Skip to content

Privacy Policy

Last updated: June 2026 · Next review: June 2027

Introduction

Kinetic Health Partners Limited ("Kinetic", "we", "us") is committed to protecting the privacy and confidentiality of personal information. Kinetic is a healthcare workforce and delivery partner to the NHS, operating in joint venture with ShropDoc. This Privacy Policy explains how we collect, use and protect your personal information, and your rights in relation to that information.

Who is responsible for your data

The role Kinetic plays depends on the context. For the clinical and candidate workforce we recruit and employ or engage, Kinetic acts as a Data Controller. When we deliver or operate services on behalf of an NHS organisation or ICB, that NHS organisation is usually the Data Controller and Kinetic acts as a Data Processor on their behalf. Where required for specific services, Kinetic may act as a joint controller.

This policy covers Kinetic's own processing as a controller. Where Kinetic acts as a processor, the relevant NHS organisation's privacy information also applies.

What information we collect

  • Personal information (such as name, contact details, date of birth).
  • Professional and employment information (such as qualifications, registrations, references, right to work, DBS status) for clinical and candidate workforce.
  • Health and care information, where relevant to a service we are delivering.
  • Information relating to service delivery, reviews and quality monitoring.
  • Information about professionals or representatives where someone acts on behalf of another person.

How we collect your information

  • Directly from you (or your representative).
  • From NHS organisations and commissioning bodies.
  • From health and social care professionals.
  • From recruitment and compliance processes (such as referees, registration bodies and background-check providers).
  • From systems used to deliver commissioned services.

How we use your information

  • To recruit, engage and deploy clinical workforce.
  • To deliver and manage health and care services we are commissioned to provide.
  • To support care planning and decision-making where relevant.
  • To communicate with you or your representatives.
  • To meet our legal, regulatory and contractual obligations.
  • To monitor and improve the quality and safety of our services.

We only use your information where there is a lawful basis to do so under UK GDPR.

Lawful basis for processing

  • Contract (to engage workforce and deliver contracted services).
  • Legal obligation.
  • Legitimate interests (where appropriate and balanced against your rights).
  • Public task, where we deliver health and care services on behalf of an NHS body.

Where we process special category data (such as health information), we do so where it is necessary for the provision of health or social care, where it is required under health and social care legislation, or with explicit consent where applicable.

How we share your information

  • NHS organisations, including Integrated Care Boards and NHS Wales health boards.
  • Local authorities and partner organisations.
  • Health and social care professionals involved in the relevant service.
  • Regulatory, registration and background-check bodies, where relevant to workforce compliance.
  • Other authorised organisations where there is a lawful basis.

We only share information where it is necessary, lawful and appropriate, and we put appropriate agreements in place when we do.

National Data Opt-Out

As a provider of NHS-commissioned services, we comply with the National Data Opt-Out where it applies. Where our activities involve information used for direct care, the opt-out does not apply. It is relevant only where information is used for purposes beyond direct care, such as planning or research. You can manage your choice at https://www.nhs.uk/your-nhs-data-matters/manage-your-choice/.

How we protect your information

  • Secure IT systems.
  • Access controls and role-based permissions.
  • Staff training and confidentiality agreements.
  • Regular audits and monitoring.

How long we keep your information

We retain information in line with the NHS Records Management Code of Practice, employment-law requirements, and other legal obligations. Information is kept only for as long as necessary and is then securely deleted.

Your rights

  • Access to your personal data.
  • Correction of inaccurate data.
  • Restriction of, or objection to, processing in certain circumstances.
  • Erasure, where applicable.
  • Data portability, where applicable.

Requests can be made to Kinetic or, where an NHS organisation is the Data Controller, through that organisation.

Raising concerns or complaints

  • Contact Kinetic directly.
  • Contact the relevant NHS organisation.
  • Contact the Information Commissioner's Office (ICO).

Contact details

For questions about this Privacy Policy or your data, please contact the Kinetic Health Partners Data Protection Lead at hello@kinetichealthpartners.co.uk, or write to Kinetic Health Partners Limited, Temple Street, Llandrindod Wells, LD1 5HF. Kinetic is registered with the Information Commissioner's Office (ICO registration number ZC14704).