our relationship and up to 6 years afterwards to comply with legal and accounting obligations.

After these periods, your data will be securely deleted or anonymised, unless we are legally required to retain it for longer.

Your Rights

Under UK data protection law, you have the right to:

  • Access the personal data we hold about you

  • Request correction of inaccurate data

  • Request erasure of your data

  • Object to processing based on legitimate interests

  • Withdraw consent (where consent is the legal basis)

  • Request data portability

  • Lodge a complaint with the Information Commissioner’s Office (ICO)

To exercise these rights, please contact us at hello@kindwell.co.uk

Cookies

Our website uses cookies to improve user experience, analyse traffic, and personalise content. You can adjust cookie preferences in your browser settings.

Contact

If you have any questions about this Privacy Notice or how we handle your personal data, please contact:

Kindwell Group Limited
hello@kindwell.co.uk

Our registered office address (for formal correspondence) is available on Companies House.

You also have the right to contact the Information Commissioner’s Office (ICO) at https://ico.org.uk/concerns/ or by calling 0303 123 1113.