Privacy - Our Data Protection And Confidentiality Policy

This policy sets out the Society’s approach to the General Data Protection Regulation 2018 (GDPR) and applies to all personal data held by the Society relating to any identifiable living person. Personal information held about our tenants will be handled sensitively and confidentially by all staff, agents and members of our Committee. It should be noted that tenants may be past, present and future tenants or others with whom we have dealings. Staff includes Committee members.

The Society

Dronfield Pioneer Health & Housing Society Limited is a housing society run by a committee elected from tenants living on the estate. There is also a Chairperson, an Administration Secretary, a Finance officer, and an Estates Manager. The Society is a limited company (registered No.12994) and is registered with the FCA.

Policy Statement

All employees, Staff, Committee Members and agents must comply with this policy, the Society’s Data Protection Guidance Procedure in addition to the GDPR. In doing so, they will:

  • Treat all personal and sensitive information as confidential.

  • Comply with the law regarding the protection and disclosure of information.

  • Not disclose information without the prior informed consent of the individual concerned, except in the circumstances detailed below under “disclosure” or where otherwise permitted by the law.

  • Not attempt to gain access to information they are not authorised to have.

All personal information about tenants of the Society will be:

  • Obtained, held and processed fairly.

  • Held for specific purposes and used only for those purposes.

  • Relevant, accurate and kept up to date.

  • Corrected if shown to be inaccurate.

  • Kept no longer than is necessary and destroyed when no longer required, in line with best practice.

  • Protected against loss or disclosure.

  • On request, made available to the data subject.

Objectives

  • To ensure compliance with the GDPR and regulatory requirements in relating to confidentiality.

  • To ensure all staff across the Society are aware of, and understand the importance of data protection and confidentiality.

  • To ensure the protection of personal and sensitive information of staff and tenants.

  • To ensure tenants are able to have access to their own information within relevant timescales.

  • To ensure all staff receive appropriate data protection training, with regular updates or when significant data protection guidance changes.

Responsibilities and requirements

All staff have a responsibility to effectively manage personal data. Managers should ensure all their staff receive adequate training.

Personal information must be treated as confidential and must only be disclosed for purposes that are notified to the Information Commissioner's Office.

All computerised and manual filing systems containing data relating to any identifiable living person must be documented in the Data Information Asset Register which ensures the data is:

  • Identified, including where it came from, is stored, who it has been shared with, whether consent has been given

  • secured

  • accurate and kept up to date and retained only so long as required

  • Notified to the Society's designated Data Protection Officer.

Such systems must be designed and operated so as to comply with the Data Protection principles.

Any person may ask the Society for the data that the Society holds about them. Any such request should be immediately passed to the Data Protection Officer for action (a response must be made within 30 calendar days). Any data that the person is entitled to see must be presented in plain language in hard copy format. Additionally, where necessary, the information will be provided verbally.

From 25 May 2018 subject access requests (SAR) are provided free of charge.

Any breach in the policy must be reported immediately to the Data Protection Officer. A breach could have very grave consequences for an individual or the Society and will be treated as a serious matter. Disciplinary action, including dismissal in a serious case, will be taken against any employee or member of the Society who commits a breach of this policy. The employee may also be open to criminal proceedings that may result in an unlimited fine or a custodial sentence.

Access to information and disclosure outside the Society

Staff across the Society will generally have access to all the information they need to carry out their work and they have a duty to keep that information confidential.

In the unlikely event that any information needs to be disclosed to someone outside the Society, staff must explain to an individual why this is necessary and obtain written consent before doing so. If an individual does not give consent, this should be noted and special arrangements should be made for recording information and access to it. However, relevant agreements and protocols are in place that allow for the exchange of information between the Society and the relevant Local Authorities in relation to the prevention of crime and anti-social behaviour.

There are certain situations where, by law, staff do not have to obtain prior permission to disclose personal information about individuals.

These are:

  • To comply with the law (e.g. the police, Inland Revenue, Council Tax Registration Office or a court order).

  • Where there is a health and safety risk (this will include information about tenants with a history of violence and when other care professionals are involved in a tenant's care).

  • When there is evidence of fraud.

  • In connection with court proceedings or statutory action to enforce compliance with tenancy conditions (e.g. applications for possession or for payment of Housing Benefit directly).

  • The name of a tenant and the date of occupancy to utility companies (where the tenant is responsible for direct payment), providing the tenant has agreed to this at the start of the tenancy or has given consent to the passing on of the information since.

  • Anonymously for bona fide statistical reporting or research purposes, providing it is not possible to identify the individual to whom the information relates.

  • Where specifically enabled by the terms of registration of the GDPR.

  • Where there are declarations of interest by staff.

  • Where any staff may have concerns about a tenant under the Safeguarding of Adults from Abuse policy, or related concerns under the Safeguarding Children policy.

Any information disclosed must be necessary for the purpose for which it is disclosed. Therefore, staff should not, for example, disclose details of a tenant’s religious beliefs if only their name and contact details are needed for the purpose of carrying out repair work.

If it is necessary to discuss individual tenants at meetings involving people from outside the Society or to refer to them in reports, it is suggested that they could be referred to by codes, e.g. Tenant A, to maintain anonymity.

Information we collect about you

We need to keep enough information about you to perform our duties as a landlord, to comply with our contractual obligations and the law, and to aid completion of government and other legal forms. The Society will only hold personal information about over 18's. We will maintain some or all of the information about tenants, prospective tenants and past tenants -

  • Names and addresses of tenants and others occupying properties on the estate.

  • Contact details – phone numbers, email addresses, social media, etc. if we have your permission.

  • Credit and other checks and information relating to tenancies and required by law.

  • For Staff and Committee members: Year of birth, occupation, directorships, related parties, etc. as required by law.

  • Telephone calls may be recorded for security, reference, and training purposes.

How we protect your personal data

Your personal data held in electronic form is password-protected on secure local servers. Paper records are held in secured premises. Staff are subject to a confidentiality agreement.

Disposal

All personal information will be destroyed as soon as practicable when it is no longer needed.

Your right to withdraw consent

Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent. Please note there is certain information that we need to hold so that we can run the Society, and also comply with our legal obligations.