Right to Object
You have a legal right to object at any time to:
(i) the use of your personal information for direct marketing purposes; and
(ii) the processing of your personal information where this is based on our legitimate interests, unless there are compelling legitimate grounds for our continued processing.
Introduction
This Policy sets out the obligations of AHC Services Ltd (trading as Capricorn Care Services) (“Capricorn Care Services”, “the company”, “we”, “us” or “our”) regarding data protection and the rights of candidates, clients, staff, internal and external stakeholders and users of our website (“Data Subjects”) in respect of their personal data.
This Policy applies in accordance with the UK General Data Protection Regulation (“UK GDPR”), the Data Protection Act 2018 and other applicable data protection legislation.
The UK GDPR defines “personal data” as any information relating to an identified or identifiable natural person. An identifiable natural person is someone who can be identified, directly or indirectly, by reference to information such as a name, identification number, location data, online identifier, or factors specific to their physical, physiological, genetic, mental, economic, cultural or social identity.
This Policy sets out Capricorn Care Services’ obligations regarding the collection, processing, transfer, storage and disposal of personal data. The procedures and principles set out in this Policy must be followed at all times by Capricorn Care Services, its employees, agents, contractors and any other parties working on behalf of the company.
Capricorn Care Services is committed to the correct, lawful and fair handling of personal data and places high importance on respecting the legal rights, privacy and trust of all individuals with whom it deals.
The Data Protection Principles
Capricorn Care Services will ensure that personal data is:
- Processed lawfully, fairly and transparently.
- Collected for specified, explicit and legitimate purposes.
- Adequate, relevant and limited to what is necessary.
- Accurate and, where necessary, kept up to date.
- Kept only for as long as necessary.
- Processed securely using appropriate technical and organisational measures.
The Information We Collect and How We Use It
Capricorn Care Services may collect personal information including, but not limited to:
- Name and contact details
- Email address
- CV and employment history
- Identification documents
- Educational records
- References
- Right to work documentation
- Bank details where required for employment or payment purposes
- Next of kin details
- Health information where relevant and lawful
- Criminal record information where required for regulated activity, safeguarding or safer recruitment purposes
This information may be used for the following purposes:
- To provide our services.
- To maintain business relationships.
- To process job applications and general recruitment enquiries.
- To match candidates with suitable vacancies.
- To assess suitability for employment or work placements.
- To send candidate details to clients where appropriate and lawful.
- To answer enquiries.
- To provide service updates, marketing communications and relevant information, where permitted by law.
- To fulfil contractual obligations with clients, candidates and employees.
- To carry out reference checks, qualification checks, DBS checks, right to work checks and other recruitment checks.
- To comply with regulatory, safeguarding, legal and law enforcement obligations.
- To improve website functionality and user experience.
Where consent is required, Capricorn Care Services will obtain consent before processing personal data for that purpose.
Rights of Data Subjects
Data Subjects have the following rights under data protection legislation:
- The right to be informed.
- The right of access.
- The right to rectification.
- The right to erasure.
- The right to restrict processing.
- The right to data portability.
- The right to object.
- Rights relating to automated decision-making and profiling.
Lawful, Fair and Transparent Processing
Capricorn Care Services will only process personal data where at least one lawful basis applies, including:
- Consent has been given.
- Processing is necessary for a contract.
- Processing is necessary to comply with a legal obligation.
- Processing is necessary to protect vital interests.
- Processing is necessary for a task carried out in the public interest.
- Processing is necessary for legitimate interests, unless overridden by the rights and freedoms of the Data Subject.
Special Category Data
Where Capricorn Care Services processes special category data, such as health information, ethnicity, biometric data, or other sensitive personal information, it will only do so where a lawful condition applies under data protection legislation.
This may include explicit consent, employment law obligations, safeguarding obligations, health or social care requirements, substantial public interest reasons, or legal claims.
Specified, Explicit and Legitimate Purposes
Capricorn Care Services collects and processes personal data directly from Data Subjects, from third parties and electronically through applications, enquiries, website forms, job boards or recruitment platforms.
