Privacy notice - current and former customers
How we collect your information
Bromford collects information from customers from a variety of sources, including when you:
- apply for one of our properties or services (you may be asked to undergo a pre-offer assessment)
- complete one of our application forms, tenancy agreements, licences or leases
- call us, write to us, email or meet with us
- respond to a survey
- visit our offices or some of our other properties (we operate CCTV systems at our offices and at some of our properties for the detection and prevention of crime)
Bromford will share limited amounts of data with local councils about our customers if: -
- the data is critical to emergency response planning or similar due to Covid 19; and,
- the data will only be used for these purposes and will not be retained when no longer needed in connection with any pandemic.
Bromford’s approach is consistent with guidance issued by the Information Commissioner’s Office which notes that “public bodies may require additional collection and sharing of personal data to protect against serious threats to public health”.
We will also share limited information about our customers’ health (for example if they have tested positive for Covid 19, if they are self-isolating or are vulnerable) with companies we work with . This data is only shared to help ensure we can help ensure the safety of our customers and any contractors who may visit their homes.
Information is shared on the basis that Bromford and the relevant local authority or company have a legitimate interest in supporting our customers and protecting public health.
Phone calls to our main telephone numbers may be recorded for training and monitoring purposes.
Calls are not recorded when you give us card details to make a payment for your rent or other service.
Sometimes we may need to take a photograph in your home, for example where there is damage or where we are planning some improvement works. We will always ensure that any photographs we take do not impact on your privacy.
We may also take photographs at our events, at our properties and in our communities to use for general marketing and publicity. However, we will check with you that you are happy to be photographed for those purposes.
Information we receive from third parties
We may receive information about you from third parties including information from:
- your council, relating to your housing needs
- your benefits office, relating to your benefits
- credit agencies when you apply for the right to buy or the right to acquire your home
- Police, welfare or support organisations dealing with you
- Councillors, MPs or other representatives acting on your behalf / instruction
- financial institutions when you apply for our services
Residential leasehold properties
When one of our residential leasehold properties (eg a property previously sold by us under the right to buy) is sold on the open market the new leaseholder becomes a customer of Bromford.
The purchaser’s solicitor is required to notify Bromford that a sale has taken place. They are not required to provide any information such as date of birth, gender, etc.
What data do we collect from customers?
Our customers include tenants, residential and commercial leaseholders and shared ownership customers. When you apply to become a Bromford customer we will ask for:
- your full name (and proof of your identity / photo ID)
- your date of birth
- your National Insurance number (your unique identifier)
- your contact details (phone, e-mail, correspondence address)
- details of anyone authorised to act on your behalf (if applicable)
- basic details (name, gender and date of birth) of all household residents
- banking details if you pay your rent by Direct Debit
- proof of your eligibility to housing and if you have any interest or equity in any other property
Whilst you are our customer we may process other personal information to manage your tenancy. This will vary on a case by case basis but may include:
- Financial information. We may use this to help resolve arrears payments and optionally to provide welfare, benefits and debt advice as a free service to help you budget and pay your bills.
- Red flag information. Where we believe there is a risk to the safety of a Bromford colleague, usually where a customer has made threats, we may record this information on your record so that risks to Bromford colleagues can be minimised.
We may also ask for your consent to collect special categories of data as explained below.
If you provide us with personal information relating to members of your family or your associates we will assume that you do so with their knowledge and their consent to the collection and processing of the information.
It is important that you notify us of any changes to your personal information.
How we use personal information and the lawful basis for processing
Most of the information we require from you is used to enter into or manage a tenancy, leasehold agreement or other contract between you and Bromford.
Please read your tenancy agreement, lease, licence or contract carefully for specific details as ‘performance of a contract’ is usually the lawful basis for processing your information as set out in data protection law.
The processing we conduct can be summarised as:
- managing your account charges and payments, including arrears
- managing the repairs, maintenance and adaptations of our properties
- ensuring tenancy (or contract) conditions are complied with, such as dealing with anti-social behaviour or fraud
- complying with relevant legislation and regulation.
The other lawful basis for processing your data (as defined in data protection law) that we regularly rely on is ‘legitimate interest’ (processing is necessary for the purposes of legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject).
Our legitimate interests may include the need to:
- eliminate discrimination or advance equality of opportunity;
- prevent and detect crime;
- conduct research and statistical analysis to help improve our business processes and the services offered to our customers;
- evaluate our performance against other benchmarks.
