This Data Privacy Notice covers the processing of data for the following services provided by Tenant Services:
Rent Recovery; Housing Management; Garages; Debt Advice; Universal Support; Housing Revenues; Right to Buy and Leasehold; Welfare Reform; and Sheltered Housing Services.
Reading Borough Council, Civic Centre, Bridge Street, Reading RG1 2LU
Name, DOB, address, email, telephone number, household members, Income details, nationality, gender, sexuality, religious belief, NINO, relationship status, debt details, next of kin / emergency contact details, employment details, court orders, benefit details, location of payments made via AllPay, bank details on Direct Debit form, mortgage details, bank statements, photo of tenant, photos of the condition of the property including any improvements/alterations made by the tenant, medical/health/disability/GP information.
On secure encrypted laptops and systems. System access is limited to those who require it with users having varying levels of permissions depending on their requirement. Laptops are locked away when not in use. Hard copies of DD and refund forms are kept for a couple of weeks whilst processed and are kept in a locked cupboard.
Necessary to perform a task in the public interest, or for your official functions, and the task or function has a clear basis in law.
i.e. To manage aspects of the tenancy agreement in line with Housing legislation including the Housing Act 1985 and the Localism Act 2011.
We will store your data for up to 6 years after the successful closure of your tenancy (ie no arrears due). Whilst you still have a current tenancy with us we will store and process your data accordingly. For any clients without a tenancy then data will be held for up to a maximum of two years.
We may share your information with:
We will also share information internally for the better performance and efficiency of Council Services.
Data is shared either at the request of the tenant or client and/or for the effective sustainment and support of social tenancies (both housing and garages), welfare benefit claims, application to buy social tenancies or to resolve debt issues and in order to fulfil our duties as a landlord.
Information on making a Subject Access Request can be found on our data protection page.
The processing is necessary for Tenant Services to perform tasks in the public interest and in undertaking its official functions. The way we process your data is exempt from consent through Contractual exemption, this is because you have signed a Tenancy Agreement and we have to process your data to manage your tenancy effectively.
If we process your data that is not covered by a contractual exemption then written consent will be obtained in a specific consent form.
You have a ‘right to be forgotten’ so you can ask for your personal information to be deleted where:
If we have shared your personal information with others, we will do what we can to make sure those using your personal information comply with your request for erasure.
We may not be able to delete your personal data if it is needed for legal reasons, for reasons of public health, public interest or for medical purposes.
You have the right to have your data corrected, the right to have your data deleted and you have a right to put a complaint to the Information Commissioner’s Office (ICO).
There are no automated decision making processes.
The GDPR sets out a higher standard for consent than the Data Protection Act. The GDPR defines consent as ‘any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.’
Consent has to be a positive indication of agreement to personal data being processed. It cannot be inferred from silence, pre-ticked boxes or inactivity. Opt out consent is no longer acceptable under the GDPR. The GDPR is clear that controllers have to demonstrate that consent was given, so a review is best practice in order to ensure there is an effective audit trail.
Consent requests need to be easy to understand and separate from any other information such as general terms and conditions.
The consent request must include the name of your organisation and the names of any third parties who will rely on the consent.
Your purpose for wanting the data and the processing activities you will be doing with the data need to be included.
The right to withdraw consent at any time and how to do this must be included.