Personal data will only be collected, processed and retained for specific, lawful and legitimate purposes.
Adequate, Relevant and Limited Data Processing
Capricorn Care Services will only collect and process personal data to the extent necessary for the relevant purpose.
Accuracy of Data and Keeping Data Up to Date
Capricorn Care Services will take reasonable steps to ensure that personal data is accurate and kept up to date. Where personal data is found to be inaccurate or outdated, it will be amended or erased without delay where appropriate.
Data Retention
Capricorn Care Services will not keep personal data for longer than necessary. When personal data is no longer required, it will be securely deleted, destroyed or otherwise disposed of.
Secure Processing
Capricorn Care Services will ensure that personal data is protected against unauthorised or unlawful processing, accidental loss, destruction or damage through appropriate technical and organisational measures.
Accountability and Record Keeping
The Data Protection Officer for Capricorn Care Services is:
Atif Hussain
Email: contact@capricorncareservices.com
The Data Protection Officer is responsible for overseeing the implementation of this Policy and monitoring compliance with applicable data protection legislation.
Capricorn Care Services will keep appropriate records of data processing activities, including:
- The name and details of the company and Data Protection Officer.
- The purposes of processing.
- Categories of personal data processed.
- Categories of Data Subjects.
- Details of any data sharing or transfers.
- Data retention periods.
- Technical and organisational security measures.
Data Protection Impact Assessments
Capricorn Care Services will carry out Data Protection Impact Assessments where processing is likely to result in a high risk to the rights and freedoms of individuals.
Keeping Data Subjects Informed
Capricorn Care Services will provide Data Subjects with clear information about:
- The identity of the company.
- The purpose and lawful basis for processing.
- Any legitimate interests relied upon.
- Categories of personal data processed.
- Details of third-party recipients where applicable.
- Any international transfers and safeguards.
- Data retention periods.
- Data Subject rights.
- The right to withdraw consent.
- The right to complain to the Information Commissioner’s Office.
- Any automated decision-making or profiling where applicable.
Data Subject Access Requests
Data Subjects may make a Subject Access Request (“SAR”) to find out what personal data Capricorn Care Services holds about them, why it is held and how it is used.
SARs should be made in writing to:
Email: contact@capricorncareservices.com
Capricorn Care Services will normally respond within one month. This may be extended by up to two further months where the request is complex or numerous.
Rectification of Personal Data
Data Subjects have the right to request correction of inaccurate or incomplete personal data. Capricorn Care Services will respond within one month, unless an extension is required due to complexity.
Erasure of Personal Data
Data Subjects may request erasure of personal data where:
- The data is no longer necessary.
- Consent is withdrawn.
- The Data Subject objects and there is no overriding legitimate interest.
- The data has been unlawfully processed.
- Erasure is required by law.
Where appropriate, Capricorn Care Services will comply with erasure requests within one month.
Restriction of Processing
Data Subjects may request that Capricorn Care Services restricts processing of their personal data. Where restriction applies, the company will retain only the data necessary to ensure it is not further processed unlawfully.
Data Portability
Where applicable, Data Subjects have the right to receive their personal data in a structured, commonly used and machine-readable format and to transmit it to another data controller.
Objections to Processing
Data Subjects have the right to object to processing based on legitimate interests, direct marketing and certain research or statistical purposes.
Where a Data Subject objects to direct marketing, Capricorn Care Services will stop processing personal data for that purpose immediately.
Personal Data Collected, Held and Processed
Capricorn Care Services may collect and process the following categories of personal data:
- Interview notes and recruitment communications.
- Passport, visa and right to work documentation.
- Contact details and emergency contact details.
- Candidate details, including address, telephone number and email address.
- CVs, work history and experience.
- Client job details and job specifications.
- Employment, payroll and bank details.
- Training, qualification and compliance records.
- Health and safeguarding-related information where lawful and necessary.
- DBS and criminal record information where required for regulated activity.
Data Security – Transferring Personal Data and Communications
Capricorn Care Services will ensure that:
- Emails containing personal data are marked confidential where appropriate.
