We ask that you read this privacy notice carefully as it contains information about how we are collecting information about you relating to the Coronavirus pandemic (Covid-19).
We may collect, process and share your personal data in response to the Covid-19 pandemic to ensure your safety and the well-being of residents, tenants, leaseholders, service users, contractors, our employees and general members of the public. Some of the information we collect will be in relation to your health and will include information required so that we are able to manage and complete essential repairs and servicing to your property.
Any information we collect will be limited to what is proportionate and necessary, taking into account the latest guidance issued by the government, the Information Commissioner’s Office and health professionals, inorder to manage and contain the virus. It will enable us to effectively fulfil our functions and to keep people safe, put contingency plans into place to safeguard those vulnerable and aid business continuity. You may also wish to consider our main Privacy Notice which sets how we process your information.
We are a registered charitable Community Benefit Society that provides social housing and support. We are a controller of personal information and collect, use and are responsible for certain personal information about you. When we do so, we are regulated under the General Data Protection Regulation (GDPR) which applies across the European Union (including in the United Kingdom) and the Data Protection Act 2018. Our contact details for data protection purposes are as follows.
Information Governance Team
The individual responsible for data protection compliance is our Data Protection Officer, who is contactable using the above details.
We may collect the following information.
We may already have some of your personal data that you have provided as an applicant, tenant or an employee and which has been provided for a specific reason. In the current crisis, we may need to share this information for a different reason and it may not always be possible to inform you of this in advance. We may also request further information from you or from a third party which we have not previously collected or processed. If you do not provide the information we need then we may not be able to provide all services to you.
We will use the information you provide to:
The legal basis for processing the data is that it is in the public interest for us to deal with the outbreak of Covid-19.
The General Data Protection Regulation requires specific conditions to be met to ensure that the processing of personal data is lawful. These relevant conditions are below.
Under the GDPR and Data Protection Act 2018 you have a number of important rights free of charge, unless excessive or repetitive in nature. In summary, those include the following.
Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, in response to your request.
Object to processing of your personal data where we are relying on a legitimate interest
(or those of a third party) and there is something about your particular situation which makes
you want to object to processing on this ground as you feel it impacts on your fundamental rights
and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process
your information which override your rights and freedoms, or that the processing is necessary for
the establishment, exercise or defence of legal claims. You also have the right to object where
we are processing your personal data for direct marketing purposes.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing
of your personal data in the following scenarios:
Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format (ie useable on a computer). Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal data.
However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent. Also, we may still be allowed to process your data following the withdrawal of consent if another lawful justification for such processing exists.
If you would like to exercise any of those rights, please:
We will respond to all legitimate requests within one month. If it’s going to take us longer than a month because the request is complex, or you have a number of requests we will notify you and keep you updated.
Your personal information relating to Covid-19 is stored on our Customer Relationship Management (CRM) system which may be copied for testing, backup, archiving and disaster recovery purposes. Access to your information is limited to those who require it to provide services to you. All data is held within the UK.
To deliver services to you, it may be necessary for us to share your personal information outside the EEA, for example if we were to use a cloud service provider based outside the EEA. These transfers are subject to special rules under European and UK data protection law. In such a situation, we will make sure that we have adequate safeguards and security measures in place as required by the GDPR.
We hope that we can resolve any query or concern you raise about our use of your information.
The GDPR and Data Protection Act 2018 also gives you the right to complain to a supervisory authority, in particular in EEA state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who can be contacted at Information Commissioner, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF or by phone on 0303 123 1113.
We may change this privacy notice from time to time, when we do we will inform you by an update on our website at www.wdh.co.uk.
Please contact us if you have any questions about this privacy notice or the information we hold about you.
If you wish to contact us, please email firstname.lastname@example.org or write to our Information Governance Team, WDH, Merefield House, Whistler Drive, Castleford, WF10 5HX or email email@example.com or call us on 0345 8 507 507.
We are committed to giving everyone equal access to information. If you would like this information in another format please phone us on 0345 8 507 507.