Transform Housing & Support is committed to protecting the privacy and security of your personal information. As a data controller we are responsible for deciding how we hold and use personal information about you. This privacy notice explains how we will treat your personal information. This notice applies equally to information that we process for clients, colleagues, donors or any other parties (such as applicants, trustees and volunteers).

The information we hold

Transform’s strategic aim is to help vulnerable people live independent and fulfilling lives. In order for us to provide an effective and efficient service, we inevitably collect, process and manage personal data relating to clients, colleagues and donors. Personal data means any information about an individual from which that person can be identified. There are ‘special categories’ of more sensitive personal data which require a higher level of protection. Special categories of data includes data relating to gender, race or ethnic origin, health data, criminal convictions, sexual orientation and so on. In order to provide our services, we hold some categories of special data for clients and colleagues.

We ensure that the processing of all personal data, including special categories data, does not infringe the individual rights and freedoms of clients, colleagues, or donors. The types of personal information we collect is set out in Appendix 1 (found at the end of this privacy notice).  


We collect, store and process personal data for a variety of purposes, including:

  • to provide a personalised housing and support service to clients
  • for recruiting, employing and managing colleagues
  • for fundraising and marketing
  • for financial accounting
  • for monitoring equality, diversity and inclusion.

We will only use your personal information for the purposes for which we collected it. The purposes for collecting your personal information are listed in the appendix at the end of this privacy notice. Most commonly, we will use your personal information in the following circumstances:

  • Where we need to perform the contract we have entered into with you.
  • Where we need to comply with a legal obligation.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

Data sharing

During the course of our business, we will restrict disclosure of personal information to only limited individuals (i.e. relevant colleagues, insurers, professional advisors, agents, suppliers or contractors) where necessary and in line with our confidentiality policy and procedures. In certain exceptional circumstances, for example to comply with the law or to defend any legal proceedings, we may have to disclose information to other third parties. We require third parties to respect the security of your data and to treat it in accordance with the law. 

Retaining personal information

Personal information will be retained in accordance with our data retention policy, which is designed to comply with our legal obligations in relation to the agreed data retention periods. For example, we will keep data relating to client for six years after the client has ceased using our services. The personal information that we process for any purpose shall not be kept for any longer than is necessary for that purpose and will be deleted after that period. For more detailed information about how long we will keep data for, please see Appendix 1 at the end of this privacy notice.

Security of personal information

We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of personal information and ensure all personal information is stored securely.

Your rights

You have the following rights concerning your personal data:

  • Right of access – you can request a copy of the personal data we hold about you.
  • Right to correction – if we hold any incomplete or inaccurate data about you, you can have this corrected, although we may need to verify the accuracy of the new data you provide to us.
  • Right to erasure (right to be forgotten) – you have the right to ask us to erase personal data concerning you. Please note however that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
  • Right to restriction of processing – you have the right (under certain circumstances, but not all) to ask us to restrict processing of your personal data. For example, you may request this if you are contesting the accuracy of personal data held about you.
  • Right to data portability – you can ask us to provide you or a third party with your personal data in a structured, commonly used, machine-readable format. 
  • Right to withdraw consent – if the lawful basis for processing your personal data is consent, you have the right to withdraw that consent.
  • Right to object to direct marketing – you may instruct us at any time not to process your personal information for marketing purposes. In practice you will usually either expressly agree in advance to our use of your personal information for marketing purposes, or we will provide you with an opportunity to opt out of the use of your personal information for marketing purposes.

If you wish to exercise any of the above rights please contact us at: [email protected].


We are committed to safeguarding the privacy of the visitors to our website. You may visit Transform’s website without revealing any personal information. Alternatively, if you request any specific information, provide feedback, participate in direct marketing initiatives or apply for a job online you might be disclosing your personal data to us. This will be treated in accordance with the principles set out in the General Data Protection Regulations (GDPR). We will take all reasonable steps to ensure that your personal data is protected against unauthorised access and it will not be disclosed or sold to another company or organisation. The only time we may disclose your personal data is when we are legally bound to do so or as required by the regulators. 

International data transfers

The personal information that we collect is stored within the United Kingdom. However, the personal information held in our websites may be available through the internet around the world. We cannot prevent the use, or misuse, of such information by others. We only hold personal information on our website having first received consent from the individual concerned.


Transform collects, stores, and discloses information in relation to the Covid-19 pandemic for the following purposes:

  1. Safeguarding the health and safety of our colleagues and contractors.
  2. Providing support to clients who may need it.
  3. Safeguarding the most vulnerable among us and helping everybody comply with Government guidelines in the current context.
  4. Profiling, modelling and analysis.

In order to fulfil the above purposes, we may need to process information about you including: your name, address, contact details, information relating to your health (including for example reports of infections, testing, and medical conditions including mental health) information and details of your movements (including for example recent travel, associations with others, compliance with Government “lockdown” and isolation instructions).

