Our Privacy Policy was last updated on 29 April 2021

Broadacres Housing Association (we or us) are committed to protecting and respecting your privacy. This privacy policy will inform you as to how we look after your personal data, tell you about your privacy rights and how the law protects you.

This privacy notice is provided in a layered format so you can click through to the specific areas on the website as set out below.

1. Purpose of this privacy policy

This policy aims to give you information about how we collect and process your personal data. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

It is important that you read this privacy policy together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy policy supplements the other notices and is not intended to override them.

We may update this privacy policy at any time. We display a date at the top of this privacy policy so that you will know when there has been a change. You should check the Broadacres webpage on a regular basis for our most current privacy practices.

2. Who are we and our data protection manager?

We are Broadacres Housing Association Limited, a not for profit housing association based in Northallerton in North Yorkshire with our registered office at Broadacres House, Mount View, Standard Way, Northallerton, North Yorkshire, DL6 2YD. We own and manage more than 6,000 homes and we provide a range of services in relation to both property services and broader social welfare in the community.

We are a “data controller” in respect of the information we hold about you. This means that we are responsible for deciding how we use your personal information. We are registered as a data controller with the Information Commissioner’s Office (the ICO) with registration number: Z6826705.

The person responsible for data protection at Broadacres is our Data Protection Manager. If you have any concerns or questions about our use of your personal data, or any requests to exercise your legal rights, you can contact our Data Protection Manager as follows:

Data Protection Manager
Broadacres House,
Mount View,
Standard Way,
Northallerton,
North Yorkshire,
DL6 2YD.

Email: dataprotection@broadacres.org.uk

3. Prospective or existing customer or tenant

3.1 Personal information we may collect about you

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect the following types of personal data from you which we have grouped together as follows:

  • personal details: such as your name, date of birth, national insurance number, employer details, gender and marital status, your photograph and video footage; your unique tenancy number;
  • contact details: such as your address, email address, telephone number, contact details, and other contact details you provide to us during our communications or when you use any of our services;
  • information relating to your tenancy or for the provision of support services: such as your tenancy and address history, information about anti-social behaviour, your employer details, notes from home visits, meetings and telephone calls, details of property to be acquired, economic status, information about benefits, net income, information about your family members, length of residence in local authority properties;
  • grievance and complaints information: such as reports about anti-social behaviour and complaints made by or against neighbours;
  • information about your family and others: such as dependants, other people living with you, next of kin and emergency contact numbers;
  • financial and transaction information: such as bank details, BACS mandate, credit check information, payments made to us and any money owed to us;
  • recordings of telephone conversations made to our contact centre: for training and monitoring purposes;
  • CCTV footage: We operate CCTV at some of our premises, and these store and capture images.
  • information you provide to us when accessing our optional support services, including money advice service (such as your employment status, salary and financial situation) which may include your biographical details.
  • information you provide when purchasing one of our properties (i.e. outright sale, shared ownership and rent to buy), including mortgage offers, proof of funds and details of financial situation.
  • Information to verify your identity when logging onto the Broadacres self-service app or self-service portal, including name, address, tenancy number. Online repair reports submitted via the app or portal, which may include photos, are stamped with your personal details.
  • Profile data: such as your interests, preferences, survey and contact form responses. This may include the following:
      • any information you include on your application for a tenancy with us including your housing and financial circumstances including any benefits you may receive;
      • any information you provide to us via surveys which we have asked you to complete for research purposes, although you do not have to respond to them;
  • Technical data: your IP address, operating system and browser type for system administration purposes and to report aggregate information to our advertisers. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual. We may also collect traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise and the website resources that you access;
  • Usage data: such as information about how you use our website.

3.2 Special categories of personal data

Some of the information which we collect may be special categories of personal data (also called sensitive personal data). Special categories of personal data require a higher level of protection. The special categories of personal data about you which we may collect include:

  • information about your race or ethnicity and sexual orientation;
  • information about your health, including any medical condition or disability, pregnancy; and
  • information about criminal convictions and offences.

