UK GDPR privacy notices Private Sector Housing Privacy Notice

Introduction

Private Sector Housing have provided this privacy notice to help you understand how we collect, use and protect your information whilst we provide you with services related to your housing, including applications for grant aid, securing housing standards and delivering energy advice. We also licence caravan sites and houses in multiple occupation and deal with long term empty properties, manage the Romany Lane Gypsy/Traveller site and deal with unauthorised encampments. We are working with the government and other Suffolk councils on a project called Safe Suffolk Renters. We are also delivering the Suffolk wide Warm Homes Healthy People service, Stepping Home hospital services and are delivering a Cadent funded project around Centres for Warmth.

The document below will describe how we may collect and process your personal information.

The purpose of this document is to clearly acknowledge the council’s responsibilities in relation to the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Definitions

Personal data means any information related to an identified or identifiable natural (living) person (‘data subject’) i.e. a person that can be directly or indirectly identified by reference to a name, ID reference number, email address, location data, or physical, physiological, genetic, mental, economic, cultural or societal identifier.

Special personal data, previously known as ‘sensitive personal data’, relates to race, ethnic origin, politics, religion, trade union membership, genetic data, biometric data, health, sex life or sexual orientation. Records of criminal personal data must also be treated in a similar way.

Data Controller determines the purposes and means of processing personal data.

Data Processor is responsible for any operation which is performed on personal data on behalf of the controller, e.g. collection, recording, organisation, structuring, storage, adaption or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or making available, alignment or combination, restriction, erasure or destruction.

Third Party is someone/somebody who is not the Data Controller, the Data Processor or the Data Subject.

Who we are

The Private Sector Housing team are here to offer advice and assistance where problems arise with the standard of residential accommodation. We deal with disrepair, cold homes, damp and mold and other issues affecting the safety of residents as part of our duty under the Housing Act 2004. We provide a statutory enforcement role, primarily in relation to privately rented properties and are responsible for the licensing of caravan sites and houses in multiple occupation. We run the Suffolk Warm Homes Healthy People service which has a separate privacy notice. We also give financial assistance in the form of grants to eligible households to help with disabled adaptations and improving standards.

The council is the ‘data controller’ for the information which is collated and processed. This means we are responsible for deciding how we can use your information. If you want more information regarding the services delivered, please go to our website.

The council regards lawful and correct treatment of personal information as critical to their successful operations, maintaining confidence between the council and those with whom they carry out business. The council will ensure that they treat personal information correctly in accordance with the law. The service is governed by legislation including the Housing Act 2004, the Caravan Sites and Control of Development Act 1960 and associated legislation.

The Data Protection Officer for ESC is Siobhan Martin, Head of Internal Audit, and can be contacted at dataprotection@eastsuffolk.gov.uk.

How the law protects you

UK GDPR says that we are allowed to use personal information only if we have a proper reason to do so. More information on how the law protects you can be found on the East Suffolk website.

Our responsibilities

UK GDPR provides us with main responsibilities for processing personal data. All personal information provided by you is held securely and in confidence by us in our computerised and other records. When we process your personal information, we do so in compliance with UK GDPR. For further information on our responsibilities, please see our website.

Your rights

The UK GDPR and DPA 2018 provide you with the following rights:

  • The right to be informed: You have the right to be informed about the collection and use of your personal data, and this is outlined in this privacy notice.
  • The right of access: You have the right to request access to the personal data we may hold about you. This is undertaken using a Subject Access Request.
  • The right to rectification: You have the right to request that inaccurate personal data we hold is rectified.
  • The right to erasure: In certain circumstances, you have ‘the right to be forgotten’ and have your personal data erased.
  • The right to restrict processing: In certain circumstances, you have the right to request the restriction or suppression of your personal data.
  • The right to data portability: In certain circumstances, you have the right to request to obtain your own personal data for your own use or to give to other organisations.
  • The right to object: In certain circumstances, you have the right to object to your personal data being collated, stored and processed.
  • Rights in relation to automated decision making and profiling: You have the right to request that we do not make our decisions based on solely an automated process, and you can object to an automated decision and ask that a person reviews it in certain circumstances.
  • The right to withdraw consent: In our discretionary service provisions, you have the right to withdraw your consent at any time.
  • The right to complain: You have the right to complain through our complaints procedure, and then to the Information Commissioner. Any requests in relation to your rights with regard to the personal data we hold should be made verbally or in writing to the Data Protection Officer. For further information on your rights, please see the ICO website.

Your responsibilities

You are responsible for making sure you give us accurate and up to date information, and to let us know if any personal information we hold is incorrect.

When do we collect information about you?

