1. How we handle personal data
This notice explains what personal information we (Port of Leith Housing Association, Scottish Charity Number SC027945), collect, when we collect it and how we use it. We collect and use personal data for a variety of reasons in line with the guidelines published in the General Data Protection Regulation (GDPR) (EU) 2016/679 and the Data Protection Act of 2018. We have separate Privacy Notices for our Employees and Members of our Board of Trustees.
We are registered as a Data Controller with the Office of the Information Commissioner under registration number Z5626639, and we are the data controller of any personal data that is provided to us.
Any personal data we process is done so for a clear purpose and with a clear legal basis for doing so. We only hold personal data for as long as is necessary, as is required by law or as is set out in any contract we enter. The length of time we hold certain types of personal data for is set out in our Data Retention Policy.
2. How we collect personal information and what we collect
We collect information about customers (for example, tenants, factored owners and mid market rent):
- When you apply for housing with us, become a tenant, request services/repairs, enter into a factoring agreement with us or otherwise provide us with your personal details
- When you apply to become a member
- When you use our online services, for example, to report any tenancy/factor-related issues or make a complaint etc
- When you make payments to us (such as bank details, payment card numbers, employment details, benefit entitlement and any other income and expenditure related information).
- When you telephone the office and speak to a customer advisor the calls are recorded.
Depending on our relationship with you as a customer, we may collect the following information about you:
- Telephone number
- Email address
- National Insurance number
- Next of kin
- Details of any dependents
- Date of birth
- Ethnic origin
- Sexual orientation
- Health information relevant to application or tenancy
- Employment details
- Bank details
- Passport number
- Whether you have served in the Armed Forces
We receive the following information from third parties:
- Benefits information, including awards of Housing Benefit/Universal Credit
- Payments made by you to us
- Complaints or other communications regarding behaviour or other alleged breaches of the terms of your contract with us, including information obtained from Police Scotland
- Reports on the conduct or condition of your tenancy, including references from previous tenancies, and complaints of anti-social behaviour
- Medical information for the purposes of managing your tenancy
Why we need this information and how it’s used:
- We require this information for the following reasons:
- To undertake and perform our obligations and duties to customers under the terms of our contract with them
- To enable us to supply customers with the services and information which they request
- To enable us to respond to repair requests, housing applications and complaints
- To analyse the information we collect so that we can administer, support and improve and develop our business and the services we offer
- To send customers details of any changes to our suppliers which may affect them
- For all other purposes associated with the proper performance of our operations and business
- To contact customers to find out their views on our products and services.
When you visit our website, we may collect personal information about you, if you:
- pay your rent;
- pay your factoring bill;
- report a repair to us;
- make a complaint to us;
- complete and submit a “contact us” form; and
- log in to your account via the Customer Login.
We may use this personal information to:
- provide you with the services that you have requested from us;
- communicate with you, including in response to any of your enquiries;
- improve our services and respond to changing needs;
- process your rent payments;
- carry out repairs to your property;
- handle and resolve complaints made by, or, against you;
- keep the personal information that we hold about you accurate and up-to-date (if you provide any new personal information to us via the website); and
- signpost you to organisations that can offer benefits and debt advice and support
Visiting our premises
- When you visit one of our premises, we may record your name in our signing-in register. Your image may be captured by our CCTV cameras. Notices are available where the cameras are in operation.
If you are a business contact
- We may collect your business contact details such as your name, business address and business e-mail and your company’s bank account details. If you are a sole trader this may be your personal details which will be treated in accordance with this notice.
If you apply for a job with us
- We will ask for your contact details, previous employment history and qualifications.
- We may collect details of ethnicity and disability – for equalities monitoring and so that we can make any appropriate adjustments to accommodate you through the recruitment process.
3. Lawful Processing
Data protection law requires us to rely on one or more lawful grounds to process your personal information. We consider the following grounds to be relevant:
Performance of a contract
Where we are entering into a contract with you or performing our obligations under it, like when you have a Tenancy of Factoring Agreement with us.
For our employees we are processing for the contract of employment.
Performance of a task in the public interest
Where we provide housing services in relation to:
(a) the prevention and alleviation of homelessness,
(b) the management of housing accommodation where we have granted a Scottish secure tenancy
Where necessary so that we can comply with a legal or regulatory obligation to which we are subject, for example where we are ordered by a court or regulatory authority like HMRC.