3.3 How is your personal information collected?

The above information which we collect about you will be obtained through a variety of sources which include:

  • from you directly as part of an application process, on enquiry forms, communications with you, information provided when entering into an agreement, registering and using our self-service portal or Broadacres self-service app, reporting repairs or for any other related reason;
  • from third parties (such as your relatives, officers in the local authority/social services department, as well as where we carry out identity verification credit or anti-fraud checks against your name using third party databases of Credit Reference Agencies (CRAs) and Fraud Prevention Agencies (FPAs), and from our various partners;
  • from North Yorkshire Home Choice and Compass (Choice Based Lettings Schemes), Harrogate District Council or East Riding of Yorkshire Council when you submit an application to become a tenant, your personal information will be passed to us for review;
  • Automated technologies or interactions. As you interact with our website, self-service portal or Broadacres self-service app, we may automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. Please see our Cookies Policy for further details.

When CRAs receive a search from us they place a search “footprint” on your credit file whether or not the application proceeds. Records remain on file with CRAs and FPAs for 6 years after they are closed, whether settled by you or defaulted.  More information about CRAs and how they use personal information is available at http://www.experian.co.uk/crain/index.html or you can contact the agencies below:

·        Callcredit Consumer Services Team, PO Box 491, Leeds, LS3 1WZ Tel: 0330 024 7579 or visit www.callcredit.co.uk

·        Equifax PLC Credit File Advice Centre, PO Box 3001, Bradford, BD1 5US Tel: 0870 010 0583 or visit www.equifax.co.uk

·        Experian Consumer Help Service, PO Box 8000, Nottingham, NG80 7WF Tel: 0870 241 6212 or visit www.experian.co.uk

For more information about FPAs and how they use personal information, you can contact Veritau of County Hall Northallerton DL7 8AL Tel: 01609 535034 or visit www.veritau.co.uk

3.4 How and why we use your information

We use your personal data in the following ways and for the following purposes:

Why we use your informationOur lawful basis for using your information under GDPR and the DPA 2018
To manage our relationship with you which will include:
• notifying you about changes to our terms or privacy policy or our services
• responding to you when you use our ‘contact us’ feature or use our self-service portal or Broadacres app
• sending surveys to you, so that you may provide us with information to enable us to improve our services (including for UKSCI benchmarking, new tenant surveys, and satisfaction surveys), using customer “journey mapping” to obtain feedback and sharing successes in customer service.
• communicating with you about your tenancy, including notifying you about your obligations under your tenancy agreement and providing related information, including information about utility services and other charges you will be liable for
• issuing information in Viewpoint magazine (including about COVID-19)
6(1)(b) Contract: It is necessary in order for us to perform our contract with you or to take steps before entering into a contract.
6(1)(c) Legal obligations: It is necessary to meet our legal obligations.
6(1)(f) Legitimate interests: It is necessary for our legitimate interests where they are not overridden by your rights (for the running of our business and the improving of our services).
To administer and protect our business, this website, our self-service portal and the Broadacres self-service app (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)6(1)(f) Legitimate interests: It is necessary for our legitimate interests where they are not overridden by your rights (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business re-organisation or group restructuring exercise).
6(1)(c) Legal obligations: It is necessary to meet our legal obligations.
To use data analytics to improve our website and self-service applications to ensure that content is presented in the most effective manner for you and for your device.6(1)(f) Legitimate interests: It is necessary for our legitimate interests where they are not overridden by your rights (to define types of customers for our products and services, to keep our website and self-service applications updated and relevant).
To perform our obligations under our tenancy agreement with you and to manage your tenancy, including to repair or maintain the property, to manage payment of rent and service charges, to arrange appointments for pre-inspection and maintenance, to create and collect direct debit payment for rent, to manage arrears (including entering into debt agreements and trace of customers), to inform of annual rent and service charges, to investigate and manage claims of anti-social behaviour and hoarding, to communicate about leasehold management, to alert staff and contractors to visit in pairs, to recharge for private repairs, to execute internal property surveys.6(1)(b) Contract: It is necessary in order for us to perform our contract with you or to take steps before entering into a contract.
6(1)(c) Legal obligations: It is necessary to meet our legal obligations.
To enable us to provide you with use of our services including our care and support services. This may include applying for a place in one of our care and schemes, provision and tailoring of catering services (to account for allergies, dysphagia and other dietary requirements or to invoice for extra menu choices), to carry out home security checks, to provide the affordable warmth programme, to assess suitability for sheltered housing, to vet applications for various support programmes and assess suitability for these services by gaining a full understanding of the individual’s needs.6(1)(b) Contract: It is necessary in order for us to perform our contract with you or to take steps to enter into a contract.

