Residents, Tenants and Service Users Privacy Notice

1.0 Introduction

Your personal privacy is of great importance to us.

During the course of our activities we, Tyne Housing, will process personal data (which may be held on paper, electronically, or otherwise) about our residents and tenants, and we recognise the need to treat it in an appropriate and lawful manner, in accordance with the General Data Protection Regulation (“GDPR”). The purpose of this Privacy Notice is to make you aware of how we will handle your personal data.

Our Data Protection Representative is Louise Marsh who can be contacted at gdpr@tynegroup.org.uk

You should read this Privacy Notice so that you understand how we will handle your Personal Data.

We reserve the right to amend this Privacy Notice at any time. Any amended versions of this Privacy Notice will be published on our website at www.tynehousing.org.uk and we advise that you check this webpage periodically for any updated versions of this Privacy Notice.

2.0 What we collect, why we collect it and how we use it

We will collect and use personal data about individual residents /tenants and/or service users as detailed in the Appendix to this Privacy Notice.

3.0 Ensuring your personal data is accurate

It is important for us to keep the personal data we store about you accurate and up to date. We will take every reasonable step to erase or rectify inaccurate data without delay. Please tell us if your personal details change or if you become aware of any inaccuracies in the personal data we hold about you. We will also contact you if we become aware of any event which is likely to result in a change to your personal data.

4.0 Retaining your personal data

Unless a longer period is required or allowed by law, we will not keep your personal data for longer than is necessary for the purpose(s) for which we process it. This means that data will be destroyed or erased from our systems when it is no longer required or the data is no longer needed to satisfy any legal, accounting or reporting requirements.

5.0 What rights do you have in respect of your personal data?

You have the right to:

  • Request access to any personal data we hold about you.
  • Have any inaccurate personal data which we hold about you rectified.
  • Have incomplete personal data completed.
  • Request we delete or remove your data from our systems.
  • Have the processing of your personal data restricted, in certain circumstances.
  • In certain circumstances, be provided with the personal data that you have supplied to us, in a portable format that can be transmitted to another data controller without hindrance.
  • Object to certain types of processing, including automated processing (which includes profiling) and processing for direct-marketing purposes.
  • Not be subjected to a decision that is based solely on automated processing which produces a legal effect or which has a similar significant effect for you.

If you wish to exercise any of the rights set out above, you must make the request in writing to Louise Marsh who can be contacted at gdpr@tynegroup.org.uk

If you have given us your consent to process any aspect of your Personal Data, you have the right to withdraw your consent to that processing at any time. Please contact Louise Marsh who can be contacted at gdpr@tynegroup.org.uk if you wish to do so.

6.0 How we keep your data secure

Keeping your data secure is important to us. We use reasonable and up to date security methods to keep your data secure and to prevent unauthorised or unlawful access to your Personal Data, and against the accidental loss of, or damage to, Personal Data.

We have in place procedures and technologies to maintain the security of all Personal Data from the point of collection to the point of destruction. We will ensure your Personal Data is only accessible by those who need to see your data for their specific role. We will only transfer personal data to a third party if that third party agrees to comply with those procedures and policies, or if they put in place adequate measures themselves.

7.0 Providing information to third parties

7.1. We will share your data with our employees and agents who need to access your data in order that we can comply with our legal, contractual and statutory duties. All of our employees have been trained in data protection and understand the need to keep your information confidential.

7.2. In addition to our employees, we also use service providers who may process Personal Data on our behalf (for example, to provide support services to residents/tenants or service users) and/or other members of the Tyne Housing for administration purposes. Apart from our employees and service providers, we will not disclose your Personal Data to a third party without your consent unless we are satisfied that they are legally entitled to the data. Where we do disclose your Personal Data to a third party, we will have regard to the principles of data protection.

7.3. We may disclose your personal information to third parties:
7.3.1. in the event that we sell or buy any business or assets, in which case we may disclose your Personal Data to the prospective seller or buyer of such business or assets
7.3.2. if all or part of our assets are acquired by a third party, in which case Personal Data held by us may be one of the transferred assets; and
7.3.3. if we are under a duty to disclose or share your Personal Data in order to comply with legal obligations or to protect our rights, property, or safety of our residents, tenants, service users, suppliers or employees. This includes exchanging information with other companies and organisations for the purposes of the provision of health services and crime prevention.

