1. Who we are
Greenfields Community Housing Ltd gathers and processes your personal information in accordance with this privacy notice and in compliance with the relevant data protection Regulation and laws (e.g. General Data Protection Regulation GDPR). This notice provides you with the necessary information regarding your rights and our obligations, and explains how, why and when we process your personal data.
Greenfields Community Housing Ltd’s registered office is at Greenfields House, Charter Way, Braintree, Essex, CM77 8FG and we are a company registered in England and Wales under company number IP30124R. We are registered on the Information Commissioner’s Office (ICO) Register registration number Z1122456, and act as the “Data Controller”. Our designated person for the organisation is David Hall who can be contacted at DPA-FOI@GreenfieldsCH.org.uk
2. Information about you?
3. The information we collect about you
The information we collect about you may be based on the relationship we have with you or the service we provide you. We may collect information such as: your name, dates of birth, photographic ID, contact details so that we can communicate with you, your previous housing circumstances to assess your application, information about other household members (Please note that it is your responsibility to get the consent of other household members prior to sharing their information with us), information about your needs and requirements to ensure our services are accessible and we take care of your support needs in our dealings with you; for example if you need adaptations in your home. In addition, we record information in our housing management system to deliver our housing management services including reports of anti-social behaviour, complaints, change in circumstances, mutual exchanges, repairs. We keep financial records on the amount of money you have paid us and information on refunds that may be due to you. Furthermore, we may also record your telephone calls to us, as some calls to our customer service centre are recorded for training and monitoring purposes to ensure we are delivering an excellent service, we also capture images on our CCTV systems in some of our properties and offices.
We have a self-service portal that enables our tenants to access their rent records, log repairs, update their personal details, notify us of anti-social behaviour, make a complaint or check your rent statements. We collect information when you log in to our portal, for example, to pay your rent or request a repair. We collect your username, password and email address when you register on our resident portal for an account
The list is not exhaustive, as we hold records of most contact we have with you, or about you, and we process this information, so we can deliver our services to you.
We will only ask for personal information that is appropriate to enable us to deliver our services. In some cases, you can refuse to provide your details if you deem a request to be inappropriate. However, you should note that this may impact our ability to provide some services to you if you refuse to provide information that stops us doing so.
4. How will we use you Personal Data? (Legal Basis Processing)
We take your privacy very seriously and will never disclose, share or sell your data without your consent; unless required to do so by law. We only retain your data for as long as is necessary and for the purpose(s) specified in this notice. Where you have consented to us providing you with promotional offers and marketing, you are free to withdraw this consent at any time)The purposes and reasons for processing your personal data may be for example, to respond to your interest in our services, to respond to any enquiries you make, to perform a contractual agreement, to maintain our own accounts and records, to process financial transactions including payments for goods and services, to help investigate complaints or concerns you have raised, for marketing purposes amongst others.
We will rely on at least one of the following lawful bases for processing your information:
- Consent: You have given explicit consent for us to process your personal data for a specific purpose. You will have the right to withdraw your consent at any time. For example, where you have consented to us providing you with promotional offers and marketing.
- Contractual: We need to process your data to enter into a tenancy or other contractual agreement with you and to meet our obligations under that contract or because you have asked us, or we need to take specific steps before entering into a contract with you.
- Legal Obligation: The processing is necessary for us to comply with the law. For example, processing your legal status to stay in the UK to check your entitlement to housing or as part of our legal obligation for business accounting and tax purposes, shared with credit reference agency or any other third party who might provide us with financial background checks prior to you commencing your tenancy with us and to comply with health and safety legislation. In addition, we may share information from our CCTV systems with the police as our legal obligation.
- Vital Interest: The processing is necessary to protect someone’s life. This will only apply to a situation of life and death where it is difficult or practically impossible to get your consent.
- Public Interest: Where we process special categories of data such as health data, personal data revealing racial or ethnic origin, sexual orientation and religious or philosophical beliefs, this is done for the purpose of equal opportunities monitoring with a view to enabling such equality to be promoted or maintained. Data that we use for these purposes is anonymized. In addition, we process your data where processing is necessary for the purposes of protecting an individual from neglect or physical, mental or emotional harm or protecting the physical, mental or emotional well-being of an individual. In certain circumstances, such as a serious concern for safeguarding or welfare it may be necessary for us to contact statutory agencies (Police, Social Services & the Mental Health Team) and/or the Local Authority to enable us to support you in sustaining your tenancy. In addition, we may also rely on this lawful basis to gain access to your property (Mainly for housing for older people) in situations where we have serious concerns for your safety.
