PRIVACY POLICY (UK GDPR) (Lead Nurse Limited)
Last updated: 24 February 2026
Introduction
Lead Nurse Limited (“Lead Nurse”, “we”, “us”, “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, share, and protect personal data when you:
visit our website https://leadnurse.co.uk,
contact us,
register as a candidate/worker,
engage us as a client, or
otherwise interact with us.
Data controller and contact details
Data Controller: Lead Nurse Limited
Registered office: 416 Ridgacre Road West, Quinton, Birmingham, England, B32 1AS
Company number: 17007292
Email: info@leadnurse.co.ukThe personal data we collect
We may collect and process the following categories of data, depending on your relationship with us.
A) Website visitors and enquiries
Contact details you provide (name, email, phone number, message content).
Technical data (IP address, device type, browser type, operating system, and basic usage data).
Cookie and similar technology data (see Cookies Policy).
B) Candidates/workers (including nurses and other clinical staff)
Identity data: name, date of birth, address, nationality, and identification documents.
Contact details.
Right to work documentation and checks.
Professional information: CV, qualifications, training, employment history, references, professional registration numbers/status (e.g., NMC), and compliance documents.
Vetting information: DBS status and related information where required (handled carefully and lawfully).
Work and assignment information: availability, preferences, timesheets, performance feedback, incidents/complaints relating to assignments where relevant.
Payroll/finance data: bank details, National Insurance number, tax status, payment records.
Special category data (only where necessary and lawful): health/occupational health information relevant to fitness for work; immunisation status where required by placement conditions; information needed for safeguarding or regulatory purposes.
Criminal offence data: where relevant to DBS checks and safeguarding requirements, processed under strict controls.
C) Clients and client representatives
Name, role, business contact details.
Booking/assignment information, communications, service feedback, incident reports where relevant.
D) Suppliers and business contacts
Contact details and business relationship information.
How we use personal data and lawful bases
We only use personal data where the law allows. The main purposes and lawful bases include:
A) Responding to enquiries and managing relationships
Purpose: to respond to messages, provide information, and manage our relationship.
Lawful basis: legitimate interests (running our business) and/or steps prior to entering a contract.
B) Recruitment, onboarding, and placement of candidates/workers
Purpose: to assess suitability, verify credentials, place workers with clients, and manage assignments.
Lawful basis: contract (to provide services) and legitimate interests; legal obligation where checks are required.
C) Compliance, safeguarding, and regulatory requirements
Purpose: right to work checks, professional registration checks, safeguarding actions, incident management, and meeting legal/regulatory duties.
Lawful basis: legal obligation and/or legitimate interests; for special category data, additional conditions apply (see section 5).
D) Payroll, invoicing, accounting and administration
Purpose: paying workers, invoicing clients, and maintaining records.
Lawful basis: contract and legal obligation.
E) Website improvement and security
Purpose: to keep the Website secure and improve performance and usability.
Lawful basis: legitimate interests; consent for non-essential cookies where required.
F) Marketing (where applicable)
Purpose: to send service updates or marketing communications.
Lawful basis: consent where required, or legitimate interests where permitted by law. You can opt out at any time.
Special category data and criminal offence data
We process special category data (e.g., health information) only when necessary and where a lawful condition applies under UK GDPR. This may include:
carrying out obligations and exercising specific rights in employment and social protection law,
safeguarding and regulatory compliance where applicable,
assessment of working capacity/fitness for work,
establishment, exercise or defence of legal claims, and/or
explicit consent where appropriate.
Criminal offence data (including DBS-related information) is processed only where necessary for safeguarding and role suitability, and with appropriate safeguards and access restrictions.
Where we get personal data from
We may collect personal data:
directly from you (forms, email, phone, applications),
from referees, employers, or training providers (references/verification),
from professional regulators (e.g., to verify registration status),
from background check providers where applicable, and
from clients in relation to assignments, feedback, or incidents.
Who we share personal data with
We may share personal data with:
Clients/hirers, to arrange placements and meet compliance requirements for assignments.
Service providers who support our operations (IT hosting, email systems, payroll, accounting, document management).
Background checking and compliance providers (e.g., DBS processing partners where used).
Professional bodies/regulators and law enforcement, where required or appropriate for safeguarding and legal compliance.
Advisers (legal, financial, insurance) where necessary.
We require service providers to protect personal data and to act only on our instructions where they act as processors.
International transfers
We aim to keep data in the UK. If we use suppliers whose systems involve transfers outside the UK, we will ensure appropriate safeguards are in place (such as the UK International Data Transfer Agreement or other lawful mechanisms) and provide additional information on request.Data security
We use appropriate technical and organisational measures to protect personal data against accidental loss, misuse, unauthorised access, alteration, or disclosure. Access is limited to those who need it for legitimate business purposes.How long we keep personal data (retention)
We keep personal data only for as long as needed for the purposes described and to comply with legal and regulatory obligations. Retention periods vary depending on the type of record. Typical examples include:
General enquiries: up to 24 months from last contact.
Candidate/worker records (including compliance documents): typically up to 6 years from last engagement, or longer where required for safeguarding, regulatory, or insurance reasons.
Payroll/tax/accounting records: typically up to 6 years (or as required by law).
You can request more detail by emailing info@leadnurse.co.uk.
Your rights
Under UK GDPR you have rights, including:
Access: request a copy of your personal data.
Rectification: correct inaccurate or incomplete data.
Erasure: request deletion in certain circumstances.
Restriction: limit processing in certain circumstances.
Objection: object to processing based on legitimate interests or direct marketing.
Portability: receive certain data in a portable format (where applicable).
Withdraw consent: where processing is based on consent.
To exercise rights, email info@leadnurse.co.uk. We may need to verify your identity. If you are unhappy with our response, you can complain to the UK Information Commissioner’s Office (ICO).
Marketing preferences
If you receive marketing from us, you can opt out at any time by following the unsubscribe instructions (where provided) or emailing info@leadnurse.co.uk. Opting out will not affect service communications necessary for existing relationships or ongoing placements.Links to other websites
Our Website may include links to third-party websites. We are not responsible for their privacy practices. Please review their privacy notices.Changes to this Privacy Policy
We may update this policy from time to time. The “Last updated” date shows the most recent revision.