Introduction

Transform Housing & Support is committed to protecting the privacy and security of your personal information. As a data controller we are responsible for deciding how we hold and use personal information about you. This privacy notice explains how we will treat your personal information. This notice applies equally to information that we process for our clients, staff, donors or any other parties (such as applicants, trustees and volunteers).

The information we hold

Transform’s strategic aim is to help vulnerable people live independent and fulfilling lives. In order for us to provide an effective and efficient service, we inevitably collect, process and manage personal data relating to our clients, staff and donors. Personal data means any information about an individual from which that person can be identified. There are ‘special categories’ of more sensitive personal data which require a higher level of protection. Special categories of data includes data relating to gender, race or ethnic origin, health data, criminal convictions, sexual orientation and so on. In order to provide our services, we hold some categories of special data for our clients and staff.

We ensure that the processing of all personal data, including special categories data, does not infringe the individual rights and freedoms of our clients, staff or donors. The types of personal information we collect is set out in Appendix 1 (found at the end of this privacy notice). 

Purpose

We collect, store and process personal data for a variety of purposes, including:

  • To provide a personalised housing and support service to our clients
  • To provide homecare services
  • For recruiting, employing and managing staff
  • For fundraising and marketing
  • For financial accounting

We will only use your personal information for the purposes for which we collected it. The purposes for collecting your personal information are listed in the appendix at the end of this privacy notice. Most commonly, we will use your personal information in the following circumstances:

  • Where we need to perform the contract we have entered into with you.
  • Where we need to comply with a legal obligation.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

Data sharing

During the course of our business we will restrict disclosure of personal information to only limited individuals (i.e. relevant staff members, insurers, professional advisors, agents, suppliers or contractors) where necessary and in line with our confidentiality policy and procedures. In certain exceptional circumstances, for example to comply with the law or to defend any legal proceedings, we may have to disclose information to other third parties. We require third parties to respect the security of your data and to treat it in accordance with the law.

Retaining personal information

Personal information will be retained in accordance with our data retention policy, which is designed to comply with our legal obligations in relation to the agreed data retention periods. For example, we will keep data relating to tenants for six years after the tenant has ceased using our services. The personal information that we process for any purpose shall not be kept for any longer than is necessary for that purpose and will be deleted after that period. For more detailed information about how long we will keep data for, please see Appendix 1 at the end of this privacy notice.

Security of personal information

We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of personal information. All personal information that is stored electronically is stored within our secure, encrypted, ISO 27001 compliant data centre managed by our Cloud service provider Node 4.

Your rights

You have the following rights concerning your personal data:

  • Right of access – you can request a copy of the personal data we hold about you.
  • Right to correction – if we hold any incomplete or inaccurate data about you, you can have this corrected, although we may need to verify the accuracy of the new data you provide to us.
  • Right to erasure (right to be forgotten) – you have the right to ask us to erase personal data concerning you. Please note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
  • Right to restriction of processing – you have the right (under certain circumstances, but not all) to ask us to restrict processing of your personal data. For example, you may request this if you are contesting the accuracy of personal data held about you.
  • Right to data portability – you can ask us to provide you or a third party with your personal data in a structured, commonly used, machine-readable format.
  • Right to withdraw consent – if the lawful basis for processing your personal data is consent, you have the right to withdraw that consent.
  • Right to object to direct marketing – you may instruct us at any time not to process your personal information for marketing purposes. In practice you will usually either expressly agree in advance to our use of your personal information for marketing purposes, or we will provide you with an opportunity to opt out of the use of your personal information for marketing purposes.

If you wish to exercise any of the above rights please contact us at: GDPRinfo@transformhousing.org.uk.

Websites

We are committed to safeguarding the privacy of the visitors to our websites. You may visit Transform’s websites without revealing any personal information. Alternatively, if you request any specific information, provide feedback, participate in direct marketing initiatives or apply for a job online you might be disclosing your personal data to us. This will be treated in accordance with the principles set out in the General Data Protection Regulations (GDPR). We will take all reasonable steps to ensure that your personal data is protected against unauthorised access and it will not be disclosed or sold to another company or organisation. The only time we may disclose your personal data is when we are legally bound to do so or as required by the regulators.

International data transfers

The personal information that we collect is stored within the United Kingdom. However the limited personal information held in our websites (such as client and staff photos and case studies) is transferred and stored with our webhost in the United States of America. Moreover the personal information held in our websites may be available through the internet around the world. We cannot prevent the use, or misuse, of such information by others. We only hold personal information on our websites having first received consent from the individual concerned.

Amendments

We may update this statement from time to time by publishing a new version on our website. You should check this page occasionally to ensure that you are happy with any changes in the policy. We may notify you of changes to this statement by email or on our website.

