Privacy Policy

What information we hold about you, why we hold it, who we share it with, how long we keep it, and the rights you have over your information under UK GDPR and the Data Protection Act 2018.

Document

Versionv3.0

Effective7 May 2026

OwnerWe Are Care Ltd Board

Assisted by Baton

Review cycle

Monthly · Baton Compliance

Anchored to

UK GDPR (Arts. 6, 9, 13, 22, 32) Data Protection Act 2018 ICO codes of practice PECR 2003

Contents

Section 01

Who we are

We Are Care Ltd ("We Are Care", "we", "us") is the data controller for the personal information described in this policy: the data we hold about visitors to this site, care workers we place, prospective customers, and the people at the organisations we work with.

When a provider uses our care staffing services and the Baton platform to deliver care, we act as their data processor for the resident and staff records they hold. That relationship is governed by our Data Processing Agreement, not this policy.

Section 02

What we collect & why

We keep this to what we genuinely need. In practice that means:

Contact details you give us (name, email, organisation, phone) when you get in touch or book a conversation.
Worker records for the carers we place (right-to-work, DBS, training and availability), held to staff shifts safely.
Basic technical data needed to keep the site secure and working. We set no third-party advertising cookies.

Section 03

Lawful bases

We rely on legitimate interests to respond to enquiries and run the service, contract to provide our services to customers and carers, and legal obligation where the law requires us to keep records. Where we rely on consent (for optional marketing), you can withdraw it at any time.

Section 04

Who we share it with

We don't sell personal data. We share it only with the vetted suppliers that help us run the service, with the providers we place carers into, and with authorities where we're legally required to.

Section 05

International transfers

Our platform is hosted entirely in the United Kingdom and your data stays here. Where a supplier processes data outside the UK, we put approved safeguards in place (UK IDTA or adequacy) before any transfer.

Section 06

How long we keep it

We keep personal data only as long as we have a reason to. Enquiry data is held for up to 24 months; worker and contractual records for the life of the engagement plus the period the law requires. After that it's deleted or anonymised.

Section 07

Your rights

Under UK GDPR you can ask us to give you a copy of your data, correct it, delete it, restrict or object to how we use it, or port it elsewhere. To exercise any of these, email hello@wearecare.co.uk. We'll respond within one month.

Section 08

Security

We protect personal data with the controls set out in our ISO 27001-aligned Information Security policy: encryption in transit and at rest, least-privilege access, monitoring, and tested recovery.

Section 09

Changes & complaints

When this policy changes we publish the new version here, with the version number and date. Baton Compliance keeps the history. If you're unhappy with how we've handled your data, tell us first, then you have the right to complain to the ICO.