Bromford Housing Group Ltd, which includes Bromford Housing Association Limited, Bromford Developments Limited and Bromford Home Ownership Limited trading as Bromford (previously Bromford Living, Bromford Support and Bromford Homes), generates records from our contact with you, including records of some personal information which is subject to the Data Protection Act.
General Data Protection Regulation
We comply with the principles set out in the General Data Protection Regulation. The personal information you provide to us will be processed fairly and lawfully. We will comply with the relevant English Data Protection laws, which includes having a legal duty to protect any information we collect from you. We use appropriate technologies to safeguard data, and keep strict security standards to prevent any unauthorised access to it. Normally, any personal details provided to us will not be disclosed to third parties outside the company without the user's consent. However, in some circumstances, we may share information to other agencies or organisations such as contractors working on our behalf, the police or local authorities and any other organisation with whom we work where the law allows.
To ensure we are talking to the correct person when you call we will ask you to confirm some security details.
To explain our approach to Data Protection our privacy notice covers the following areas:
When we process your personal data “Bromford” is the ‘data controller’ as described under data protection law. Our contact details are:
Bromford Housing Group Ltd; 1 Exchange Court, Brabourne Avenue, Wolverhampton Business Park, Wolverhampton, West Midlands, WV10 6AU.
You can contact the Governance Team on:- firstname.lastname@example.org
Please do not hesitate to contact us if you have any questions about this statement, information we hold about you or our overall approach to data protection and confidentiality.
How we collect personal information
We collect information in a variety of ways including using this website (see Information we collect via this website and Cookies); on various forms, tenancy agreements, and contracts; through our ongoing contact with you; in some cases we collect CCTV images; and calls to and from our 0330 1234 034 phone number are recorded.
It is important that you notify us of any changes to your personal information.
We collect personal information about
This includes current, former and potential customers, who live in our properties or access our support and other services, and could also include their family and people associated with them.
What data do we collect from customers?
When you apply to become a Bromford customer we will ask for:
- your full name (and proof of your identity / photo ID).
- your date of birth.
- your National Insurance number (your unique identifier).
- your contact details (phone, e-mail or correspondence address).
- details of anyone authorised to act on your behalf (if applicable).
- basic details (name and date of birth) of all household residents.
- banking details if you pay your rent by Direct Debit.
- proof of your to eligibility housing and if you have any Interest or equity in any other property.
When you apply to become a Bromford customer, we request and hold on file information necessary to assess your application. This includes information from:
- references from other housing providers / private landlords,
- your mortgage lender (if you own/have owned your own home),
- credit reference agencies.
In some circumstances we may collect information from
- the Police,
- the Probation Service,
- support workers, social workers and mental health workers.
Whilst you are our customer we may process other personal information to manage your tenancy. This will vary on a case by case basis but may include:
- Financial information. We may use this to help resolve arrears payments and optionally to provide welfare, benefits and debt advice as a free service to help you budget and pay your bills.
- Red flag information. Where the safety of our staff is believed to be at risk, usually where a customer has threatened staff, we may record this information on your record so that risks to our staff can be minimised.
We may also ask for your consent to collect special categories of data as explained below.
If you provide us with personal information relating to members of your family or your associates we will assume that you do so with their knowledge and their consent to the collection and processing of the information.
It is important that you notify us of any changes to your personal information.
This includes current, former and potential colleagues, as well as Board and Committee members, apprentices and volunteers.
Anyone who makes a complaint or enquiry and visitors to our website and offices.
We also seek your consent to hold some information about your lifestyle.
We will always give you a ‘prefer not to answer’ option when we ask for information about your lifestyle. Please note however that this information helps us improve services.
Another lawful basis for processing your data, as defined in GDPR is ‘legitimate interest’. This is when processing is necessary for the purposes of legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject.
Our legitimate interests may include (but not limited to):-
- eliminate discrimination or advance equality of opportunity;
- prevent and detect crime;
- conduct research and statistical analysis to help improve our business processes and the services offered to our customers;
- evaluate our performance against other benchmarks.
When possible, statistical information is anonymised or pseudonymised. Bromford conducts surveys regularly and periodically relating to our services in order to gauge satisfaction and make improvements based on feedback.
If you believe that our legitimate interests are overridden by your interests, rights or freedoms as the data subject you have the right to object.
Other Lawful Processing Reasons
In exceptional circumstances there may be another lawful basis for processing your data for example ‘compliance with a legal obligation’ or to ‘protect the vital interests of a data subject or another person’. These will rarely be used but can be actioned if justifiable/required.
