Skip to main content

Employee privacy policy

Employee Privacy Promise

We ask that you read this privacy promise carefully as it contains important information on who we are and how we collect, use, store and share personal information. It outlines your rights and how to contact us and other relevant organisations in the event you have a complaint.

Quickly access information on Your rights here.

Who we are

We are Kandle Care Limited , registered number 14132045, registered address Colonial House Swinemoor Lane, Beverly, HU17 0LS.

As a ‘data controller’, we are responsible for how we process your information in the UK. The UK General Data Protection Regulation (UK GDPR) sits alongside an amended version of the Data Protection Act (DPA) 2018 and applies to most UK businesses and organisations. We must comply with this data protection regime with regards to the data protection principles, our obligations and your rights as a UK citizen.

All our data processing activities are monitored by our appointed Data Protection Officer to ensure that the information we collect is:

  • Used lawfully, fairly and in a transparent way
  • Relevant and for reasons that we have told you about
  • Accurate and up to date
  • Kept only for as long as it is needed
  • Kept securely

You may also be interested in our:

Information we collect from you

In our role as an employer, and because of the nature of our business, we process different categories of data from our employees during and after the employment period. The type of data includes:

Personal data: Namecontact details, bank detailsdate of birthgendermarital status, driving licence number, vehicle registration number, photographs, next of kin contact details, GP contact details

Financial details: Payroll records, benefits, salary, tax status, National Insurance number

Employment data: Recruitment records (including employment history, references, DBS, right to work, etc.), Performance management records (electronic call monitoring, direct observations, appraisals, supervisions, disciplinary, grievance), Training and competency records, Absence records (annual leave, etc.)

We will always ask for consent for any participation on our media platforms including social media and print publications.

We process ‘special category data’ which tends to be sensitive by nature and will include:

  • Religion
  • Medical and health information (including sickness details)
  • Nationality or ethnicity
  • Criminal cautions or convictions
  • Motoring convictions

Data Processing during COVID-19

We may process special category data or health data which is classified as COVID test results and vaccination records collected from you or other external sources.

Under UK GDPR, we rely on the following legal basis to collect, use and share this data:

Article 9 (2)(b) – legal obligation under employment, social security and social protection

Article 6(1)(f) – in pursuit of legitimate interests to

  • Inform public authorities where confirmed COVID cases would constitute as an outbreak
  • Provide health data requested by public authorities performing a specific public task to reduce transmission and severity of pandemic
  • Provide contact data to public health authorities or relevant bodies to invite you to have the COVID vaccine

The requirements for testing, uptake of the vaccine and changes to data processing are part of the COVID-19 management strategy to ensure safe working conditions, prevent contamination and transmission of coronavirus and protect vulnerable and ‘at risk’ groups that are employed or those using close contact services such as Kandle Care.

In accordance with GDPR, personal data will be shared in a safe and secure way; limited to only what is necessary and appropriate.

Information we collect from other sources

We may request and collect personal data, and information about you from different employment sources, recruitment agencies and individuals. We collect information from our website, social media and Applicant Tracking System (ATS) that you provide as a candidate during our recruitment process.

We record and retain audio and/or video files for the purposes outlined in our Call Recording & Acceptable Use Policy and CCTV Policy available on Collaborate.

We also record and retain audio and video files for data processing outlined in our Call Recording and CCTV Policy.

Purpose for collecting and using your personal information

Under the GDPR, we must have a legal basis to process your information for all the activities we carry out. We rely on the following legal basis for processing:

  • Article 6(1)(b) – processing is necessary for the performance of our contracts
  • Article 6(1)(c) – processing is necessary for us to demonstrate compliance with the law or regulatory frameworks
  • Article 6(1)(f) – in pursuit of legitimate interests for:
  • Corporate diligence relating to business development, innovation and staff engagement
  • Call recording for training and quality assurance purposes
  • CCTV Monitoring on premises and restricted areas of the business
  • Return of company assets and facilities management

When processing special category (sensitive) data such as your health, diversity information or details of any criminal convictions; we do this on the following grounds:

  • Article 9(2)(b) – Legal obligations under employment or social benefit law
  • Article 9(2)(f) – Establishment, exercise or in the defence of legal claims or in court
  • Article 9(2)(h) – Provision of health or social care or management of health or social care systems or services

How we use this information and how long we keep it for

We use the information collected to employ and support you during your employment with Kandle Care. The period of retention commences after employment has ended.

We use your personal information to: For how long?

To maintain accurate and up to date personnel records of personal data, employment data, contracts and financial information

To record and manage statutory meetings such as redundancy, disciplinary or grievance proceedings

To record and manage mediation and conflict resolution

To process and assess special category data and health information where relevant to job role

To receive and process records of managed moves, resignations and facilitate exit interviews and leavers workflows

6 years

*employee record summary kept up to 75th birthday

To record and process records of absence, annual leave, sick notes, Return to work, DBS checks, MATB1, etc. 3 years

To manage training needs by arranging or assessing training, refresher courses and competency assessments

To communicate and record performance management activities (including appraisals, observations and supervisions)

6 years

To record and process payroll for employees

To record and process expenses or retirement benefits for employees

To monitor and ensure compliance with National Minimum Wage Standards

To record and manage Statutory Sick Pay

To enrol in pension schemes

6 years

6 years

3 years

3mths to 6 years

12 years

To receive, record and process insurance claims

To respond and process post, penalties and sanctions

To manage electronic call monitoring and generate reports

To provide access privileges on systems applications and company equipment acquisitions

