One Housing Group Limited (OHGL) is the data controller of personal information for the purposes of the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. Our head office is located at Atelier House, 64 Pratt Street, London NW1 0DL. This is also our registered office.
Under the GDPR, One Housing Group Limited has a legal duty to protect any information we collect from you, or have about you from other sources. The GDPR has a set of rules and guidelines we must follow when handling your personal information. These are referred to as Data Protection Principles.
All personal data we store is held securely and we have security measures in place to protect it.
OHGL is registered with the Information Commissioners Office as a Data Controller. Our registration number is Z687766X.
If you would like to find out more about how we use your personal information, you can contact the Group Data Protection Officer at firstname.lastname@example.org.
This privacy notice tells you what to expect when we collect and store your personal information. It also tells you the purposes for which we process your personal information and the legal basis for the processing (‘processing’ includes us keeping your personal information).
It applies to information we collect about:
During your tenancy, we will collect and process information about you and members of your household. We do this, so we can:
Unless we advise you otherwise, we will only collect and process personal information to carry out these functions. Personal information is stored on our computer systems and/or tenancy file. This information is held securely and we have security measures in place to protect it.
We will collect relevant information from you in accordance with our contracts or information sharing agreements. This may include names and qualification information relating to your staff. The purpose is to enable you to provide services to our residents on behalf of OHGL.
Information is held centrally by our Procurement Team and by the relevant department, in line with our data retention periods. Personal data is held securely and we have security measures in place to protect it.
We collect personal and sensitive personal information relating to our workforce, which includes staff, contractors, temporary workers and volunteers.
We do this, so we can:
We will only use your personal information when the law allows us to. Most commonly, we will use your personal information when:
We may also use your personal information in the following situations, which are likely to be rare:
Information is held centrally by our HR team on our computer system. All staff and their line managers can access certain personal information through our internal systems. Information is held securely and we have security measures in place to protect it.
We will share your data with third parties, including third-party service providers, for example payroll and pension administration. We require third parties to respect the security of your data, and to treat it in accordance with the data protection legislation.
Unless we advise you otherwise, we will only collect and protect personal information to carry out these functions.
When a referral is made on your behalf to OHGL for care or support, we will collect and process personal information about you.
We do this, so we can:
Information is held centrally by our Care and Support teams on our computer system, hard copy storage and relevant contact information is held by individual teams in line with our retention periods. Personal data is held securely and we have security measures in place to protect it.
We may collect and process personal information about you in the following circumstances:
Personal information is stored on our computer systems. It is held securely and we have security measures in place to protect it.
We have four main legal bases for processing personal data:
Other reasons we can rely upon to process your personal information under GDPR are as follows:
Some personal information is treated as special category data, specifically health, sexuality, racial or ethnic background, political opinions, religion, beliefs, trade union membership or genetic and biometric data. The legal basis for processing these special categories of personal data is more limited. To lawfully process special categories of personal data, we must identify a lawful basis for the processing and meet a separate condition for the processing.
The basis we can use are:
To process personal data about criminal convictions or offences we must have both a lawful basis for the processing and either legal authority or official authority for the processing.
We process your personal information in accordance with the principles of GDPR.
We will treat your personal information fairly and lawfully and we will ensure that information is:
Access to personal information is restricted to authorised individuals on a strictly need to know basis.
We are committed to keeping your personal details up to date, and we encourage you to inform us about any changes needed to ensure your details are accurate.
To help us ensure confidentiality of your personal information we will ask you security questions to confirm your identity when you call us. We will not discuss your personal information with anyone other than you, unless you have given us prior authorisation to do so.
Normally, only OHGL staff will be able to see and process your personal information. However, there will be occasions when we will need to share personal information with third parties for the purposes as outlined or where we are legally required to do so.
When sharing personal information, we will comply with all aspects of the GDPR. Special categories of personal data about health, sexual life, race, religion and criminal activity for example is subject to particularly stringent security and confidentiality measures.
We also share information:
As part of the government’s reform of welfare benefits, new regulations have been introduced on information sharing. This means we can now share limited information about our residents and their properties with local authorities, for example, name, address and National Insurance Number.
The new regulations will help us identify and support those who could be affected by welfare reform.
