At Your ReSI Home we are committed to ensuring that your privacy is protected. This Privacy Notice, together with our Terms and Conditions, explains how we use information about you when you use our services.
For the purposes of the General Data Protection Regulation (“GDPR”) and UK data protection laws, the data controller is ReSI Property Management Limited, trading as Your ReSI Home. The person responsible for data protection is Jamie Turnbull and can be contacted at Your ReSI Home, 2 Tangier Central, Castle Street, Taunton, TA1 4AS; at email@example.com; or on 01823 793420.
What personal information do we collect?
If you are one of our Shared Owners, we will need to collect your personal information to provide our services to you. The information may include:
- Identity and Contact Data – full name, marital status, date of birth, gender, national insurance number, username and password, property ownership details, address (including past address), email address and telephone numbers.
- Your property preferences.
- Evidence of your ability to part-purchase, part- rent the property (credit checks, bank statements, photo ID, details of your immigration status and employment history).
- Feedback and questionnaire responses.
- Special Category Data, for example, details of criminal offences, details about vulnerable people in your household (including information about any special requirements they may have) or other information we may require to comply with public health guidelines (e.g. Covid-19).
- Financial Data (bank account and payment details, salary, bank details, credit card details)
- Next of Kin details.
- Transaction Data (details about payments to and from you).
- Technical Data (internet protocol address, login information, browser type and version, location/time zone data and operating system.
- Website Usage Data – the full uniform resource locators of linking pages through and from our site (including date and time), download errors, lengths of visit to certain pages, page interaction information, exit page).
- Your Marketing and Communications preferences.
How do we collect your information?
We may collect personal information by means of paper or electronic forms, telephone, email or post. We will usually collect the information directly from you, e.g. when you complete a tenant Application Form or through telephone calls and emails while providing our services to you.
We may also collect information from other third parties which includes (but is not limited to):
- Family and household members
- Friends and visitors
- Members of public
We may receive information about you from other data controllers, such as the police who might tell us about a crime they are investigating where this impacts on your contract with us or those who live in the same community. If you give us this information about yourself when communicating with us, you do so because you consider it forms part of a legitimate interest for us to hold this information on our records.
Why do we need your personal information?
We may need to use some information about you to:
- deliver services and support to you;
- manage those services we provide to you;
- prevention/detection of crime/fraud;
- help investigate any complaints you have about the services we provide;
- check the quality of services and deliver service improvement;
- to help with research and planning of new services.
How the law allows us to use your personal information
There are several legal reasons why we need to collect and use your personal information. Generally, we collect and use it where:
- you are entering or have entered into a contract with us;
- you, or your legal representative, have given consent;
- it is necessary to protect someone in an emergency;
- it is required by law;
- you have made your information publicly available;
- it is necessary for legal cases;
- it is necessary for archiving, research, or statistical purposes.
Consent and Your Preferences
We may contact you or send communications to tell you about our existing service to you e.g. service enhancements, government entitlements, or health and safety information. We won’t need your consent to communicate with you this way because we have assessed that it forms part of our agreement with you and it is of mutual interest for us to keep you informed and is relevant to your contract with us.
We may send information on other products and services we offer and which we think will be of interest to you. We will ask for your consent to communicate this type of information to you and you can remove your consent at any time.
If you want to remove your consent, please contact firstname.lastname@example.org or telephone 01823 793420.
What are your legal rights?
The law gives you several rights to control what personal information we use and how it is processed.
Under certain circumstances, you have the right to:
- request access to your personal data (a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it;
- request correction of the personal data that we hold about you;
- request erasure of your personal data where there is no good reason for us to continue processing it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below);
- object to processing of your personal data in particular ways, including processing based on the lawful basis of legitimate interests and direct marketing;
- request the restriction of processing of your personal data, for example if you want us to establish its accuracy or the reason for processing it;
- request the transfer of your personal data to yourself or another party in a safe and secure way, without affecting its usability, for example in a format that is structured, commonly used, and machine-readable.
To contact us about any of these rights, you can write to us at the following address:
Data Protection Lead
Your ReSI Home
2 Tangier Central
Alternatively email us at email@example.com or call us on 01823 793420.
Who do we share your information with?
Sometimes we may need to share your personal information. We will only do this if we have your consent or if there are legal or requirements for us to do so. We won’t ever sell your personal information to anyone else.
We use a range of organisations to either store personal information or help deliver our services to you. We are likely to share your personal information with the following:
Property Service Companies and Maintenance Contractors
For the purposes of carrying out property related services, inspections and repairs. Generally, we will only share your address and contact details so that appointments can be arranged with you. We may also share your mobile number for SMS text updates (e.g. to update you on repairs or contractor visits). In some cases, we may also share customer service information, for example where you have told us that you need longer to answer your door. We may also need to share information where we have recorded there is a potential risk to operatives or other representatives.
Outsourced IT services
IT partners that we work with to manage the services we provide to you, e.g. property and tenancy management software, third-party printing and mailing services, and online property maintenance platforms.
Legal, Tracing and Debt Recovery services
For the purposes of tenancy enforcement.
