This statement outlines how we collect and use your information. We will treat any personal information which you provide to us in accordance with Data Protection legislation, including but not limited to the General Data Protection Regulation (Regulation (EU) 2016/679) (the “GDPR”).
This statement was last updated on 25th May 2018.
What personal data do we collect directly from you when you visit our website?
When requesting information about our services you may use a contact form where you are asked to enter your name, email address, postcode, phone number or other details to help your customer experience. Our forms also allow you to report incidents regarding anti-social behaviour. If you are a resident, we collect information when you log in to our portal to pay your rent or request a repair. We collect your username, password and email address when you register on our resident portal for an account.
What personal data do we collect indirectly from you when you visit our website?
We may collect information about how you use our website to keep improving the way it works. We may collect statistics on how many people are visiting our website pages, where they come from, when they visit and how long they stay and what pages they look at. This will include information about the originating IP addresses (which may infer your geographic location), internet service providers, the files viewed on our site and timestamps.
We may associate your device with your account if you log into our resident portal. We may use this type of information to give us insights into services our customers may like and how our website marketing is performing. We may also look at the browser, operating systems and devices you use to make sure you get a good online experience however you access our sites. See our Cookies page to find out more.
How do we use your data?
Any personal information we require from you will be used as described in this policy and in alignment with Data Protection principles and practices. We use the information you supply to:
- respond to your enquiry (e.g. when you submit information for reporting anti-social behaviours)
- contact you regarding property you have registered an interest in
- coordinate repairs that you have requested (if you are a resident)
- coordinate the payment of your rent (if you are a resident)
- manage any remedial works required to your home and, if necessary, provide temporary accommodation to you
- comply with relevant legislation and regulation.
When else do we process your personal data?
If you are one of our residents, we will require information about you in order to support you during your time in the property and manage your tenancy or lease with us. Additionally we may require information about you to fulfil contractual obligations agreed in the contract with us.
We will collect varying amounts of personal information from you from the start of your tenancy sign-up, throughout your time as our resident. We may also process your information whilst sending you service-related updates and communications.
We may also collect information on you from other third parties where it is relevant to our activities with you. This includes information from local councils, health and social care professionals, previous landlords and credit agencies, police or other public authority departments, or other customers if it is relevant to one of our obligations towards you or other residents.
Where updates we send to you are required to provide you with the necessary and legitimate services, we will not provide any opt-out mechanism. However, where there is a marketing or sales element, we will ensure you are able to opt-out or unsubscribe from receiving further information.
If you are a customer or simply interested in the services we provide, we may request information from you when you contact us, in order to respond to your queries and to ensure we are able to provide you with the right services and equally provide you with value for time. We may also process information when sending you relevant updates to services or products that are aligned with your interest. You will be given the opportunity to opt-out of receiving any further information in alignment with your rights.
If you are a prospective employee and are interested in any of our vacancies, we may request information on your career history and CV, in order to ensure your suitability for the vacancy in which you have expressed an interest. We will also process information about you further, if we select you for interview to go through our recruitment process.
What lawful basis do we have for using your data?
Based on the variety of services we provide, we rely on different lawful bases when processing your data. We may process your data to fulfil our contractual responsibility to you as a resident, staff member or supplier. We may also process your data to allow us to achieve our legitimate interests as an organisation that deliver and manage the provision of housing services. There may be particular instances where we require your consent for processing your data. We will ensure consent obtained is aligned with current applicable legislation and is specific and informed.
We may sometimes undertake research and analysis to further improve and enhance our services for you and also to meet our strategic objectives, which will require us to process your data. Research may involve collecting data, such as surveys, interviews or focus groups. We may also analyse internal data, such as income collection, repairs, complaints and lettings, although this list is not exhaustive. When processing personal data for research, we ensure to adopt appropriate safeguards such as pseudonymisation (where the data is not fully identifiable) and anonymisation (where there is no possibility of identification of an individual) of the data – which makes the data harder (pseudonymisation) or impossible (anonymisation) to trace back to any one individual.
We are committed to ensuring we take all reasonable steps to protect your personal information. We secure access to our website pages using ‘https’ technology which ensures information being communicated from our website to you is protected from interference by attackers. We have also implemented the Payment Card Industry Standard PCI which ensures we are employing best practice when undertaking activities that involve being in contact with payment card data. We are also cyberessentials certified, which is a certification that demonstrates a good level of cyber security protection and posture.
We utilise cookies to enhance your browsing experience. Details can be found on our cookies page.
Who do we share your personal data with?
We sometimes share your personal data with trusted third parties, for the purposes of carrying out our legitimate interests as a business. For example, contractors for doing repairs on your home, employment service professionals to support your interests in getting into work, agencies who may help you in your particular community or local authorities who we engage with, as part of our service delivery to you.
