Building Safety Programme: privacy note
Published 9 April 2018
Applies to England
1. The identity and contact details of MHCLG and our Data Protection Officer
The Ministry of Housing, Communities and Local Government (MHCLG) collects, holds and uses your data for the purposes of the Building Remediation Portfolio. Where this includes personal data, MHCLG is the data controller. The Data Protection Officer can be contacted at: dataprotection@communities.gov.uk.
2. Why we are collecting the data
Data is being collected to help the Building Remediation Portfolio meet its objectives regarding the remediation of unsafe residential buildings.
As part of the portfolio, MHCLG collects and holds information about residential buildings across England (including high-rise hotels and student accommodation). Data is collected from residents, organisations and people who manage or own buildings, including local authorities, housing associations and their representative organisations. This can be via online return to MHCLG’s online data submission portal (DELTA), or via other collection methods such as applications to remediation programmes or e-mail submissions.
As part of the department’s data collections, building characteristic information, such as building location, owner, height, cladding and insulation data, information on defects and remediation plans, is collected. We also collect and store contact details (email addresses and telephone numbers) from organisation leads providing data on buildings through data submission processes.
These contact details are collected and used primarily to assist MHCLG in following up on data queries which providers may have. Contact details are also required by the team to enable the follow up on submitted records, where more information may be required for instance, or where data is suspected to have been provided in error.
The data collected enables the department to ensure buildings with fire safety risks are being managed.
Demographic information and contact details are also collected from residents who take part in surveys. Demographic data are used in our analyses to identify any patterns in the data. Contact details, where provided, enables the department to potentially get in touch about participating in future research. These personal data are held in line with UK GDPR requirements and following Data Protection guidelines.
All published data and analysis do not contain any personal information or provider contact details.
3. Legal basis for processing the data
The data protection legislation sets out when we are lawfully allowed to process personal data. The lawful basis that applies to this processing is article 6(1)(e) of the General Data Protection Regulation as the processing is ‘necessary for a performance of a task carried out in the public interest’.
Section 8(d) of the Data Protection Act 2018 provides for this to include processing that is necessary for a function of the Crown, a Minister of the Crown or a government department.
The collection of this data is essential in allowing MHCLG to deliver its Remediation Portfolio.
4. With whom we will be sharing the data
MHCLG may share building information and personal data collected from data providers, in the form of email addresses and telephone numbers, with other government departments and agencies including regulators, strategic authorities, local authorities, housing associations (and their representative bodies), the National Fire Chiefs Council, local fire and rescue authorities, and its delivery partners only in pursuance of the Remediation Portfolio’s aim.
We may also share the data collected with the authorities investigating the fire at Grenfell Tower, for example, with the Metropolitan Police Service and the Grenfell Tower Inquiry where necessary to do so. Additionally, and where necessary in contributing to the portfolio’s aim, MHCLG may also share data received with the appropriate building owners and developers of buildings, and other relevant organisations.
In limited circumstances, MHCLG may share data with its agents and/or service providers where they are processing data on our behalf or with other organisations in pursuance of the portfolio’s aims.
This is in accordance with Article 5(1)(b) of the Data Protection Act 2018 which states that:
Personal data (in this case data provider email addresses and telephone numbers) shall be: (b) collected for a specified, explicit and legitimate purposes (as above) and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes.
5. For how long we will keep the personal data, or criteria used to determine the retention period
The personal data collected as part of the data submission process (lead providers email addresses and telephone numbers) are stored centrally via the departments DELTA platform. These details are held until we are notified that a person’s role has changed and access to DELTA is no longer required, or until the annual User Access control review identifies an account has been inactive for a prolonged period.
The needs of the wider Remediation Portfolio are ongoing and continue to evolve alongside recommendations from stakeholders and wider government processes. As a result, this data is retained indefinitely, and processes and procedures are reviewed annually to ensure that personal information is not held for longer than is required by the portfolio.
6. Your rights, e.g. access, rectification, erasure
The data we are collecting is your personal data, and you have rights that affect what happens to it. You have the right to:
a. know that we are using your personal data
b. see what data we have about you
c. ask to have your data corrected, and to ask how we check the information we hold is accurate
d. complain to the ICO (see below)
e. object to particular types of use of your data. We will tell you when these rights apply
7. Sending data overseas
Your personal data will not be sent overseas and will be stored within the UK or Ireland.
8. Storage, security and data management
Your personal data will be stored in MHCLG’s secure government IT system.
9. Complaints and more information
When we ask you for information, we will keep to the law, including the UK General Data Protection Regulation, the Data Protection Act 2018 and any new legislation coming into force.
If you are unhappy with the way the department has acted, you can make a complaint.
If you are not happy with how we are using your personal data, you should first contact dataprotection@communities.gov.uk.
If you are still not happy, or for independent advice about data protection, privacy and data sharing, you can contact:
The Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113
https://ico.org.uk/