Sovereign respects the privacy of its residents. Your contact with us generates records including records of some personal information which is subject to the Data Protection Act 1998.
This privacy notice explains our approach to data protection. In this privacy notice, “we”, “us”, “our” and “Sovereign” means any of the Sovereign group entities. You can see a full list of the entities in our terms and conditions on the website.
How we collect personal information
We collect information in a variety of ways including via the websites, on various forms, and contracts, and through our ongoing contact and correspondence with you with other support agencies which relates to you, and from people associated with you such as family, friends and neighbours. We record calls to and from Connect (our Contact Centre). At some schemes and offices we have CCTV cameras to record events in public areas.
If you provide us with personal information relating to members of your family or your associates we will assume that you do so with their knowledge and consent.
It is important that you notify us of any changes to your personal information as soon as possible so that we can contact you easily. Please let us know.
What information we hold
When you apply to become a Sovereign customer, we obtain information to determine your housing needs. In order to help us assess your application, we may take up references from other housing providers/private landlords, your mortgage lender (if you own/have owned your own home), the Police, the Probation Service, support workers, social workers, mental health workers and credit reference agencies.
Once you become a Sovereign customer, we will also need your bank details, benefit and council tax information, feedback from our contractors about their appointments with you and other aspects of our routine contact with you. We will record information whenever you contact us or use our services and we will note any action taken, for example logging repairs, so that we have a record of what happened.
We may take photographs at events organised and hosted by Sovereign. The images would be used on Sovereign’s websites, in brochures and other publicity material (such as newsletters) and may be provided to the media for publication in local or national newspapers. You will always be given the option not to be included in a photograph. Where group shots are to be taken there will be a sign warning that photographs are being taken and any individual photographs will only be taken with your consent in writing.
Who the personal information relates to
We collect and hold personal information about:
Customers – This includes current, former and potential customers who live in our properties or access our support and other services and includes members of their family and people associated with them.
Visitors – Visitors to our website and our offices. Anyone who makes a complaint or enquiry to Sovereign.
How we use our records
We keep records to allow us to:
- Make allocations of accommodation
- Manage tenancies including collecting rent and service charges
- Provide a repairs and maintenance service
- Provide home ownership products
- Offer help with debts and benefits
- Provide support services which help customers achieve their goals
- Provide care and support for elderly and vulnerable customers
- Keep in touch with our customers, understand your needs and preferences and invite you to events
- Prevent and detect crime and resolve disputes
- Prevent and detect fraud and moneylaundering
- Promote safety and the quiet enjoyment of our neighbourhoods and communities
- Engage with customers and make improvements to our products and services
- Promote equal opportunities and fair treatment for all our customers
- Provide information (e.g. about products and services) you request from us
- Develop new products and services to meet the future needs of our communities
- Meet our legal obligations, including those owed to our funders or regulators
“Sensitive” personal information
Under the Data Protection Act 1998 certain personal information is classified as “sensitive”. Sensitive data is information relating to physical or mental health, sex life, religious or philosophical beliefs, political opinions, membership of a Trade Union, allegations of criminal offences and criminal convictions and offences.
We minimise our holding and use of sensitive categories of personal information but, given the services we provide, there are times when we use it to understand our customers and their needs better, for example when providing accommodation for disabled persons or those with problems around substance abuse, when resolving neighbourhood disputes involving alleged criminal activity or when helping someone to access care services. When we collect specific sensitive data we will notify you of how we will use it, including who it may be shared with, and seek your consent to this.
We would like to provide you with information about events, services and other information which we think you may find interesting. We may send you such information by post, email or contact you by telephone. You can let us know at any time how you prefer to be contacted or if you do not want us to contact you with this information.
We never provide your personal information to other companies for their marketing purposes.
Sharing your information
Your personal information will be kept secure and confidential. Our staff have restricted access to personal information on a “need to know” basis. We may share information with contractors, or agencies we work with, such as Local Authorities, Social Services, Police, other social landlords, with a purchaser or potential purchaser of our business and others when Sovereign believes it is in your, or the public’s, interest to do so. We will also disclose information as required by law.
In particular, please be aware:
- Current or forwarding addresses may be shared with utility companies and Council Tax offices to ensure billing details are correct.
- If you default on any tenancy/licence conditions, information about you may be provided to authorised debt recovery agencies, to enable them to recover the debt. This may affect future applications for tenancies, credit and insurance.
- We may discuss your financial situation, rent payments (including any arrears) and any claims made for welfare benefits with an external debt advice agency, Welfare rights advisor, the housing benefit department or the local authorities housing advice and homeless prevention team to make sure that benefits are paid correctly.
