Midland Heart Ltd makes records from our contact with you, including personal information that is subject to the General Data Protection Regulations (GDPR). We also collect information about you from third parties. We will always protect the privacy of any personal information we hold about you. We will comply with current data protection legislation. This Privacy Notice describes the categories of personal data we process and the reasons why we do this. We are committed to collecting and using data in accordance GDPR. If you wish to know more about our approach to Data Protection please read this Privacy Notice.
1. Introduction
1.1 We take your privacy seriously and you can find out more here about your privacy rights and how we collect, use, share and secure your personal data. This includes the personal data we already hold and the further personal data we might collect in the future, either from you or from a third party. We obtain your personal data in order to conduct our normal business operations as a registered social housing and care provider. How we use your personal identifiable information depends on the products and services we provide to you. 1.3 Our Data Protection Officer (DPO) provides help and guidance to make sure we correctly apply the law to the processing and protection of your personal data. If you have any questions about how we use your personal data our DPO can be reached by email at dataprotection@midlandheart.org.uk or by post to Midland Heart, Company Secretary Team, Data Protection, 20 Bath Row, Birmingham, B15 1LZ. 1.5 This Privacy Notice updates any previous information about how we use your personal data and if there are significant changes in the future we will amend this Privacy Notice 2. Who we are 2.1 Midland Heart Limited is a society registered under the Cooperative and Community Benefit Societies Act 2014, number 30069R. Our registered office is at 20 Bath Row, Birmingham, B15 1LZ, United Kingdom. 2.2 Midland Heart Limited is registered as a ‘Data Controller’ on the Public Register of Data Controllers maintained by the Information Commissioner’s Office under number Z9424056.
3. Your privacy rights
3.1 From the 25 May 2018 you have eight rights relating to the use and storage of your personal data. These are:
• The right to be informed. • The right of access. • The right to rectification. • The right to erasure. • The right to restrict processing. • The right to data portability. • The right to object. • Rights in relation to automated decision making and profiling.
3.2 In brief, you have the right to be informed who is obtaining and using your personal data, how this data will be retained, shared and secured and what lawful grounds will be used to obtain and use your personal data. You have the right to object to how we use your personal data in certain circumstances. You also have the right to obtain a copy of the personal data we hold about you.
3.3 In addition, you can ask us to correct inaccuracies, delete or restrict the use of some of your personal data or to ask for some of your personal data to be provided to someone else. You can make a complaint if you feel that we are using your personal data unlawfully and/or holding inaccurate, inadequate or irrelevant personal data which may have a detrimental impact on you or your rights.
3.4 You can also make a complaint to the data protection supervisory authority. In the UK, this is the Information Commissioner's Office, at https://ico.org.uk.
3.5 To make enquires for further information about exercising any of your rights in this Privacy Notice, please contact Midland Heart’s Data Protection Officer, whose contact details are detailed in 1.3 above.
3.6 For further information about your rights, please visit the ICO’s website via the link https://ico.org.uk.
4. What types of personal data we process 4.1 We use a variety of personal data depending on the services we deliver to you. For all services, we need to use some or all of the following information about you and any occupants of your home: 4.2 Personal data • Contact details - name, address (current and previous), email, home and mobile telephone numbers, e-mail address;
• Date of birth, marital status, gender and other identification information - to allow us to check your identity; • Nationality – information and support in the UK; • Credit information – to ensure that customers can afford the properties we offer to them or to identify the need for added management to help customers sustain their tenancies; • Photograph or film images – to record and verify your identity; • Online computer identification (IP address) – information recorded when you engage with us by email; • National Insurance numbers – to allow us to carry out universal credit, to check your eligibility for housing and/or supporting people contracts and for the detection and prevention of housing and benefits fraud; • Your education, skills and qualifications – to allow us to assist you with tenancy management and money advice when necessary or requested by you; • Welfare and financial information – to enable us assist you with and to process welfare payments and to detect and prevent welfare benefit fraud; • Next of kin’s name, date of birth, gender, contact details – to contact them in an emergency or when we have been unable to contact you through other methods and need to address any concerns we have about the conduct of your tenancy and / or risks to our property.
4.3 Special categories of personal data • Health, medical conditions, support and vulnerability needs - to support our housing and care functions in respect of vulnerable customers; • Race – optional, based on your consent, and solely to support our equality and diversity monitoring; • Ethnic origin – optional, based on your consent, and solely to support our equality and diversity monitoring; • Religion – optional, based on your consent, and solely to support our equality and diversity monitoring; • Sexual life or sexual orientation – optional, based on your consent, and solely to support our equality and diversity monitoring; • Convictions – to enable us to carry out risk assessments of new customers for the purposes of allocation; for tenancy management purposes and where we need to ensure that the action we take in relation to the tenancy is adequate and proportionate; to aid the detection and prevention of housing fraud. 4.4 In the majority of cases we will not be able to provide some or all of our housing or support services to you without having access to your personal data. For example we need certain personal data in order to deliver our obligations under your tenancy agreement, your support or care plan or to process your housing application.
We also need to process your personal data in order to meet our legal or regulatory duties for processing housing applications, equality monitoring and government or housing regulator reports.
5. How we gather your personal data 5.1 We obtain personal data by various means; this can be by face-to-face contact, email, telephone, written correspondence or receiving this information from others, for example: a local MP who represents you, the Police, health or social care agencies, benefit agencies. We can also receive information about you from other people who know you or are linked to you, for example: relatives, persons nominated to act on your behalf or your legal representative.
