This page explains how One Housing Group Limited collects, uses, stores and shares your personal information.
Data Protection at One Housing Group Limited
Identity and contact details of Controller
One Housing Group Limited (OHGL) is a housing association and a controller of personal information for the purposes of the General Data Protection Regulation (‘GDPR’) and Data Protection Act 2018.
Our contact details for data protection purposes are:
Data Protection Officer
Governance & Compliance Directorate
One Housing Group Limited (OHGL)
Atelier House, 64 Pratt Street, London NW1 0DL.
Telephone: 020 8821 5100.
OHGL is registered with the Information Commissioners Office as a Data Controller. Our registration number is Z687766X.
Under the Data Protection Act 2018, OHGL has a legal duty to protect any information we collect from you or have about you from other sources.
GDPR as defined in the Data Protection Act 2018 as a set of rules and guidelines we must follow when handling your personal information. These are referred to as Data Protection Principles.
How we use and store your personal information
This privacy notice tells you what to expect when OHGL collects and stores personal and sensitive information.
It tells you the purposes for which we will process your personal information and the legal basis for the processing (‘processing’ includes us keeping your personal information). It applies to information we collect about:
During your tenancy, we will collect and process information about you and members of your household. We do this to:
- Be able to contact you directly
- Manage your tenancy and the OHGL property it relates to
- Monitor compliance with the terms of your tenancy or service agreement
- Deliver support for special needs to you or any member of your household
- Share information with other agencies where we have your agreement
- Conduct transactional surveys in order to monitor and improve our service. For example, repairs and maintenance, complaints, lettings, anti-social behaviour issues and training
- Monitor equality and diversity
- Provide information about our performance and services through newsletters and email campaigns
- Provide information about additional services we offer, including opportunities to participate in meetings, training, employment services, youth services and events
- Comply with our safeguarding duties
- Complete consultations, facilitate residents’ groups and community grant applications.
- Verify your identity so that we can give you access to your MyOneHousing account.
Unless we advise you otherwise, we will only collect and process personal information to carry out these functions.
Personal information is stored on our computer systems and/or tenancy file. It is held securely, and we have security measures in place to protect it.
We will collect relevant information from you in accordance with our contracts or information sharing agreements.
This may include names and qualification information relating to your staff. The purpose is to enable you to provide services to our residents on behalf of OHGL.
Information will be held centrally by our Procurement Team, on our computer system and by the relevant team/department, in line with our data retention periods. Personal data is held securely, and we have security measures in place to protect it.
We collect personal and sensitive personal information relating to our workforce. This includes staff, contractors, temporary workers and volunteers.
We do this for:
- Recruitment and appointment purposes, to set up your employment or volunteering contract.
- Administration purposes (e.g. to operate payroll, pensions etc.)
- Conducting performance reviews, managing performance and determining performance requirements
- Offering any necessary support requirements in your role
- Compliance with legal or industry standards to ensure that your tax and National Insurance are recorded against your name (e.g. to prove eligibility to work in the UK, to complete DBS checks, where appropriate, and to meet our Health and Safety Requirements)
- Conducting transactional surveys to monitor and improve our services, for example, following training courses
- Risk assessing you for lone working
- Monitoring diversity in our applicants and workforce, as recommended by the Equality and Human Rights Commission. The information you give us in this section will not be seen by the hiring manager during the application process, and will not affect applications to work with us or volunteer with us in any way
- Monitoring our premises and for safeguarding and security reasons.
We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:
- Where we need to perform the contract we have entered into with you
- Where we need to comply with a legal obligation
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests
We may also use your personal information in the following situations, which are likely to be rare:
- Where we need to protect your interests (or someone else’s interests); and
- Where it is needed in the public interest or for official purposes.
Information is held centrally by our HR team on our computer system. Individual and line managers can access certain personal information through our internal systems. Information is held securely, and we have security measures in place to protect it.
We will share your data with third parties, including third-party service providers, for example, payroll and pension administration.
We require third parties to respect the security of your data and to treat it in accordance with data protection legislation.
Unless we advise you otherwise, we will only collect and protect personal information to carry out these functions. Personal data is held securely, and we have security measures in place to protect it.
When a referral is made on your behalf to OHGL for care or support, we will collect and process personal information about you.
We do this to:
- Identify your care and support needs and complete our assessments, in order to offer you the most effective service possible
- Complete risk assessments
- Monitor equality and diversity
- Share information about your care and support with your family or next of kin
- Provide assistance to the police in the event of a Missing Person case
- Update our records of your care and support needs
- Monitor our premises
Personal information is stored on our computer systems. It is held securely, and we have security measures in place to protect it.
Information is held centrally by our Care and Support teams on our computer system and relevant contact information is held by individual teams in line with our retention periods. Personal data is held securely, and we have security measures in place to protect it.