- We may pass data about your rent payment record to credit reference agencies. This will enable them to assist other organisations to assess your financial standing if you apply for products and services.
- We may pass your contact information to a third party to conduct surveys and research on our behalf which allow us to gather feedback and improve the services we offer you. The third party will be bound to strict terms and conditions outlined by us and will not share your data with other organisations. Should you choose not to participate in the surveys the third party will securely destroy your data.
- We may share your National Insurance number to verify your Universal Credit application and manage these payments.We may also share your National Insurance number in order to prevent and investigate tenancy and right to buy applications fraud.
We occasionally participate in the National Fraud initiative (NFI) data matching exercise carried out by the Cabinet Office. Our participation in NFI assists in the prevention and detection of fraud against Sovereign and organisations within the public sector. We participate on a voluntary basis and provide the Minister for the Cabinet Office with particular sets of data for matching as detailed here.
Data matching involves comparing computer records held by one body against other computer records held by the same or another body to see how far they match. This is usually personal information. Computerised data matching allows fraudulent claims and payments to be identified. Where a match is found it may indicate that there is an inconsistency which requires further investigation. No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out.
The use of data by the Cabinet Office in a data matching exercise is carried out with statutory authority under Part 6 of the Local Audit and Accountability Act 2014. It does not require the consent of the individuals concerned under the Data Protection Act 1998. Data matching by the Cabinet Office is subject to a Code of Practice.
- Further information on the NFI is detailed in the Cabinet Office’s fair processing notice.
You have the right to ask us in writing not to process your personal information if it is causing or likely to cause substantial damage or distress, or for the purpose of direct marketing. There may also be other specific circumstances where you may wish for us to stop processing your data, such as if you agreed to take part in a survey or signed up to an optional service. However, we need to maintain certain records to enable us to provide you with the services you enjoy.
You have the right to access any personal information we hold about you. If you would like copies of some specific information from your files, we will try to provide it as quickly as possible. Please contact your Housing Officer, our Connect Team or the Company Secretary.
If you require a substantial amount of your personal information, there is a formal process for this, under the Data Protection Act 1998, known as a Subject Access Request (SAR).
You also have the right to claim compensation if we fail to comply with the Data Protection Act 1998 and you suffer damage as a result.
What you need to know about making a SAR:
- The right of subject access under the Data Protection Act 1998 is an individual one. This means that we cannot process joint requests – they have to be treated separately.
- You can write to us to make your request and, if necessary, we will provide you with a SAR form for completion. Please write to the Company Secretary, Sovereign Housing Association Limited, Woodlands, 90 Bartholomew Street, Newbury, RG14 5EE.
- We will require proof of your identity and address – we will let you know this when we receive your request.
- We charge a nominal fee of £10 towards our administration costs for each SAR.
- When we receive your request with payment and have confirmed your identity to our satisfaction, we shall respond and provide your information within 40 calendar days.
Changes to our privacy notice
This privacy notice will be updated to reflect changes either to the way in which we operate or changes to data protection legislation. We will bring any significant changes to your attention but to make sure that you keep up to date, we suggest that you revisit this notice from time to time.
We welcome any queries you may have regarding this privacy notice, or any information we hold about you. Please contact:
Sovereign Housing Association Limited
90 Bartholomew Street
The Information Commissioners Office (ICO) is the UK’s independent body who upholds information rights in the public interest. Sovereign are registered as a Data Controller with the ICO. Their contact details are below:
Information Commissioner’s Office
Wycliffe House Water Lane
Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number
Fax: 01625 524 510
Data Protection Policy (the ‘Policy’)
Sovereign Housing Association Limited and its subsidiaries (‘Sovereign’) controls and processes personal information about its customers, staff and board members. The Data Protection Act 1998 (the ‘Act’) covers all personal information that relates to living individuals. These individuals are given rights by the Act. We will not share this information with other organisations without the consent of the individual concerned unless we are required by law to do so.
This Policy will set out what Sovereign will do to comply with the Act and the following eight principles:
- Personal data shall be processed fairly and lawfully.
- Personal data shall only be obtained and further processed for specified and lawful purposes.
- Personal data shall be adequate, relevant and not excessive in relation to the purpose that they are processed.
- Personal data shall be accurate and kept up to date.
- Personal data shall not be kept longer than necessary.
- Personal data shall be processed in line with the rights of the data subject.
- Personal data must be kept secure.
- Personal data must not be transferred to a country without adequate protection.
Being fair and understanding our customers’ needs
We recognise that communities are made up of people with different needs and values and that those differences are important. We will promote equality of access for everyone and value their diversity. We will work to eliminate discrimination and, in line with the law, we will treat everyone fairly, regardless of age, disability, gender, gender reassignment, marital status including civil partnerships, pregnancy and maternity, race, religion or belief or sexual orientation.