7.4. If your Personal Data is provided to any third parties, you are entitled to request details of the recipients of your Personal Data or the categories of recipients of your Personal Data.

8.0 Transferring your personal data outside the UK or EEA

We will not transfer your Personal Data outside the UK or the European Economic Area (“EEA”) unless such transfer is compliant with the GDPR. This means that we cannot transfer any of your Personal Data outside the UK or EEA unless:
The UK government or EU Commission has decided that another country or international organisation ensures an adequate level of protection for your Personal Data; or
The transfer of your Personal Data is subject to appropriate safeguards, which may include:
Binding corporate rules
Standard data protection clauses adopted by the UK government or the EU Commission; or
One of the derogations in the GDPR applies (including if you explicitly consent to the proposed transfer).

We currently transfer Personal Data outside the UK and the EEA as some personal data is stored on servers based outside the EEA.

9.0 Breaches of data protection principles

If you consider that the data protection principles have not been followed in respect of Personal Data about yourself or others, please notify us as soon as possible after becoming aware.

We keep a log of all data breaches whether they require reporting to the ICO or not.

We are obliged to notify the Information Commissioner’s Office without undue delay, and where feasible, no later than 72 hours of becoming aware of a data breach, unless we consider that the personal data breach is unlikely to result in a risk to the rights and freedoms of the affected data subjects.

10.0 Right to lodge a complaint

If you have any issues with our processing of your Personal Data and would like to make a complaint, you may contact the Information Commissioner’s Office on 0303 123 1113 or at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

Appendix 1 – Prospective and current Residents, Tenants and service users data

We will collect and process the following data about prospective and current residents, tenants and service users:

  • full name, previous names and aliases
  • date of birth;
  • gender, race, ethnic origin
  • job title;
  • National Insurance number
  • telephone number;
  • email address;
  • home address and previous addresses;
  • emergency contact details;
  • details of your income including any benefits;
  • details of your outgoings including debts, fines and other financial obligations;
  • rent payment records;
  • bank account;
  • details of previous work experience, training and qualifications;
  • details of your needs when providing advice and/or support services;
  • details of any offences, ex-offences and cautions;
  • information regarding your health including physical and mental;
  • documentation and correspondence from other agencies relating to any of your needs;
  • records of your correspondence and engagement with us;
  • photographs, video or audio recordings;
  • CCTV images;
  • details of any complaints, harassment and/or anti-social behaviour;
  • safeguarding details and alerts;
  • notes or minutes of meetings held with other agencies about you and subsequent reports;
  • biographical information; and
  • any other information you share with us.

The information will be collected from:

  • you directly, including any paper forms you complete;
  • information from the IT systems we and/or support agencies and organisations have;
  • referral agents which may include the Police, prison service, NHS, other housing providers, health professionals, social care services, local authorities;
  • telephone conversations, email correspondence or face-to-face interactions;
  • digital forms completed via our website, or online surveys;
  • publicly available sources; and
  • communication via social media.

We process the personal data about you for the following purposes:

  • to provide housing and any ancillary support services to you;
  • to provide marketing information to you in respect of our services;
  • for credit checking purposes, in certain circumstances;
  • dealing with queries in respect of our housing and/or support services;
  • to allow you to interact with us on social media;
  • to identify a local connection; and
  • to provide statistical data to our commissioners and regulators.

Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing non-special category data are:

  • You have provided your consent to us processing your Personal Data. You are able to withdraw your consent at any time.
  • You can do this by contacting gdpr@tynegroup.org.uk
  • We are contractually obliged to process your Personal Data.
  • We are legally obliged to process your Personal Data; or
  • The processing is necessary for the purposes of our legitimate interests or those of a third party, and these legitimate interests are not overridden by your fundamental rights and freedoms.

Some of the above grounds for processing will overlap and there may be several grounds which justify our processing of your Personal Data.

In relation to our processing of any special category data (i.e. sensitive data that relates to you, such as data relating to your health, racial or ethnic origin or sexual orientation), the lawful bases we rely on for processing this data are:

  • It is necessary for us to assess your particular housing, health or other support needs, so that we can comply with our obligations under social protection law and as a social landlord;
  • If you have given your explicit consent to the processing of such data for one or more specific purposes;
  • If you have made such data public; or
  • in some cases, we may need to process this data to protect your vital interests (or those of another individual), where you or another person is physically or legally incapable of giving consent.

Some of the above grounds for processing will overlap and there may be several grounds which justify our processing of your special category data.