White Cliffs

Community Housing Association

The key to your new home…

White Cliffs

Community Housing Association

White Cliffs

Community Housing Association

Data Privacy Notice for Residents

1. Definitions

1.1 Definitions

Automated Decision-Making (ADM): when a decision is made which is based solely on Automated Processing (including profiling) which produces legal effects or significantly affects an individual. The UK GDPR prohibits Automated Decision-Making (unless certain conditions are met) but not Automated Processing.

Consent: agreement which must be freely given, specific, informed and be an unambiguous indication of the Data Subject’s wishes by which they, by a statement or by a clear positive action, signify agreement to the Processing of Personal Data relating to them.

Controller: the person or organisation that determines when, why and how to process Personal Data. It is responsible for establishing practices and policies in line with the UK GDPR. We are the Controller of all Personal Data relating to our Company Personnel and Personal Data used in our business for our own commercial purposes.

Data Protection Officer (DPO): either of the following:

a) the person required to be appointed in specific circumstances under the UK GDPR; or b) where a mandatory DPO has not been appointed, a data privacy manager or other voluntary appointment of a DPO or the Company data privacy team with responsibility for data protection compliance.

UK GDPR: the retained EU law version of the General Data Protection Regulation ((EU) 2016/679) as defined in the Data Protection Act 2018. Personal Data is subject to the legal safeguards specified in the UK GDPR.

Personal Data: any information identifying a Data Subject or information relating to a Data Subject that we can identify (directly or indirectly) from that data alone or in combination with other identifiers we possess or can reasonably access. Personal Data includes Special Categories of Personal Data and Pseudonymised Personal Data but excludes anonymous data or data that has had the identity of an individual permanently removed. Personal data can be factual (for example, a name, email address, location or date of birth) or an opinion about that person’s actions or behaviour.

Processing or Process: any activity that involves the use of Personal Data. It includes obtaining, recording or holding the data, or carrying out any operation or set of operations on the data including organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transmitting or transferring Personal Data to third parties.

Special Categories of Personal Data: information revealing racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health conditions, sexual life, sexual orientation, biometric or genetic data.

2. Purpose

2.1 2.2 2.3 (a) (b) (c) 2.4 2.5 3. 3.1 This Data Protection Policy sets out how White Cliffs Community Housing Association (“we”, “our”, “us”, “the Company”) handle the Personal Data of our tenants and prospective tenants, customers, suppliers, employees, workers, business contacts and other third parties.

We are a Controller. This means that we are responsible for deciding how we hold and use Personal Data about you. You are being sent a copy of this privacy notice because you are a tenant of a property we manage. It makes you aware of how and why your personal information will be used, namely for the purposes of managing your tenancy agreement, and how long we will usually keep your personal information for. It provides you with certain information that must be provided under the UK GDPR and the Data Protection Act 2018 (‘DPA’).

We will use your Personal Data to: enable us to deliver services and manage your relationship with us as your Landlord; perform our role as your Landlord, we may use personal and sensitive information about your health, racial and ethnic origin, sexual orientation, and religion to ensure our services are accessible; share your data with third parties, including third-party service providers for legal reasons or to enable them to deliver services on our behalf.

We will respect the security of your Personal Data and will treat it in accordance with the law.

We will not collect information about our tenants that we do not need.

Type of Personal Data and Special Categories of Personal Data we collect and share

We recognise that the correct and lawful treatment of Personal Data will maintain trust in connection with your tenancy agreement for a property we manage, we will collect, store, and use the following types of personal information about you:

(a) Personal details such as your name, date of birth, national insurance number, identification documents, photographs, contact details and contact preferences;

(b) Information you have provided in your application for housing, including references, pre- tenancy assessments, housing history and income details;

(c) The details and Personal Data of other individuals living with you;

(d) Financial details including bank details, benefit support, rent account details and income and expenditure assessments;

3.2 4. 4.1 5. 5.1 (e) Complaints of anti-social behaviour;

(f) Complaints about our services;

(g) Repair logs;

(h) Details of any support received by you including care packages and plans and details of support providers.

We will also collect, store and use the Special Categories of Personal Data of more sensitive personal information including:

(a) Information about your race or ethnicity, religious beliefs, sexual orientation, trade union membership and political opinions;

(b) Information about your health, including any physical and/or mental health condition and disabilities; and

(c) Information about criminal convictions, criminal offences or court proceedings.

How we collect and process your information

We collect, Process, store and hold Personal Data and Special Categories of Personal Data relating to tenants in our properties from the Following sources:

(a) You, the tenant;

(b) Your Local Authority;

(c) Your previous Landlord;

(d) Your named referees;

(e) Other agencies such as the police, emergency services, probation, other registered providers of social housing, the NHS, health professionals, Social Services, Local Authorities, drug and alcohol services and charities; and (f) Information obtained about you in the course of your occupancy and through the provision of the services we provide.