- Legitimate interest: The processing is necessary for our legitimate interests, or the legitimate interest of a third party, unless there is a good reason to protect your personal data which overrides those legitimate interests. This may include the processing of information from our CCTV systems for the prevention and prosecution of crime. We may also process your personal data in order to send you our newsletter. Also, your data may be used for direct marketing purposes to keep you updated with products / services and or latest marketing news (We will occasionally send you marketing information where we have assessed that it is beneficial to you as a customer and in our interests. Such information will be non-intrusive and is processed on the grounds of legitimate interests). You can however exercise your right under The General Data Protection Regulation to opt out of receiving any direct marketing.
5. Your Rights
- You have the right to access and request (without charge) any personal information that we hold and process about:
- You have the right to request a correction of your personal data if it is incorrect or out of date. We will strive to correct it as quickly as possible; unless there is a valid reason for not doing so, at which point you will be notified. You can also send a request on our self-service portal.
- You have the right to withdraw your consent for processing your data if the processing was based on consent.
- You have the right to request we delete your data. If you feel we should no longer be using your data, you can request that we erase the data that we hold. Upon receiving a request for erasure, we will confirm whether it has been deleted or the reason why it cannot be deleted for example because we have a legal obligation to keep the information or we need it for a compelling legitimate business interest.
- You have the right to object to processing of your data. You may request that we stop processing information about you. Upon receiving your request, we will contact you and let you know if we are able to comply or if we have legitimate grounds to continue to process your data. Even after you exercise your right to object, we may continue to hold your data to comply with your other rights or bring or defend legal claims.
- You have the right to request that we transfer your data to another data controller if the data is processed by automated means (This does not apply to paper files).
- You have the right to request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data:
(a) if you want us to establish the data’s accuracy
(b) where our use of the data is unlawful, but you do not want us to erase it
(c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims
(d) you have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.
You may exercise your rights by completing a Subject Access Request application through our website or by writing to us for the Attention of The Data Protection Officer at Greenfields Community Housing Ltd, Greenfields House, Charter Way, Braintree, Essex, CM77 8FG or by emailing us at DPA-FOI@GreenfieldsCH.org.uk
We will comply with your request where feasible to do so, within 30 days of receiving your request and appropriate identification documentations.
If we receive a request from you to exercise any of the above rights, we may ask you to verify your identity before acting on the request; this is to ensure that your data is protected and kept secure.
6. Sharing and Disclosing your personal Information
Information will be used across the organisation to ensure you are receiving all services you have requested; ensure your information is accurate and up to date and to promote other products Greenfields offers and/or to keep you updated with the latest news. We may also share your information with third parties such as suppliers, contractors, etc. to deliver services, or for research purposes to enable us to gather your views on the services we are providing or with the police, if relevant to safeguarding concerns or as part of a criminal investigation or with The Disclosure and Barring Service and where necessary, providers of services to verify identity documents and provide barred list checks.
On occasions, we use third parties to either store personal information or process it on our behalf. Where we have these arrangements, there is always a contract, memorandum of understanding or information sharing protocol in place to ensure that the organisation complies with data protection laws. All processors acting on our behalf only process your data in accordance with instructions from us and are obligated to comply fully with this privacy notice, the data protection laws, confidentiality and implement appropriate technical and organisational measures to ensure security of data. We will not sell your information for direct marketing and on occasions when we use your personal data for research into various topics and services, the data will usually be anonymized to avoid the identification of an individual, unless consent has been given for the use of the personal data.
We will not share or disclose any of your personal information without your consent, other than for the purposes specified in this notice or where there is a legal requirement, a public interest or a vital interest to do so. However, there will be times when we investigate a complaint about a service, we may need to share personal data across the organisation and with other relevant bodies (e.g. those we have commissioned to deliver services(s) on Greenfields’ behalf or those we are in partnership with). You can obtain further information on:
- Information Sharing & Partnership Agreements we have with other organisations we work with to deliver services
- Circumstances where we could pass personal data without your consent (e.g. prevention or detection of crime / fraudulent activity, if there is a serious risk to the public, our staff or to other professionals, to protect a child, to protect adults who are thought to be at risk, for example if they are frail, confused or cannot understand what is happening to them or where there is a risk to you and the risk is sufficiently serious that the need to disclose your information is more important than protecting your confidentiality.
7. Safeguarding Measures
We take your privacy seriously and take every reasonable measure and precaution to protect and secure your personal data whether electronically or in paper format. We work hard to protect you and your information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures in place, including: – measures such as SSL, TLS, encryptions, filtering, restricted access, IT authentication, firewalls, anti-virus/malware etc. Your personal information will only be made available to those who have right to see them.