Where it is necessary to protect life or health (for example in the case of medical emergency suffered by an individual on our premises) or a safeguarding issue which requires us to share your information with the emergency services.
Where you have provided specific consent to us using your personal information in a certain way, such as to send you email, text and/or telephone marketing.
Where it is reasonably necessary to achieve our or others’ legitimate interests (as long as what the information is used for is fair and does not duly impact your rights).
We consider our legitimate interests to be for running Port of Leith Housing Association. For example to:
- provide our services;
- run our business, for example, processing financial transactions for payment of our suppliers and to invoice our contractors
- recruit staff
- protect our staff and customers and assist with the prevention and detection of crime
- monitor who we deal with to protect the Association against fraud, money laundering and other risks;
- enhance, modify, personalise or otherwise improve our services /communications for the benefit of our customers; and
- better understand how people interact with our website.
When we legitimately process your personal information in this way, we consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. We will not use your personal information where our interests are overridden by the impact on you, for example, where use would be excessively intrusive (unless, for instance, we are otherwise required or permitted to by law).
When we use sensitive personal information, such as health information, we require an additional legal basis to do so under data protection laws, so will either do so on the basis of your explicit consent or another route available to us at law (for example, if we need to process it for employment, social security or social protection purposes, your vital interests, or, in some cases, if it is in the public interest for us to do so).
5. Security of personal information
We take steps to make sure that personal information we hold is kept secure and safe. We use appropriate technical and organisational measures to safeguard your personal information. Our systems are password protected and all electronic data is stored securely. All paper files are kept in locked cabinets. All information is kept in line with our Data Protection Policies which are available here.
6. Transfers outside of the UK and Europe
Your information will only be stored within the UK and EEA, with the exception of some data (such as the IP address of your computer, and websites you have visited) collected via the Cookies on our website which is stored in the USA. You will always have the option to consent to these Cookies when you visit the website.
7. How long we keep personal information
We review our data retention periods regularly and will only hold personal data for as long as is necessary for the relevant activity, or as required by law (we may be legally required to hold some types of information), or as set out in any relevant contract we have with the individual.
We will generally keep information for the minimum periods set out in our Data Retention Policy, which is available here.
8. Your rights
Under certain circumstances, the law gives you the right to request:
- A copy of your personal information and to check that we are holding and using it in accordance with legal requirements.
- Correction of any incomplete or inaccurate personal information that we hold and use about you.
- Deletion of your personal information where there is no good reason for us continuing to hold and use it. You also have the right to ask us to do this where you object to us holding and using your personal information (details below).
- Temporarily suspend the use of your personal information, for example, if you want us to check that it is correct or the reason for processing it.
- The transfer of your personal information to another organisation.
You can also object to us holding and using your personal information where our legal basis is a legitimate interest (either our legitimate interests or those of a third party), including the right to object to direct marketing.
If you wish to make any of the above requests, please complete this form. When you make a request, we are required to verify your identity and may ask you for specific information to fulfil this purpose. Normally, you will not need to pay a fee when you make any of the above requests, but we may charge a reasonable fee or refuse to comply if your request for access is clearly unfounded or excessive.
9. Keeping in touch with us
The accuracy of the personal data we hold is important to us. Please help us keep our records updated by telling us about any changes to your personal and/or contact details by calling our Customer Advice Team on 0131 554 0403 or emailing firstname.lastname@example.org.
Any questions about this notice should be sent, in the first instance, to Heather Kiteley, Director of Finance & Corporate Services, at email@example.com or at our registered office: 108 Constitution Street, Leith, Edinburgh, EH6 6AZ.
Our Data Protection Officer is provided by RGDP LLP and can be contacted either via 0131 222 3239 or firstname.lastname@example.org
We seek to directly resolve any complaints about how we handle personal information and would request you contact us in the first instance. If you are not happy thereafter, you also have the right to complain to the Information Commissioner’s Office in relation to our use of your information. The Information Commissioner’s contact details are noted below:
Information Commissioner’s Office
We keep this privacy notice under regular review and will place any updates on this website.
This privacy notice was last updated on 29th July 2020.