Your data matters! How we look after your data
Nottingham City Homes Group (referred to as ‘the Group’) collects holds and processes a considerable amount of information, including personal information about the residents it serves, to allow it to provide services effectively. The Group recognises that this information is important to residents and that it is responsible to residents for the information it holds about them. As such, it takes seriously its responsibilities under the General Data Protection Regulation* and the Data Protection Act 2018*.
The Group is the data controller for information it collects from residents of Nottingham City Homes Enterprises Limited and Nottingham City Homes Registered Provider, and is the processor for information collected on behalf of Nottingham City Council. This means that we have to look after all the personal information we collect and use and make sure that it is done so proportionately, correctly and safely.
If you require general information about the General Data Protection Regulation and the Data Protection Act 2018, information is available on the Information Commissioners website
What is personal data?
Personal data is information relating to an identifiable living individual. Whenever personal data is processed, collected, recorded, stored or disposed of it must be done within the terms of the Data Protection legislation.
Is some of my information 'special'?
Yes! Some personal information needs more protection due to its sensitive nature.Information that relates to a particular characteristic such as:
- Racial or ethnic origin
- Political opinions
- Religious beliefs or philosophical beliefs
- Trade union membership
- Genetic data
- Biometric data (for example finger print evidence)
- Sexual life
- Criminal record
- Medical data
At Nottingham City Homes’ Group we make sure that any special data that we collect has extra protections in place to ensure that it is looked after safely and securely.
For more detailed information about what is personal data please see the Information Commissioner’s website
How do we use your personal data?
The Group collects, holds and uses personal data to allow it to provide services on behalf of the residents of the Group. These services include, amongst others, providing, managing and maintaining homes, collecting rent, providing advice to residents, processing applications for homes, manage the Tenant Academy.
We will process personal data for the following purposes:
- For the purpose for which you provided the information. e.g. processing information given on an application form for the purpose of processing your application, and to monitor the Group’s performance in responding to your request
- To allow the Group to be able to communicate and provide services appropriate to your needs, e.g. informing relevant Housing Office about your bespoke needs and requirements to support your residency
- To make sure that the Group meets its legal requirements, including obligations imposed under the Health and Safety Act
- Where necessary for the Group’s Law Enforcement functions, e.g. gas safety checks etc, where the Group is legally obliged to undertake such processing
- Where the processing is necessary for the Group to comply with its legal obligations, e.g. the prevention and/or detection of crime
- To process financial transactions including rent payments and benefits involving the Group or where the Group is acting on behalf of other government bodies, e.g. Department for Works and Pensions
- Where necessary to protect individuals from harm or injury
- To help you apply for your chosen job vacancy within Nottingham City Homes Group.
- Providing employment support for NCH Group Tenants.
- To update you on services and support provided by the Group through NCH News.
- To process your correspondence through the ‘Three C’s Process’ (Complaints, comments and Compliments).
- To complete support plans, risk assessments and on-going records in order to identify support requirements for residents.
- To provide Tenancy Management Services and to provide support from the Tenancy Sustainment Team.
- To allow the Group to be able to maintain, repair, and adapt your property.
- To enrol you as a Group volunteer and to provide updates about involvement opportunities such as; housing events, steering groups, Panels, and pilot tests.
- To enable surveys to be issued to you about the quality of service the Group provides
How does the law allow us to use and hold your personal information?
The law allows us to use your personal information in lots of different ways.
There are lots of legal reasons why we need to collect and use your personal information. Sometimes it is required by law and its use it necessary to deliver a service. It will include carrying out our regulatory, licensing and enforcement roles and providing a wide range of Group services.
The Group is required by law to protect the public funds it administers. We process and share the information provided to us for the following purposes:
- Group Employee Payroll
- Group Employee Pensions
- Supported Care
- Insurance Claimants
- Housing and Council Tax Benefits
- Property (Planning, Business Rates)
- Information provided by external bodies, e.g. Utility Companies, Credit Reference agencies and Service Providers
- Human Resource functions
- Property Management (Repair, Maintenance, and Adaptation)
- Anti-social behaviour and Fraud Detection
If you would like to see in detail how your personal data is used and who it is shared in connection with the above services and any other services that the Group supplies with please click here.