We may collect and process personal information about you in the following circumstances:
- To respond to requests for information regarding our services (i.e. when you submit information for reporting anti-social behaviours)
- To contact you regarding property you have registered an interest in
- To comply with relevant legislation and regulation
- To register you for our employment, training and youth services
Personal information is stored on our computer systems. It is held securely, and we have security measures in place to protect it.
Legal basis for processing
We have four main legal bases for processing personal data:
- Where it is necessary for the performance of a contract (i.e. provision of services set out in the tenancy agreement)
- Where it is necessary for the purposes of the legitimate interests pursued by OHGL or by a third party to process your information. We can do that as long as we do not interfere with your fundamental rights or freedom.
- Because we have your consent (i.e. agreement) to us processing your personal information. You can withdraw your consent at any time. This is explained further below in the section entitled ‘Your rights under GDPR’.
- Where processing is necessary to comply with the law or a statutory obligation.
Other reasons we can rely upon to process your personal information under GDPR are as follows:
- Where we are under a legal obligation or an obligation under a contract to process/disclose the information.
- Where we need to protect the vital interests (i.e. health and safety) of you or another person.
Some personal information is treated as special category data, specifically health, sexuality, racial or ethnic background, political opinions, religion, beliefs, trade union membership or genetic and biometric data. The legal basis for processing these special categories of personal data is more limited. To lawfully process special categories of personal data, we must identify a lawful basis for the processing and meet a separate condition for the processing.
The bases we can use are:
- With your consent
- Where we need to protect the vital interests (i.e. the health and safety) of you or another person
- Where you have already made your personal information public
- Where we or another person needs to bring or defend legal claims; and/or
- Substantial public interest grounds
To process personal data about criminal convictions or offences we must have both a lawful basis for the processing and either legal authority or official authority for the processing.
How we manage your personal information
We process your personal information in accordance with the principles of GDPR.
We will treat your personal information fairly and lawfully and we will ensure that information is:
- Processed for limited purpose
- Kept up-to-date, accurate, relevant and not excessive
- Not kept longer than is necessary
- Kept secure.
Access to personal information is restricted to authorised individuals on a strictly need to know basis.
We are committed to keeping your personal details up to date, and we encourage you to inform us about any changes needed to ensure your details are accurate.
To help us ensure confidentiality of your personal information we will ask you security questions to confirm your identity when you call us. We will not discuss your personal information with anyone other than you, unless you have given us prior authorisation to do so.
Who might we share your personal information with?
Normally, only OHGL staff will be able to see and process your personal information. However, there will be occasions when we will need to share personal information with third parties for the purposes as outlined or where we are legally required to do so.
When sharing personal information, we will comply with all aspects of the GDPR. Special categories of personal data about health, sexual life, race, religion and criminal activity, for example, are subject to particularly stringent security and confidentiality measures.
We also share information:
- To allow us to tailor our services to you
- For detecting possible fraud (e.g. as part of the National Fraud Initiative)
- To deal with rent arrears (e.g. tracing and/or debt collection agencies)
- To deal with unpaid bills (e.g. utility or council tax bills - we may need to pass on your forwarding address)
- To help us communicate with you (e.g. we sometimes use external printers, translators etc.)
- To assist the Police in solving crime and investigating anti-social behaviour.
As part of the government’s reform of welfare benefits, new regulations have been introduced on information sharing. This means we can now share limited information about our residents and their properties with local authorities, for example, name, address and National Insurance Number.
The new regulations will help us identify and support those who could be affected by welfare reform.
We will also disclose your personal details, if required to do so, by law or by any Government body.
OHGL contracts external companies to manage certain areas of our business to fulfil our obligations as a landlord.
We share limited personal information of our residents with external contractors, such as name, address and telephone number.
- Repairs and maintenance contractors
- Out of hours call centre service
- Health and safety compliance checks (i.e. gas servicing, lifts, asbestos, legionella)
We will only share the minimum information necessary for the contractor to carry out their services on behalf of OHGL. We will also ensure that data sharing agreements are in place, where we are sharing personal data with data processors. If you have any concerns about a company operating on behalf of OHGL, or information that has been shared with an external company, please contact us using the details below.
OHGL will never sell personal information to a third party.
International transfers of personal data
Our website is hosted within the UK. Our other systems are generally located on our premises or elsewhere within Europe, but some services used for email campaigns, responding to enquiries regarding our care homes and completing online surveys are located outside of Europe.
Where data is transferred outside Europe, we will make sure that transfers are only made to countries in which the European Commission has made an ‘adequacy decision’, or where appropriate safeguards are in place.
How long do we keep information?