Transform may share data with the following categories of recipients:

  1. Health professionals, healthcare services, and occupational health providers.
  2. Social care services and social care professionals.
  3. Police and law enforcement services.
  4. Our contractors and other organisations we may ask to visit our premises’.
  5. Other clients where we believe there is a risk to them and the disclosure of information to them outweighs the other individuals’ rights to privacy in relation to their Covid-19 status and/or behaviour (such as compliance with the “lockdown” instructions).

For more detailed information on Transform’s approach to data collection and Covid-19 please request a copy of our policy “Covid-19 GDPR Privacy Policy”.  


We may update this statement from time to time by publishing a new version on our website. You should check this page occasionally to ensure that you are happy with any changes in the policy. We may notify you of changes to this statement by email or on our website.

Data protection registration

We are registered as a data controller with the UK Information Commissioners Office.

Our data protection registration number is ZA160063

Our details

Our website is owned and operated by Transform Housing & Support

We are a:

  • Registered charity: 264133

  • Company limited by guarantee registered in England: 01057984

  • Registered provider of social housing: H2452

Registered Office:
Bradmere House, Brook Way, Leatherhead, Surrey KT22 7NA

You can contact us by:

  • Post – by writing to our registered address (above)
  • E mail – [email protected]
  • Phone – 01372 387 100

Our Information Risk Officer, Ratna Sukumaran, can be contacted on 01372 387121.


Appendix 1 – Types of data held


Housing / support clients

Legal basis and purpose

Retention period

Identity data

Including name, marital status, title, date of birth, National Insurance number and gender.

Legal basis:

  • To administer contract with housing support client.
  • Comply with legal obligations.



  • To provide personalised housing and/or support services in line with contract.
  • To monitor equal opportunities.
  • Safeguarding clients.
  • Comply with health and safety duties.

Six years after housing support ceases.


Please see our Retention policy.


Contact data

Including postal address, email, telephone numbers, next of kin contact details.

Special categories data

Including ethnicity, disability, sexual orientation, religion, socioeconomic status, information about health, criminal convictions.

Housing data

Including tenancy and licence agreements, house rules, warning letters, tenancy notices.

Financial data

Including rent payment history, rent statements, benefit claims, arrears letters, bank account details, employment status.

Support data

Including referral form, keywork notes, support plans, risk assessments, third party information, correspondence, CCTV footage



Colleagues (including volunteers and applicants)

Legal basis and purpose

Retention period

Identity data

Including name, marital status and dependants, title, date of birth, National Insurance number and gender.

Legal basis:

  • To administer contract.
  • Comply with legal obligations.
  • For legitimate interests.



  • To comply with employment law and health and safety duties.
  • Monitoring and managing the work of colleagues and volunteers and ensuring compliance with policies and procedures.
  • To arrange payment of salary and expenses and assess/satisfy entitlement to benefits.
  • To resolve disputes and complaints.
  • To monitor equal opportunities and continued suitability/fitness for post.
  • For staff and business planning.
  • Safeguarding clients and the organisation.

Six years after employment ceases unless legislation stipulates otherwise


Please see our Retention policy.

Contact data

Including postal address, email, telephone numbers, next of kin and emergency contact details.

Special categories data

Including ethnicity, disability, sexual orientation, religion, gender identity, caring responsibilities, socioeconomic status, languages spoken, information about health, criminal convictions, trade union membership.

Financial data

Including bank account details, payroll records, tax status information, salary, pension, benefits.

Employment data: colleagues

Including recruitment records (see below under Applicant data), attendance records, supervision notes, appraisal forms, performance management information, employment records, disciplinary and grievance records, training and training administration, CCTV footage and other information obtained through electronic means such as swipe card records, vehicle trackers and IT usage/browsing history.

Employment data: volunteers (including trustees)

Including recruitment records, supervision notes, performance management information, training and training administration, IT usage/browsing history.

Applicant data

  Including application form, CV and/or cover letter, shortlisting and/or interview records, right to work documentation, references, driving licence and special categories data as indicated above.  


  • Making decisions about the recruitment of staff or volunteers.
  • To monitor equal opportunities and suitability for post.
  • To comply with immigration rules.

Six months if not recruited.


Donors (including client and staff data used
for marketing)

Legal basis and purpose

Retention period

Identity data

Including name and title.

Legal basis:

  • Consent obtained
  • For legitimate interests



  • Fundraising.
  • Record of donations made.
  • Keeping informed of Transform activities.
  • Marketing activities.

Varies depending on length of consent provided. If length not stipulated, kept for two years.


Please see our Retention policy.

Contact data

Including postal address, email, telephone numbers.

Financial data

History of any donations made.

Communication data

Summary of all communications to or from donor. Any links donor may have with other donors.

Marketing data

Photos, case studies and videos of both colleagues and clients.