6(1)(a) Consent: Where there is not a contract in place between us, or the processing goes beyond our obligations under the contract, and you have given your consent.

6(1)(d)_Vital interests: It is necessary to protect your vital interests or those of another person (in relation to the provision of catering services)

9b) and DPA 2018 Schedule 1 Section 10 part 1 (1) Social protection: Where you choose to share information relating to your health, racial or ethnic origin, religious beliefs or information about your sex life and/or
orientation in using one of our support
services, we will process your information in
line with our obligations to you as a housing,
health and social care provider*.
To keep you updated about Broadacres’ work in the community and to provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes. To record key moments of corporate history, use for press releases, corporate communications and branding and to manage press relations for Broadacres.6(1)(a) Consent: where you have given your consent for us to contact you with updates our work and information, products or services that we feel may interest you.
6(1)(f) Legitimate interests: It is necessary for our legitimate interests where they are not overridden by your rights (for the running of our business and the improving of our services).
To adequately deal with your requests, appropriately manage any services we provide to you and handle any complaints you make, including to provide assistance with making welfare benefit claims, provision of money advice, and to enable you to apply for DRO or bankruptcy.6(1)(b) Contract: It is necessary in order for us to perform our contract with you or to take steps to enter into a contract.
6(1)(f) Legitimate interest: It is necessary for our legitimate interests where they are not overridden by your rights (to help us continually improve our services).
6(1)(c) Legal obligations: It is necessary to meet legal / regulatory obligations.
6(1)(a) Consent: where you have given your consent for us to provide money advice.
9(2)(a) Explicit consent where you have given your explicit consent for us to process special category data relevant to our money advice service.*
To comply with our legal obligations such as in the prevention, detection and investigation of fraud and corruption; to provide appropriate disability adjustments to a property, to deal with insurance claims, to enable payment of Universal Credit and Housing Benefits, to take tenancy enforcement action, to assist tenants exercising a preserved right to buy housing, to ensure health and safety of colleagues and customers (including in relation to Covid-19), and to share information with the Insolvency Service.6(1)(c) Legal obligations: It is necessary to meet legal / regulatory obligations.
To assess your suitability and eligibility for the tenancy/lease (or other agreement including for supported housing) you have applied for/requested (including conducting credit checks), to provide information about the NY Homechoice application, to verify suitability and eligibility for property succession; and to assist with the preserved right to buy or the right to acquire;6(1)(b) Contract: It is necessary in order for us to perform our contract with you or to take steps to enter into a contract.
6(1)(c) Legal obligations: It is necessary to meet our legal obligations.
To arrange appointments with relatives and appointed persons of tenants for pre-inspection and maintenance activities relating to the tenancy.6(1)(b) Contract: It is necessary in order for us to perform our contract with you.
To record calls for training and monitoring purposes (such as through the recordings of telephone calls with our call centre handlers).6(1)(f) Legitimate interests: It is necessary for our legitimate interests (for the running of our business and the improving of our services).
To enable us to process your property enquiry or progress your purchase of one of our properties (i.e. outright sale, shared ownership and rent to buy), or purchase an additional percentage of a shared ownership property.6(1)(b) Contract: It is necessary in order for us to perform our contract with you or to take steps to enter into a contract.
Use of CCTV footage to prevent and detect crime, assist in the management of buildings and ensure customer safety.6(1)(f) Legitimate interests: It is necessary for our legitimate interests where they are not overridden by your rights (to help keep our assets and customers safe).
* This is an additional lawful basis which under Article 9 of GDPR (and the Data Protection Act 2018 in specific circumstances) we need to rely on in order to use special categories of personal data.

3.5 Sharing your information with third parties

We will share your personal information with third parties where required by law, where it is necessary to administer our relationship with you or where we have another legitimate interest in doing so.