We aim to ensure:
- we only provide the minimal amount of information to the third party required to perform their duties
- they only use your data for the exact purposes we specify in our contract with them
- the work closely with them to ensure that your privacy is respected and protected
- if we stop using their services, any of your data held by them will either be deleted or rendered anonymous.
Sharing your data with Local Government : CORE
As a social housing provider, we are required by the Ministry of Housing, Communities and Local Government (MHCLG) to submit data on social lettings as part of the national monitoring requirements for allocation of social housing. CORE stands for the continuous recording of lettings and sales in social housing in England. It is a national information source that records information on the characteristics of both private registered providers and local authority new social housing tenants and the homes they rent. This data is only provided to central government in a highly pseudonymised form. The data is submitted through a website and only accessible by individual logins and passwords. The CORE dataset includes information on the letting or sale, type of tenancy or sale, rents and charges and demographic information about the tenant. The dataset in CORE does not contain direct personal identifiers but when taken as a whole the data allows social tenants to be identified. This is because the dataset may contain Unique property reference numbers or even full postcode data. The dataset also contains information which is very sensitive and may be related to such information as whether the social housing tenant has been in prison or probation or referred by a mental health institution. The data is protected by standards aligned with Government Security Standards. The legal basis for sharing this data is for the purpose of research and analytical purposes. And the MHCLG process this data for the purpose of carrying out a task in the public interest. For more information or if you have any queries on CORE please contact firstname.lastname@example.org or see their privacy statement on their website.
Sharing your data with third parties for customer surveys
We will share your name and contact details with appropriate third parties who will carry out email or telephone customer satisfaction survey’s on our behalf to enable us to improve our services - this also includes surveys for development, including buying a new home.
If you do not want to be included in these surveys, please email email@example.com.
We'd love for you to take part in the surveys and have your say. We love to hear when we're doing great, but we also want to know your feedback about any areas which you think need improving.
We aim to not contact anyone who is signed up to the telephone preference service and you will be given an opportunity at the time of any call to not participate.
How long will you keep my personal data?
Information is only kept as long as necessary for the period it is required. When deciding how long we keep your information, we take into account any minimum retention requirements set out in law; for example, financial and statutory reporting requirements mean we must keep certain records for a period of seven years. Depending on the purpose for which we hold your personal data, retention periods may vary.
What are your rights over your personal data?
You have the right to :
- request access to the personal data we hold about you , without charge (certain exceptions apply and can be explained by contacting the subject access email below in more detail as needed)
- request correction of your personal data if it is incorrect or out of date. If the data we hold about you is out of date, incomplete or incorrect you can inform us and your data will be updated
- request to withdraw consent for processing your data if that process relies on consent
- request that we delete your data. If you feel we should no longer be using your data you can request that we erase the data that we hold. Upon receiving a request for erasure we will confirm whether it has been deleted or the reason why it cannot be deleted (for example because we have a legal obligation to keep the information or we need it for a compelling legitimate business interest)
- object to processing of your data. You may request that we stop processing information about you. Upon receiving your request we will contact you and let you know if we are able to comply or if we have legitimate grounds to continue to process your data. Even after you exercise your right to object, we may continue to hold your data to comply with your other rights or bring or defend legal claims
- request that we transfer your data to another controller if the data is processed by automated means (ie excluding paper files)
- request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
You may contact our parent company, Network Homes, at firstname.lastname@example.org to exercise these rights.
We will comply with your request where it is feasible to do so, within 30 days of receiving your request. There are no fees or charges for the first request. However, additional requests for the same data may be subject to an administrative fee of £25 per request.
Where we need your consent to hold your information, we will ask you to confirm your consent in writing, and we will inform you why we are collecting the information, how we will use it, how long we keep it for, who else will have access to it and what your rights are as a data subject. Where we do rely on consent, you have the right to change your mind and withdraw that consent at any time by writing to us. If you withdraw your consent, we will immediately cease using any personal information obtained and processed under that consent unless we have some other legal obligation to continue to use it.
Reporting a Data Breach
Should you find out that there has been a loss of personal data that we use or manage, or an unlawful use or disclosure of this data, please report this to us by contacting our Data Protection officer on the Data Loss line - 07775 117 210
Contacting the Information Commissioner
If you feel that your data has not been handled correctly, and following liaison with our Data Protection officer, you are still not satisfied with responses received to any requests you have made regarding the use of your data, you have the right to lodge a complaint with the Information Commissioner’s office (ICO). You can contact them by calling 0303 123 1113 or by visiting them online at www.ico.org.uk. If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence.