We want everyone who works for us, supports us, or who comes to us for housing, care or support, to feel confident and comfortable with how any personal information you share with us will be looked after or used. This Privacy Statement sets out how we collect, use and store your personal information (this means any information that identifies or could identify you).
1. Who we are
We are committed to protecting your personal information and making every effort to ensure that your personal information is processed in a fair, open and transparent manner.
We are a “data controller” for the purposes of the Data Protection Act 1998 and from 25 May 2018 the EU General Data Protection Regulation 2016/679 (“Data Protection Law”). This means that we are responsible for, and control the processing of, your personal information.
Our voluntary Data Protection Officer is Gurdev Singh, General Manager.
Telephone: 0121 745 4281.
2. How we collect information about you
We collect information from you in the following ways:
When you interact with us directly: This applies to staff, job applicants, tenants, volunteers, members, partners, suppliers, contractors and general public. Interaction can include: if you enquire or apply for our housing service, if you make a donation to us, apply for a job or volunteering opportunity or otherwise provide us with your personal information. This includes when you phone us, visit our website, or get in touch through post, email, or in person.
We operate CCTV systems at our sites for the detection and prevention of crime. It operates continuously and recordings are held for up to 28 days. From time to time we may operate CCTV / sound recording and / or use photography to capture evidence of breach of tenancy, alleged anti-social behaviour or crime.
We may also take photographs at our events, at our properties and in our communities to use for general marketing and publicity. However, photographs of individuals will only be used for those purposes with your consent.
When you interact with us through third parties: e.g. our website host and Internet Service Provider (ISP).
When you visit our website/social media pages: We gather general information which might include which pages you visit most often and which services, events or information is of most interest to you. We may also track which pages you visit when you click on links in emails from us. We may also use “cookies” to help our site run effectively. There are more details below – see ‘Cookies’.
We use this information to personalise the way our website is presented when you visit to make improvements and to ensure we provide the best service and experience for you.
Wherever possible we use anonymous information which does not identify individual visitors to our website.
3. Information we collect and why we use it
Personal data we collect includes details such as:
- Full name (and proof of your identity / photo ID)
- Date of birth
- National Insurance number
- Contact details (phone, e-mail or correspondence address)
- Details of anyone authorised to act on your behalf if applicable
- Banking details for payment of fees and contributions
- Disabilities or vulnerabilities. We use this information to tailor our service to better meet your particular circumstances and needs
- Details of medical conditions and health information
- Financial information. We may use this to help resolve arrears payments and optionally to provide welfare, benefits and debt advice as a free service to help you budget and pay your bills. We may use this to apply for funding on your behalf
- Building access card details.
We will mainly use this information:
- To provide the housing, care and other services/support that you have requested.
- To process other payments or donations and verify any financial transactions.
- To update you with important administrative messages about your donation, an event or services you have requested.
- To comply with regulatory requirements.
- To keep a record of your relationship with us.
- Where you volunteer with us, to administer the volunteering arrangement.
- To contact you about our work and how you can support SCHA (see section 5 on ‘Marketing’ below for further information).
- To invite you to participate in satisfaction surveys.
Much of the data we use relates to our properties and their maintenance and repair. We do not consider property information used in conjunction with the property address to be your personal information. For example, the age of the kitchen, results from an asbestos survey, planning to replace windows or a repair to a tap.
As soon as your name, contact details or other personal information is used in conjunction with property information, such as to complete a property repair visit, then this is treated as personal information.
Sensitive Personal Information Data Protection Law recognises that some categories of personal information are more sensitive. If you provide us with any Sensitive Personal Information by telephone, email or by other means, we will treat that information with extra care and confidentiality and always in accordance with this Privacy Statement. Special categories of data held by SCHA would include physical or mental health details and ethnicity/racial data.
4. Legal basis for using your information
In some cases, we will only use your personal information where we have your consent or because we need to use it in order to fulfil a contract with you.
However, there are other lawful reasons that allow us to process your personal information and one of those is called ‘legitimate interests’. This means that the reason that we are processing information is because there is a legitimate interest for SCHA to process your information to help us to achieve our vision of providing safe, secure, affordable and well maintained supported accommodation and extra care housing for adults. Whenever we process your Personal Information under the ‘legitimate interest’ lawful basis we make sure that we take into account your rights and interests and will not process your personal information if we feel that there is an imbalance.
Some examples of where we have a legitimate interest to process your Personal information are where we provide you with housing services, contact you about our work via post, use your personal information for data analytics, for our legal purposes (for example, dealing with complaints and claims), or for complying with guidance from the Regulator for Social Housing.
We will only contact you about our work and how you can support SCHA by phone or email, if you have agreed for us to contact you in this manner.
However, if you have provided us with your postal address, we may send you information about our work and how you can support SCHA by mail unless you have told us that you would prefer not to hear from us in that way.
You can update your choices or stop us sending you these communications at any time by contacting ‘firstname.lastname@example.org’, ringing 0121 745 4281 or writing to the General Manager, Solihull Care Housing Association, 2 Swallows Meadow, Shirley, Solihull, West Midlands, B90 4PQ.
6. Sharing your Information
The personal information we collect about you will mainly be used by our staff (and volunteers) at SCHA so that they can support you.
We will never sell or share your personal information with organisations so that they can contact you for any marketing activities. Nor do we sell any information about your web browsing activity.
SCHA may however share your information with our trusted partners and suppliers who work with us on or on our behalf to deliver our services, but processing of this information is always carried out under our instruction. We make sure that they store the data securely, delete it when they no longer need it and never use it for any other purposes. Some examples of where we may share your information are with our 24 hour call monitoring response centre, the local safeguarding board.
SCHA also shares limited personal data with our contractors who are carrying out services on our behalf. Our contractors are required to comply with the law to ensure data is managed appropriately and for specified purposes, to complete emergency, responsive or planned property repairs.
We may need to share personal information with government departments and agencies, with our regulator and auditors, with utility companies or with other organisations and agencies where we are legally allowed to do so.
We enter into contracts with these service providers that require them to comply with Data Protection Laws and ensure that they have appropriate controls in place to secure your information.
We may disclose your information if required to do so by law (for example, to comply with applicable laws, regulations and codes of practice or in response to a valid request from a competent authority).
7. Keeping your information safe
We take looking after your information very seriously. We’ve implemented appropriate physical, technical and organisational measures to protect the personal information we have under our control, both on and off-line, from improper access, use, alteration, destruction and loss.
8. How long we hold your information for
We only keep it as long as is reasonable and necessary for the relevant activity, which may be to fulfil statutory obligations. We have a document retention policy in place which outlines how long we keep different types of information for.
9. Your rights
You have various rights in respect of the personal information we hold about you – these are set out in more detail below. If you wish to exercise any of these rights or make a complaint, you can do so by contacting our General Manager at 2 Swallows Meadow, Shirley, Solihull, West Midlands, B90 4PQ, by email at email@example.com and by phone on 0121 745 4281.
You can also make a complaint to the data protection supervisory authority, the Information Commissioner’s Office. Their details are below:
Information Commissioner’s Office
Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number
Access to your personal information:
You have the right to request access to a copy of the personal information that we hold about you, along with information on what personal information we use, why we use it, who we share it with, how long we keep it for. Due to the person-centred approach that is taken throughout the business, there is no system in place for automated decision making and profiling. You can make a request for access free of charge. Please make all requests for access in writing to the General Manager at the address above, and provide us with evidence of your identity. We have one month to respond to you. We will seek to comply with your request however there may be some circumstances where it may not be possible to comply with your request fully, ie. we may refuse or charge for requests that are manifestly unfounded or excessive. If you request is refused, we will write to you within one month to advise you, you then have the right to complain to the ICO.
Right to object:
In certain circumstances you have the right to object to your personal information being processed. Depending on the legal basis for processing, this may either be an absolute right (such as direct marketing), or may be subject to us being able to demonstrate compelling legitimate grounds which would override your own interests, or where the information is needed for the purpose of legal claims. Please contact us as noted above, providing details of your objection.
If you have given us your consent to use personal information (for example, for marketing), you can withdraw your consent at any time.
You can ask us to change or complete any inaccurate or incomplete personal information held about you.
You can ask us to delete your personal information where it is no longer necessary for us to use it, you have withdrawn consent, or where we have no lawful basis for keeping it.
You can ask us to provide you or a third party with some of the personal information that we hold about you in a structured, commonly used, electronic form, so it can be easily transferred.
You can ask us to restrict the personal information we use about you where you have asked for it to be erased or where you have objected to our use of it.
No automated-decision making: Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention.
You have the right not to be subject to automated decisions that will create legal effects or have a similar significant impact on you, unless you have given us your consent, it is necessary for a contract between you and us or is otherwise permitted by law. You also have certain rights to challenge decisions made about you. We do not carry out any automated decision-making.
Please note, some of these rights only apply in certain circumstances and we may not be able to fulfil every request.
‘Cookie’ is a name for a small file, usually of letters and numbers, which is downloaded onto your device, like your computer, mobile phone or tablet when you visit a website. They let websites recognise your device, so that the sites can work more effectively, and also gather information about how you use the site. A cookie, by itself, can’t be used to identify you.
Site visitation tracking: Like most websites, our website may use Google Analytics (GA) to track user interaction. We use this data to determine the number of people using our site, to better understand how they find and use our web pages and to track their journey through the website. Although GA records data such as your approximate geographical location, device, internet browser and operating system, none of this information personally identifies you to us. GA also records your computer’s IP address which could be used to personally identify you but Google do not grant us access to this. We consider Google to be a third party data processor.
Disabling cookies on your internet browser will stop GA from tracking any part of your visit to pages within this website.
Downloads & Media Files: Any downloadable documents, files or media made available on our website are provided to users at their own risk.
External Website Links: Although we only look to include quality safe and relevant external links, users are advised to adopt a policy of caution before clicking any external web links on the website, including shortened URL links. We cannot be held liable for any damages or implications caused by visiting external links.
11. Changes to our Privacy Notice
In accordance with the General Data Protection Regulation (GDPR), we have implemented this privacy statement to inform you of the types of data we process about you. We also include within this notice the reasons for processing your data, the lawful basis that permits us to process it, how long we keep your data for and your rights regarding your data.
Developed by: General Manager (Data Protection Officer)
Review period: 3 years
Owned by: Board of Trustees
Review date: August 2021
Authorised by: Board of Trustees