5.2 Some further examples of how we may gather your personal data are set out below: • Directly from you, for example: when you fill out an application, transfer or mutual exchange form or as part of your right to buy application; • By observing how you use our housing, support, products and services, for example: from the transactions and operation of your accounts and on-line services; • From other organisations such as former housing and support providers, health and social care agencies, law enforcement agencies, debt collectors, energy or utility companies, benefit agencies and/or credit reference and fraud prevention agencies; • From other people who know you including joint tenants and people you are linked to or live in the same community as you, for example with regard to reports of anti-social behaviour; • From monitoring or recording calls as part of quality and complaints monitoring. We record these calls for training and to ensure the safety of our staff. We will not record any payment card details as part of our accounts and payments operations; • From our CCTV systems for the prevention and detection of crime or to detect damage/vandalism to our properties and to ensure the safety and security of our staff and customers; • From matching and updating mobile telephone numbers with Reid Group, which allows us to contact customers with rent arrears in order to prevent escalation to legal action.
6. The lawful basis which allows us to process your personal data
6.1 We only collect and process personal data about you where we have the lawful basis to do so. The majority of personal data we hold and processes for you is based on: • The operation of your Tenancy Agreement or (where applicable) you Support Plan. For example we share some of your personal data with maintenance contractors or support agencies; or • A legal obligation, that we need to comply with. For example we share information with the Police or the Department of Welfare and Pensions or the Regulator of Social Housing; or • In pursuance of our “legitimate interests”, provided that such processing does not outweigh your rights and freedoms. For example, we collect and process your National Insurance number for the purposes of housing fraud detection and prevention. We also pass on certain personal details to Experian in order to track former customers who owe us rent or service charges and we have not been able to contact them. • Based on your consent, which is in a limited number of occasions and in such cases we expressly ask you to give us your consent in writing. Where we have given your consent, you have the right to withdraw it later. We will let you know how to do this at the time we gather your consent. 6.2 Special protection is given to certain kinds of personal data which is particularly sensitive. This is information about your health status, racial or ethnic origin, political views, religious or similar beliefs, sex life or sexual orientation, genetic or biometric identifiers, trade union membership or criminal convictions or allegations. We will only use this kind of personal information where: • We have a legal obligation to do so (for example to protect vulnerable people); • It is necessary for us to do so to protect your vital interests (for example if you have a severe and immediate medical need whilst on our premises); • It is in the substantial public interest; • It is necessary for the prevention or detection of crime; • It is necessary for insurance purposes; or • You have specifically given us ‘affirmative’ consent to use the information.
6.3 For more detailed information on the lawful basis we rely upon to process your personal data Please read our Customers’ Personal Data Register
7. Automated decision-making
7.1 In a limited number of cases we use your personal identifiable information in automated processes to make decisions about you. These are: • Our Homes Direct website uses automation in order to search, decide and provide our potential customers with information on suitable homes based on the information you provide. • We carry out credit checks for new customers – to ensure that customers can afford the properties we offer to them or to identify the need for added management to help customers sustain their tenancies;
8. Sharing your personal data with or getting your personal data from others 8.1 Who we share your personal data with depends on the services we provide to you and the purposes for which we use your personal data. For most services we will share your personal data with our service providers such as our maintenance contractors or IT Suppliers, with credit reference agencies and fraud prevention agencies. We need to do this in order to: • Provide you with services pursuant to your tenancy agreement or support plan or other services you have requested from us; • Allow you to access our services • Assist in the allocation of housing • Assist in the allocation of care, support and safeguarding • Develop our services and conduct research
8.2 We also share information about you with third parties or when required by law for the following reasons: • Where we are legally required to disclose your information to assist government enforcement agencies • To assist with the detection and prevention of fraud • To assist in the allocation of housing • To assist with the allocation of benefit payments • To assist in the allocation of care, support and safeguarding • To enforce our agreements with you • To investigate and defend ourselves against any third party claims or allegations • As part of any corporate reorganisation such as merger
8.3 Categories of third parties who we share your personal data with: 8.3.1 Our Suppliers, such as: • Maintenance contractors • Gas contractors • Suppliers of IT products and services used by Midland Heart to support its IT infrastructure
8.3.2 Authorities and Agencies: • Police • HMRC • Local Authorities and elected representatives • Ombudsman • Social Services • Debt collection agencies • Benefit agencies • GPs and hospitals • Utility companies • Schools • Probation services • Tracing agencies • Auditors/Commissions/quality assessment agencies • Department of Works and Pensions • Drug & alcohol services • Emergency services
If you would like to have more specific information on who we share your data with or have a question please contact our data protection team – the contact details are in 1.3 above.
10. Transfers outside the UK 10.1 We do not transfer your information outside the European Union. 11. How long we keep your personal data for
11.1 How long we keep your personal data for depends on the services we deliver to you. We will never retain your personal data for any longer than is necessary for the purposes for which we need to use it and/or as is required by law. 11.2 For more detailed information on our information retention periods please visit our Customers’ Personal Data Register
12. Keeping you up to date 12.1 We will communicate with you about products and services we are delivering using any contact details you have given us - for example by post, email and text message. 12.2 Where you have given us consent to receive marketing, you can withdraw consent, and update your marketing preferences by contacting our data protection team. Their contact details are in 1.3 above. 13. Your online activities 13.1 We use cookies to track your use of our websites midlandheart.org.uk and homesdirect.org.uk. 13.2 Find out more about cookies by visiting: midlandheart.org.uk/cookie