DATA PROTECTION POLICY No5 & No.47 Properties Ltd

Who are we and how do you contact us?
We are No.5 & No.47 Properties Ltd and have been in business for nearly 20 years providing affordable rental housing for the people of Shropshire and surrounding areas for nearly 20yrs.

Our business address is;

No.5 & No.47 Properties Ltd,  Glovers Meadow Business Centre, Maesbury Road, Oswestry, Shropshire SY10 8JN. Telephone: 01691 66 88 05

We are a data controller of your business/personal data. You can contact us by writing to the above address, marking it for the attention of the Data Protection Department or emailing to; info@no47properties.co.uk

GENERAL

1. The Company takes the security and privacy of your data seriously. We need to gather and use information or ‘data’ about you as part of our business and to manage our relationship with you. We intend to comply with our legal obligations under the Data Protection Act 2018 (the ‘2018 Act’) and the EU General Data Protection Regulation (‘GDPR’) in respect of data privacy and security. We have a duty to notify you of the information contained in this policy.

2. This policy applies to current and former tenants and contractors, workers, volunteers, and consultants. If you fall into one of these categories then you are a ‘data subject’ for the purposes of this policy. You should read this policy alongside your contract for services or tenancy and any other notice we issue to you from time to time in relation to your data.

3. The Company is a ‘data controller’ for the purposes of your personal data. This means that we determine the purpose and means of the processing of your personal data.

4. This policy explains how the Company will hold and process your information. It explains your rights as a data subject.

5. This policy does not form part of your contract of tenancy or contract for services (if relevant) and can be amended by the Company at any time. It is intended that this policy is fully compliant with the 2018 Act and the GDPR.

 

DATA PROTECTION PRINCIPLES

6. Personal data must be processed in accordance with six ‘Data Protection Principles.’ It must:

1)      be processed fairly, lawfully and transparently;

2)      be collected and processed only for specified, explicit and legitimate purposes

3)      be adequate, relevant and limited to what is necessary for the purposes for which it is processed

4)      be accurate and kept up to date. Any inaccurate data must be deleted or rectified without delay

5)      not be kept for longer than is necessary for the purposes for which it is processed; and

6)      be processed securely.

HOW WE DEFINE PERSONAL DATA

7. ‘Personal data’ means information which relates to a living person who can be identified from that data (a ‘data subject’) on its own, or when taken together with other information which is likely to come into our possession. It includes any expression of opinion about the person and an indication of the intentions of us or others, in respect of that person. It does not include anonymised data.

8. This policy applies to all personal data whether it is stored electronically, on paper or on other materials.

9. This personal data might be provided to us by you, or someone else (such as a former landlord, your employer, or a benefits team or other related agency), or it could be created by us. It could be provided or created during the tenancy process or during the course of the contract of services or after its termination of a tenancy.

10. We will collect and use the following types of personal data about you:

• application information such as your tenancy application form and references, and details of any pre-tenancy assessments;

• your contact details and date of birth;

• the contact details for your emergency contacts;

• your gender;

• your marital status and family details;

• information about your existing and past employment (or services) including start and end dates of employment, role and location, working hours, salary (including details of previous remuneration), pension, benefits;

• your bank details and information in relation to your tax status including your national insurance number;

• your identification documents including passport and driving licence and information in relation to your immigration status and right to occupancy or work;

• any other category of personal data which we may notify you of from time to time.

HOW WE DEFINE PROCESSING

11. ‘Processing’ means any operation which is performed on personal data such as:

• collection, recording, organisation, structuring or storage;

• adaption or alteration;

• retrieval, consultation or use;

• disclosure by transmission, dissemination or otherwise making available;

• alignment or combination; and

• restriction, destruction or erasure.

This includes processing personal data which forms part of a filing system and any automated processing.

HOW WILL WE PROCESS YOUR PERSONAL DATA?

12. The Company will process your personal data (including special categories of personal data) in accordance with our obligations under the 2018 Act.