How we use your information

We Process your Personal Data and Special Categories of Personal Data to carry out our duties to manage your property and your tenancy. This includes:

(a) Communicating with you about your tenancy;

(b) Letting, renting and leasing properties;

5.2 6. 6.1 (c) Administering waiting lists;

(d) Carrying out research;

(e) Administering housing and property grants;

(f) Providing associated welfare services, advice and support;

(g) Maintaining our accounts and records;

(h) Carry out improvement works as part of a planned programme;

(i) To take payments for any service charges and other non-rent activities;

(j) To deliver repairs and other works to your home and any communal areas;

(k) To deal with anti-social behaviour complaints;

(l) To contact you to seek feedback on services provided to you and your contract with us;

(m) To take any action on a breach of tenancy;

(n) To recover any debt owed to us (using payment history to prioritise arrears cases).

(o) Where we have your consent (which you can withdraw at any time) we may use your image in publicity material;

(p) Supporting and managing our employees, agents, and contractors; and

(q) As part of our marketing and promotional activities (if you agree).

We will also use this information to ensure the services we provide meet tenant’s and prospective tenant’s needs and to improve the services we provide to all our customers.

Lawfulness, fairness and transparency for processing your data

The lawful bases we rely on for Processing Personal Data and Special Categories of Personal Data are as follows:

(a) You have given us your Consent;

(b) It is necessary for the performance of a contract;

(c) It is necessary to meet our legal compliance obligations;

(d) It is necessary to protect your vital interests, where sharing is required in relation to the physical or mental health of an individual, where disclosure is required to protect them or others from serious harm.

(e) It is for fraud prevention and the protection of public funds;

(f) Processing and sharing in connection with legal proceedings

(g) Research and statistical purposes. We provide the Regulator of Social Housing with statistical information; we report information about our lettings via CORE (Continuous Recording) system. The information provided does not include tenants names or their full address, but it does contain special categories of data. Please visit https://core.communities.gov.uk/ for more details.

6.2 We may also share your information with emergency services and local authorities, where this is necessary to help them respond to an emergency situation that affects you.

7. Failure to provide Personal Data and Special Categories of Personal Data

7.1 Failure to provide the Personal Data and Special Categories of Personal Data requested may result in applications for housing being refused.

7.2 In addition, if you refuse to provide certain information when requested, we may not be able to perform the contract we have entered into with you (such as providing you with accommodation or a service), or we may be prevented from complying with our legal obligations or we may be unable to determine your eligibility For a service provided by us or a third party.

8. Automated Decision Making

8.1 You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.

9. Sharing and safeguarding your information

9.1 We will not normally share your information with anyone else. However, there are certain circumstances where we will be required to share your information with other organisations. We will comply with the UK GDPR and the DPA when disclosing this information.

9.2 Where it is required or necessary in accordance with the GDPR and/or the DPA, we may share information with:

(a) Family, associates and representatives of the person whose Personal Data and Special Categories of Personal Data we are processing;(b) Educators and examining bodies; (c) Suppliers and service providers; (d) Financial organisations; (e) Central government; (f) The Ministry for Housing, Communities and Local Government; (g) Auditors; (h) Survey and research organisations; (i) Other housing associations, trusts or local authorities; (j) Trade unions and associations; (k) Health authorities; (l) Enquirers and complainants; (m) Security organisations; (n) Health and social welfare organisations; (o) Professional advisers and consultants; (p) Homes England; (q) Probation services; (r) Charities and voluntary organisations; (s) Police and Fire Forces; (t) Courts and tribunals; (u) Professional bodies; (v) Insurers; (w) Employment and recruitment agencies; (x) Credit reference agencies; (y) Debt collection agencies; (z) Rent Arrears analysis software companies; (aa) Landlords; 9.3 9.4 9.5 9.6 9.7 9.8 9.9 10. 10.1 10.2 10.3 10.4 (bb) Press and the media.

We may also share your information with other agencies for the purposes of the National Fraud Initiative conducted by central government under Section 33 and Schedule 9 of the Local Audit and Accountability Act 2014. This is to assist with fraud prevention and protection of public funds and includes sharing and matching of personal information.

We often use photographs for internal communications with colleagues, or to use in our communications with tenants and stakeholders and to illustrate what we do on social media now and in the future.

We will not use these photographs on our websites, in social media or in our externally facing publications, unless tenants have agreed for us to do so.