We will also disclose your personal details, if required to do so, by law or by any Government body.
OHGL contracts external companies to manage certain areas of our business to fulfil our obligations as a landlord.
We share limited personal information of our residents with external contractors, such as name, address and telephone number.
We will only share the minimum information necessary for the contractor to carry out their services on behalf of OHGL. We will also ensure that data sharing agreements are in place, where we are sharing personal data with data processors. If you have any concerns about a company operating on behalf of OHGL, or information that has been shared with an external company, please contact the Group Data Protection Officer at email@example.com.
OHGL will never sell personal information to a third party.
Our website is hosted within the UK. Our other systems are generally located on our premises, or elsewhere within Europe, but some services used for email campaigns, responding to enquiries regarding our care homes and completing online surveys are located outside of Europe.
Where data is transferred outside Europe, we will make sure that transfers are only made to countries in which the European Commission has made an ‘adequacy decision’, or where appropriate safeguards are in place.
We have a data retention schedule, which sets out how long we keep different types of information for. We follow legal requirements and best practice.
Please contact us if you would like a copy of the schedule.
We may use data disclosed for preventing and detecting fraud. This includes information provided on the OHGL website, on the My Account area, or in any other way provided to us online or otherwise.
The data collected may be used for data matching and further investigations. This involves comparing the data we hold on you with that held by third parties solely for the purpose of detecting and preventing fraud. We might also use your data to further investigate fraud that we think might have been committed.
This involves checking with various third parties, such as the Land Registry, banks, schools and utility companies.
Under the GDPR, you have the right to ask us what personal information we hold about you, and to request a copy of it. This is known as a ‘subject access request’ (SAR).
We have a Subject Access Request form which provides further information to help you submit your request. We will also request photo identification. To make a subject access request, please complete the online form. Alternatively, you can email us at firstname.lastname@example.org, or let us known by contacting customer services at 0300 123 9966.
We will respond to your request with all the information we are legally required to provide within 30 days.
Your right to certain information may be restricted. For example, information relating to a third person or information relating to a police investigation.
If you need to correct any mistakes contained in the information we hold about you, you can let us know by contacting customer services at 0300 123 9966.
You have the right to ask us to delete personal information we hold about you.
You can do this where:
We can refuse to erase your personal information where the personal information is processed for the following reasons:
You have the right to require us to stop processing your personal information. When processing is restricted, we are allowed to store the information, but not do anything with it. You can do this where:
If we have disclosed your personal information to third parties, we must inform them about the restriction on processing, unless it is impossible or involves disproportionate effort to do so. We must inform you when we decide to remove the restriction giving the reasons why.
You have the right to object to processing where we say it is in our legitimate business interests. We must stop using the information unless we can show that there is a compelling legitimate reason for the processing, which overrides your interests and rights or the processing is necessary for us or someone else to bring or defend legal claims.
If the basis on which we are using your personal information is your consent, we will seek your consent to contact you for non-essential services.
Examples of this include to gather feedback following community events or permission to use photographs taken (i.e. at events). You have the right to withdraw your consent to us processing your information at any time. We must stop using the information. We can refuse if we can rely on another reason to process the information such as our contractual obligations or legitimate interests.
We collect the following information from visitors to our website and My Account:
This privacy notice does not cover links within our website to other websites. We encourage you to read the privacy statements on other websites you visit.
We keep our privacy notice under regular review.
We will update it if we undertake any new or amended processing. This privacy notice was last updated on 13 March 2019.
OHGL has subsidiary organisations who are also registered as Data Controllers with the Information Commissioners Office, which are:
This privacy notice does not provide detail on all aspects of OHGL’s collection and use of personal information. We are happy to provide further information or explanation if needed.
If you want to find out more about this, you can email the Group Data Protection Officer at email@example.com, or write to Data Protection Officer, Atelier House, 64 Pratt Street, London NW1 0DL. Alternatively, there are other ways you can contact us.
OHGL aims to meet the highest standards when collecting and using personal information. You can raise a complain with us if you think that our collection or use of information was unfair, misleading, inaccurate or inappropriate.
If you are still not happy with our response, you have the right to appeal directly to the regulator – the Information Commissioners’ Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Telephone: 0303 123 1113.