Some “third parties” are service providers (including contractors and designated agents) carrying out activities on our behalf.  Other third parties will be data controllers in their own right. This means that they are not required to act on our instructions and they are solely responsible for ensuring that they comply with the law when using your personal data.  We are not responsible for their use of your data if we are acting lawfully whenever we share your data with them.

We may disclose your personal information with the parties set out below:

  • housing management companies;
  • repairs and maintenance contractors and suppliers on Broadacres’ approved list;
  • our professional advisors (including our lawyers, PR firm, valuation advisors, district valuers, insurers, occupational health advisors, medical professionals, internal and external auditors and solicitors who are assisting with the sale and purchase of properties);
  • IT service providers and other suppliers (such as SNAP, All-Pay, BACS, etc.);
  • registering your tenancy with the Ministry of Housing Communities and Local Government (CORE submission)
  • NYCC Adult Social Care, GPs and other health professionals;
  • confidential waste companies;
  • police, health trusts, social services and local authorities (including the other North Yorkshire Homechoice partners);
  • The Department for Work and Pensions and other government departments;
  • insolvency service;
  • mutual exchange landlord;
  • utility companies (ensuring accurate bill payer information).

3.6 Marketing

We strive to provide you with choices regarding certain personal data uses, particularly around marketing.

If you are an existing customer, we may contact you by electronic means (email or SMS) with information about goods and services similar to those which were the subject of a previous dealing with you.

If you are not yet a customer, we may process your personal data to send you marketing by electronic means but we will only do this if you have consented to such marketing.

You may opt out of receiving such marketing by clicking the unsubscribe link at the bottom of any such emails, by clicking ‘opt-out’ on our webpage or by contacting us on 01609 767900

We may provide new customers with information about energy switching services.

We will not sell our marketing data to third parties without your consent.

4. Existing or prospective colleagues (including board and committee members, contractors and volunteers)

4.1 Personal information we may collect about you

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect the following types of personal data from you as a colleague (whether prospective or current) which we have grouped together as follows:

  • personal details: such as your name, date of birth, gender, nationality, marital status, national insurance number, photograph, video footage, user ID or similar identifier, shareholder number, uniform size;
  • contact details: such as your address, email address, telephone number, and other contact details you provide to us;
  • confirmation of your identity: such as a copy of your passport, birth certificate, driving licence;
  • financial details: such as your bank account, payroll records, tax status information, salary history, pension and benefits; student loans, information to enable trade union payments;
  • recruitment information: such as copies of right to work documents, references, and other information you provide in your CV and/or job application form or cover letter as part of the application process including employment history, education information, and qualifications for the role;
  • information about your family and others: such as dependants, next of kin and emergency contact details;
  • information about your employment with us: such as the start date, location of employment/workplace, adjustments to working conditions, history of vehicle allocation (including speeding tickets and parking fines);
  • information about your previous employment: such as job titles, work history, working hours, training records, professional memberships, salary / compensation history);
  • your performance with us: such as appraisal information, colleague and customer feedback, completion of training modules;
  • disciplinary and grievance information; including potential to record conversations of meetings held.
  • security information: such as ID badge and access card information, location data from vehicles to monitor use and safety and CCTV images.
  • recordings of telephone conversations made to/received by our lone worker monitoring system;
  • information to assess shareholder eligibility and process application;
  • details about potential or actual conflicts of interests:
  1. Board and committee members – including shareholdings and other appointments.
  2. Colleagues – including linkages to suppliers and relatives housed/employed.
  • information about your use of our information and communications systems: such as your IP address, operating system and browser type for system administration purposes and to report aggregate information to our advertisers. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual. We may also collect traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise and the website resources that you access.
  • Usage data: such as information about how you use our website.

4.2 Special categories of personal data

Some of the information which we collect about you may be “special categories of personal data”. Special categories of data require a greater level of protection. The special categories of personal data about you which we may collect include:

  • information about your race or ethnicity, religious beliefs, sexual orientation and political opinions such as the information you provide us for diversity monitoring;
  • trade union membership;
  • information about your health, including any medical condition or disability, health and sickness records; and
  • information about criminal convictions and offences, including DBS checks.