When your personal data or information is used for statistical or research purposes it is anonymised or pseudonymised so that you cannot be identified. Bromford conducts surveys regularly and periodically relating to our services in order to gauge satisfaction and make improvements based on feedback.
We also seek your consent to hold some information about your lifestyle.
We will always give you a ‘prefer not to answer’ option when we ask for information about your lifestyle. Please note however that this information helps us to improve services.
Other lawful bases
In exceptional circumstances there may be another lawful basis for processing your data for example ‘compliance with a legal obligation’ or to ‘protect the vital interests of a data subject or another person’.
Special categories of data
Under Data Protection law certain categories of personal information are classified as sensitive or special categories of data. These categories are data relating to:
- racial or ethnic origin;
- political opinions;
- religious or philosophical beliefs;
- trade union membership;
- data concerning health;
- data concerning a natural person’s sex life or sexual orientation
We minimise the use of special categories of personal data but, given the services we provide there are times when we may have a legitimate interest in processing special categories of data and therefore, we may collect and process this data.
Usually we will seek your consent to processing this data by giving you a ‘prefer not to answer’ option when we ask certain questions. Please note however that if you choose not to provide the information we may not be able to provide all our services to you.
Where we ask for data concerning your health, and this is relevant to your housing needs, the condition for processing is that this is “necessary for the purposes of carrying out the obligations and exercising specific rights of the controller (us) or of the data subject (you) in the field social protection law”.
Providing us with special categories of data helps us deliver our services when providing accommodation for disabled people (including adaptations), people with substance abuse problems or when helping someone to access care services.
Collecting special categories of data also helps us ensure that we meet the Public Sector Equality Duty. This requires Bromford, as a social housing provider, to give due regard to the need to eliminate discrimination, advance equality of opportunity and foster good relations. This means that we may ask you for information about your ethnicity, religion or belief and so on but our responsibilities under the Public Sector Equality Duty do not over ride your right to privacy.
When we collect specific sensitive data we will notify you of how we will use it, and we will tell you who it may be shared with.
We do not process genetic or biometric data for the purpose of uniquely identifying a natural person.
Information relating to children
We recognise that under data protection law children are identified as ‘vulnerable individuals’ and deserving of ‘specific protection’.
We record some data about children if they are resident in one of our properties, including their name and date of birth. This is required for checking the property is not overcrowded and to assess other tenancy management issues where all householders and ages are required to be known.
We may receive and process data about children if we are involved in the housing and tenancy aspects of a welfare case as part of a multi-agency working solution.
Complaints and enquiries
If you make a complaint or enquiry we may collect and store personal information in relation to it. We will keep your information secure and use it only for the purpose it was collected. When the complaint is resolved, or the enquiry is completed, we will retain the information in accordance with our Data & Document Retention Policy and then destroy it.
We operate CCTV systems at our offices and in public areas at some of our properties. Where CCTV systems operate routinely we will place a notice showing that the scheme is in operation and controlled by Bromford.
Our CCTV systems deter crime and promote public safety by helping to identify and prosecute criminal offenders. These systems operate continuously, and recordings are held for one month.
You can ask for a copy of any CCTV images taken of yourself by making a subject access request. See Your Data, Your Rights - the right of access for more details on how to make a subject access request.
We carry out an impact assessment for all locations where we use CCTV. This helps ensure that our use of CCTV is appropriate and proportionate to the issues of crime and public safety we are seeking to address and minimises intrusion into individual rights to privacy.
We may authorise the use of noise monitoring equipment where we receive complaints about noise nuisance. We will write to alleged perpetrators of noise nuisance before noise monitoring begins.
Information we collect via our website
When you visit our website we collect standard internet log information, such as your IP address, host name, browser type and operating system.
Links to other websites
Our website may contain links to other websites of interest.
If you follow a link from the Bromford website to an external site, we recommend that you check the privacy notice of that site before giving any personal details.
Sharing your information
Your personal information will be kept secure and confidential. Usually we will not disclose personal data without consent, but we may share information between the Bromford group of companies, with contractors or third parties and other agencies we work with, including local authorities, social services, the police, other social landlords and other agencies when Bromford believes it is in yours or the public’s interest to do so, or as required by law.
All one-off requests for data sharing are considered by the Data Protection Officer. In particular, please be aware:
- current or forwarding addresses may be shared with utility companies and Council Tax offices to ensure billing details are correct.
- if you default upon any tenancy/licence conditions information about you may be provided to authorised debt recovery agencies, to enable them to recover the debt. This may affect future applications for tenancies, credit and insurance.
