1. Who we are
Greenfields Community Housing Ltd gathers and processes your personal information in accordance with this privacy notice and in compliance with the relevant data protection Regulation and laws (e.g. General Data Protection Regulation GDPR). This notice provides you with the necessary information regarding your rights and our obligations, and explains how, why and when we process your personal data.
Greenfields Community Housing Ltd’s registered office is at Greenfields House, Charter Way, Braintree, Essex, CM77 8FG and we are a company registered in England and Wales under company number IP30124R. We are registered on the Information Commissioner’s Office (ICO) Register registration number Z1122456, and act as the “Data Controller”. Our designated person for the organisation is Helen Harvey who can be contacted at DPA-FOI@GreenfieldsCH.org.uk
2. What information do we collect about you?
Greenfields Community Housing Ltd processes your personal information to meet our legal, statutory and contractual obligations and to provide you with information about our products/services. We will never collect any unnecessary personal data from you and we will not process your information in any way, other than as specified in this notice. We collect information using cookies (see the section on cookie notice below).
3. How will we use your Personal Data? (Legal Basis for Processing)
We take your privacy very seriously and will never disclose, share or sell your data without your consent; unless required to do so by law. We only retain your data for as long as is necessary and for the purpose(s) specified in this notice. Where you have consented to us providing you with promotional offers and marketing, you are free to withdraw this consent at any time.
The purposes and reasons for processing your personal data are detailed below:
- To respond to your interest in our services
- To respond to any enquiries you make
- For the performance of a contract or to provide a service
- To maintain our own accounts and records
- To process financial transactions including payment for goods and services
- To help investigate complaints or concerns you have raised or provided
- As part of our legal obligation for business accounting and tax purposes
- We have a legal obligation to share your personal data with for example, a credit reference agency or any other 3rd parties who might provide us with financial background checks prior to you commencing your tenancy with us
- Used for direct marketing purposes to keep you updated with products/services and or latest marketing news (We will occasionally send you marketing information where we have assessed that it is beneficial to you as a customer and in our interests. Such information will be non-intrusive and is processed on the grounds of legitimate interests). You can, however, exercise your right under The General Data Protection Regulation to opt out of receiving any direct marketing
- In certain circumstances, such as a serious concern for safeguarding or welfare it may be necessary for us to contact statutory agencies (Police, Social Services & the Mental Health Team) and/or the Local Authority to enable us to support you in sustaining your tenancy. The information will be processed on the grounds of vital interest. In addition, we may also rely on vital interest to gain access to your property (mainly for housing for older people) in situations where we have serious concerns for your safety
- Our processing may also include the use of CCTV systems for the prevention and prosecution of crime. This may be shared with the police for example as a legal obligation.
4. Your rights
You have the right to access and request any personal information that we hold and process about:
- What personal data we hold about you
- The purposes of the processing
- The categories of personal data concerned
- The recipients to whom the personal data has/will be disclosed
- How long we intend to store your personal data for
- If we did not collect the data directly from you, information about the source
This can be done by completing a Subject Access Request application through our website or by writing to us at our registered address.
If you believe that we hold any incomplete or inaccurate data about you, you have the right to ask us to correct and/or complete the information and we will strive to correct it as quickly as possible; unless there is a valid reason for not doing so, at which point you will be notified.
You also have the right to request erasure of your personal data or to restrict processing (where applicable) in accordance with the data protection laws; as well as to object to any direct marketing from us; to exercise your data portability rights, and to be informed about any automated decision-making we may use. You can request for access we hold on you at any time. Please email us at DPA-FOI@GreenfieldsCH.org.uk or write to us for the Attention of the Data Protection Officer at Greenfields Community Housing Ltd, Greenfields House, Charter Way, Braintree, Essex, CM77 8FG.
If we receive a request from you to exercise any of the above rights, we may ask you to verify your identity before acting on the request; this is to ensure that your data is protected and kept secure.
5. Sharing and disclosing your Personal Information
Information will be used across the organisation to ensure you are receiving all services you have requested; ensure your information is accurate and up to date and to promote other products Greenfields offers and/or to keep you updated with the latest news. We may also share your information with third parties such as suppliers, contractors, etc. to deliver services, or for research purposes to enable us to gather your views on the services we are providing.
On occasions, we use third parties to either store personal information or process it on our behalf. Where we have these arrangements, there is always a contract, memorandum of understanding or information sharing protocol in place to ensure that the organisation complies with data protection laws. All processors acting on our behalf only process your data in accordance with instructions from us and comply fully with this privacy notice, the data protection laws and any other appropriate confidentiality and security measures. We will not sell your information for direct marketing and on occasions when we use your personal data for research into various topics and services, the data will usually be anonymized to avoid the identification of an individual, unless consent has been given for the use of the personal data.