4.3 How is your personal information collected?

The above information which we collect about you will be obtained through a variety of sources which include:

  • from you directly as part of the recruitment process;
  • from third parties as part of the recruitment process (such as employment agencies, background check providers, former employers, credit reference agencies) and from our various partners;
  • information obtained about you in the course of job-related activities throughout the period of your employment with us;
  • Automated technologies or interactions. As you interact with our website or self-service applications, we may automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. Please see our Cookies Policy for further details.

4.4 How and why we use your information

We use your personal data in the following ways and for the following purposes:

Why we use your informationOur lawful basis for using your information under GDPR and the DPA 2018
Workplace adjustments / health and safety: We will use information about your physical or mental health, or disability status, to ensure your health and safety in the workplace and to assess your fitness to work, to provide appropriate workplace adjustments, to monitor and manage sickness absence and to administer benefits and sick pay, to provide personal protective equipment, and to facilitate work or volunteer placements.
We may also track your location to ensure you are safe when working alone via our lone worker system.
6(1)(b) Contract: It is necessary in order for us to perform our contract with you.
6(1)(c) Legal obligations: It is necessary to meet legal / regulatory obligations.
9(2)(b) and DPA 2018 Schedule 1 Section 10 part 1 (1) Employment: It is necessary for us to carry out our rights and obligations as your employer.*
Monitoring performance (such as conducting performance reviews; managing performance and determining performance requirements; considering education, training and development requirements (including completion of training modules); assessing qualifications for a particular job or task, including decisions about promotions); conducting regulatory compliance checks;6(1)(b) Contract: It is necessary in order for us to perform our contract with you.
6(1)(c) Legal obligations: It is necessary to meet legal / regulatory obligations.
6(1)(f) Legitimate interest: It is necessary for our legitimate interests (where they are not overridden by your rights).
9(2)(b) and DPA 2018 Schedule 1 Section 10 part 1 (1) Employment: It is necessary for us to carry out our rights and obligations as your employer.*
Payment and salary related activities (such as making payments to you, deducting tax and National Insurance contributions, liaising with your pension provider; making decisions about salary reviews and compensation);6(1)(b) Contract: It is necessary in order for us to perform our contract with you.
9(2)(b) and DPA 2018 Schedule 1 Section 10 part 1 (1) Employment: It is necessary for us to carry out our rights and obligations as your employer.*
6(1)(c) Legal obligations: It is necessary to meet legal / regulatory obligations.
To process your job/role application including conducting reference checks, DBS application and accompanying evidence, assessing conflicts of interest and entering into the employment contract;6(1)(b) Contract: It is necessary in order for us to perform our contract with you.
9(2)(b) and DPA 2018 Schedule 1 Section 10 part 1 (1) Employment: It is necessary for us to carry out our rights and obligations as your employer.*
6(1)(c) Legal obligations: It is necessary to meet legal / regulatory obligations.
Providing the employee benefits to you including providing you with a company vehicle, pension and other benefits.6(1)(b) Contract: It is necessary in order for us to perform our contract with you.
9(2)(b) and DPA 2018 Schedule 1 Section 10 part 1 (1) Employment: It is necessary for us to carry out our rights and obligations as your employer.*
6(1)(a) Consent: We will seek your explicit consent in order to share your personal data (including information about your health) with third party providers of benefits.*
Day to day employment activities such as administering the contract we have entered into with you, regulatory referrals, business management and planning, including accounting and auditing, vehicle allocation and defect management, to provide a uniform and ID badge and assessing conflicts of interest.6(1)(b) Contract: It is necessary in order for us to perform our contract with you.
6(1)(f) Legitimate interest: It is necessary for our legitimate interests (where they are not overridden by your rights).
9(2)(b) and DPA 2018 Schedule 1 Section 10 part 1 (1) Employment: It is necessary for us to carry out our rights and obligations as your employer.*
Grievance, disciplinary or legal disputes (such as gathering evidence for possible grievance or disciplinary hearings; dealing with legal disputes involving you, or other employees, workers and contractors, including accidents at work);6(1)(b) Contract: It is necessary in order for us to perform our contract with you.
6(1)(f) Legitimate interest: It is necessary for our legitimate interests (where they are not overridden by your rights).
6(1)(c) Legal obligations: It is necessary to meet legal / regulatory obligations.
9(2)(f) Legal claims: It is necessary for the establishment, exercise or defence of legal claims*
Determining your continued employment / engagement such as making decisions about your continued employment or engagement, making arrangements for the termination of our working relationship and receiving feedback, and providing job vacancy alerts.6(1)(b) Contract: It is necessary in order for us to perform our contract with you.
