DMO Care Agency - logo(transp)

Privacy Policy

Who we are: DMO Care Healthcare Ltd (“we”, “us”, “our”)
Website: www.dmocareagency.co.uk
Contact (Data Protection): info@dmocareagency.co.uk
Data controller: DMO Care Healthcare Ltd 

1. Scope

This privacy policy explains how we collect, use, share, and protect personal data when you visit our website, apply for roles, or work with us as a client or candidate.

2. The data we collect

  • Website data: IP address, device/browser info, pages viewed, cookie preferences, analytics events.

  • Candidate data: Name, contact details, CV, employment history, qualifications, right-to-work documents, DBS status, training/competency records, references, availability, placement history, timesheets, pay information.

  • Client data: Name, contact details, role, organisation details, service requirements, bookings, invoicing details.

  • Communications: Emails, calls, messages, enquiries and related notes.

3. How we get your data

  • Directly from you (web forms, email, phone, applications)

  • From third parties with your permission or where lawful (e.g., referees, training providers, background check services)

  • Automatically via cookies/analytics (see Cookies Policy)

4. Why we process your data (and lawful bases)

  • Provide our services to candidates and clients (contract; legitimate interests)

  • Recruitment activities including screening, onboarding, compliance (contract; legal obligation; legitimate interests)

  • Right-to-work/DBS checks (legal obligation; substantial public interest where applicable)

  • Payroll/invoicing (contract; legal obligation)

  • Service improvement and analytics (legitimate interests; consent for non-essential cookies)

  • Marketing (consent, or soft opt-in for similar services; you can opt out anytime)

5. Sharing your data

We may share data with:

  • Client organisations for role submissions and placements

  • Background screening/DBS/right-to-work and training verification providers

  • Payroll, accounting, and IT/hosting providers

  • Regulators or law enforcement where required by law
    We require recipients to handle data securely and lawfully.

6. International transfers

If data is transferred outside the UK, we ensure appropriate safeguards (e.g., UK Addendum to SCCs, adequacy decisions).

7. Retention

We keep data only as long as needed:

  • Candidate records: typically up to 6 years after last activity/engagement (or longer where required for safeguarding/regulatory reasons)

  • Client and financial records: 6–7 years for tax/accounting

  • Website analytics: per provider default or until consent is withdrawn

8. Your rights (UK GDPR)

You can access, correct, erase, restrict or object to processing, and port your data. Where we rely on consent, you can withdraw consent at any time. You also have the right to complain to the ICO (ico.org.uk) if you’re unhappy with how we use your data.

9. Security

We use appropriate technical and organisational measures to protect personal data (access controls, encryption where appropriate, staff training, secure disposal).

10. Marketing preferences

You can opt out of marketing at any time by using unsubscribe links or emailing info@dmocareagency.co.uk.

11. Contact

Questions about this policy or your data rights: info@dmocareagency.co.uk.

12. Changes to this policy

We may update this policy periodically and will post the latest version here.