13. We will use your personal data for:

• performing the contract of tenancy (or services) between us;

• complying with any legal obligation;

·         We can process your personal data for these purposes without your knowledge or consent. We will not use your personal data for an unrelated purpose without telling you about it and the legal basis that we intend to rely on for processing it.

14. If you choose not to provide us with certain personal data you should be aware that we may not be able to carry out certain parts of the contract between us. For example, if you do not provide us with your historical financial situation details we may not be able to process your tenancy application. It might also stop us from complying with certain legal obligations and duties such as proof of occupancy and may affect;

• to decide whether to engage you;

• to check you have the legal right to live in the UK;

• to monitor and protect the security of the Company and its facilities, of you, our other tenants, contractors and others;

• to provide a reference upon request from another landlord;

• monitoring compliance by you, us and others with our policies and our contractual obligations;

• to comply with immigration law, health and safety law, tax law and other laws which affect us;

• to answer questions from insurers in respect of any insurance policies which relate to you;

• running our business and planning for the future;

• the prevention and detection of fraud or other criminal offences;

• to defend the Company in respect of any investigation or litigation and to comply with any court or tribunal orders for disclosure and

• for any other reason which we may notify you of from time to time.

SHARING YOUR PERSONAL DATA

15. Sometimes we might share your personal data with group companies or our contractors and agents to carry out our obligations under our contract with you or for our legitimate interests.

16. We require those companies to keep your personal data confidential and secure and to protect it in accordance with the law and our policies. They are only permitted to process your data for the lawful purpose for which it has been shared and in accordance with our instructions.

17. We do not send your personal data outside the European Economic Area. If this changes you will be notified of this and the protections which are in place to protect the security of your data will be explained.

HOW SHOULD YOU PROCESS PERSONAL DATA FOR THE COMPANY?

18. Everyone who is a tenant with us, or works on behalf of the Company as a contractor,  has some responsibility for ensuring data is collected, stored and handled appropriately, in line with this policy.

19. The Company’s Board Of Directors are responsible for reviewing this policy and updating the Company’s data protection responsibilities and any risks in relation to the processing of data.

20. Persons should only access personal data covered by this policy if you or they need it for the work on behalf of the Company and only if you are authorised to do so. We/You should only use the data for the specified lawful purpose for which it was obtained.

21. You should not share personal data informally that we have provided you for any of the reasons previously mentioned.

SUBJECT ACCESS REQUESTS

22. Data subjects can make a ‘subject access request’ (‘SAR’) to find out the information we hold about them. This request must be made in writing the Data Protection Manager who will coordinate a response.

23. If you would like to make an SAR in relation to your own personal data you should make this in writing to The Data Protection Department in writing to the company’s address. We must respond within one month.

24. There is no fee for making a SAR. However, if your request is manifestly unfounded or excessive we may charge a reasonable administrative fee or refuse to respond to your request.

DATA RETENTION

25. We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

26. In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. Typically, wherever there is no need to retain information on you, we will securely destroy that information at the earliest opportunity.

 

DATA SECURITY

27. We have put in place measures to protect the security of your information. Details of these measures are available upon request.

28. We will take steps to ensure third parties will only process your personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure.

29. We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.

YOUR DATA SUBJECT RIGHTS

30. You have the right to information about what personal data we hold, process, how and on what basis as set out in this policy.

31. You have the right to request that we erase your personal data where we were not entitled under the law to process it or it is no longer necessary to process it for the purpose it was collected. To do so you should request this in writing.

32. You have the right to complain to the Information Commissioner. You can do this be contacting the Information Commissioner’s Office directly.

 

 

 

Our business address is;
No.5 & No.47 Properties Ltd,  Glovers Meadow Business Centre, Maesbury Road, Oswestry, Shropshire SY10 8JN. Telephone: 01691 66 88 05

Email: info@no47properties.co.uk