As part of our commitment to ensuring we provide you with a first class service, we have updated our Privacy Statement. The Data Protection Act 2018 came into force in the UK on 25th May 2018 and brings in key changes to the requirements and obligations on organisations like ours to further protect personal data.
We would like to ensure you are aware of why we collect your data, how we use it and our legal basis for using it. Please take the time to familiarise yourself with our data protection related ways of working.
We, meaning Network Homes Ltd and all associated group companies (“Network Homes”), as the Data Controller, who can be contacted at Olympic Office Centre, 8 Fulton Road, Wembley, HA9 0NU are committed to respecting your privacy and complying with applicable data protection and privacy laws. This notice outlines how we collect and use your information. We will treat any personal information which you provide to us in accordance with Data Protection legislation, including but not limited to the Data Protection Act 2018 (the “DPA”) and General Data Protection Regulation (Regulation (EU) 2016/679) (the “GDPR”).
This statement was last updated on 11 June 2018.
When requesting information about our services you may use a contact form where you are asked to enter your name, email address, postcode, phone number or other details to help your customer experience. Our forms also allow you to report incidents regarding anti-social behaviour. If you are a resident, we collect information when you log in to our portal to pay your rent or request a repair. We collect your username, password and email address when you register on our resident portal for an account. For individuals who use our vacancies page, we may collect information about your career history and your contact details to ensure we can assess your suitability for any vacancies you express an interest in.
We may collect information about how you use our website to keep improving the way it works. We may collect statistics on how many people are visiting our website pages, where they come from, when they visit and how long they stay and what pages they look at. This will include information about the originating IP addresses (which may infer your geographic location), internet service providers,the files viewed on our site and time stamps.
We may associate your device with your account if you log into our resident portal. We may use this type of information to give us insights into services our customers may like and how our website marketing is performing. We may also look at the browser, operating systems and devices you use to make sure you get a good online experience however you access our sites. See our Cookies page to find out more.
Any personal information we require from you will be used as described in this policy and in alignment with Data Protection principles and practices. We use the information you supply:
- To respond to your enquiry (e.g. When you submit information for reporting anti-social behaviours)
- To contact you regarding property you have registered an interest in
- To coordinate repairs that you have requested (if you are a resident)
- To coordinate the payment of your rent (if you are a resident)
- To manage any remedial works required to your home and, if necessary, provide temporary accommodation to you
- To comply with relevant legislation and regulation.
If you are one of our residents, we will require information about you in order to support you during your time in the property and manage your tenancy or lease with us. Additionally we may require information about you to fulfil contractual obligations agreed in the contract with us.
We will collect varying amounts of personal information from you from the start of your tenancy sign-up throughout your time as our resident. This could include call recordings to and from our contact centre to help us improve our services and support any ongoing investigations/claims.
We may also process your information whilst sending you service-related updates and communications. Where updates we send to you are required to provide you with the necessary and legitimate services, we will not provide any opt-out mechanism, however where there is a marketing or sales element, we will ensure you are able to opt-out or unsubscribe from receiving further information.
If you are an occupier of one of our properties but not a tenant, a customer or simply interested in the services we provide, we may request information from you when you contact us in order to respond to your queries and to ensure we are able to provide you with the right services and equally provide you with value for time. We may also process information when sending you relevant updates to services or products that are aligned with your interest. You will be given the opportunity to opt-out of receiving any further information in alignment with your rights.
We may equally request and retain data from you if we are undertaking a tenancy audit and you are occupying one of properties. We do this for the legitimate business reason of ensuring we can detect, investigate and prevent tenancy fraud. Depending on the progress of the audit and if further investigations result, this data may be shared with relevant professionals and authorities on the lawful basis of legal proceedings having to be undertaken. We may request your consent to collect and process some of the data we require from you if you are not one of our confirmed tenants, however there may be instances where this is not required. We will ensure you are kept fairly notified of our reasons for requesting and processing your data at all times.
If you are a prospective employee and are interested in any of our vacancies, we may request information on your career history and CV in order to ensure your suitability for the vacancy in which you have expressed an interest. We will also process information about you further if we select you for interview to go through our recruitment process.
Based on the variety of services we provide, we rely on different lawful basis when processing your data. We may process your data to fulfill our contractual responsibility to you as a resident, staff member or supplier. We may also process your data to allow us to achieve our legitimate interests as an organisation that deliver and manage the provision of housing services. There may be particular instances where we require your consent for processing your data. We will ensure consent obtained is aligned with current applicable legislation and is specific and informed.
We may sometimes undertake research and analysis to further improve and enhance our services for you and also to meet our strategic objectives, which will require us to process your data. Research may involve collecting data, such as surveys, interviews or focus groups. We may also analyse internal data, such as income collection, repairs, complaints and lettings, although this list is not exhaustive. When processing personal data for research, we ensure to adopt appropriate safeguards such as pseudonymisation (where the data is not fully identifiable) and anonymisation (where there is no possibility of identification of an individual) of the data – which makes the data harder (Pseudonymisation) or impossible (anonymisation) to trace back to any one individual.
We are committed to to ensuring we take all reasonable steps to protect your personal information. We secure access to our website pages using ‘https’ technology which ensures information being communicated from our website to you is protected from interference by attackers. We have also implemented the Payment Card Industry Standard PCI which ensures we are employing best practice when undertaking activities that involve being in contact with payment card data. We are also cyberessentials certified which is a certification that demonstrates a good level of cyber security protection and posture.