We will not share or disclose any of your personal information without your consent, other than for the purposes specified in this notice or where there is a legal requirement or a vital interest to do so. However, there will be times when we investigate a complaint about a service, we may need to share personal data across the organisation and with other relevant bodies (e.g. those we have commissioned to deliver services(s) on Greenfields’ behalf or those we are in partnership with). You can obtain further information on:
- Information Sharing & Partnership Agreements we have with other organisations we work with to deliver services
- Circumstances where we could pass personal data without your consent (e.g. prevention or detection of crime / fraudulent activity, if there is a serious risk to the public, our staff or to other professionals, to protect a child, to protect adults who are thought to be at risks, for example if they are frail, confused or cannot understand what is happening to them or where there is a risk to you and the risk is sufficiently serious that the need to disclose your information is more important than protecting your confidentiality.
6. Safeguarding measures
We take your privacy seriously and take every reasonable measure and precaution to protect and secure your personal data whether electronically or in paper format. We work hard to protect you and your information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures in place, including: – measures such as SSL, TLS, encryptions, filtering, restricted access, IT authentication, firewalls, anti-virus/malware etc. Your personal information will only be made available to those who have right to see them.
7. Transfers outside the EU
Personal data in the European Union is protected by the General Data Protection Regulation (GDPR) but some other countries may not necessarily have the same high standard of protection for your personal data. We utilise some products or services (or parts of them) that may be hosted/stored in non-EU countries e.g. the US or a third country, which means that we may transfer any information which is submitted by you through the website outside the European Economic Area (EEA) such as website hosting, email servers, marketing database (i.e. MailChimp, Email Server etc.)
Therefore, when you use our website, send us an email or sign up to our newsletter etc. the personal information you submit may be stored on servers which are hosted in non-EU countries. Where this is the case, we will take steps to ensure that those providers use the necessary level of protection for your information and abide by strict agreements and measures set out by the ICO to protect your data and comply with the relevant data protection laws.
8. Legitimate interests
As noted in the ‘How We Use Your Personal Data’ section of this notice, we occasionally process your personal information under the legitimate interests’ legal basis. Where this is the case, we have carried out a thorough Legitimate Interests’ Assessment (LIA) to ensure that we have weighed your interests and any risk posed to you against our own interests, ensuring that they are proportionate and appropriate. We use the legitimate interests’ legal basis for processing for our marketing and research.
9. How long do we keep your data?
We only ever retain personal information for as long as is necessary and we have strict review and retention policies in place to meet these obligations. Retention periods will differ depending on the reason we collected the information and whether we are legally required to keep personal data for certain periods or indefinitely. For example, we are required under UK tax law to keep your basic personal data (name, address, contact details) for a minimum of 6 years after which time it will be destroyed. Where you have consented to us using your details for direct marketing, we will keep such data until you notify us otherwise and/or withdraw your consent.
10. Special Categories data
Owing to the products and services we offer, we sometimes need to process sensitive personal information (known as special category data) about you. Where we collect such information, we will only request and process the minimum necessary for the specified purpose and identify a compliant legal basis for doing so. Where we rely on your consent for processing special category data, we will obtain your explicit consent through an “opt in” process. You can modify or withdraw consent at any time, which we will act on immediately, unless there is a legitimate or legal reason for not doing so.
11. Cookie notice
A ‘cookie’ is a small piece of data sent from a website and stored on the user’s computer by the user’s web browser while the user is browsing. Cookies are widely used to enable the websites to work properly (e.g. ensuring that the right personal information collected is attached to the individual who submitted it) when collecting information you have provided to the Data Controller. You may delete and block cookies if you wish from this site, however, please be aware that this could affect the functioning of this website. If you would like further information relating to cookies and what they do and how to delete them, please visit www.aboutcookies.org or www.allaboutcookies.org.
12. Visiting our website
We do not make any attempt to find out the identities of those visiting our websites. We will not associate any data gathered from this site with any personally identifying information from any source.
If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.
13. Third party cookies
We sometimes embed video content and photos from websites such as YouTube and the embedded content may present cookies from these websites. Similarly, when you use one of the share buttons on our website, a cookie may be set by the service you have chosen to share content through.
You should check the relevant third-party website for more information about these cookies as this policy does not cover links to other websites.
14. Accepting cookies
16. Links to other websites
17. Lodging a complaint
We only process your personal information in compliance with this privacy notice and in accordance with the relevant data protection laws. If, however, you wish to raise a complaint regarding the processing of your personal data or are not satisfied with how we have handled your information or our response, you have the right to lodge a complaint with the supervisory authority. Please see contact details below:
Information Commissioner’s Office
Wilmslow SK9 5AF