This policy aims to give you information about how we collect and process your personal data, including any data you may provide through this website when you register or sign in to “My Account”, provide us with feedback via our surveys, apply for a work vacancy or a tenancy, and use our support services. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
It is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data.
2. Who are we and our data protection manager
We are Broadacres Housing Association Limited, a not for profit housing association based in Northallerton in North Yorkshire with our registered office at Broadacres House, Mount View, Standard Way, Northallerton, North Yorkshire, DL6 2YD. We own and manage more than 6,000 homes and we provide a range of services in relation to both property services and broader social welfare in the community.
We are a “data controller” in respect of the information we hold about you. This means that we are responsible for deciding how we use your personal information. We are registered as a data controller with the Information Commissioner’s Office (the ICO) with registration number: Z6826705.
The person responsible for data protection at Broadacres is our Data Protection Manager, Keith Wilkinson. If you have any concerns or questions about our use of your personal data, or any requests to exercise your legal rights, you can contact our Data Protection Manager by writing to Broadacres House, Mount View, Standard Way, Northallerton, North Yorkshire, DL6 2YD.
3. Personal information we may collect about you
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect the following types of personal data from you which we have grouped together as follows:
- Identity data: such as your name, user ID or similar identifier;
- Contact data: such as your address, email address, telephone number, and other contact details you provide to us during our communications or when you use any of our services;
- Financial data: bank account, payment card details and credit check information;
- Profile data: such as your interests, preferences, survey and contact form responses.
This may include the following:
- your employment history, your education information and qualifications and any other details provided in your CV where you are applying for a role, work experience or to volunteer with us;
- details of your personal circumstances such as your date of birth, uniform requirements and biographical details where you are using one of our support services;
- any information you include on your application for a tenancy with us including your housing and financial circumstances including any benefits you may receive;
- details of transactions you have carried out through our website and of the fulfilment of your orders;
- any information you provide to us via surveys which we have asked you to complete for research purposes, although you do not have to respond to them.
Technical data: your IP address, operating system and browser type for system administration purposes and to report and aggregate information to our advertisers. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual. We may also collect traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise and the website resources that you access;
- Usage data: such as information about how you use our website.
Special categories of personal data
Some of the information which we collect about you may be “special categories of personal data”. Special categories of data require a greater level of protection. The special categories of personal data about you which you might choose to share with us include your health data, racial or ethnic origin, religious beliefs or information about your sex life and/or orientation details.
4. How is your personal information collected?
Direct interactions. You may give us your personal data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide on our website when you:
- use our contact form;
- register or sign in to “My Account”;
- give us feedback such as via our surveys;
- apply for a job/non-executive role;
- apply for a tenancy;
- use our support services.
Third parties. We are part of the North Yorkshire Home Choice Scheme. North Yorkshire Home Choice advertises council and housing association properties for rent and shared ownership properties for sale. Where you submit an application to North Yorkshire Home Choice to become a tenant, your personal information will be passed to us for review. This personal information may include:
- your name, contact details and address information (including your address history for the last five years);
- your employment information;
- your date of birth;
- your national insurance number; and
- details about your financial information, including your annual income and any savings or shares that you have.
We may also collect personal data about you from searches of Credit Reference Agencies (CRAs) and Fraud Prevention Agencies (FPAs). This will include their records relating to you and other people with whom you are linked financially, from public records, e.g. the electoral roll and third parties e.g. credit brokers where you have provided information to them and consented for it be passed to us.
When CRAs receive a search from us they place a search “footprint” on your credit file whether or not the application proceeds. Records remain on file with CRAs and FPAs for 6 years after they are closed, whether settled by you or defaulted.