We utilise cookies to enhance your browsing experience. Details can be found on our cookies page.
We sometimes share your personal data with trusted third parties for the purposes of carrying out our legitimate interests as a business. For example, contractors for doing repairs on your home, employment services professionals to support your interests in getting into work, agencies who may help you in your particular community or local authorities who we engage with as part of our service delivery to you. We may also share your personal data with electricity, water or gas companies where we are satisfied that there is an appropriate lawful basis to do so, such as a tenant being responsible for paying a bill.
We aim to ensure:
- We only provide the minimal amount of information to the third party required to perform their duties
- They only use your data for the exact purposes we specify in our contract with them
- We work closely with them to ensure that your privacy is respected and protected
- If we stop using their services, any of your data held by them will either be deleted or rendered anonymous.
Sharing your data with Local Government: CORE
As a social housing provider, we are required by the Ministry of Housing, Communities and Local Government (MHCLG) to submit data on social lettings as part of the national monitoring requirements for allocation of social housing. CORE stands for the continuous recording of lettings and sales in social housing in England. It is a national information source that records information on the characteristics of both private registered providers and local authority new social housing tenants and the homes they rent.
This data is only provided to central government in a highly pseudonymised form. The data is submitted through a website and only accessible by individual logins and passwords. The CORE dataset includes information on the letting or sale, type of tenancy or sale, rents and charges and demographic information about the tenant. The dataset in CORE does not contain direct personal identifiers but when taken as a whole the data allows social tenants to be identified. This is because the dataset may contain unique property reference numbers or even full postcode data. The dataset also contains information which is very sensitive and may be related to such information as whether the social housing tenant has been in prison or probation or referred by a mental health institution.
The data is protected by standards aligned with Government Security Standards. The legal basis for sharing this data is for the purpose of research and analytical purposes. And the MHCLG process this data for the purpose of carrying out a task in the public interest. For more information or if you have any queries on CORE please contact firstname.lastname@example.org or see their privacy statement on their website.
Sharing your data with third parties for customer surveys
We will share your name and contact details with appropriate third parties who will carry out email or telephone customer satisfaction survey’s on our behalf to enable us to improve our services - this also includes surveys for development, including buying a new home.
If you do not want to be included in these surveys, please email email@example.com.
We'd love for you to take part in the surveys and have your say. We love to hear when we're doing great, but we also want to know your feedback about any areas which you think need improving.
We aim to not contact anyone who is signed up to the telephone preference service and you will be given an opportunity at the time of any call to not participate.
Information is only kept as long as necessary for the period it is required. When deciding how long we keep your information we take into account any minimum retention requirements set out in law; for example, financial and statutory reporting requirements mean we must keep certain records for a period of 7 years. Depending on the purpose for which we hold your hold your personal data, retention periods may vary.
You have the right :
- To request access to the personal data we hold about you , without charge (certain exceptions apply and more information is available here)
- To request correction of your personal data if it is incorrect or out of date. If the data we hold about you is out of date, incomplete or incorrect you can inform us and your data will be updated.
- To request to withdraw consent for processing your data if that process relies on consent
- To request that we delete your data. If you feel we should no longer be using your data you can request that we erase the data that we hold. Upon receiving a request for erasure we will confirm whether it has been deleted or the reason why it cannot be deleted (for example because we have a legal obligation to keep the information or we need it for a compelling legitimate business interest).
- The right to object to processing of your data. You may request that we stop processing information about you. Upon receiving your request we will contact you and let you know if we are able to comply or if we have legitimate grounds to continue to process your data. Even after you exercise your right to object, we may continue to hold your data to comply with your other rights or bring or defend legal claims.
- To request that we transfer your data to another controller if the data is processed by automated means (ie excluding paper files)
- The right to request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
You may contact us at firstname.lastname@example.org to exercise these rights.
We will comply with your request where it is feasible to do so, within one calendar month of receiving your request. There are no fees or charges for the first request. However additional requests for the same data may be subject to an administrative fee of £25 per request.
Where we need your consent to hold your information we will ask you to confirm your consent in writing and we will inform you why we are collecting the information, how we will use it, how long we keep it for, who else will have access to it and what your rights are as a data subject. Where we do rely on consent you have the right to change your mind and withdraw that consent at any time by writing to us. If you withdraw your consent we will immediately cease using any personal information obtained and processed under that consent unless we have some other legal obligation to continue to use it.
Reporting a Data Breach
Should you find out that there has been a loss of personal data that we use or manage, or an unlawful use or disclosure of this data, please report this to us by contacting our Data Protection Officer on email@example.com.
Contacting the Information Commissioner
If you feel that your data has not been handled correctly and following liaison with our Data Protection officer, you are still not satisfied with responses received to any requests you have made regarding the use of your data, you have the right to lodge a complaint with the Information Commissioner’s office (ICO). You can contact them by calling 0303 123 1113 or go online to www.ico.org.uk. If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence.
We have taken steps to ensure all personal data is provided with adequate protection and that all transfers of personal data outside the UK are done lawfully. Where data is shared within the EU member states it is protected by the principles and rights inferred by the General Data Protection Regulations. There may be occasions when we transfer data outside the EEA and when doing so we will only share data with countries who have adequacy status.
We use Survey Monkey for our satisfaction and research surveys. Survey Monkey EU is contracted to Survey Monkey Inc and as such is an American company that is certified by the EU – US privacy shield framework.