You will see from the privacy notices that sometimes we will need your consent to process the personal information. If you have provided consent this can be removed at any time. If you want to remove that consent please email the data protection officer and tell us which service you are using so that your request can be dealt with.
How will the Group use the information they collect about me?
Where otherwise permitted under the General Data Protection Regulation and the Data Protection Act 2018, e.g.
- Disclosure to comply with legal obligations.
- The Group may also use your personal data, after it has been anonymised, to allow the statistical analysis of data to allow the Group to effective target and plan the provision of services.
The Group may use information about your ethnic background, first language, gender, sexual orientation and age (“equalities data”) for the purposes of compiling statistical data about the population of the residents and the take up of Group services by various groups, both to assist in complying with the Race Relations Act and other equality legislation and to assist the Group in the effective planning and provision of future services.
Such statistical data or statistical analysis will not allow the identification of any specific individual nor will it have any impact on any individual’s entitlement to Group services and facilities.
Such equalities data may also be used to allow the Group to provide sufficient assistance where required, e.g. to provide translation services or access facilities.
Using your personal data - making sure that we maintain high standards
In deciding what personal data to collect, hold and use, the Group is committed to making sure that it will:
- Recognise that any personal data handled by the Group is held on behalf of that person and that we make sure we respect that responsibility
- Adopt and maintain high standards in respect of the handling and use of that personal data
- Only collect, hold and use personal data where it is necessary and proportionate to do so
- Securely delete any personal data when no longer needed
- Keep your personal data secure and safe
- Not unnecessarily and without good reason, infringe the privacy of the residents of the Group
- Consider and address the privacy risks first when planning to use or hold personal information in new ways, such as when introducing new systems
- Be open with individuals about how we use their information and who we give it to
- Make it easy for individuals to access and correct their personal information
- Make sure that there are effective safeguards and systems in place to make sure personal information is kept securely and does not fall into the wrong hands
- Provide training to staff who handle personal information and treat it as a disciplinary matter if they misuse or don’t look after personal information properly
- Put appropriate financial and human resources into looking after personal information to make sure we can live up to our promises
- Having a robust data strategy in place to protect against any disasters but also malware such as ransom ware
- Regularly check that we are living up to our promises and report on how we are doing
The Group may disclose personal data to third parties, but only where it is necessary, either to comply with a legal obligation, or where permitted under the General Data Protection Regulation and the Data Protection Act 2018 e.g. where the disclosure is necessary for the purposes of the prevention and/or detection of crime, or where it is necessary to allow a third party working for or on behalf of the Group.
The Group will strive to make sure that any personal data in its care will be kept safe and that where your information is disclosed to a third party, The Group will seek to make sure that the third party has sufficient systems and procedures in place to prevent the loss of personal data.
How do we protect your personal information?
We have a data protection policy which explains how we look after your personal information. We also have lots of practical measures to protect your information such as:
- Limiting access on systems to only which staff need to access the information
- Providing regular training for staff to make them aware of how to handle your data safely and in accordance with the data protection legislation.
- Having a clear desk policy and guidance about keeping sensitive data in locked places with limited access
- Having clear policies and guidance for staff who take special data out of the building and a clear working at home guidance for all staff to follow
- Encryption of sensitive electronic communications such as e-mails as well as encryption of disks and memory sticks. Encryption is a means of ensuring that data can only be accessed by authorised users. This means that the information is hidden and cannot be read without a password.
- Regular testing of our IT equipment and keeping up to date with regular security updates
You can find more information about our IT security policy here
How long can we keep your personal information for?
We only keep personal data as long as it is necessary to do so. Sometimes there is a legal reason why we must keep the data for a certain period.
If you would like to see how long your information is kept for you can click here for more detail.
What are your rights?
- You can ask for access to the information we hold on you known as a personal information request
You are legally entitled to request access to any records held by the Group about yourself. The Group will seek to comply with your request but there may be some situations where it will not be able to do this in full, e.g. where information held was given in confidence or when a professional thinks that it could cause serious harm to you or another’s physical or mental wellbeing if the information was given to you. Also, if we think that giving you the information may stop us from preventing a crime.
