Privacy Policy

Privacy Policy

For all matters relating to data protection please contact Miracle Workers Limited, Sterling House, 1st Floor, Lewis’s Lane, Abergavenny, NP7 5BA, by using the email address: or, alternatively, call 01873 881306.

We take data protection seriously and are fully cognisant of, and compliant with, both GDPR and PECR.

We are registered with the ICO as Data Controllers and processors (Registration Number Z8096159).

How do we get information?

You have made an enquiry or complaint to us.

You have made an information request to us.

You have applied for a job or placement with us.

We also receive personal information indirectly, in the following scenarios:

Where family members or legal representatives contact us on your behalf.

An employee of ours gives your contact details as an emergency contact or a referee.

If it is not disproportionate or prejudicial, we’ll contact you to let you know we are processing your personal information.

As part of any contractual engagement with our clients we will, necessarily, record certain contact information within our internal management systems.  This information may include:

Contact Names

Billing and contact postal addresses

Email addresses

Phone numbers

This information is collected in order to engage contractually with current and prospective clients and to provide them with information on related services and products and to keep our clients informed as to the range of products and services on offer.

Data Sharing

We will not share your information with any third parties for the purposes of direct marketing.

We use data processors who are third parties who provide elements of services for us. We have contracts in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct. 

In some circumstances we are legally obliged to share information. For example under a court order or where we cooperate with other European supervisory authorities in handling complaints or investigations.

We might also share information with other regulatory bodies in order to further their, or our, objectives. In any scenario, we’ll satisfy ourselves that we have a lawful basis on which to share the information and document our decision making and satisfy ourselves we have a legal basis on which to share the information.

Your data protection rights 

Any personal data collected as part of an agreement is subject all rights detailed under GDPR including the rights to request:



Cessation of processing

Exclusion from profiling / automated decision making

Access in a portable format


Restriction of processing

 If you feel we have not fulfilled our obligations under the regulation, you are also entitled to raise a complaint with the Information Commissioner’s Office.

Retention Schedule

We have statutory requirements to keep certain information for a period of time.  These schedules are detailed below.

Financial data is retained for 7 years as per UK regulatory requirements.

Financial record retention: 7 years

Employee records (following termination of employment): 6 years

Employment candidate records (where they are not employed): immediate destruction.

Carer applications (where they are contracted): 6 years

Carer applications (where they are NOT contracted): 1 year

Client personal data (following termination of contract): 6 years

Client health info / care records (following termination of contract): 6 years

Data about client enquiries (where not proceeded to contract): 1 year

Visitors to our website


When you visit, we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behavior patterns. We do this to find out such things as the number of visitors to the various parts of the site. This information is only processed in a way that does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.

If we do collect personal data through our website, we’ll be upfront about this. We’ll make it clear when we collect personal information and we’ll explain what we intend to do with it.


You can read more about how we use cookies on our Cookies page. We use a cookies tool on our website which relies on implied consent of users.  In recognition of the fact that the implementation date for the revised e-Privacy Regulation remains unknown, we are taking reasonable steps now to align our use of cookies the standard of consent required by GDPR.

This means that we are in the process of updating the tool (Civic Cookie Tool) which, by default, requires explicit opt in action by users of our website. This will apply to the non-necessary cookies. We will ensure any necessary cookies for functionality and security are marked so that they are not deleted by the tool.

Security and performance

We use a third-party web application firewall from Vision IT to help maintain the security and performance of our website. The service checks that traffic to the site is behaving as would be expected.

The service will block traffic that is not using the site as expected. To provide this service, Vision IT processes site visitors’ IP addresses.

We rely on the Privacy Shield Framework to transfer this information to Vision IT’s servers which are located in the US. They hold the information for seven days.

Vision IT hosts our website in the UK and holds traffic information for 12 months.

Purpose and legal basis for processing

The purpose for implementing all of the above is to maintain and monitor the performance of our website and to constantly look to improve the site and the services it offers to our users.

The legal basis we rely on to process your personal data is article 6(1)(f) of the GDPR, which allows us to process personal data when its necessary for the purposes of our legitimate interests. 

What are your rights?

As we are processing your personal data for our legitimate interests as stated above, you have the right to object to our processing of your personal data. There are legitimate reasons why we may refuse your objection, which depend on why we are processing it.

Cfwlogo 03
UKHCA logo