Privacy Policy

This Privacy Notice comes into effect from 25th May 2018 and applies to all stakeholders and agencies Nestlings Care Ltd. work with. This Privacy Notice makes it easier for you to find out how we collect, store and handle your data.


We will update this Privacy Notice from time to time. When we do change the notice in any significant manner, we will post an update on our website.


When Nestlings Care Ltd. processes your personal data we are required to comply with the Data Protection Act 1998 (“DPA”) up to and including 24 May 2018, and from 25 May 2018, the General Data Protection Regulation 2016 (“GDPR”) (the DPA and GDPR are together referred to as the “Data Protection Legislation”).


Please note that some of the areas referring to certain data pertain to employees rights only and are not used in the case of clients.

Your personal data includes all the information we hold that identifies you or is about you, for example:

  • Your name
  • Email address
  • Telephone number
  • Financial information
  • Social media identifiers
  • National Insurance number
  • NHS number
  • Passport details, residency and Nationality
  • Postal address
  • Date of birth
  • Location data
  • In some cases opinions that we document about you, as well as special categories of data including, but not limited to:
    • Medical and health records
    • Information about your religious beliefs
    • Ethnic origin
    • Race
    • Sexual orientation
    • Political views


After your recruitment, we will retain your full employment record which will include name, postal address, telephone number, email address, details of your next of kin, bank details (for payments), educational and work history, training, appraisals, copies of complaints, disciplinary and/or safeguarding matters.


Everything we do with your personal data counts as processing it, including collecting, storing, amending, transferring and deleting it. We are therefore required to comply with the Data Protection Legislation to make sure that your information is properly protected and used appropriately.


This fair processing notice provides information about the personal data we process, why we process it and how we process it.

Our responsibilities:

Nestlings Care Ltd is the data controller of the personal data you provide. We have appointed as and they will have day-to-day responsibility for ensuring that we comply with the Data Protection Legislation and for dealing with any requests we receive from individuals exercising their rights under the Data Protection Legislation.

Why do we process personal data?

We process your personal data for HR, employment and administrative purposes. We need your personal data to make sure you have all you need to be able to work at Nestlings Care Ltd, to make sure you are safe and secure at work and to make sure you receive all the benefits and rights to which you are entitled. The Employment Rights Act 1996 requires us to obtain certain personal data from you, such as your name. Without it, we may be unable to offer you employment. We may need other personal data from you to be able to enter into a contract with you and provide you with all the information you need. Again, if we do not receive that personal data from you, we may be unable to offer you employment or fulfill our obligations to you as your employer.


We process most of your information on the grounds of our legitimate interests (i.e. our employment of you and fulfilling our obligations as your employer). We may also rely on the fact that we need to process your personal data to fulfill our contract with you or to comply with a legal obligation. If we process special categories of data about you we will usually do so on the basis that the processing is necessary as part of your employment with us.


If none of the grounds set out above applies, we will obtain separate consent from you to the processing of your personal data. You can withdraw your consent at any time. This won’t affect the lawfulness of any processing we carried out prior to you withdrawing your consent.

How we store personal information?

The personal information we collect is stored in a variety of paper and electronic forms. Regardless, we have appropriate and adequate technical administrative processes in place to make sure that all your information is kept secure.

Protection of personal information:

Nestlings Care takes the security of your personal information very seriously.
To make sure your personal information is protected, we have a series of technical and administrative measures in place. Access to information is limited only to those of our employees who need to access it to.
All members of staff are required to undertake annual data protection and confidentiality training and our privacy and security guidelines are communicated to all employees. These privacy safeguards are monitored and strictly enforced.

Who will receive your personal data?

We only transfer your personal data to the extent we need to. Recipients of your personal data include:

  • Payroll providers
  • Insurers
  • Healthcare providers
  • Hosted data centers
  • Human Resource Advisors
  • Third parties that provide benefits/perks etc.

We don’t transfer your personal data outside of the EEA.

How long will we keep your personal data?