6(1)(c) Legal obligations: It is necessary to meet legal / regulatory obligations.
6(1)(a) Consent: We will only collect and use this information if you have provided your consent for us to do so (for job vacancy alerts).
9(2)(b) and DPA 2018 Schedule 1 Section 10 part 1 (1) Employment: It is necessary for us to carry out our rights and obligations as your employer.*
Determining eligibility and management of board members and shareholders such as keeping a register of members and directors as required under the Companies Act 2006, recording conflicts of interests (including public register), maintaining board minutes and ensuring accuracy by using audio recordings of meetings, sharing contact details, processing applications for shareholders, inviting shareholders to AGMs, appointing and recruiting board members, monitoring board diversity, adhering to probity policy and publishing board member profiles on the website.6(1)(b) Contract: It is necessary in order for us to perform our contract with you.
6(1)(f) Legitimate interest: It is necessary for our legitimate interests (where they are not overridden by your rights).
6(1)(c) Legal obligations: It is necessary to meet legal / regulatory obligations.
Monitoring your health such as ascertaining your fitness to work, managing sickness absence, complying with health and safety obligations including providing the local government with details of care staff who qualify for the COVID-19 vaccine.6(1)(b) Contract: It is necessary in order for us to perform our contract with you.
6(1)(c) Legal obligations: It is necessary to meet legal / regulatory obligations.
9(2)(b) and DPA 2018 Schedule 1 Section 10 part 1 (1) Employment: It is necessary for us to carry out our rights and obligations as your employer.*
DPA Schedule 1 Section 10 part 2 Health: It is necessary to assess the working capacity of our employees*.
6(1)(a) Consent: In certain situations, we may require your consent in order to obtain and disclose information about your health.*
Monitoring your use of our information and communication systems to ensure compliance with our IT policies; to ensure network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution.6(1)(b) Contract: It is necessary in order for us to perform our contract with you.
6(1)(f) Legitimate interest: It is necessary for our legitimate interests (where they are not overridden by your rights).
To comply with our legal obligations such as to prevent fraud and equal opportunities monitoring, including conducting DBS checks and checks on the right to work in the UK.6(1)(b) Contract: It is necessary in order for us to perform our contract with you.
6(1)(f) Legitimate interest: It is necessary for our legitimate interests (where they are not overridden by your rights).
Staff surveys to receive your views on the ways in which we could improve our services and improve your employment environment.6(1)(f) Legitimate interest: It is necessary for our legitimate interests (where they are not overridden by your rights).
Monitoring diversity: We will use information about your race or national or ethnic origin, religious, philosophical or moral beliefs, or your sex life or sexual orientation, to ensure meaningful equal opportunity monitoring and reporting.6(1)(c) Legal obligations: It is necessary to meet legal / regulatory obligations.
9(2)(b) and DPA 2018 Schedule 1 Section 10 part 1 (1) Employment: It is necessary for us to carry out our rights and obligations as your employer.*
Trade unions: We will use trade union membership information to pay trade union premiums, register the status of a protected employee and to comply with employment law obligations.6(1)(c) Legal obligations: It is necessary to meet legal / regulatory obligations.
9(2)(b) and DPA 2018 Schedule 1 Section 10 part 1 (1) Employment: It is necessary for us to carry out our rights and obligations as your employer.*
To manage public relations: We will use information about key moments in corporate history for press release, corporate communications, branding and will publish photos and videos in the “Weekly Big Listen” and for other internal company communications.6(1)(a) Consent: We will only collect and use this information if you have provided your consent for us to do so.
6(1)(f) Legitimate interest: It is necessary for our legitimate interests where they are not overridden by your rights(to maintain records of corporate history).
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data).6(1)(f) Legitimate interests: It is necessary for our legitimate interests where they are not overridden by your rights (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business re-organisation or group restructuring exercise)
6(1)(c) Legal obligations: It is necessary to meet our legal obligations.
To use data analytics to improve our website to ensure that content from our website is presented in the most effective manner for you and for your device;6(1)(f) Legitimate interests: It is necessary for our legitimate interests where they are not overridden by your rights (to define types of customers for our products and services, to keep our website updated and relevant).
Use of CCTV footage to prevent and detect crime, assist in the management of buildings and ensure colleague safety.6(1)(f) Legitimate interests: It is necessary for our legitimate interests where they are not overridden by your rights (to help keep our assets and colleagues safe).
* This is an additional lawful basis under Article 9 of GDPR (and the Data Protection Act 2018 in specific circumstances) which we need to rely on in order to use special categories of personal data.

