Building Safety Programme: privacy note
Published 9 April 2018
Applies to England
© Crown copyright 2018
This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.
Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.
This publication is available at https://www.gov.uk/government/publications/building-safety-programme-privacy-note-about-data-collection/building-safety-programme-privacy-note
The following is to explain your rights and give you the information you are entitled to under the General Data Protection Regulation 2016 and Data Protection Act 2018.
1. The identity and contact details of DLUHC and our Data Protection Officer
The Department for Levelling Up, Housing and Communities (DLUHC) collects, holds and uses your data for the purposes of the Building Safety Programme. Where this includes personal data, DLUHC is the data controller. The Data Protection Officer can be contacted at: dataprotection@levellingup.gov.uk.
2. Why we are collecting the data
Data is being collected to help the Building Safety Programme make buildings safe and to make people feel safe from the risk of fire, now and in the future.
As part of the programme, DLUHC collects and holds information about high-rise residential buildings across England (including hotels and student accommodation). Data is collected from residents, organisations and people who manage or own buildings, including local authorities, housing associations and their representative organisations. This can be via online return to DLUHC’s online data submission portal (DELTA) or via other collection methods such as e-mail or via telephone calls.
As part of the departments data collection, building characteristic information, such as building location, owner, height and insulation data is collected. We also collect and store contact details (email addresses and telephone numbers) from organisation leads providing data on buildings through the data submission process.
Providers register on DELTA to provide the information as requested from residential building owners. These details are collected and used primarily to assist DLUHC in following up on data queries which providers may have, on correct data entry or DELTA access for instance. Contact details are also required by the team to enable the follow up on submitted records, where more information may be required for instance, or where data is suspected to have been provided in error.
The data collected enables the department to formulate a policy response to the discovery of what appears to be unsafe cladding on a number of buildings in the aftermath of the Grenfell Tower fire and to assure itself and its stakeholders that fire safety risks (including cladding and any other significant risks identified) to these buildings are being managed.
All published data and analysis does not contain any personal information or provider contact details.
3. Legal basis for processing the data
The data protection legislation sets out when we are lawfully allowed to process personal data. The lawful basis that applies to this processing is article 6(1)(e) of the General Data Protection Regulation as the processing is ‘necessary for a performance of a task carried out in the public interest’.
Section 8(d) of the Data Protection Act 2018 provides for this to include processing that is necessary for a function of the Crown, a Minister of the Crown or a government department.
The collection of this data is essential in allowing the department to meet one of its central objectives; the securing of effective support for those affected by the Grenfell Tower disaster, delivering the changes this tragedy demands and ensuring people are safe and feel safe within their homes.
4. With whom we will be sharing the data
DLUHC may share building information and personal data collected from data providers, in the form of email addresses and telephone numbers, with other government departments and agencies, including regulators, local authorities and housing associations (and their representative bodies), the National Fire Chiefs Council and local fire and rescue authorities only in pursuance of the programme’s aim.
We may also share the data collected with the authorities investigating the fire at Grenfell Tower, for example, with the Metropolitan Police Service and the Grenfell Tower Inquiry where necessary to do so. Additionally, and where necessary in contributing to the programme’s aim, DLUHC may also share data received with the appropriate building owners and developers of buildings, and other relevant organisations.
In limited circumstances, DLUHC may share data with its agents and/or service providers where they are processing data on our behalf or with other organisations in pursuance of the programme’s aims.
This is in accordance with Article 5(1)(b) of the Data Protection Act 2018 which states that:
Personal data (in this case data provider email addresses and telephone numbers) shall be: (b) collected for a specified, explicit and legitimate purposes (as above) and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes.
5. For how long we will keep the personal data, or criteria used to determine the retention period
The personal data collected as part of the data submission process (lead providers email addresses and telephone numbers) are stored centrally via the departments DELTA platform. Emails are sent to registered providers on DELTA which have been inactive for a period of one year to keep the system up to date and to allow for their deletion in the case of non-response.
The needs of the wider programme are ongoing and continue to evolve alongside recommendations from stakeholders and wider government processes. As a result, this data is retained indefinitely, and processes and procedures are reviewed annually to ensure that personal information is not held for longer than is required by the programme.
6. Your rights, e.g. access, rectification, erasure
The data we are collecting is your personal data, and you have rights that affect what happens to it. You have the right to:
a. know that we are using your personal data
b. see what data we have about you
c. ask to have your data corrected, and to ask how we check the information we hold is accurate
d. complain to the ICO (see below)
e. object to particular types of use of your data. We will tell you when these rights apply
7. Sending data overseas
Your personal data will not be sent overseas and will be stored within the UK or Ireland.
8. Storage, security and data management
Your personal data will be stored in DLUHC’s secure government IT system.
9. Complaints and more information
When we ask you for information, we will keep to the law, including the Data Protection Act 2018 and General Data Protection Regulation.
If you are unhappy with the way the department has acted, you can make a complaint.
If you are not happy with how we are using your personal data, you should first contact dataprotection@levellingup.gov.uk.
If you are still not happy, or for independent advice about data protection, privacy and data sharing, you can contact:
The Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113 or 01625 545 745