Details about how RSH protects your privacy and the security of your personal data in line with the General Data Protection Regulation
The full privacy notice contains various sections – it is important that you also read the specific section of the notice that governs the activity that is relevant to you.
Aims of the privacy notice
- to give you information on how the Regulator of Social Housing collects and processes the personal data provided to us, including information that you provide directly
- to tell you about your rights and how the law protects you.
Who the notice applies to
- users of our websites and web portals, including suppliers of goods, services and works
- contractors and agency workers
- information governance and enquiries (making a Freedom of Information Request, exercising Data Subject Rights, making a complaint or making a general enquiry)
- applicants for employment
- former employees
- regulatory functions
- visitors to our buildings/sites/premises.
Why we need to collect personal information
The regulator collects personal data because it is necessary for the performance of tasks we carry out in the exercise of our statutory functions.
How we keep it secure
We take the security of all the data we hold very seriously. We adhere to internationally recognised security standards. We have policies, procedures and training in place covering data protection, confidentiality and security and regularly review the appropriateness of the measures we have in place to keep the data we hold secure.
How we process or use it
We will only process your personal information if there is a lawful basis to do so. Most commonly, we will use your personal information in the following circumstances:
- when processing is necessary for the performance of a contract or when processing is required prior to entering into a contract with you
- when processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us, for example, for one of our statutory functions
- when processing is necessary for compliance with a legal or regulatory obligation
- to prevent and detect crime, including fraud.
In some instances we may seek your consent to process your personal data.
We will only use your personal information, when the law allows us to, for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
Who it is shared with
We may share your data with third parties, including third-party service providers and other Government departments and agencies. We require third parties to respect the security of your data and to treat it in accordance with the law. We may transfer your personal information outside the EU. If we do, you can expect a similar degree of protection in respect of your personal information.
How long we keep it
We will only retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Under the data protection legislation, you have rights over your personal data. The regulator must respond to a request to exercise these rights within one month. If you would like to request details of the personal data we hold about you, please contact the Data Protection Officer.
If you are unhappy with how any aspect of this privacy notice, or how your personal information is being processed, please contact the Data Protection Officer.
How to contact us
Any data protection issues or requests should be addressed to:
The Data Protection Manager
Assistant Director: Head of Legal Services
Regulator of Social Housing
Level 1A, City Tower
Manchester M1 4BT
By email: <firstname.lastname@example.org>.
By phone: 0300 124 5225
## Data Protection Officer
The Designated Data Protection Officer for RSH can be contacted via:
email: email@example.com phone: 0300 124 5225
## If you are still not satisfied
If you are still not happy, you have the right to lodge a complaint with the ICO.
Information Commissioner’s Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF $A
Tel: 0303 123 1113