Privacy Policy

Effective Date: October 2018 – Last updated: May 2025

Introduction

Welcome to Forefront Care Solutions (“we”, “us”, “our”). We are committed to protecting and respecting the privacy of our candidates, clients, website visitors, and anyone whose personal data we process in the course of providing our recruitment services.

This Privacy Policy explains what personal data we collect, how we use it, who we share it with, how we protect it, and your rights regarding your personal data. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Forefront Care Solutions is the data controller for the personal data processed through this website and in the course of our recruitment services. Our registered office is at 14 Victoria Square, Droitwich, England, WR9 8DS Our company registration number is 11615690.

Please read this policy carefully alongside our Website Terms & Conditions.

Scope of this Policy

This policy applies to:

  • Candidates: Individuals who register with us, apply for jobs advertised by us, or whose details we receive from job boards or other sources in relation to potential employment opportunities.
  • Clients: Businesses (and their employees) who engage our recruitment services to find candidates for job vacancies.
  • Website Visitors: Individuals who browse our website https://forefrontcaresolutions.com/
  • Referees & Emergency Contacts: Individuals whose details are provided to us by candidates.
What Personal Data We Collect

We may collect and process the following types of personal data:

  • Candidates:
    • Contact Information: Name, email address, phone number, postal address.
    • Professional Information: CV/resume, employment history, education, qualifications, skills, salary expectations, notice period, references, professional memberships.
    • Identification & Right to Work: Nationality, passport/visa details (where required for legal compliance).
    • Interview & Assessment Data: Notes from interviews, assessment results, feedback.
    • Communications: Records of emails, phone calls, and meetings in regards to the recruitment process.
    • Website Usage Data: How you interact with our website (see Section 9: Cookies).
  • Clients:
    • Contact Information: Name, job title, company name, work email address, work phone number, office address.
    • Vacancy Details: Information about job roles you wish to fill.
    • Communications: Records of emails, phone calls, meetings related to our services.
    • Financial Information: Billing details (if applicable).
  • Website Visitors:
    Technical Data: IP address, browser type, operating system, referring URLs, pages visited, time spent on site (collected via cookies and analytics).
  • Referees:
    • Contact Information: Name, job title, company, contact details, relationship to the candidate.
How We Collect Your Personal Data

We collect personal data:

  • Directly from you: When you register on our website, upload your CV, apply for a job, contact us via email/phone, provide details during interviews, or engage our services (clients).
  • From third parties:
    • CV Searching facilities through indeed, Total jobs and
    • Social media platforms (e.g., LinkedIn).
    • Referrals from other candidates or contacts.
    • Your referees (only after obtaining your permission to contact them).
    • Clients providing feedback on candidates.
  • Automatically: Through cookies and tracking technologies when you use our website (see Section 9: Cookies).
How We Use Your Personal Data (Purpose & Legal Basis)

We use your personal data for the following purposes, relying on specific legal bases under UK GDPR:

 Providing Recruitment Services (Candidates):

  • Data types used: Contact Info, Professional Info, Interview Data, Communications, Right to Work 
  • Legal Basis – Legitimate Interests: To operate our recruitment business, match candidates with suitable roles.

 Matching candidate details with job vacancies:

  • Data types used: Contact Info, Professional Info, Interview Data, Communications, Right to Work 
  • Legal Basis – Legitimate Interests: To operate our recruitment business, match candidates with suitable roles.

Contacting you about suitable opportunities:

  • Data types used: Contact Info, Professional Info, Interview Data, Communications, Right to Work 
  • Legal Basis – Legitimate Interests: To operate our recruitment business, match candidates with suitable roles.
Submitting your details to clients (with your prior consent):
  • Data types used: Contact Info, Professional Info, Interview Data, Communications, Right to Work 
  • Legal Basis – Consent: We will obtain your specific agreement before sharing your identifiable profile with a client.

Arranging interviews & assessments:

  • Data types used: Preferred dates & times
  • Legal Basis – Legitimate Interests: Facilitating the recruitment process

Verifying right to work:

  • Data types used: Identification & right to work
  • Legal Basis – Legal Obligation: Compliance with immigration laws

Providing Recruitment Services (Clients): 

  • Data types used: Contact Info, Vacancy Details, Communications, Financial Info
  • Legal Basis – Legitimate Interests:

    To provide recruitment services, manage client relationships, fulfil contractual obligations.

Understanding the hiring needs:

  • Data types used: Contact Info, Vacancy Details, Communications, Financial Info
  • Legal Basis – Contractual Necessity: Where a formal service agreement exists.

In addition we will use the data to source and present suitable candidates to our clients as well as managing the recruitment process and manage and share preferences to meet. We will therefore share CV related information or candidate inquiry notes with recruiters, all based on legitimate interests to deliver a smooth recruitment process for both parties.

Contacting Referees:

  • Data types used: Contact info given by either client or candidate, info on the relationship and job title. 
  • Legal Basis – Legitimate Interests:

    Verifying candidate information (with candidate’s prior permission).