We will store a signed Consent form, so that we know for which purposes tenants have consented to us using the photographs.

Photographs and Consent forms will be stored securely on our IT systems and will only be available to colleagues who need access to them, to do their job. Photographs which are used in publications will be visible in those for the lifetime of the publications. It a tenant wishes to withdraw Consent for us to share these photographs, they can contact the DPO.

Security of Personal Data and Special Categories of Personal Data

We store personal information electronically and in paper format. We have put in place policies, processes and technical security solutions to protect the security of tenant information.

Third parties will only process tenant personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure.

We have put in place appropriate security measures to prevent personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a need to know. They will only process tenant personal information on our instructions, and they are subject to a duty of confidentiality.

When a tenant contacts us, we may ask them to provide us with some information so that we can confirm their identity. If other people (e.g family members, support workers, financial advocates) act on your behalf we will take all steps to ensure that they correctly appointed to act upon a tenant’s behalf. This may include asking them to provide proof of their appointment. We do this to protect our tenants and to make sure that other people cannot find things out about them that they are not entitled to know.

10.5 Employees and third parties who have access to, or are associated with the processing of, tenant personal information are obliged to make reasonable efforts to safeguard it.

11. Storage limitation

11.1 We will keep the personal information you provide whilst you are a tenant of a property we manage and we will also retain your personal information even after the end of your tenancy if this is necessary to comply with our legal obligations, meet regulatory requirements, resolve disputes, maintain security, prevent fraud or to enforce any outstanding debts owed to us.

11.2 To determine the appropriate retention period for Personal Data and Special Categories of Personal Data, we consider the amount, nature and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure of tenant and Personal Data or Special Categories of Personal Data, the purpose for which we process the personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

11.3 In some circumstances we may anonymise personal information so that it can no longer be associated with a tenant, in which case we may use such information without further notice to the tenant. Once we no longer need the information about a tenant we will securely destroy this information in accordance with our Data Retention Policy.

12. Data Subject’s rights and requests

12.1 You have rights when it comes to how we handle your Personal Data. These include rights to: (a) (b) (c) (d) (e) (f) (g) (h) withdraw Consent to Processing at any time; receive certain information about the Controller’s Processing activities; request access to their Personal Data that we hold (including receiving a copy of their Personal Data); prevent our use of their Personal Data for direct marketing purposes; ask us to erase Personal Data if it is no longer necessary in relation to the purposes for which it was collected or Processed or to rectify inaccurate data or to complete incomplete data; restrict Processing in specific circumstances; object to Processing which has been justified on the basis of our legitimate interests or in the public interest; request a copy of an agreement under which Personal Data is transferred outside of the UK;(i) object to decisions based solely on Automated Processing, including profiling (j) (k) (l) (ADM); prevent Processing that is likely to cause damage or distress to the Data Subject or anyone else; be notified of a Personal Data Breach which is likely to result in high risk to their rights and freedoms; make a complaint to the supervisory authority; (m) in limited circumstances, receive or ask for their Personal Data to be transferred to a third party in a structured, commonly used and machine-readable format.

12.2 We are required to verify the identity of an individual requesting data under any of the rights listed above (do not allow third parties to persuade you into disclosing Personal Data without proper authorisation).

12.3 Any requests should be sent to the DPO.

13. Information we collect via our website

13.1 We collect various types of information from visitors to our websites. We do not pass on any personal information you have given us to any other site, the system will record information if volunteered to us by you, for example on the online forms. This will be treated as confidential. Our website contains links to other websites. This privacy notice applies only to our site. If you move to another site that collects information you should read their privacy statement.

14. Cookies

14.1 Our website uses cookies for example to display Google Maps and track visitor’s activity via Google Analytics. All activity is anonymous. You can find out more about what this means and how to turn off cookies in your browser by visiting www.aboutcookies.org

15. Complaints and contact information

15.1 We take any complaints we receive about the collection and use of personal information very seriously. We will encourage you to bring it to our attention if you think that our collection or use of information is unfair, misleading, or inappropriate. You can make a complaint at any time by contacting us (see contact details section below).

15.2 If you think our collection or use of personal information is unfair, misleading, or inappropriate or if you have concerns about the security of your personal information, you also have the right to make a complaint to the Information Commissioner’s Office.

15.3 15.4 15.5 You can contact the Information Commissioner’s Office at the following address:

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 SAF or https://ico.org.uk/global/contact-us/contact-us-public/

To contact us please use our contact form.

We have appointed a DPO to oversee our compliance with this privacy notice. Our DPO is Raj Khalid. If you have any questions about this privacy notice or how we handle your personal information, please contact the DPO using the details above.

Back to the Policies List