To create employee profiles and manage work placements including travel arrangements and accommodation when required

To manage car parking and allocate spaces

To recover company assets and intellectual property during and occasionally after a period of employment

To communicate, exchange and record communications as part of the responsibilities of the job role and job description

To issue and renew ID badges and security fobs

For as long as required

To comply with Investigations and regulatory compliance

To monitor, review and support internal and external audit processes relating to the service provision in line with data sharing agreements and confidentiality clauses

To process and record notifications, accidents and incidents internally and with the appropriate external regulators (including RIDDOR, CQC, CIW)

To investigate, manage and record concerns, safeguarding and complaints

Up to 10 years

To report business and trend analysis

To monitor and report on business performance and compliance

To conduct and participate in employee surveys, review or feedback

To participate in employer schemes and other work-related activities and communications

To maintain active accounts on the Applicant Tracking System (ATS)

To communicate internal job opportunities*

To respond to requests relating to your individual rights

*To opt out, you can delete your account or use the unsubscribe option available in all email marketing communication

Sharing your information with others

To operate our business and recruitment process, we have contracts in place with third party service providers to access and maintain a duty of care over your personal information. These include:

  • IT and telecoms support – to ensure secure operation of our IT infrastructure
  • Software support – to provide technical support and resolve issues
  • Communication and logistics– such as Royal Mail and network providers
  • Regulatory authorities – such as Her Majesty Revenue & Customs (HMRC), the Financial Services Authority (FSA), Care Quality Commission (CQC) and Care Inspectorate Wales (CIW)
  • Hospitality Service providers – such as fleet vehicle management, bookings and training
  • Insurance providers
  • Pension providers
  • External security providers (CCTV monitoring)
  • Archiving Service Providers

We will share relevant information within Kandle Care during and after your employment where this is necessary, and in line with our purpose for processing.

Due to the nature of our business and the service we provide we may share minimal personal data with our customers to enable the safe and effective delivery of care, for example by sharing carer profiles with customers.

We will not sell or trade your personal information with any other third party for marketing purposes without your consent and we will not share your information outside the scope of this privacy policy unless there is a legal reason.

Data transfers and Storage

Kandle Care transfers and stores data under contractual agreements with data processors in the UK. Data transfers and storage may also occur in the European Economic Area (EEA) and other third countries which are now known as Restricted Data Transfers.

Restricted Data Transfers

Under the UK GDPR, restricted data transfers from the UK to the EEA and other countries covered by a European Commission ‘adequacy decision’ are currently permitted subject to review by the UK Government.

Restricted Data Transfers from the EEA and other countries covered by a European Commission ‘adequacy decision’ are done in compliance with Eu GDPR with the appropriate safeguards we have put in place.

Restricted Data Transfers between the UK and other third countries are done in compliance with the UK GDPR ‘adequacy regulations’ or the appropriate safeguards we have put in place.

These appropriate safeguards ensure that your individual rights and freedoms are protected in respect to your personal data in accordance with the UK data protection regime.

We may share your data to communicate with you during and after your employment.

Data Security

We have appropriate organisational and technical security measures to protect your personal information and limit who has access. There are also appropriate safeguards in place for data transfers to protect your privacy rights.

We have procedures in place to detect and respond to suspected data security breaches. We may notify you and any relevant authority as part of our data risk management where we are legally obliged to.

Your rights

You have rights over the way we use your information:

  • You have the right to be informed about what information we collect and how it is used as outlined in this privacy promise.
  • You have the right to ask for access to the information we hold on you. We would usually provide copies free of charge.
  • You have the right to ask us to correct or update any information you think is incorrect or incomplete.
  • You have the right to object to your information being used and/or withdraw consent.
  • You have the right to ask us to stop using your information. This ‘right to be forgotten is only applied where there is no legal reason for us to continue to hold or use it.
  • You have the right to object to any automated decision making. This could affect your ability to fully access our services.
  • You have the right to ask us to stop using your information for marketing purposes by opting out at any point of the registration process or by updating your preferences once registered. The unsubscribe feature on our emails are actioned immediately but may take up to 14 days to complete.
  • You have the right to ask us to transfer certain personal information or a copy of some of your information to you or to another organisation, including service providers, in a format they can use where this is technically possible, known as the ‘right to data portability’.
  • You have the right to withdraw any permission you have previously given us to use your information.

For detailed information on each of those rights, including the circumstances in which they apply, see the Guidance from the Information Commissioner’s Office (ICO) on individuals’ rights under the UK General Data Protection Regulation. If you would like to exercise a right, please contact the Compliance team at  datarequest@kandlecare.com  or see the ‘how to contact us’ section.

How to contact us

If you have any questions about this privacy promise, your rights or wish to contact the Data Protection Officer, get in touch by:

  • Email – datarequest@kandlecare.com 
  • Post– Compliance Department, Colonial House, Swinemoor Lane, Beverly, HU17 0LS
  • Telephone– 01482458148

Other information

How to complain

If you contact us, we hope to resolve any query or concern you raise about our use of your information.

The UK GDPR also gives you right to lodge a complaint with a supervisory authority with the Information Commissioner Office (ICO) who are the supervisory body in the UK and can be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113.

Changes to this privacy promise

This privacy notice was first published on 2nd of July 2023.

We may change this privacy promise and update our website from time to time.

Do you need extra help?

If you would like this privacy promise in another language or format such as audio, large print or braille, please contact us.