8. Transfers Outside the EU
Personal data in the European Union is protected by the General Data Protection Regulation (GDPR) but some other countries may not necessarily have the same high standard of protection for your personal data. We utilise some products or services (or parts of them) that may be hosted/stored in non-EU countries e.g. the US or a third country, which means that we may transfer any information which is submitted by you through the website outside the European Economic Area (“EEA (i.e. website hosting, email servers, marketing database (i.e. MailChimp, Email Server etc). Therefore, when you use our website/send us an email/sign up to our newsletter etc. the personal information you submit may be stored on servers which are hosted in non-EU countries. Where data is transferred outside the EEA, then we will ensure that transfers will only be made to countries in respect of which the European Commission has made an “adequacy decision”, or otherwise will only be made with appropriate safeguards, such as the use of standard data protection clauses adopted or approved by the European Commission. You may contact us to enquire about such safeguards so that you may obtain a copy of them or so that we may direct you to them. For example, MailChimp is an online marketing platform operated by The Rocket Science Group LLC, headquartered in the US. MailChimp is a participant of EU-US Privacy Shield Framework which means they have been certified to comply with the necessary security required to safeguard data from the EU.
9. Legitimate Interests
As noted in the ‘How We Use Your Personal Data’ section of this notice, we occasionally process your personal information under the legitimate interests’ legal basis. Where this is the case, we have carried out a thorough Legitimate Interests’ Assessment (LIA) to ensure that we have weighed up your interests and any risk posed to you against our own interests, ensuring that they are proportionate and appropriate. We use the legitimate interests’ legal basis for processing for example, for our marketing and research, to carry out satisfaction surveys to help us monitor our performance and to improve our services to our customers, to send you our newsletters and for our CCTVs for the safety and prevention of crime on our properties.
10. How long we keep your Data
We only ever retain personal information for as long as is necessary and we have strict review and retention policies in place to meet these obligations. Retention periods will differ depending on the reason we collected the information and whether we are legally required to keep personal data for certain periods or indefinitely. For example, we are required under UK tax law to keep your basic personal data (name, address, contact details) for a minimum of 6 years after which time it will be destroyed. Typically, we will keep the data for our tenants for the life of their tenancy with us and for 6years post tenancy. Where you have consented to us using your details for direct marketing, we will keep such data until you notify us otherwise and/or withdraw your consent.
11. Special Categories Data
Owing to the products, services we offer, we sometimes need to process sensitive personal information (known as special category data) about you, such as ethnic origin, sexual orientation, religious or philosophical beliefs and health data. Where we collect such information, we will only request and process the minimum necessary for the specified purpose, for example, for the purposes of equal opportunities monitoring. Data that is used is anonymized or used with your explicit consent, which can be withdrawn at any time You are free to decide whether or not you provide such data and there are no consequences of failing to do so. We may also rely on substantial public interest to process such data for equal opportunity monitoring. You can request for your data not to be processed for such at any time, which we will act on immediately, unless there is a legitimate or legal reason for not doing so.
12. Automated Decision Making
Some elements of our recruitment processes include automated decision making, for example, application forms received for job vacancies are automatically sifted on Rights to Work in the UK, if answered ‘No’, this will stop the application process proceeding. If answered ‘Yes’, further sifting can take place on keywords outlined in the essential and desirable criteria required for the role. There may also be automated decision-making dependent on the requirements for the role, for example, a driving licence and use of a car may be required (if suitable for the role).
13. Cookie Notice
What are cookies?
A ‘cookie’ is a small piece of data sent from a website and stored on the user’s computer by the user’s web browser while the user is browsing. Cookies are widely used to enable the websites to work properly (e.g. ensuring that the right personal information collected is attached to the individual who submitted it) when collecting information, you have provided to the Data Controller. You may delete and block cookies if you wish from this site, however, please be aware that this could affect the functioning of this website. If you would like further information relating to cookies and what they do and how to delete them, please visit www.aboutcookies.org or www.allaboutcookies.org.
14. Visiting Our Website
We do not make any attempt to find out the identities of those visiting our websites. We will not associate any data gathered from this site with any personally identifying information from any source.
If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.
15. Third Party Cookies
We sometimes embed video content and photos from websites such as YouTube and the embedded content may present cookies from these websites. Similarly, when you use one of the share buttons on our website, a cookie may be set by the service you have chosen to share content through.
You should check the relevant third-party website for more information about these cookies as this policy does not cover links to other websites.
16. Accepting Cookies
18. Links to other Websites
19. Lodging a Complaint
We only process your personal information in compliance with this privacy notice and in accordance with the relevant data protection laws. If, however you wish to raise a complaint regarding the processing of your personal data or are not satisfied with how we have handled your information or our response, you have the right to lodge a complaint with the supervisory authority. Please see contact details below:
Information Commissioner’s Office