We will ensure that members of all these groups are treated in ways that meet their needs, and that they have equal access to services and/or activities wherever possible. We will promote their inclusion and challenge discrimination against them.
This Policy applies to all employees, board members and others who may be involved in the collection of and processing of personal information on behalf of Sovereign and extends to data whether it is held on paper or by electronic means.
Statement of commitment
Sovereign is committed to maintaining high standards of security and confidentiality for information in our custody and control. Safeguarding this information is critical to the successful operation of Sovereign. Sovereign will treat all information in its care and control with the same degree of security and confidentiality, and this Policy applies to all organisations within Sovereign and all its employees. Sovereign undertakes to inform residents, contractors, employees and board members on how it uses information and the purposes for which information is processed.
The objectives of this Data Protection Policy are:
- To comply with the Data Protection Act 1998.
- To outline, guide and monitor the coordination of the information security and data handling procedures in force within Sovereign.
- To promote confidence in Sovereign’s information security and data handling procedures.
- To provide assurances for third parties dealing with Sovereign.
- To provide a benchmark for employees on information security, confidentiality and data protection issues.
In order to support these objectives, Sovereign will:
- Delegate the responsibility for gathering and disseminating and dealing with issues relating to information security, the Data Protection Act and other legislation.
- Ensure that all activities that relate to the processing of personal data have appropriate safeguards and controls in place to ensure information security and compliance with the Act.
- Ensure that all contracts and service level agreements between any part of Sovereign and external third parties (including contract staff), where personal data is processed, make reference to the Act where appropriate.
- Ensure that third parties acting on behalf of Sovereign are given access to personal information that is appropriate to the duties they are undertaking and no more.
- Ensure that all staff (including contract staff) and board members understand their responsibilities regarding data protection and information security under the Act.
Individuals’ rights of access to data
Individuals have a right of access to personal information held by Sovereign if they are the “data subject” of that information. Requests must be made in writing, signed by the data subject and addressed to the Company Secretariat. The person requesting the data must complete the Access Request Form providing details of the information required as well as their current address and some form of identification. The Act allows Sovereign to charge a £10 administration fee for searching for this information.
Someone may ask a third party to obtain the information on their behalf, but they must provide written consent in order to do this.
In some circumstances it may be appropriate to disclose information held by Sovereign to specific third parties for example to prevent a criminal offence from being committed, or to prevent the continuation of a criminal offence.
Data should not be kept for longer than is necessary. Sovereign’s Document Retention Policy should be referred to for guidance on the retention of data.
Where personal and confidential information is no longer required, it will be destroyed.
Employees should refer to the appropriate data retention guidelines for their respective departments.
Policy promotion and training
This Policy will be made available within Sovereign as part of the induction process to all new and temporary employees and board members.
The Policy will be promoted to current employees by requiring acknowledgement and acceptance of its aims and objectives. There will be a continuing series of awareness raising initiatives relating to security and privacy issues by the Data Protection Champions nominated around Sovereign in order to ensure that all staff understand their responsibilities under the Act.
All employees will be provided with education and training where appropriate and will be expected to comply with data protection legislation and adhere to the policies and procedures used to meet the objectives of the Sovereign Data Protection Policy.
Any wilful disregard or intentional breach of the Data Protection Policy by employees shall be regarded as a disciplinary offence and handled within Sovereign’s Disciplinary Procedures. Any wilful disregard or intentional breach of the Data Protection Policy by data processors acting on Sovereign’s behalf under contract shall be regarded as a breach of contract and treated as such.
Equality impact assessment (‘EIA’)
After completing a Stage 1 EIA, it was found that this Policy will affect all employees and residents in the same way as all personal data should be processed in accordance with the Act. As long as any data requested is made available in a way that is suitable for the needs of the data subject, there will be no adverse impact on any particular group.
Monitoring and feedback
A programme of continuous review of this Policy’s implementation and effectiveness is to be conducted under the direction of the Company Secretary. An annual report with recommendations will be presented to the board of Sovereign Housing Association Limited.
This Policy can only be amended with the approval of the board of Sovereign Housing Association Limited.
Glossary of terms
- Personal Information – any information that relates to a living individual who can be identified by this data. This includes opinions about the individual and an indication of the intention of Sovereign or any other person in respect of the individual.
- Data Subject – the living individual that the personal data is about.
- Data Controller – the company that decides the purpose for and the way in which any personal data is processed. Sovereign Housing Association and certain of its subsidiaries are data controllers.
- Data Processor – any company that carries out activities with personal data on behalf of the data controller.