How do we collect data?
In order to be as accessible as possible, we collect data in a variety of ways, including:
Paper and electronic forms, tenancy agreements, recorded telephone calls, social media, emails, CCTV, website.
Who do we hold data about?
We deal with a wide range of people in the course of our business, we hold data about:
Tenants (previous, current and potential), leaseholders, customers using our services, family members and other people associated with tenants/customers, colleagues, non-executive directors, volunteers, business partners and stakeholders.
What do we use the data for?
In the course of our business, we will collect, process, share and store securely the data in our control. The areas of business we use it for include:
Allocation of properties, tenancies, receiving rent and service charges, ensuring bills and benefits are accurate and paid, property repairs and maintenance, home ownership products, debt and benefit advice, support services, prevention and detection of crime, promoting safety, engaging with our stakeholders, promoting equal opportunities, employment and training requirements and services, employment and colleague development, working with partners, statistical analysis (anonymised wherever possible).
Developing new products and services, keeping in contact with customers, inviting you to participation in community events and initiatives.
This is not an exhaustive list of all of our business activities, but it gives you a good flavour of the business we are in and where we hold personal data to ensure we operate effectively.
We may occasionally send you information about products or services either provided by us or someone else, which we think you may find interesting. We might also ask a trusted partner to send this kind of information on our behalf. If you do not wish to receive this information, please let us know by calling the Customer Hub on 0300 777 7777.
We do not and will not sell your personal data to third parties for the purposes of direct marketing (or any other purpose, we are not in the business of selling personal data at all).
In the Data Protection Act, sensitive data has a very specific definition which includes a person’s racial or ethnic origin, political opinions, religious or other similar beliefs, trade union membership, sexual life, physical or mental health condition, philosophical beliefs, commission or alleged commission of an offence and any proceedings attached to that.
When we collect sensitive data, we will always tell you what we are going to use it for and who we may share it with. We will require some sensitive data in order to carry out our obligations to provide you with a service, such as information about your health condition or alleged or actual offences. If you do not consent to us processing this information, it is unlikely we’ll be able to provide the service.
Data can also be considered sensitive by its very nature, for example financial information or matters reported confidentially. We take the confidentiality of this information very seriously, but note that it doesn’t fall within the same restrictions as sensitive data under the DPA.
You have a right to request to see the data THT holds about you. This is called a Subject Access Request. When you make a Subject Access Request:
- We will take steps to confirm your identity so that we are sure the information is being released to the person it relates to
- We will usually ask you to pay a fee of £10, particularly if the request will need significant staff time or printing costs for us to be able to respond
- We may ask you for some further clarification in order to retrieve the information you have asked for
- Our statutory obligation is to reply within 40 days. For larger requests it may take the full 40 days to respond, for smaller requests we will endeavour to respond much more quickly.
When we reply to your request, we may edit some of the information in order to protect the identity of other people.
There are lots of different ways in which we ensure personal data is kept safe, here are a few:
- The THT computer system and network is protected by appropriate security software.
- All colleagues who access the system have their own username and password, and only have access to the files on the network which they need to do their job.
- We request information to verify a customer’s identity on the telephone before speaking to them about their query. We are looking at ways to make the identity checks more secure and may introduce passwords in the future.
- We provide training for staff which includes their obligations to keep personal data safe, and having a policy and procedures which supports this.
- When we come to your property to speak to you, we won’t disclose the subject to anyone else. Please could you be helpful when a staff member attends your home and find a private space to discuss the matter if you do not wish others to hear it.
- Email is not a particularly secure way of communication, we can discuss issues with you by email but please note that it is easy for emails to be intercepted. When we email personal data to you, we will usually send it in a password protected document unless you have asked us not to.
Advocates and people acting on your behalf
Some people like to have a family member or another advocate who is able to speak with THT on their behalf. For these arrangements, we require the customer to write to us, confirming who they wish to authorise to speak to us and whether there are any restrictions on what they can discuss.
If the circumstance is a one off, for example on a telephone call, we will require the customer to speak to us first, go through a security check, and then give their verbal authorisation. If the authorisation is to be repeated, then written permission must be given.
Where one of our customers does not have capacity to speak to us, we will require a copy of the Power of Attorney or similar in order to agree an authorised person to speak on their behalf.
Sometimes when a customer makes a complaint, particularly if it relates to anti-social behaviour, we will be obliged to disclose some of that complaint in order to investigate it. When we do so we will:
- Speak with you about what action we will take to investigate the issue.
- Seek to protect your identity if you have reported an issue in confidence. This may not be possible in all circumstances, but we will speak with you about it beforehand.
- If the issue you have reported relates to safeguarding we will report it to the appropriate authorities.
- When we have concluded an investigation we will give you as much information about the outcome as we can, but we may have to keep back some information if it relates to other people.
In order to prevent and detect crime, we install CCTV in some areas. Where we install CCTV we will have appropriate notices in place to alert people to its presence.
If you wish to make a Subject Access Request for CCTV footage of yourself, as well as the identification and fee you should make sure that you provide us with some description of what you look like so that we can find your image.
Sharing your information
There will be instances when, as part of our business, we will share your data with others. We will only share data where we either have your consent, or where the Data Protection Act allows us to do so without your consent.
Here are some examples of when your data will be shared with a third party:
- We will share your data with properly appointed third party agencies and contractors in order to perform our obligations under a tenancy or other service agreement. For example when a repair or work is required on a property and you are our tenant:
- We will provide your details to a contractor so that they can contact you and carry out the work.
- If for example you have a mobility issue we will inform a contractor that they should knock and wait at your door
- If you wish for a carer to be present when someone attends, we will ensure the contractor has the details to arrange this.
We have a duty of care to our staff and contractors, and therefore where we have evidence of a history of violence at a property, we will inform the contractor of this.
- Where your circumstances have changed, or you have vacated a property, we will give your details to the utility companies providing services to the property.
- We sometimes wish to conduct surveys of our customers and stakeholders, where we appoint a third party to carry out a survey for us we will provide contact details and other relevant information for this purpose. We will always have a contract in writing with such companies which is clear about what the data is to be used for and that it must be securely disposed of once the work is complete.
- We will share information with Government agencies where the Data Protection Act allows us to do so. This includes the Social Services, local authority council tax and benefits departments, the Department for Work & Pensions and HMRC. We will share personal data with a local authority in relation to any fraud prevention/detection work they carry out.
- If you go into arrears, we may share your data with other agencies for the purpose of seeking payment.
- We may share information with the DWP if you are in receipt of Universal Credit and have significant arrears, in order to make a request for your housing benefit to be paid direct to us.
- We will share information with the Police or other law enforcement agencies in order to prevent or detect a crime.
- Where we are providing you with debt advice, we may share your details with other debt advice agencies in order to provide that service.
Please be assured that, whenever a third party requests information which we hold about an individual:
- We will always take steps to confirm that the request is genuine
- We will consider whether or not it is appropriate to release the information and on what grounds under the Data Protection Act
- Where we decide to release information, we will only provide the minimum which we think is required for the purpose it has been requested.
What if I have a question which isn’t answered here?
The Customer Hub will be able to help with most queries relating to customers and their information. We also have an in-house Governance & Business Assurance team who provide expertise on data protection, you can speak to them about more detailed queries via the Customer Hub on 0300 777 7777.