The Data Protection Act 1998 governs the collection, storage, use and disclosure of personal data, whether held electronically (e.g. in emails, on a computer(s) or on paper. It applies to all staff who create, store, handle or view personal information that relates to any living individual who can be identified from that data or other information held by Populo Living (PL).
The DPA stipulates that all employers are required to comply with the ACT and has a duty to inform employees that they can in some cases be held responsible if any personal data is improperly disclosed or collected. Populo Living has a legal requirement to:
- be quite open about the reasons why there is a need to collect personal data;
- ensure that any personal data collected is relevant, adequate and not excessive accurate and held for no longer than necessary;
- ensure that personal data is only used for the purposes registered under the ACT;
- ensure the security of personal data held; and
- have measures in place to provide subject access allowing individuals to reassure themselves that everything operates properly to protect the confidentiality and accuracy of personal data.
Populo Living is exempt from being a registered data user under the Act, however it is good practice to comply with Data Protection Principles in relation to the personal data we hold. Personal data shall be:
- obtained and processed fairly and lawfully;
- held for specific lawful purpose(s) and not be used or disclosed in a way incompatible with the purpose(s);
- adequate, relevant and not excessive for the purpose(s);
- accurate and, where necessary, kept up to date;
- not kept longer than necessary;
- available to the data subject and processed in accordance with their rights;
- kept secure (safe from unauthorised access, accidental damage or loss);
The Data Protection Principles also provide for individuals to have access to data held about themselves and, where appropriate to have data corrected or deleted.
Written requests from individuals to have access to data held about them should be addressed to the Finance Director.
Populo Living’s Finance Director is the Company’s Data Protection Officer. Duties under the Act include the registration of data on behalf of the Company if required (currently we are exempt, however should we bring the tenant letting service in-house the company’s status would change and registration would be required). Individual employees are not required to register independently but inform the Finance Director of their use of personal data so that all activity can be assessed and appropriately recorded. Penalties can be imposed for material which is not registered and therefore it is important the employees liaise with the Finance Director on an on-going basis informing the Finance Director of the type of information held and purpose for which it is being collected and used.
The Finance Director is also responsible for subject access requests and any such requests should be received in writing.
A breach of this policy or the regulations governing the use of computers and computing facilities may be a disciplinary offence and as such dealt with under the Company’s disciplinary procedures.
What information is collected by Populo Living?
When a prospective tenant registers interested in our properties they will be asked to provide their name, contact telephone number and email address, and details of the type of property/tenancy they are interested in.
If a suitable property is found references will be taken up which will include additional data such as credit search, bank details, references from employers or previous landlord, data of birth, current address and proof of identity and immigration status
A tenancy will be drawn up which will outline full names of all adult occupiers and guarantors if applicable, the rental & deposit amounts paid, duration of tenancy and address of the property
How is this information used?
This information is used with the prospective applicants consent to arrange viewings and keep him/her advised of any properties which meet the search criteria
To ensure the applicants suitability and legal right to the home they have chosen and to liaise with them throughout the applicant process
We have a legitimate, contractual and legal basis on which to hold personal data to create a contract between Populo Living and the tenant and to keep the tenant informed of anything which might affect them whilst living in the property e.g. property inspections, planned maintenance, changes in legislation and to comply with our legal obligations as a landlord
Why else might we want to use data?
Prospective Applicant & Applicant
To advise of any new properties or schemes which have become available
To evidence compliance with our legal obligations as landlord, this information is used with consent (or for tenants already in situation in May 2018 as a legitimate interest) to keep notifying Populo Living residents of free events which are arranged for their benefit and that of the Populo Living Community. Competitions or Surveys which are sent to get feedback about the tenant experience of living in a Populo Living Home and special offers available to Populo Living Tenants only to save money on bills and other expenses
How we share this data
With one or more letting agents who might provide details of properties and carry out viewings,
With referencing agents to carry out pre-tenancy checks. Inventory clerk to arrange check-in.
Pursuant to any authority with relevant legal basis to demand such information or to the court pursuant to an order. With managing agent/s responsible for the management of the building the tenant lives in. Contractors who might need to carry out repairs or planned maintenance in your home. Out of hours partners who ensure that emergencies are dealt with outside of usual office hours.
How long is this information held?
We will continue to advise applicants of available properties until they advise us that you no longer need or want to be kept updated
For the duration of our relationship with these parties plus the time required to comply with our legal obligations to retain data. Our relationship might be the length of the application process, the duration of the tenancy if a tenant moves out without any arrears or damage disputes or until any dispute is resolved and monies paid and any time limits for bringing legal action have expired
How we deal with your customer rights under GDPR
Data Transfer – we will not instruct agents who transfer data outside the EU/EEA
Removal requests – we will as soon as reasonably practicable remove all data in relation to a prospective applicant upon request. For our applicants and tenants we are not able to do this until 6 years from the end of our relationship with you has lapsed in order to comply with our legal obligations.
How we deal with breaches
In the event of a notifiable breach we will report the incident to the relevant supervisory authority within 72 hours of becoming aware of the breach and we will always inform all parties affected.