- we may discuss your financial situation, rent payments (including any arrears) and any claims made for welfare benefits with, an external debt advice agency, welfare rights advisor, the housing benefit department or the local authority’s housing advice team.
- we share limited personal data with our contractors who are carrying out services on our behalf. Our contractors are required to comply with the law to ensure data is managed appropriately and for specified purposes, including to run our out-of-hours telephone service or to complete emergency, responsive or planned property repairs.
- we may share your information with a language translation service if it is necessary to translate any information into or from a foreign language for you.
- we may need to share personal information with government departments and agencies, with our regulator and auditors, with utility companies or with other organisations and agencies where we are legally allowed to do so.
- please click hereto learn more about how your data is used for research and statistical basis by the Ministry of Housing, Communities and Local Government.
- we may need to share information with solicitors, agents, mortgage brokers, financial advisors, court agents, surveyors and valuers relating to a property sale.
- we may need to share information with mortgage lenders if your home is at risk of repossession.
- we may share your information as part of partnership working to reduce Crime, and Anti- Social Behaviour including, drug or alcohol misuse and re-offending.
- in an emergency, we share information on customers via Personal Emergency Evacuation Plans (PEEP’s) and Person-Centred Fire Risk Assessments (PCFRA’s). PEEP’s and PCFRA’s set out the level of assistance a Customer (usually with mobility impairments) may need to safely evacuate a building in the event of a fire.
- We may share information with elected representatives, such as Councillors or MP’s, where they contact us on your behalf. Sharing may proceed on the basis of implied consent when you have raised a housing related matter with an elected representative. However, if special category data, as defined by the UK General Data Protection Regulations, is included, data sharing will only be made with your explicit signed consent, unless exempt under The Data Protection (Processing of Sensitive Personal Data) (Elected Representatives) Order 2002.
Homelessness - Commitment to Refer
If you are a Bromford customer and you are at risk of losing your home we may discuss your situation with your local authority’s homelessness and/or housing options team. We do this in line with guidance set out in the National Housing Federation’s Commitment to Referguidelines. In doing so we will share some of your personal information to help reduce the risk that you become homeless. The legal basis in data protection law for sharing your personal information is known as ‘legitimate interest’. This means that Bromford believes there is a legitimate interest in sharing your information to help prevent you becoming homeless should your tenancy end.
Where you believe that our legitimate interests are overridden by your interests, rights or freedoms as the data subject you have the right to object on grounds relating to your particular situation. If you want to object to the sharing of your data you can contact Chris Down, Bromford’s Data Protection Officer by email, firstname.lastname@example.org, or by phone 01454 821034.
How long we keep information
Information relating to your tenancy, lease or other contractual agreement will be kept for as long as the agreement is active or where money is owed on the account, and for a period not exceeding six years afterwards. The basic history of who occupied a property and when will be held forever.
When we dispose of information we do so securely.
Our customer portal
Our customer portal allows you to check your rent account whenever you want, wherever you are. Our see my data service is encrypted using SSL security.
SSL stands for Secure Sockets Layer, a global standard security technology that enables encrypted communication between a web browser and a web server. It is used by online businesses and individuals to decrease the risk of sensitive information (e.g. credit card numbers, usernames, passwords, emails, etc.) from being stolen or tampered with by hackers and identity thieves. In essence, SSL allows for a private “conversation” just between the two intended parties.
We want to offer you new ways to contact us and access our services at a time and a place to suit you, on top of the ways you can already contact us. This will include via an improved customer portal where you'll be able to view your account, request a repair and make a payment.
Data matching and analytics
Data matching involves comparing computer records held by one body against other computer records held by the same or another body to see how far they match. This is usually personal information.
Computerised data matching allows tenancy fraud, fraudulent claims and payments to be identified. Where a match is found it may indicate that there is an inconsistency which requires further investigation.
No assumption can be made as to whether there is fraud, error or another explanation until an investigation is carried out.
We may participate in the National Fraud Initiative (NFI) data matching exercise carried out by the Cabinet Office. Our participation in NFI will assist in the prevention and detection of fraud against Bromford and other organisations within the private and public sector.
We participate on a voluntary basis and provide the Cabinet Office with particular sets of data for matching as set out in the Cabinet Office’s guidance.
The use of data by the Cabinet Office in a data matching exercise is carried out with statutory authority. It does not require the consent of the individuals concerned under Data Protection law.
Data matching by the Cabinet Office is subject to a Code of Data Matching Practice. Further information on the Cabinet Office’s legal powers and the reasons why it matches particular information is available here.