If you would like to request a copy of your personal information please complete the Access Request form.
If you have any questions regarding your rights please email us.
2. You can ask to change information that you think is inaccurate
If you receive a copy of your information and you find that any information is inaccurate you have the right to ask us to correct the information. We may not always be able to change or remove the information but we will correct factual inaccuracies and add supplemental comments. In some cases we may also record your comments to show that you disagree with information held about you. Whilst The Group tries to ensure that any personal data it holds about you is correct, there may be situations where the information it holds is no longer accurate. If this is the case, please contact the department holding the information so that any errors can be investigated and corrected. You can also make an application to the Information Governance Team to ask for any inaccurate information to be rectified or if you think your information is incomplete you can ask for a supplementary statement to be added to give an accurate picture.
The Group will try to make sure that all records are accurate and up to date. If you find any inaccuracies you can let us know by email
3. Right to be forgotten - right to ask for your information to be deleted
You have the right to ask for information to be erased although this is not an absolute right. If your data is no longer necessary for the purpose for which it is collected you can ask for it to be erased. Again, where possible, the Group will seek to comply with your request but there may be some situations where it will not be able to do this, e.g. where the Group is required to hold or process information to comply with a legal requirement.
Where your personal information has been shared with others we will do what we can to make sure they also comply with your request for erasing the information.
If you would like to make this request please let us know by emailing our data protection officer
4. A right in certain circumstances to request restriction of processing
You also have the right to ask the Group to limit processing in certain circumstances for example where you have contested the accuracy of information held that is about you or if the Group no longer needs the information although again there are some exceptions. For example we may need to hold or use your information because we are required to do so by law. If this request is approved this may cause delays or prevent us from delivering a service to you. For further information please contact the Information Governance Team.
If you would like to ask the Group to exercise this right please email us .
5. Right to object to processing of data in certain circumstances
You have the right in some circumstances to object to the Group processing your personal data in relation to any Group service. Where possible, the Group will seek to comply with your request but there may be some situations where it will not be able to do this, e.g. where the Group is required to hold or process information to comply with a legal requirement, or where deletion of this information may cause delays or hinder the Group’s ability to provide services to you. The right to object only applies in limited circumstances and for more information please contact the Information Governance Team.
6. Right in certain circumstances to request portability of your data to another provider
You also have the right in certain circumstances to get a copy of your information in an electronic form and re-use it with other service providers. This right only applies to information processed by automated means or information obtained by consent from you. It’s likely that data portability will not apply to most of our services. For further information please email the Information Governance Team
7. Rights in connection with automated decision making including profiling
Where a computer makes decisions about you which is known as automated decision making you can ask that these decisions are explained to you. E.g. your position on the Housing Register.
This means that you can question decisions made about you by a computer, unless its required for any contract that you have entered into , required by law, or you have given your agreement to this form of processing.
You also have the right to object if you are being profiled. This means that decisions are made about you based on certain things in your personal information. If you have any questions regarding automated decision making or profiling please contact the Information Governance Team who will be happy to assist.
Data Protection Officer
The Data Protection Officer for Nottingham City Council is Cathy Dobb and she can be emailed by clicking here
You can also contact the data protection officer at:
Nottingham City Council, Loxley House, Station Street, Nottingham, NG2 3NJ
For more information regarding data protection issues you may wish to email the Information Commissioners Office (ICO)
You can also contact the Information Commissioners office at:
Information Commissioners office
For more information about the ICO visit their website
Changes to this privacy notice
The Group encourages you to periodically visit the Group’s web site to review this notice and to be informed of how the Group is protecting your information. The Group will continually review and update this privacy notice to reflect changes in our services and feedback from service users, as well as to comply with changes in the law. When such changes occur, we will revise the "last updated" date at the top of this notice. If there are substantial changes to this statement or in how the Group will use your personal information, we will advertise the updated notice both on the front page of the Group’s web site and in the next issue of the residents newsletter. This privacy notice was last updated in April 2018.
*Please note that the General Data Protection Regulation and the Data Protection Act 2018 will not come into force until the 25 May 2018.Until that time the legislation is the Data Protection Act 1998.