Privacy Policy

Version: 1.0
Effective Date: 24 October 2025
Legal Basis: UK General Data Protection Regulation (UK GDPR)

Who we are

This privacy policy explains how United Medicare Ltd (trading as United CRB) collects, uses, and protects personal data. Our website address is: https://unitedcrb.com. United Medicare Ltd is the Data Controller for data processed via this website and our services. Our registered office is: 23 Pickford Rd, Bexleyheath DA7 4AT.

Contacting us

If you have any questions about this policy, or would like to exercise your rights, please contact our Privacy Lead at: [Insert dedicated email address].

What personal data we collect and why

We may collect and process the following data:

  • Personal details (name, email, phone number) submitted via our contact forms or DBS application process
  • Identity documentation and criminal record data (where relevant to DBS checks)
  • IP address and browser type (for technical and security purposes)
  • Comments and profile images (if you leave a comment)
  • Uploaded files (e.g., identification documents, CVs)

We collect this data to:

  • Deliver and manage our DBS administration services
  • Respond to enquiries and customer support requests
  • Verify identity and submit DBS applications
  • Maintain records of communication and compliance
  • Improve our website and service experience
  • Meet legal and regulatory obligations

Lawful bases for processing

We rely on the following legal bases under UK GDPR:

  • Contractual necessity (e.g. to process DBS applications on your behalf)
  • Legal obligation (e.g. to meet safeguarding and regulatory requirements)
  • Legitimate interests (e.g. improving user experience, internal record-keeping)
  • Consent (e.g. when subscribing to updates or submitting sensitive documents)

How long we keep your data

We retain personal data only for as long as necessary:

  • DBS application data is typically held for up to 6 months from completion
  • Enquiries and contact form submissions are retained for 12 months
  • User accounts and comments may be stored indefinitely unless you request deletion
  • Data held under legal obligations (e.g. audit, tax) may be retained for up to 6 years

Sharing your data

We may share your data with:

  • Disclosure and Barring Service (DBS), Disclosure Scotland, or Access NI
  • Identity verification and digital signature providers
  • IT and hosting providers supporting our website and systems
  • Regulators or law enforcement if required by law

We do not sell or rent your personal data to third parties.

International transfers

We do not routinely transfer data outside the UK. Where third-party services (e.g. cloud providers) operate internationally, we ensure appropriate safeguards (e.g. UK IDTA or SCCs) are in place.

Cookies and tracking

This website uses essential and analytical cookies.

  • If you leave a comment, cookies may save your name, email and site preferences
  • Login cookies are set for up to two weeks
  • Site usage may be tracked using anonymised analytics tools

You can manage cookie preferences in your browser settings.

Your rights under UK GDPR

You have the right to:

  • Request access to your data
  • Request correction or deletion of data
  • Object to or restrict processing
  • Withdraw consent (where processing is based on consent)
  • Request data portability
  • Lodge a complaint with the Information Commissioner’s Office (ICO)

To exercise your rights, contact us at crb@unitedmedicare.com.

Automated decision-making

We do not use your data for automated decision-making or profiling that has a legal or significant effect.

How we protect your data

We implement appropriate technical and organisational measures including encrypted communication, access controls, secure storage of documents, and regular audits. Disclosure information is processed in line with the DBS Code of Practice.

Changes to this policy

We may update this policy to reflect changes in law or services. Any changes will be posted on this page with the revised effective date.