4.5 Sharing your information with third parties

We will share your personal information with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so.

Some ”third parties” are service providers (including contractors and designated agents) carrying out activities on our behalf.  Other third parties will be data controllers in their own right. This means that they are not required to act on our instructions and they are solely responsible for ensuring that they comply with the law when using your personal data.  We are not responsible for their use of your data if we are acting lawfully whenever we share your data with them.

We may disclose your personal information with the parties set out below:

  • HMRC, for example information about your pay;
  • pension providers (including auto-enrolment partner NEST and other pension providers);
  • student loan companies to make required deductions from your pay;
  • benefits provision and administration (for example eye test vouchers, childcare vouchers);
  • occupational health provider;
  • IT service providers (including Venson Automotive, I-trent, AllPay, BigHand, etc.);
  • other organisations involved with a sale or transfer of services in which you are involved;
  • regulators and other professional registration organisations;
  • public sector agencies to prevent and detect fraud;
  • our insurers;
  • commissioners and safeguarding authorities;
  • Ministry of Justice and law enforcement agencies;
  • our professional advisors (such as our lawyers, PR firm, internal and external auditors);
  • third party training companies to facilitate your attendance;
  • to provide employer references;
  • Disclosure and Barring Service; and
  • our Workplace by Facebook page.

5. Third party contacts (including suppliers and other business contacts)

5.1 Personal information we may collect about you

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect the following types of personal data from you which we have grouped together as follows:

  • personal and contact details: such as your name, work address, work telephone number and work email address;
  • organisation-related information: such as your place of work and your job title;
  • billing information: necessary to process payments for invoices;
  • information about our contractual relationship with you: such as orders placed, payments made, correspondence with you and project milestones, details of property to be acquired;
  • Information collected from publicly available resources: such as Companies House, integrity databases and credit agencies;
  • Technical data: your IP address, operating system and browser type for system administration purposes and to report aggregate information to our advertisers. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual. We may also collect traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise and the website resources that you access;
  • Usage data: such as information about how you use our website;
  • Automated technologies or interactions. As you interact with our website, we may automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. Please see our Cookies Policy for further details.

5.2 How your personal information is collected

The above information which we collect about you will be obtained through a variety of sources which include:

  • from you directly as part of our business relationship;
  • from other members of your organisation and our various partners;
  • from CCTV footage at office buildings;
  • from publicly available resources.

5.3 How and why we use your information

We use your personal data in the following ways and for the following purposes:

