Date approved: April 2022
Review date: April 2024
1 Purpose of the Policy
1.2. This policy outlines how we collect your personal information; what information we collect from and about you; why we collect this information and our legal justification for doing so; how we protect your information and the rights you have in respect to the information we hold on you.
1.3. As a Data Controller, Raven Housing Trust wants you to know that your privacy is important to us, and we are committed to handling your personal information securely, respectfully and in accordance with the Data Protection Law, including but not limited to the UK General Data Protection Regulation (UK-GDPR), the Data Protection Act 2018 (DPA) and the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR).
We have appointed a Data Protection Officer who can be contacted in relation to you exercising your rights under the Data Protection Law. Their contact details are: firstname.lastname@example.org.
2. Scope of the Policy
2.1. Raven’s staff, representatives and contractors will follow this policy when processing the personal information of our customers.
2.2. This policy covers all the companies in Raven’s group structure, including Raven Housing Trust Limited (parent), Raven Repairs Limited and Raven Development Homes Limited.
3. Detailed Policy Content
3.1. Information we collect
The personal information we collect includes your full name, contact details, date of birth, NI number, bank details, copies of identification documents, employment details, details about your home and housing needs, financial information, photos, CCTV footage, any guarantor details, references, and any complaints by or about you.
We also collect special category personal data such as health information, including accessibility needs, and other personal circumstances (if applicable), race/ethnicity, religious beliefs, and sexual orientation.
3.2. How we collect your information
We mainly collect information from you but may also collect your information from central & local government, local councils, your previous landlord(s), your doctor or other health professional, and our systems.
3.3. Why we collect your information
We have a legitimate interest in processing your personal information to deliver our services to you and to properly manage our business.
In some circumstances we might hold your information for other reasons – for instance because we are under a legal obligation to hold certain information about you, or because holding the data is necessary for the purposes of a contract, we have with you (such as your tenancy agreement or lease).
We may need you to agree (consent) to us collecting and processing your sensitive personal information for assessing services relevant to you or providing you with appropriate support.
We use the information we collect from or about you in various areas of work, including:
- Assessing and processing housing applications, service eligibility and completing tenancy sign-ups
- Management and maintenance of properties (tenancy or lease)
- Assisting with personal security and the prevention and detection of crime
- Preventing fraud and illegal sub-letting and to confirm eligibility for housing
- Verifying your identity when you call us to discuss your account or your home
- Managing the legal proceedings or legal process if you apply to buy your home or want to access another home ownership route
- When you engage with our additional guidance, advice, and support services (support services such as Moneywise and tenancy support)
- Monitoring our performance to improve the service we provide
- Keeping in touch, understanding your needs, and inviting your feedback
- For regulatory purposes – to meet the requirements of our regulator (Regulator of Social Housing) or the Housing Ombudsman Service
- To market, sell and manage homes for outright sale and shared ownership homes
3.4. Sharing your information
We might share your personal information with organisations that work with us or on behalf of us, such as maintenance contractors, debt management advisers, local authority teams, utility companies, another landlord/ housing association, government departments, credit checking agencies, and/or fraud prevention agencies.
We do not sell your personal information to any third parties, and we will remove you from marketing lists if you request it.
3.5. Sending your information overseas
Our business is conducted solely in the United Kingdom, so we do not send your personal information overseas.
We may sometimes make use of cloud-based systems to support the management of our business. Where this happens, we will ensure that appropriate safeguards are in place to protect your rights.
3.6. How long we keep your personal information
We have a data retention schedule that describes the type of data / information we hold and how long we will keep them. Wherever possible we securely destroy / delete personal data when we no longer need it or no longer have a legitimate interest in keeping it.
We have a Data Retention Schedule that sets out how long we keep your information which follows statutory obligations or legal timeframes. Further information on our Data Retention Schedule is available by contacting email@example.com.
There is an exemption list for information we cannot delete within the timescales due to the way it is stored. However, we follow legal requirements and aim to follow best practice in this area.
We have appropriate security measures in place to prevent personal information from being accidentally destroyed or lost, or misused, disclosed, or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know.
When we need to share personal data with our contractors, third party suppliers and business partners, we do so based on the assurance that they handle personal data in accordance with data protection legislation requirements.
When you contact Raven, we may ask you to confirm your identity by asking you to confirm personal details (for example your full name or date of birth). We will not discuss your personal information with other people contacting us on your behalf unless you have given express consent for us to do so.
If a personal data breach occurs that affects you then we’ll inform you without undue delay and no later than 72 hours of discovering the breach.
3.8. Your rights regarding your personal information
You can exercise the following rights over your personal information through our MyRaven customer portal:
- Request access to your personal data that we hold and receive a copy (if applicable)
- Correct, update, or inform us about inaccurate or out-of-date information we hold on you
- Request that we delete your data. However, this is dependent on whether we have a legal reason for have holding it
- Under certain circumstances request that we restrict processing of your personal data
- Object to our processing of your personal data. We can override this objection in certain circumstances
- Request that we transfer your personal data held in a machine-readable format to another organisation
- Withdraw your consent if this is the legal basis for processing your data
3.9. Your right to complain to a supervisory authority
If you are not satisfied with our response to any query about your personal information that you raise with us, or if you believe that we are processing your personal information in a way which is inconsistent with the law, you can complain to the Information Commissioner’s Office (“ICO”).
Please also contact the ICO if you require general advice on privacy and any data protection issues.
4.1. This policy applies to all Raven Housing Group’s customers and details how we process your data.
4.2. Raven employees who process customer information must adhere to this policy.
4.3. Third parties who process customer data on behalf of Raven, for example contractors, must adhere to this policy.
5.1. Personal data is any information that relates to an individual who can be identified from that information.
5.2. Special category personal data is sensitive personal data and includes but is not limited to: racial or ethnic origin; health data; sexual orientation or sex life; and religious or philosophical beliefs.
5.3. ‘Processing’ includes the collection, recording, storage, use, disclosure, or destruction of personal data.
An Equality Impact Assessment has been completed. This policy will not negatively impact any customers and will be available on the website and in hard copy for customers who do not have access to the website. A summary of the policy is also available to view on the website.