We have a data retention schedule, which sets out how long we keep different types of information. We follow legal requirements and best practice.
Please contact us if you would like a copy of the schedule.
We may use data disclosed for the purpose of preventing and detecting fraud. This includes information provided on the OHGL website, on the My Account area, or in any other way provided to us online or otherwise.
The data collected may be used for the purpose of data matching and further investigations. This involves comparing the data we hold on you with that held by third parties solely for the purpose of detecting and preventing fraud. We might also use your data to further investigate fraud that we think might have been committed.
This involves checking with various third parties, such as the Land Registry, banks, schools and utility companies.
Your rights under GDPR
You have a number of rights under the GDPR.
Access to personal information
Under GDPR, you have a right to ask us what personal information we hold about you, and to request a copy of your information. This is known as a ‘subject access request’ (SAR).
We have a Subject Access Request form which provides further information to help you to submit your request. We will also request photo identification. To make a subject access request, please complete the online form.
Alternatively, you can email us at firstname.lastname@example.org, or let us know by contacting customer services at 0300 123 9966.
We will respond to your request with all the information we are legally required to provide within 30 days.
Your right to certain information may be restricted. For example, information relating to a third person or information relating to a police investigation.
If you need to correct any mistakes contained in the information we hold about you, you can let us know by contacting customer services on 0300 123 9966.
Erasure (‘right to be forgotten’)
You have the right to ask us to delete personal information we hold about you. You can do this where:
- The information is no longer necessary in relation to the purpose for which we originally collected/processed it
- You withdraw consent
- You object to the processing and there is no overriding legitimate interest for us continuing the processing
- We unlawfully processed the information
- The personal information has to be erased in order to comply with a legal obligation
We can refuse to erase your personal information where the personal information is processed for the following reasons:
- To exercise the right of freedom of expression and information
- To enable functions designed to protect the public to be achieved, e.g. government of regulatory functions
- To comply with a legal obligation or for the performance of a public interest task or exercise of official authority
- For public health purposes in the public interest
- Archiving purposes in the public interest, scientific research, historical research or statistical purposes
- The exercise or defence of legal claims
- Where we have an overriding legitimate interest for continuing with the processing.
Restriction on processing
You have the right to require us to stop processing your personal information. When processing is restricted, we are allowed to store the information, but not do anything with it. You can do this where:
- You challenge the accuracy of the information (we must restrict processing until we have verified its accuracy)
- You challenge whether we have a legitimate interest in using the information
- The processing is a breach of the GDPR or otherwise unlawful
- We no longer need the personal data, but you need the information to establish, exercise or defend a legal claim
If we have disclosed your personal information to third parties, we must inform them about the restriction on processing, unless it is impossible or involves disproportionate effort to do so. We must inform you when we decide to remove the restriction giving the reasons why.
Objection to processing
You have the right to object to processing where we say it is in our legitimate business interests.
We must stop using the information unless we can show there is a compelling legitimate reason for the processing, which overrides your interests and rights or the processing is necessary for us or someone else to bring or defend legal claims.
Withdrawal of consent
If the basis on which we are using your personal information is your consent, we will seek your consent to contact you for non-essential services.
Examples of this include to gather feedback following community events or permission to use photographs taken (i.e. at events). You have the right to withdraw your consent to us processing your information at any time. We must stop using the information. We can refuse if we can rely on another reason to process the information such as our contractual obligations or legitimate interests.
Visitors to our website
We collect the following information from visitors to our website and My Account:
- Details collected through online forms
- Surveys and polls about the website
- Site usage information from session cookies and log files
Site usage information
Links to other websites
This privacy notice does not cover links within our website to other websites. We encourage you to read the privacy statements on other websites you visit.
Changes to this privacy notice
We keep our privacy notice under regular review.
We will update it if we undertake any new or amended processing. This privacy notice was last updated on 17 February 2020.
OHGL has subsidiary organisations who are also registered as Data Controllers with the Information Commissioners Office. They are:
- One Direct Maintenance Limited (ODML)
- Citystyle Living Limited
- TPHA Limited
This privacy notice does not provide details on all aspects of OHGL’s collection and use of personal information. We are happy to provide any further information or explanation if needed.
Please contact us using the information below.
How to contact us
If you want to find out more about this, you can:
- Email the Group Data Protection Officer at email@example.com
- Write to Data Protection Officer, Atelier House, 64 Pratt Street, London, NW1 0DL.
Alternatively, you can find here other ways to contact us.
OHGL aims to meet the highest standards when collecting and using personal information. You can raise a complaint with us if you think that our collection or use of information was unfair, misleading, inaccurate or inappropriate.
If you are still not happy with our response, you have the right to appeal directly to the regulator – the Information Commissioners’ Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Telephone: 0303 123 1113.