Data protection registration

We are registered as a data controller with the UK Information Commissioners Office.

Our data protection registration number is ZA 1600063

Our details

Our websites are owned and operated by Transform Housing & Support

We are a:

  • Registered Company in England & Wales – 01057984
  • Registered Charity – 264133
  • Registered Provider – H2452
  • Registered with the CQC – 1-2756361790

Registered Office:

Bradmere House, Brook Way, Leatherhead, Surrey KT22 7NA

You can contact us by:

Our Information Risk Officer, Ratna Sukumaran, can be contacted on 01372 387121.

 

Appendix 1 – Types of data held

 

Housing / support clients

Legal basis and purpose

Retention period

Identity data

Including name, marital status, title, date of birth, National Insurance number and gender.

Legal basis:

  • To administer contract with housing / support client.
  • Comply with legal obligations.

 

Purpose:

  • To provide personalised housing and / or support services in line with contract.
  • To monitor equal opportunities.
  • Safeguarding clients.
  • Comply with health & safety duties.

Six years after housing / support ceases.

 

Please see our Retention policy.

 

Contact data

Including postal address, email, telephone numbers, next of kin contact details.

Special categories data

Including ethnicity, disability, sexual orientation, religion, information about health, criminal convictions.

Housing data

Including tenancy and licence agreements, house rules, warning letters, tenancy notices.

Financial data

Including rent payment history, rent statements, benefit claims, arrears letters, bank account details, employment status.

Support data

Including referral form, keywork notes, support plans, risk assessments, third party information, correspondence, CCTV footage.

 

Care clients

Legal basis and purpose

Retention period

Identity data

Including name, marital status, title, date of birth, National Insurance number and gender.

Legal basis:

  • To administer contract with care client
  • Comply with legal obligations

 

Purpose:

  • To provide personalised care services in line with contract
  • To monitor equal opportunities
  • Safeguarding clients
  • Comply with health & safety duties

Three years after care ceases

 

Please see our Retention policy.

Contact data

Including postal address, email, telephone numbers, next of kin contact details.

Special categories data

Including ethnicity, disability, sexual orientation, religion, information about health.

Financial data

Including payment of charges, bank account details.

Care data

Including referral form, client notes, care plans, risk assessments, information regarding your medicines, third party information, correspondence.

 

Staff (including volunteers and applicants)

Legal basis and purpose

Retention period

Identity data

Including name, marital status and dependants, title, date of birth, National Insurance number and gender.

Legal basis:

  • To administer contract.
  • Comply with legal obligations.
  • For legitimate interests.

 

Purpose:

  • To comply with employment law and health & safety duties.
  • Monitoring and managing the work of staff and volunteers and ensuring compliance with policies and procedures.
  • To arrange payment of salary and expenses and assess/satisfy entitlement to benefits.
  • To resolve disputes and complaints.
  • To monitor equal opportunities and continued suitability/fitness for post.
  • For staff and business planning.
  • Safeguarding clients and the organisation.

Six years after employment ceases unless legislation stipulates otherwise

 

Please see our Retention policy.

Contact data

Including postal address, email, telephone numbers, next of kin and emergency contact details.

Special categories data

Including ethnicity, disability, sexual orientation, religion, information about health, criminal convictions, trade union membership.

Financial data

Including bank account details, payroll records, tax status information, salary, pension, benefits.

Employment data: staff

Including recruitment records (see below under Applicant data), attendance records, supervision notes, appraisal forms, performance management information, employment records, disciplinary and grievance records, training and training administration, CCTV footage and other information obtained through electronic means such as swipe card records, vehicle trackers and IT usage/browsing history.

Employment data: volunteers (including trustees)

Including recruitment records, supervision notes, performance management information, training and training administration, IT usage/browsing history.

Applicant data

Including application form, CV or cover letter, shortlisting and / or interview records, right to work documentation, references, driving licence and special categories data as indicated above.

 

Purpose:

  • Making decisions about the recruitment of staff or volunteers.
  • To monitor equal opportunities and suitability for post.
  • To comply with immigration rules.

Six months if not recruited.

 

Donors (including client and staff data used
for marketing)

Legal basis and purpose

Retention period

Identity data

Including name and title.

Legal basis:

  • Consent obtained
  • For legitimate interests

 

Purpose:

  • Fundraising.
  • Record of donations made.
  • Keeping informed of Transform activities.
  • Marketing activities.

Varies depending on length of consent provided. If length not stipulated, kept for two years.

 

Please see our Retention policy.

Contact data

Including postal address, email, telephone numbers.

Financial data

History of any donations made.

Communication data

Summary of all communications to or from donor. Any links donor may have with other donors.

Marketing data

Photos, case studies and videos of both staff and clients.