More information about CRAs and how they use personal information is available at http://www.experian.co.uk/crain/index.html or you can contact the agencies below:
- Callcredit Consumer Services Team, PO Box 491, Leeds, LS3 1WZ Tel: 0330 024 7579 or visit www.callcredit.co.uk
- Equifax PLC Credit File Advice Centre, PO Box 3001, Bradford, BD1 5US Tel: 0870 010 0583 or visit www.equifax.co.uk
- Experian Consumer Help Service, PO Box 8000, Nottingham, NG80 7WF Tel: 0870 241 6212 or visit www.experian.co.uk
- For more information about FPAs and how they use personal information, you can contact Veritau of County Hall Northallerton DL7 8AL Tel: 01609 535034 or visit www.veritau.co.uk/
Automated technologies or interactions. As you interact with our website, we may automatically collect technical data about your equipment, browsing actions and patterns.
We collect this personal data by using cookies, server logs and other similar technologies.
Please see our Cookies Policy for further details; DOWNLOAD HERE
5. How and why we use your information
We use your personal data in the following ways and for the following purposes:
We strive to provide you with choices regarding certain personal data uses, particularly around marketing.
If you are an existing customer, we may contact you by electronic means (email or SMS) with information about goods and services similar to those which were the subject of a previous dealing with you. You may opt out of receiving such marketing by clicking the unsubscribe link at the bottom of any such emails or by contacting us by any of the methods detailed in section 11 below.
If you are not yet a customer, we may process your personal data to send you marketing by electronic means but we will only do this if you have consented to such marketing. You may opt out of receiving such marketing by clicking the unsubscribe link at the bottom of any such emails or by contacting us by any of the methods detailed in section 11 below.
We will not sell our marketing data to third parties without your consent.
7. Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how processing for the new purpose is compatible with the original purpose, please contact our Data Protection Manager by writing to Broadacres House, Mount View, Standard Way, Northallerton, North Yorkshire, DL6 2YD.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allow us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
8. Sharing your information with third parties
We may disclose your personal information with the parties set out below:
- Service providers who provide IT and system administration services;
- Professional advisers including lawyers, auditors and insurers who provide consultancy, legal, insurance and accounting services;
- HM Revenue & Customs, regulators and other authorities who require reporting of processing activities in certain circumstances;
- Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other business or merge with them.
If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
- The police or other law enforcement agencies in relation to security related or law enforcement investigations or in the course of cooperating with authorities, protecting and defending our rights or property or complying with legal requirements.
- Third parties where it is necessary in order to meet our obligations to you under any contracts we have entered into;
- Third parties where we are under a duty to disclose or share your personal data in order to comply with any legal obligation; or to protect the rights, property, or safety of Broadacres, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
9. Where we store your information and transfers
We store your personal data on our servers which are located within the European Economic Area (EEA), however we may need to transfer data outside the EEA as a result of some of the service providers we use.
Before we transfer your personal data outside of the EEA, we will ensure that there is adequate protection in place to ensure the security of your data. Please ask us if you would like to see a copy of these agreements with third parties in respect of data transfers.
10. Data retention
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purpose of satisfying any legal, accounting or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
11. Your legal rights
Under certain circumstances, by law you have the right to:
- Right to access to your personal information (commonly known as a “subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information we hold about you. If you discover that the information we hold about you is incorrect or out of date, you may ask us to correct that information.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object (see below).
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.
Where we process your data on the basis that you have consented to such processing, you have the right to withdraw your consent at any time by unsubscribing from emails we send to you or contacting us. You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example, if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact us by writing to us at: Data Protection Manager, Broadacres Housing Association, Broadacres House, Mount View, Standard Way, Northallerton, North Yorkshire, DL6 2YD or email us at firstname.lastname@example.org. We may request proof of your identity before sharing such information with you.
12. Contact and complaints
If you have any questions, would like to exercise any of your rights or make a complaint, please contact us by writing to us at: Data Protection Manager, Broadacres Housing Association, Broadacres House, Mount View, Standard Way, Northallerton, North Yorkshire, DL6 2YD; email us at email@example.com or call us on 01609 767900.
If we are unable to resolve your complaint you may contact the Information Commissioner’s Office at the Exchange Tower, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF; telephone number: 0303 123 1113.
13. Other websites
If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.