- Personal data is transmitted securely.
- Personal data is not sent over unsecured networks where avoidable.
- Hard copy personal data is transferred securely.
- Physical records are marked confidential where appropriate.
Data Security – Storage
Capricorn Care Services will ensure that:
- Electronic personal data is protected by passwords and appropriate security controls.
- Hard copy records are stored securely in locked storage.
- Backups are maintained securely where appropriate.
- Personal data is not stored on personal devices unless authorised and protected.
Data Security – Disposal
Personal data will be securely deleted, shredded or disposed of when no longer required.
Data Security – Use of Personal Data
Personal data must not be shared informally. Access to personal data must be limited to authorised individuals who require it for their role.
Employees must not leave personal data unattended or visible to unauthorised persons. Computer screens must be locked when unattended.
Data Security – IT Security
Passwords used to protect personal data must be secure and changed where required. Passwords must not be shared or written down in an insecure manner.
Organisational Measures
Capricorn Care Services will ensure that:
- Staff understand their responsibilities under data protection legislation.
- Staff are provided with this Policy.
- Access to personal data is limited to those who need it.
- Staff handling personal data are appropriately trained and supervised.
- Data protection practices are reviewed periodically.
- Contractors and third parties handling personal data comply with equivalent data protection standards.
International Transfers
Capricorn Care Services may transfer personal data outside the UK or European Economic Area only where appropriate safeguards are in place or where the transfer is otherwise permitted by law.
Data Breach Notification
All personal data breaches must be reported immediately to the Data Protection Officer.
Where a breach is likely to result in a risk to the rights and freedoms of individuals, Capricorn Care Services will notify the Information Commissioner’s Office without undue delay and, where required, within 72 hours of becoming aware of the breach.
Where a breach is likely to result in a high risk to affected individuals, Capricorn Care Services will notify those individuals without undue delay.
Website
Capricorn Care Services may use website analytics, cookies and website recording tools to improve website functionality, usability and services.
Information collected may include mouse clicks, page scrolling, interaction with website forms and general usage information. Such information will be used for aggregated and statistical reporting and will not be shared unlawfully.
Job Alerts
Where Data Subjects subscribe to job alerts, their name and email address may be used to send relevant job updates and related information. Unsubscribe links will be provided in job alert emails.
Cookies
Capricorn Care Services may use cookies to enable website functionality, improve user experience, measure traffic and support internal management purposes. Further details should be set out in the company’s Cookie Policy.
Internet-Based Transfers
Use of the internet may involve international transmission of data. While Capricorn Care Services takes appropriate steps to protect personal data, transmission via the internet cannot be guaranteed as completely secure.
Accessing and Updating Personal Information
Data Subjects may contact Capricorn Care Services to access, update, correct or request deletion of their personal information.
Requests should be sent to:
Email: contact@capricorncareservices.com
How Personal Information Is Secured and Protected
Capricorn Care Services uses appropriate technical and organisational measures to protect personal data, including secure systems, staff training and access controls.
Employees who misuse personal data may be subject to disciplinary action.
Changes to this Privacy Policy
Capricorn Care Services may amend this Privacy Policy from time to time. Where material changes are made, the company will update the website and, where appropriate, notify affected users.
Website Links
This Site may contain links to external websites. Capricorn Care Services is not responsible for the content or privacy practices of external sites.
Account Removal
Where online account functionality is available, users may request account removal and deletion of associated personal data, subject to legal and regulatory retention requirements.
Implementation of Policy
This Policy shall be deemed effective from 25 September 2024. It applies to matters occurring on or after this date.
Contact
For enquiries about this Policy or the processing of personal information, including exercising data protection rights, please contact:
Email: contact@capricorncareservices.com
Post:
AHC Services Ltd t/a Capricorn Care Services
Registered office address
Ground Floor 1d Capricorn Business Park, Blakewater Road, Blackburn, Lancashire, England, BB1 5QR
When you contact us, we may ask you to verify your identity.
Copyright © 2026 AHC Services Ltd t/a Capricorn Care Services. All rights reserved.
