Guidance

Regulator of Social Housing privacy notice

Details about how RSH protects your privacy and the security of your personal data in line with the General Data Protection Regulation

RSH privacy notice - in full

This file may not be suitable for users of assistive technology. Request an accessible format.

If you use assistive technology (such as a screen reader) and need a version of this document in a more accessible format, please email mail@homesandcommunities.co.uk. Please tell us what format you need. It will help us if you say what assistive technology you use.

The full privacy notice contains various sections – it is important that you also read the specific section of the notice that governs the activity that is relevant to you.

Aims of the privacy notice

  • to give you information on how the Regulator of Social Housing collects and processes the personal data provided to us, including information that you provide directly
  • to tell you about your rights and how the law protects you.

Who the notice applies to

  • users of our websites and web portals, including suppliers of goods, services and works
  • contractors and agency workers
  • information governance and enquiries (making a Freedom of Information Request, exercising Data Subject Rights, making a complaint or making a general enquiry)
  • applicants for employment
  • former employees
  • regulatory functions
  • visitors to our buildings/sites/premises.

Why we need to collect personal information

The regulator collects personal data because it is necessary for the performance of tasks we carry out in the exercise of our statutory functions.

How we keep it secure

We take the security of all the data we hold very seriously. We adhere to internationally recognised security standards. We have policies, procedures and training in place covering data protection, confidentiality and security and regularly review the appropriateness of the measures we have in place to keep the data we hold secure.

How we process or use it

We will only process your personal information if there is a lawful basis to do so. Most commonly, we will use your personal information in the following circumstances:

  • when processing is necessary for the performance of a contract or when processing is required prior to entering into a contract with you
  • when processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us, for example, for one of our statutory functions
  • when processing is necessary for compliance with a legal or regulatory obligation
  • to prevent and detect crime, including fraud.

In some instances we may seek your consent to process your personal data.

We will only use your personal information, when the law allows us to, for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

Who it is shared with

We may share your data with third parties, including third-party service providers and other Government departments and agencies. We require third parties to respect the security of your data and to treat it in accordance with the law. We may transfer your personal information outside the EU. If we do, you can expect a similar degree of protection in respect of your personal information.

How long we keep it

We will only retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Your rights

Under the data protection legislation, you have rights over your personal data. The regulator must respond to a request to exercise these rights within one month. If you would like to request details of the personal data we hold about you, please contact the Data Protection Officer.

Complaints

If you are unhappy with how any aspect of this privacy notice, or how your personal information is being processed, please contact the Data Protection Officer.

How to contact us

The data controller is the Regulator of Social Housing whose contact details can be found below.

Regulator of Social Housing
Level 1A, City Tower
Piccadilly Plaza
Manchester M1 4BT

Tel. 0300 124 5225. Email: enquiries@rsh.gov.uk

The contact details for our Data Protection Officer are as follows:

For attention of Data Protection Officer
Homes England
Windsor House
42-50 Victoria Street
London SW1H 0TL

Tel: 0300 124 5225. Email: DPO@homesengland.gov.uk

If you are still not happy, you have the right to lodge a complaint with the ICO.

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF

Tel: 0303 123 1113. Email: casework@ico.org.uk. ICO website

We keep our privacy policy under regular review and we will place any updates on this web page. This privacy policy was last updated on 25 May 2018.

Published 23 May 2018