We collect information about you from different places, including:

  • Information you provide to us
  • Application forms completed by you or on your behalf
  • Surveys (including virtual or in-person visits by officers)
  • Council held records such as the Electoral Register
  • Suffolk County Council
  • Land Registry
  • Department of Work and Pensions
  • Mortgage companies
  • Tenancy deposit data
  • Letting agents
  • Landlords
  • Other local authorities
  • During investigations into housing conditions
  • Publicly available open-source data such as Land Registry data and Energy Performance Certificates (EPC) data
  • We receive information from Integrated Care Boards (ICBs) such as Suffolk and North East Essex ICB and Norfolk and Waveney ICB these are known as national and commissioning datasets. These datasets do not directly identify you. The purpose of receiving this pseudonymised data is to ensure patients/residents receive quality, effective and equitable care and support from our Private Sector Housing team.

What information do we maintain?

The information about you which we will maintain will include:

  • Name
  • Address
  • Date of birth
  • Telephone numbers
  • Email addresses
  • Who lives with you
  • Tenure of your property
  • Tenancy agreements
  • Landlord’s details
  • Mortgage details and other property charges
  • Council Tax banding and information about occupancy
  • Financial information

In addition, for grant purposes or to support you with eligibility checks for other schemes we may record:

  • Income information including earnings and benefits supported by payslips and bank statements
  • Capital held including account details and bank statements, details of other property or assets you own
  • Health information
  • Other information required by grant funding conditions.

How do we use your information?

We will be using your information to:

  • Investigate your housing conditions or other service request.
  • Support tenants and landlords to implement measures to improve housing conditions ensuring houses meet required living standards.
  • To monitor, review and where applicable investigate Houses in Multiple Occupancy (HMO).
  • To monitor and review your housing circumstances and where applicable investigate and enforce Civil Penalty Notices and initiate Rent Repayment Orders.
  • Process your grant and determine eligibility for funding.
  • Engage with you as part of the Safe Suffolk Renters project for further information please see Safe Suffolk Renters privacy notice.

  • Update our email mailing list for Safe Suffolk Renters with your consent to enable us to promote our planned events/conferences, newsletters and other key news. Our email service provider captures the IP address of all emails sent. The Council uses this information to ascertain whether an email was bounced, received, or opened. 

  • Engage with you as part of the Councils obligation under the HM Government’s Department for Levelling-Up, Housing and Communities Pathfinder funding requirements to offer advice and assistance. • Engagewith you as part of the Cadent Centresfor Warmth project. • Engage with you as your landlord if you are a licensee of Romany Lane traveller site. • To provide you with details of other services that you may wish to apply for that your circumstances make you eligible for. With your specific consent we will make a referral to such agencies on your behalf.

We will not use your personal data for other purposes other than for what it was collected unless we have obtained your consent or for other lawful purposes (e.g. detection and prevention of fraud).

How long do we keep your information?

We keep information for both statutory and discretionary purposes.

Statutory information: We will hold your personal information for 6 years for audit purposes. If you receive a grant from us we will keep your personal data for the period of the grant conditions which may be between 10 and 30 years, if the grant is linked to a repayment condition. You acknowledge this when you sign the grant paperwork (Deed of Agreement).

Discretionary information: We will hold your personal information for 6 years for audit purposes, and you can request that your personal information is deleted at any time.

Data sharing

We will share your personal information with:

  • Contractors that you ask us to liaise with on your behalf
  • Your landlord and/or letting agent
  • Other teams within the council
  • HMO Licence Register
  • Third Parties who process survey responses on our behalf
  • Software provider for conducting in person and or virtual inspection surveys
  • Partner agencies such as other local councils, Integrated Care Board (ICB), where we are working on shared projects and have the appropriate data sharing agreements in place
  • Third party external funding bodies including Government Departments, where we have the appropriate sharing agreements
  • Suffolk Centres for Warmth partners with your consent
  • University of Suffolk and Generation Rent as part of their involvement with Safe Suffolk Renters, with your consent
  • Communication specialists and data analysts as part of the Councils obligation under the HM Government’s Department for Levelling-Up, Housing and Communities Pathfinder funding requirements to offer advice and assistance
  • Referrals to external partners and organisations to assist with other services and support available to you, with your consent
  • Contractors as part of our duty to monitor, review and where applicable investigate Houses in Multiple Occupancy
  • Contractors as part of our duty under the Housing and Planning Act 2016 to investigate and enforce Civil Penalty Notices and initiate Rent Repayment Orders
  • To ensure we delivery our statutory obligations, we will share information, where applicable, with the Suffolk Office of Data and Analytics for analytical purposes to support us in meeting our statutory functions.

Transferring your information overseas

Currently, we do not transfer any personal information outside of the European Economic Area (EEA).

National Fraud Initiative (NFI)

We may share information provided to us with other bodies responsible for auditing, or administering public funds, or where undertaking a public function, in order to prevent and detect fraud. For further information, see the East Suffolk website.