Privacy policy

Last updated: 2026-05-07

1. Who we are

RockSolid 247 Limited, registered in England & Wales, company number 10925171. Registered office: 78 The Boxhill, Coventry, England, CV3 1ER. ICO data-controller registration: ZA527245 (Tier 1). Contact for privacy queries: info@rocksolid247.com.

2. What personal data we collect

We collect personal data in three contexts:

• From applicants and care professionals: full name, contact details, date of birth, address, National Insurance number, right-to-work evidence, DBS certificate details, bank details for payroll, references, optional CV.
• From care recipients and their representatives: name, contact details, care needs, care plans, contact preferences.
• From website visitors: IP address and user-agent (Cloudflare standard logs); any data you submit via the contact form.

3. Lawful bases for processing

• Legitimate interest — recruitment, supplier introductions.
• Contract — delivery of agreed care services.
• Legal obligation — CQC parallel safeguarding records, HMRC payroll records, Home Office right-to-work requirements.
• Consent — marketing preferences only, defaulted off.

4. Recipients

• uCheck — DBS check processing, with applicant consent at the point of payment.
• Stripe — payment-card data; we never see or store card details ourselves.
• HMRC — payroll.
• Local Authority commissioners — case-by-case for placement-specific information.
• Regulators where legally required.

We do not share personal data for marketing purposes and we do not use third-party advertising trackers.

5. Retention periods

• Care-recipient and care-professional records: minimum 7 years post-termination of relationship, longer where law requires.
• Contact-form submissions: 12 months unless the enquiry becomes a working relationship.
• Website logs (Cloudflare edge): 30 days.

6. International transfers

None. All processing is in the UK. Cloudflare's UK edge serves the website. Mailbox storage is at one.com (UK/EU). Outbound transactional email (via Resend) transits under standard contractual clauses.

7. Your rights

Under the UK GDPR you have the right to: access your data, request correction of inaccurate data, request erasure, restrict processing, request portability, object to processing, and withdraw any consent you previously gave. We do not make automated decisions with legal or similarly significant effects about you.

To exercise any of these rights, email info@rocksolid247.com or write to our registered office.

8. Complaints

You have the right to complain to the Information Commissioner's Office at ico.org.uk. We would prefer the chance to resolve any concerns first — please contact us.

9. Updates to this policy

We will update this page when our practices change. Material changes will be flagged on our homepage for at least 30 days. The "Last updated" date at the top of this page records when the current version took effect.

10. Data Protection Officer

RockSolid 247 Limited is not required to formally appoint a Data Protection Officer under UK GDPR Article 37 — we are not a public authority and our core activities do not constitute large-scale systematic monitoring or processing of special-category data at the threshold that mandates a DPO. Privacy queries are handled by the Director and the operations team via info@rocksolid247.com.