Why we use your informationOur lawful basis for using your information under GDPR and the DPA 2018
Communicating with you: to communicate with you about products, services and projects, placing orders for works to be carried out, responding to any inquiries or requests, and for general contract management purposes.6(1)(b) Contract: It is necessary in order for us to perform our contract with you.
6(1)(f) Legitimate interests: It is necessary for our legitimate interests where they are not overridden by your rights.
Planning and administering our relationship with you: such as entering into and performing a contract, sourcing services and professional advice on governance matters, managing the supply service, performing transactions and orders of products or services, billing and processing payments, auditing and arranging shipments and deliveries.6(1)(b) Contract: It is necessary in order for us to perform our contract with you.
Negotiating and selling land to individuals from corporate landowners, processing applications to purchase a dwelling, selling Broadacres affordable housing property or facilitating the increase/disposal of an interest in affordable housing; including corresponding with estate agents and solicitors.6(1)(f) Legitimate interests: It is necessary for our legitimate interests where they are not overridden by your rights.
6(1)(c) Legal obligations: It is necessary to meet legal / regulatory obligations.
Compliance with legal obligations: such as record keeping obligations, money laundering checks, providing advice and audit services, providing financial information to funders and Regulator of Social Housing.6(1)(c) Legal obligations: It is necessary to meet legal / regulatory obligations.
Resolving disputes: such as enforcing contractual arrangements, entering into dispute resolution processes and establishing, exercising or defending legal claims.6(1)(b) Contract: It is necessary in order for us to perform our contract with you.
6(1)(f) Legitimate interests: It is necessary for our legitimate interests where they are not overridden by your rights.
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data).6(1)(f) Legitimate interests: It is necessary for our legitimate interests where they are not overridden by your rights. (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business re-organisation or group restructuring exercise)
6(1)(c) Legal obligations: It is necessary to meet our legal obligations.
To use data analytics to improve our website to ensure that content from our website is presented in the most effective manner for you and for your device;6(1)(f) Legitimate interests: It is necessary for our legitimate interests where they are not overridden by your rights. (to define types of customers for our products and services, to keep our website updated and relevant).
Use of CCTV footage to prevent and detect crime, assist in the management of buildings and keep everyone safe.6(1)(f) Legitimate interests: It is necessary for our legitimate interests where they are not overridden by your rights (to help keep our assets, colleagues and visitors safe).
* This is an additional lawful basis under Article 9 of GDPR (and the Data Protection Act 2018 in specific circumstances) which we need to rely on in order to use special categories of personal data.

5.4 Sharing your information with third parties

We may share your personal information with third parties where we have a lawful basis for doing so.

Some “third parties” are service providers (including contractors and designated agents) carrying out activities on our behalf.  Other third parties will be data controllers in their own right. This means that they are not required to act on our instructions and they are solely responsible for ensuring that they comply with the law when using your personal data.  We are not responsible for their use of your data if we are acting lawfully whenever we share your data with them.

The types of third parties with whom we share your personal data are as follows:

  • other entities in our group;
  • IT service providers;
  • our professional advisors (such as our lawyers, internal audit or external audit).

6. Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how processing for the new purpose is compatible with the original purpose, please contact our Data Protection Manager by writing to Broadacres House, Mount View, Standard Way, Northallerton, North Yorkshire, DL6 2YD.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allow us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

7. Where we store your information and transfers

We store your personal data on our servers which are located within the United Kingdom (UK), however we may need to transfer data outside the UK as a result of some of the service providers we use. Before we transfer your personal data outside of the UK, we will ensure that there is adequate protection in place to ensure the security of your data. Please ask us if you would like to see a copy of these agreements with third parties in respect of data transfers.

8. Data retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purpose of satisfying any legal, accounting or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

9. Your legal rights

Under certain circumstances, by law you have the right to:

  • Right to access to your personal information (commonly known as a “subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal information we hold about you. If you discover that the information we hold about you is incorrect or out of date, you may ask us to correct that information.
  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object (see below).
  • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes. Where we process your data on the basis that you have consented to such processing, you have the right to withdraw your consent at any time by unsubscribing from emails we send to you or contacting us. You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes
  • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example, if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your personal information to another party.

If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact us by writing to us at: Data Protection Manager, Broadacres Housing Association, Broadacres House, Mount View, Standard Way, Northallerton, North Yorkshire, DL6 2YD or email us at dataprotection@broadacres.org.uk. We may request proof of your identity before sharing such information with you.

10. Contact and complaints

If you have any questions, would like to exercise any of your rights or make a complaint, please contact us by writing to us at: Data Protection Manager, Broadacres Housing Association, Broadacres House, Mount View, Standard Way, Northallerton, North Yorkshire, DL6 2YD; email us at dataprotection@broadacres.org.uk or call us on 01609 767900

If we are unable to resolve your complaint you may contact the Information Commissioner’s Office at the Exchange Tower, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF; telephone number: 0303 123 1113

11. Other websites

This privacy policy only relates to Broadacres and our website. Our website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.