Local Authorities and Licensing Schemes
Usually for the purposes of providing services processed by that local authority such as local housing allowance and council tax, or for compliance with landlord licensing schemes.
For the purposes of preventing or detecting a crime or fraud.
Safeguarding, Support Agencies and Charities
We will only share information with these organisations where we suspect there may be safeguarding or welfare concerns. We will usually try to gain your consent in advance, but we may make a safeguarding referral without consent in situations where we feel there is a significant risk.
Utility companies and local authorities
To ensure utility services and council tax to the property are correctly charged. We may also share your personal data with utility management companies who help us manage setting up accounts with utility companies and local authorities.
Debt Recovery Agents, Tracing Agents, Legal Services and Partners
For the purposes of recovering any outstanding charges, or for preparing or defending a legal claim.
We may share your information with shared service functions within the group, e.g. the IT services function for helping you access our online services.
Development Freeholders and Management Companies
To help manage the services we provide to you or to comply with the head lease.
We may share any shared owner information we hold with their landlord. This includes references, property inspections, correspondence, payment history and any general notes relating to the conduct of a shared ownership lease. We will share the landlord’s name and address with the shared owner.
We will complete a data protection impact assessment before we share personal information in a different way or with a new organisation, to make sure we protect privacy and comply with the law.
Sometimes we have a legal duty to provide personal information to other organisations, this is often because we need to give that data to the police, courts, local authorities or government bodies.
We may also share your personal information when we feel there’s a good reason that’s more important than protecting your privacy. This doesn’t happen often, but we may share your information:
- in order to detect and prevent a crime and fraud;
- if there are serious risks to the public, our staff or to other professionals;
- safeguarding of vulnerable individuals; or
- to protect adults who are thought to be at risk, for example if they are frail, confused or cannot understand what is happening to them.
If we’re worried about your physical safety or feel we need to act to protect you from being harmed in other ways, we’ll discuss this with you and, if possible, get your permission to tell others about your situation before doing so.
The risk must be serious before we can override your right to privacy. We may still share your information if we believe the risk to others is serious enough to do so. There may also be rare occasions when the risk to others is so great that we need to share information straight away.
If this is the case, we’ll make sure that we record what information we share and our reasons for doing so. We’ll let you know what we’ve done and why if we think it is safe to do so and will not cause harm, distress or further risks to you, our staff, other professionals and/or the public.
Where is your information held?
Most personal information is stored on computer systems at our office in the UK or at third party data centres in the UK. There may be some occasions as our technology services progress where your information may leave the UK if it’s stored in a system outside of the EU. E.g. internet-based email servers.
We will always have additional protections on your information if it leaves the UK and ensure that we have a robust contract in place with that third party to ensure they process your data in compliance with General Data Protection Regulations.
How do we protect your information?
We are committed to ensuring the security of, and unauthorised access to, your personal data. We will only make data available to those who have a right to see it. For example, where we hold customer welfare or safeguarding information, we limit who can access that data internally on a need to know basis. We exercise the principle of least privilege – systems, employees, and representatives are given the minimum levels of access or permissions needed to perform the role. We also systematically monitor outbound emails for the purposes of protecting confidential and personal data and assisting in our ability to identify potential data breaches. If we become aware of a data breach we will, where we are required to, notify the Information Commissioner’s Office. If we believe that the data breach is serious, we may notify you as well. Security measures include encryption, anonymisation, access controls, staff security training and regular system testing and security patching.
How long do we keep your personal information?
There is often a legal or a contractual reason for keeping your personal information for a set period. We will keep your information for the duration of providing a service or product to you under the terms of a contract, such as your shared ownership lease. When your contract has ended we will keep your personal data for a set time for auditing and reporting purposes and for legitimate interest’s purposes, after that time we will either anonymise or destroy your information.
You can ask us for a copy of our retention policy by contacting us at firstname.lastname@example.org or by telephone on 01823 793420.
Visiting our websites
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
When you visit our website we collect standard internet log information for statistical purposes.
- We do not make any attempt to identify visitors to our websites. We do not associate information gathered from our sites with personally identifying information from any source.
- When we collect personal information, for example via an online form, we will explain what we intend to do with it.
Cookies help us to improve our site and to deliver a better, more personalised service.
To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit https://www.aboutcookies.org.uk. To opt out of being tracked by google analytics across all websites visit http://tools.google.com/dlpage/gaoptout.
Our websites may contain links to third-party websites. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question. We are not responsible for the content or privacy practices of any external websites that are linked from our sites.
How to tell us of a data breach
If you suspect your personal information or that of others may have been at risk of a data protection breach, please contact us:
Data Protection Lead
Your ReSI Home
2 Tangier Central
Telephone: 01823 793420
Where can I get advice?
If you have any questions about how your personal information is handled, please contact our Data Protection Lead at email@example.com.
For independent advice about data protection, privacy and data sharing issues, you can contact the Information Commissioner’s Office (ICO) at:
Information Commissioner’s Office
Cheshire SK9 5AF
Tel: 01625 545 745