Regulator of Social Housing privacy notice

Details about how RSH protects your privacy and the security of your personal data in line with the General Data Protection Regulation

RSH privacy notice - in full

This file may not be suitable for users of assistive technology. Request an accessible format.

If you use assistive technology (such as a screen reader) and need a version of this document in a more accessible format, please email Please tell us what format you need. It will help us if you say what assistive technology you use.

The full privacy notice contains various sections – it is important that you also read the specific section of the notice that governs the activity that is relevant to you.

Aims of the privacy notice

  • to give you information on how the Regulator of Social Housing collects and processes the personal data provided to us, including information that you provide directly
  • to tell you about your rights and how the law protects you.

Who the notice applies to

  • users of our websites and web portals, including suppliers of goods, services and works
  • contractors and agency workers
  • information governance and enquiries (making a Freedom of Information Request, exercising Data Subject Rights, making a complaint or making a general enquiry)
  • applicants for employment
  • former employees
  • regulatory functions
  • visitors to our buildings/sites/premises.

Why we need to collect personal information

The regulator collects personal data because it is necessary for the performance of tasks we carry out in the exercise of our statutory functions.

How we keep it secure

We take the security of all the data we hold very seriously. We adhere to internationally recognised security standards. We have policies, procedures and training in place covering data protection, confidentiality and security and regularly review the appropriateness of the measures we have in place to keep the data we hold secure.

How we process or use it

We will only process your personal information if there is a lawful basis to do so. Most commonly, we will use your personal information in the following circumstances:

  • when processing is necessary for the performance of a contract or when processing is required prior to entering into a contract with you
  • when processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us, for example, for one of our statutory functions
  • when processing is necessary for compliance with a legal or regulatory obligation
  • to prevent and detect crime, including fraud.

In some instances we may seek your consent to process your personal data.

We will only use your personal information, when the law allows us to, for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

Who it is shared with

We may share your data with third parties, including third-party service providers and other Government departments and agencies. We require third parties to respect the security of your data and to treat it in accordance with the law. We may transfer your personal information outside the EU. If we do, you can expect a similar degree of protection in respect of your personal information.

How long we keep it

We will only retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Your rights

Under the data protection legislation, you have rights over your personal data. The regulator must respond to a request to exercise these rights within one month. If you would like to request details of the personal data we hold about you, please contact the Data Protection Officer.


If you are unhappy with how any aspect of this privacy notice, or how your personal information is being processed, please contact the Data Protection Officer.

How to contact us

Any data protection issues or requests should be addressed to:

The Data Protection Manager
Assistant Director: Head of Legal Services
Regulator of Social Housing
Level 1A, City Tower
Piccadilly Plaza
Manchester M1 4BT

By email: <>.
By phone: 0300 124 5225

## Data Protection Officer

The Designated Data Protection Officer for RSH can be contacted via:

email: phone: 0300 124 5225

## If you are still not satisfied

If you are still not happy, you have the right to lodge a complaint with the ICO.

Information Commissioner’s Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF $A

Tel: 0303 123 1113


ICO website

Further updates

We keep our privacy policy under regular review and we will place any updates on this web page. The privacy policy was last updated on 16 December 2019 with the details of the data protection .

Published 23 May 2018
Last updated 16 December 2019 + show all updates
  1. Data protection officer contact details updated.

  2. Document updated as the Regulator of Social Housing was established as a standalone organisation on 1 October 2018.

  3. First published.