Marketing & Communications:

  • Data types used: Contact information (clients and candidates)
  • Legal Basis – Consent:

    For direct marketing emails about services, news, or events after you have given consent to receive tehse communications (you can opt-out anytime).

Sending job alerts (candidates): 

  • Date types used: Contact Info: Email & full name (Candidates)
  • Legal Basis – Legitimate Interests: Providing relevant job information based on registration/preferences.

Website Improvement & Analytics: 

  • Website Usage Data, Technical Data (Anonymous) 
  • Legal Basis -Legitimate Interests: To improve website functionality and user experience.
  • Legal Basis – Consent: For non-essential cookies (see Cookie Policy).

Legal & regulatory compliance 

  • Data types used: all relevant data types
  • Legal Basis – Legal Obligation: Complying with laws, regulations, court orders.

  • We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason compatible with the original purpose.

Who We Share Your Personal Data With

We may share your personal data with:

  • Clients: We share candidate information (CVs, profiles) with clients only when we have the candidate’s explicit permission to do so for a specific role or type of role.
  • Candidates: We may share feedback provided by clients (anonymised unless specific permission is given).
  • Third-Party Service Providers: Companies that provide services to us, such as:
    • IT and system administration services (e.g., cloud hosting, email providers).
    • Applicant Tracking System (ATS) providers.
    • Website analytics providers.
    • Professional advisors (lawyers, accountants, insurers).

These providers are contractually bound to protect your data and only use it for the purposes we specify.

  • Regulatory Authorities: HMRC, the Information Commissioner’s Office (ICO), and other regulators where required by law.
  • Law Enforcement: If required by law or to protect our rights, property, or safety, or that of others.
  • Potential Buyers: In the event of a business sale or restructuring, data may be transferred under confidentiality agreements.

We do not sell your personal data.

International Data Transfers

Some of our third-party service providers may be based outside the UK or European Economic Area (EEA). If we transfer your personal data outside the UK/EEA, we will ensure a similar degree of protection is afforded to it by implementing appropriate safeguards, such as:

  • Ensuring the country has been deemed to provide an adequate level of protection by the UK government.  
  • Using specific contracts approved by the UK government (e.g., International Data Transfer Agreement or Addendum to EU Standard Contractual Clauses).

Please contact us if you want further information on the specific mechanism used when transferring your personal data out of the UK/EEA.  

Data Security

We have implemented appropriate technical and organisational security measures to prevent your personal data from being accidentally lost, used, accessed in an unauthorised way, altered, or disclosed. These include access controls and secure servers.

Access to your personal data is limited to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal data on our instructions and are subject to a duty of confidentiality.  

We have procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.  

Data Retention

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements.  

  • Candidates: We typically retain candidate data for three years after our last meaningful contact, unless you request deletion earlier or we are required to keep it longer for legal reasons. We may contact you periodically to update your details and confirm if you wish to remain on our database.
  • Clients: We retain client data for the duration of the business relationship and for 6 years afterwards to comply with legal and tax obligations.

We may retain data for longer periods in the event of a complaint or if we reasonably believe there is a prospect of litigation. Retention periods are reviewed periodically. Anonymised data may be kept indefinitely for statistical purposes.

Your Data Protection Rights

Under UK GDPR, you have the following rights regarding your personal data:

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure (‘Right to be Forgotten’): Request deletion of your personal data where there is no compelling reason for us to keep processing it.  
  • Right to Restrict Processing: Request suspension of processing under certain circumstances.
  • Right to Data Portability: Request transfer of your data to you or a third party in a structured, commonly used, machine-readable format (applies to data processed by automated means based on consent or contract).  
  • Right to Object: Object to processing based on legitimate interests or for direct marketing.
  • Right to Withdraw Consent: Where we rely on consent, you can withdraw it at any time (this won’t affect the lawfulness of processing before withdrawal).

To exercise any of these rights, please contact us using the details in Section 13. We may need to verify your identity before processing your request. There is usually no fee, but we may charge a reasonable fee or refuse to comply if your request is clearly unfounded, repetitive, or excessive.

Cookies

Our website uses cookies to distinguish you from other users, provide functionality, and analyse website traffic. For detailed information on the cookies we use and the purposes for which we use them, please see our Cookie Policy. 

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated effective date. We encourage you to review this policy periodically to stay informed about how we protect your data. For significant changes, we may also notify you directly (e.g., via email).  

Contact Information

If you have any questions about this Privacy Policy, our data protection practices, or wish to exercise your rights, please contact  Director Thomas Graynoth at:

  • Email: tom.graynoth@forefrontcaresolutions.com
  • Post: Thomas Graythoth, Forefront Care Solutions, 2 Exchange Quay, Imperial Court, Salford, M5 3EB 
 Complaints

You have the right to lodge a complaint at any time with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.  

  • Website: www.ico.org.uk
  • Helpline: 0303 123 1113
  • Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF  

We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.