Privacy Policy

This privacy notice is a public declaration of how United Medicare Ltd applies the Data Protection Principles & Rights afforded to individuals by the General Data Protection Regulations 2018 (GDPR), to the personal data that we process in the undertaking of our services including criminal record or Disclosure & Barring Service disclosures.

United Medicare Ltd is committed to complying to the 6 principles relating to the processing of personal data under the GDPR and these principles are listed below:

  1. Lawfulness, fairness & transparency.

  2. Purpose limitation.
Data minimisation.

  4. Accuracy.

  5. Storage limitation.

  6. Integrity and confidentiality.


We may collect, store and use the following kinds of personal information:

  • information about your computer and about your visits to and use of this website including your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views, website navigation;
  • information relating to any transactions carried out between you and us on or in relation to this website, including information relating to any purchases you make of our goods or services;
  • information that you provide to us for the purpose of carrying out Disclosure services and related services with us include, but is not limited to; name, date of birth, address, email address, contact numbers and criminal information, identity. Information gathered is strictly related to the level of employment screening an individual is assigned, the level of criminal disclosure being applied for or the level of identity verification required by our clients to meet their regulatory
  • obligations. No unnecessary information is obtained from data subjects that is not specifically required for the purpose of their checking process.
  • information that you provide to us for the purpose of subscribing to our website services, email notifications and/or newsletters;
  • any other information that you choose to send to us
  • Data is being collected by United Medicare Ltd whose registered address is 23, Pickford Road, Bexleyheath, Kent DA7 4AT and email is


Personal information submitted to us via this website or our product portals will be used for the purposes specified in this privacy statement or in relevant parts of the website and United Medicare's proprietary systems.

We may use your personal information to:

  • Conduct criminal record disclosure checks for the purposes of safeguarding and risk mitigation, which may include identity checking and for improving user experience.
  • send statements and invoices to you, and collect payments from you;
  • send you general (non-marketing) commercial communications;
  • send you email notifications which you have specifically requested;
  • send to you our newsletter and other marketing communications relating to our business [or the businesses of carefully-selected third parties] which we think may be of interest to you by post or, where you have specifically agreed to this, by email or similar technology (you can inform us at any time if you no longer require marketing communications);
  • We will not without your express consent provide your personal information to any third parties for the purpose of direct marketing.


United Medicare is required to process personal information of data subjects as part of its contractual obligations in the performance of conducting criminal record disclosures and/or identity checks for it's client(s). The checks typically carried out as a result of regulatory or legal obligations for the client or as part of a best practice risk mitigation process and policy which also comes under Legitimate Interest under GDPR. All processing of personal data by United Medicare is carried out with the full and explicit consent of each data subject. 


We may also disclose your personal information:

  • to the extent that we are required to do so by law;
  • Internal DBS staff and related suppliers;
  • in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk);
  • to the purchaser (or prospective purchaser) of any business or asset which we are (or are contemplating) selling; and
  • to any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information.
  • Except as provided in this privacy statement, we will not provide your information to third parties.


All personal data stored and processed by United Medicare is securely hosted within United Kingdom and there is no systematic transfer of data outside of the United Kingdom for any purpose.


United Medicare is an ISO27001 certified business and therefore takes information security extremely seriously. Significant investment has been made in all of our systems to create the most secure environment possible.

We continue to take all reasonable technical and organisational precautions to prevent the loss, misuse, or alteration of your personal information.

We will store all the personal information you provide on our secure (password- and firewall- protected) servers. All electronic transactions you send or receive from us will be encrypted./

Of course, data transmission over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.

You are responsible for keeping your password and user details confidential. We will not ask you for your password (except when you log in to our systems).

United Medicare retains your personal information for only as long as stipulated within client contracts and does not seek to retain data for any longer than necessary to carry out our service and fulfil our statutory and contractual obligations.

United Medicare will never process your personal information without your explicit consent and engagement in the process. If you choose not to provide personal information or consent we will be unable to carry out our checks as part of the DBS process and/or ID checking where necessary.

United Medicare takes no liability in the failure for individuals to engage with any employment screening or identity checking process on behalf of a client.


We may update this privacy statement from time-to-time by posting a new version on our website. You should check this page occasionally to ensure you are happy with any changes. We may also notify you of changes to our privacy statement by email.


You may instruct us to provide you with any personal information we hold about you. Provision of such information will be subject to:

  • The supply of appropriate evidence of your identity.
  • The description of the exact information you are seeking.
  • Please refer to your new rights under GDPR – Right to Access.

We may withhold such personal information to the extent permitted by law. United Medicare recognises the further rights of data subjects under the GDPR which include;

The Right to be Informed

Individuals have the right to be informed about the collection and use of their personal data. This is a key transparency requirement under GDPR.

This privacy policy clearly outlines what data we collect and the purpose of processing.

The Right to Erasure

  • The GDPR introduces a right for individuals to have personal data erased.
  • Individuals can make a request for erasure verbally or in writing however United Medicare require all requests to be made in writing to with the subject title ‘Right to Erasure’
  • United Medicare is not responsible and does not control the data held by DBS and any request for erasure needs to be made directly to the DBS as data is transferred to them soon after receipt by United Medicare.
  • The United Medicare Privacy Team will need to effectively identify you as the data subject in question to ensure the security of that data. You will be asked to provide your identity documents and current address so that they can perform their security checks.
  • United Medicare have 30 days from the date the request was qualified to erase your information where applicable.