We will retain your personal data for a set period of time. We retain your information for this period in case any issues arise or in case you have any queries. Your information will be kept securely at all times. Following the end of the set period, your files and personal data we hold about you will be permanently deleted or destroyed. If we are required to obtain your consent to process your personal data, any information we use for this purpose will be kept until you withdraw your consent, unless we are entitled to retain the personal data on the basis of other grounds set out in the Data Protection Legislation.

What are your rights?

You benefit from a number of rights in respect of the personal data we hold about you. We have summarised the rights, which may be available to you below, depending on the grounds on which we process your data. More information is available from the Information Commissioner’s Office website (https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/). These rights apply for the period in which we process your data.

Access to data

You have the right to ask us to confirm that we process your personal data, as well as having the right to request access to/copies of your personal data. You can also ask us to provide a range of information, although most of that information corresponds to the information set out in this fair processing notice.


We will provide the information free of charge unless your request is manifestly unfounded or excessive or repetitive, in which case we are entitled to charge a reasonable fee. We may also charge you if you request more than one copy of the same information.


We will provide the information you request as soon as possible and in any event within one month of receiving your request. If we need more information to comply with your request, we will let you know.

Rectification of data

If you believe personal data we hold about you is inaccurate or incomplete, you can ask us to rectify that information. We will comply with your request within one month of receiving it unless we don’t feel it is appropriate, in which case we will let you know why. We will also let you know if we need more time to comply with your request.

Right to be forgotten

In some circumstances, you have the right to ask us to delete personal data we hold about you. This right is available to you:

  • Where we no longer need your personal data for the purpose for which we collected it
  • Where we have collected your personal data on the grounds of consent and you withdraw that consent
  • Where you object to the processing and we don’t have any overriding legitimate interests to continue processing the data.
  • Where we have unlawfully processed your personal data (i.e. we have failed to comply with GDPR)
  • Where the personal data has to be deleted to comply with a legal obligation
There are certain scenarios in which we are entitled to refuse to comply with a request. If any of those apply, we will let you know.

Right to restrict processing

In some circumstances, you are entitled to ask us to suppress processing of your personal data. This means we will stop actively processing your personal data but we don’t have to delete it. This right is available to you:

  • If you believe the personal data we hold isn’t accurate – we will cease processing it until we can verify its accuracy.
  • If you have objected to us processing the data – we will cease processing it until we have determined whether our legitimate interests override your objection
  • If the processing is unlawful
  • If we no longer need the data but you would like us to keep it because you need it to establish, exercise or defend a legal claim.

Data portability

You have the right to ask us to provide your personal data in a structured, commonly used and machine-readable format so that you are able to transmit the personal data to another data controller. This right only applies to personal data you provide to us:

  • Where processing is based on your consent or for performance of a contract (i.e. the right does not apply if we process your personal data on the grounds of legitimate interests)
  • Where we carry out the processing by automated means.
  • We will respond to your request as soon as possible and in any event within one month from the date we receive it. If we need more time, we will let you know.

Right to object

You are entitled to object to us processing your personal data:

  • If the processing is based on legitimate interests
  • Performance of a task in the public interest
  • Exercise of official authority
  • For direct marketing purposes (including profiling)
  • For the purposes of scientific or historical research and statistics
In order to object, you must have grounds for doing so based on your particular situation. We will stop processing your data unless we can demonstrate that there are compelling legitimate grounds which override your interests, rights and freedoms or the processing is for the establishment, exercise or defence of legal claims.

Automated decision making

Automated decision-making means making a decision solely by automated means without any human involvement. This would include, for example, an online credit reference check that makes a decision based on information you input without any human involvement. It would also include the use of an automated clocking-in system that automatically issues a warning if a person is late a certain number of times (without any input from HR, for example).
We carry out the following types of automated decision making using your personal data:

  • DBS check

Your right to complain about our processing

If you think we have processed your personal data unlawfully or that we have not complied with GDPR, you can report your concerns to the supervisory authority in your jurisdiction. The supervisory authority in the UK is the Information Commissioner’s Office (“ICO”). You can call the ICO on 0303 123 1113 or get in touch via other means, as set out on the ICO website - https://ico.org.uk/concerns/.


Any questions?


If you have any questions or would like more information about the ways in which we process your data, please contact This email address is being protected from spambots. You need JavaScript enabled to view it.