The Right to Restrict Processing

Under the GDPR individuals have the right to request the restriction or suppression of their personal data.

This is not an absolute right and only applies in certain circumstances:

  • You contest the accuracy of your personal data and we are verifying the accuracy of the data;


  • You have objected to us processing your data under Article 21(1), and we are considering whether our legitimate grounds override those of the individual. If this request is made then it is the same as objecting to a DBS check being made but note that data is transferred soon after receipt by United Medicare to the DBS. Therefore, the DBS needs to be contacted directly by the data subject.

The Right to Object

  • The GDPR gives individuals the right to object to the processing of their personal data in certain circumstances.
  • Individuals have an absolute right to stop their data being used for direct marketing. United Medicare never use candidate data for direct marketing purposes or share data with third party marketing agencies and so this does not apply.
  • In other cases where the right to object applies we may be able to continue processing if there is a compelling reason for doing so.
  • Should you object to us processing your data for the purposes of conducting DBS checks then you should withdraw consent and yourself from the process using your Right to Withdraw Consent and contact your prospective employer to explain.
  • Please note that the data is processed and transferred to the DBS in an encrypted form for processing DBS checks soon after UM receives this data. So withdrawing consent cannot stop the DBS process or prevent data transfer. You need to contact the DBS directly to have any data removed by them or to place an objection.

The Right of Access

  • Individuals have the right to access their personal data and supplementary information similar to a Subject Access Request under the UK DPA.
  • The right of access allows individuals to be aware of and verify the lawfulness of the processing and to correct any data.
  • Should you wish to invoke your Right of Access you must submit your request in writing to with the subject title ‘Right of Access’ You must be specific in your request in respect of what personal data you wish to obtain and for us to provide you.
  • The United Medicare Privacy Team will need to effectively identify you as the data subject in question to ensure the security of that data. You will be asked to provide your identity documents and current address so that they may perform their security checks.
  • United Medicare have 30 days from the date the request was qualified to supply you with your information.
  • The Right to Rectification

  • The GDPR includes a right for individuals to have inaccurate personal data rectified or completed if it is incomplete.
  • An individual can make a request for rectification verbally or in writing.
  • It is essential that United Medicare have full and accurate information submitted by individuals in order for us to conduct our checks. If you feel that you have made a mistake in the information you provided us then please contact the DBS directly as the data would have been transferred to the DBS who will be processing. Therefore, the DBS needs to be contacted directly to correct any data you have submitted as the error cannot be amended if it is already being processed by the DBS unless they allow this at the stage of processing the form.

The Right to Data Portability

Should you wish to invoke your Right to data Portability you must submit your request in writing to with the subject title ‘Right to Data Portability’. United Medicare have 30 days to respond to your request.

The Right to Withdraw Consent

The GDPR gives individuals the right to withdraw consent for processing personal data at any time.

United Medicare will always obtain your explicit consent before processing your personal data and conducting the checks relevant to you.

Should you object to the processing of your data or you wish to prevent any further processing of your data or withdraw yourself from the process then you should formally contact the Privacy Team in writing at and title the subject header ‘Right to Withdraw Consent’.

United Medicare have 30 days to respond to your request. If you feel that you wish to withdraw consent for then please contact the DBS directly as the data would have been transferred to the DBS to be processed.

The Right to Complain

Every data subject should have the right to lodge a complaint and the right to an effective judicial remedy in accordance with Article 47 of the Charter if the data subject considers that his or her rights under the GDPR are infringed or where the supervisory authority does not act on a complaint, partially or wholly rejects or dismisses a complaint or does not act where such action is necessary to protect the rights of the data subject.

United Medicare takes data privacy and the handling of personal data extremely seriously therefore should you have any concerns in relation to the manner in which we are processing your personal data please contact us at and outline your concerns.

Should you not be satisfied by our response or the actions we have taken you are entitled to complain to the Information Commissioners Office (ICO) as the UK’s Supervisory Authority for the GDPR.


The website may contain links to other websites. We are not responsible for the privacy policies or practices of third party websites.


Please let us know if the personal information which we hold about you needs to be corrected or updated. You can do this by using your Right to Rectification. However, the DBS needs to be contacted directly to correct any data you have submitted as the error cannot be amended by United Medicare if already being processed by the DBS unless they allow this when at the stage of processing the form.


The data controller responsible in respect of the information collected on this website is United Medicare. In respect to our services, in most cases United Medicare is acting as a Data Processor on behalf of our clients who are the Data Controllers and determining the purpose and reason for data processing.


We are very satisfied with your service, we have used several companies over the last few years and found yours to be most efficient, we would recommend you to anyone.
Ms Susan Davies, Matron
Oaks Court Nursing Home, Wolverhampton
Excellent service provided. Polite staff who are always available for advice and always professional. I have used other services, but United Medicare Ltd offer a First class Professional service.
Ms Jenny Shaw,Matron
Fleetwood Nursing Home, Lancashire
Excellent and prompt service by very Pleasant and Professional Staff
Mr Montezuma,Manager
Aldbourne Nursing Home, Wiltshire
Since Changing to United Medicare Ltd, I have found the staff very helpful, polite and engaging. The service provided is prompt and act as a very useful resource. The First POVA checks are promptly returned however I understand the CRB`s are longer with strict criteria having to be adhered to. Our plan is to continue with United Medicare Ltd, the service is great. Many Thanks
Mr Adam Hesselden,Manager
Greenview Nursing House, West Yorkshire