“Sensitive” personal information
Special categories of data
Under GDPR certain categories of personal information are classified as sensitive or special category data. These categories are data relating to:-
- racial or ethnic origin;
- political opinions,
- religious or philosophical beliefs;
- trade union membership;
- health/medical data;
- sex life or sexual orientation
We minimise the use of special categories of personal data but, given the services we provide there are times when we may have a legitimate interest in processing special categories of data and therefore, we may ask for your consent to collect and process this data.
We will always give you a ‘prefer not to answer’ option when we ask for any of the special categories of data above. However, please note that if you choose not to provide the information we may not be able to provide all our services to you.
Providing us with special category data helps us deliver our services when providing accommodation for disabled people (including adaptations), people with substance abuse problems or when helping someone to access care services.
Collecting special category data also helps us ensure that we meet the Public Sector Equality Duty. This requires Bromford, as a social housing provider, to give due regard to the need to eliminate discrimination, advance equality of opportunity and foster good relations. This means that we may ask you for information about your ethnicity, religion or belief and so on but our responsibilities under the Public Sector Equality Duty do not over ride your right to privacy.
When we collect specific sensitive data we will notify you of how we will use it, and we will tell you who it may be shared with.
We do not process genetic or biometric data for the purpose of uniquely identifying a natural person.
Pre offer assessments
When you apply for a Bromford tenancy we will carry out a pre offer assessment. This is a way of assessing prospective customers to help ensure they can afford the property they have applied for. As part of this process we will ask you to provide three months' bank statements, Proof of ID and income. Credit checks and references will be requested.
The information you provide will be considered by our colleagues to make a decision on your application. We do not use any automated decision making.
Job applicants and our current and former colleagues
Personal information about unsuccessful candidates will be held for 12 months after the recruitment exercise has been completed, it will then be destroyed or deleted. We retain de-personalised statistical information about applicants to help inform our recruitment activities, but no individuals are identifiable from that data.
Once a person has taken up employment with Bromford, we will compile a file relating to their employment. The information contained in this will be kept secure and will only be used for purposes directly relevant to that person’s employment. Once their employment with Bromford has ended, we will retain the file in for 7 years as per our retention schedule and then delete it.
Complaints or enquiries
We try to meet the highest standards in all areas of our business. We take any complaints we receive about this very seriously. We welcome any suggestions for improving our procedures. If you do make a complaint or enquiry we may collect and store personal information in relation to this matter, we will keep it secure and use it only for the purpose it was collected. When the matter is resolved or completed, we will retain the details in accordance with our retention schedule and then destroy them.
Information we collect via this website
We collect and store personal information via this website for a number of reasons, including to help us provide better services and products to customers and potential customers. The information we collect fits into two categories:
- Personal information entered into online forms by visitors to this website.
- Anonymous statistical information collected by cookies.
If you request a brochure, call back or information from us via an email, online form or register your interest in a service we will use your information to fulfil that request. This acts as you granting consent, as you freely sign up for this service.
See 'cookies' page for more information
A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website however.
_utmz This cookie stores where a visitor (you) came from. E.g. search engine, search keyword, link, etc.
_utma This cookie stores each user's amount of visits, and the time of the first visit, the previous visit, and the current visit.
_utmc, _utmb These are used to check approximately how long a user (you) stay on our site: when a visit starts, and approximately ends.
session Session cookies allow users to be recognized within a website so any page changes or item or data selection you do is remembered from page to page.
session Session cookies allow users to be recognized within a website so any page changes or item or data selection you do is remembered from page to page.
twll, k These cookies are created by Twitter, they let the website know if you've logged in to your Twitter account. In this case they are present because the 'Tweet' button is being used on the website.
psc, uvc, uid, di, uit, sshs, ssc, dt AddThis (social sharing tool) sets cookies to help serve social media buttons, they never store personal information unless provided and this is non-personally identifiable information.
loc AddThis Geolocation cookie, so our publishers know approximately where people sharing information are located.
How to manage cookies
Our cookies do not store financial information, or information which is capable of directly identifying you (such as your name or address). Cookies simply allow our website to retrieve this information in order to personalise and improve your experience of our website.
However, if you wish to restrict, block or delete cookies provided by this website – or any other website - you can use your browser to do this. Each browser is different so check the ‘Help’ menu of your particular browser to learn how to change your cookie preferences, or use the following on your particular browser.
Please bear in mind that if you do this, certain personalised features of this website and others cannot be provided to you.
Third Party Cookies
Third-party cookies - what their cookies are used for
Google We use Google Maps to show locations of our offices:
Social Tools - This website takes advantage of social networks such as twitter; you may receive cookies from these websites. We are not in control of these third-party cookies, if you'd like to learn more about them - visit their websites.
If you wish to learn more about cookies in general and how to manage them, visit www.aboutcookies.org.
Some of our properties have CCTV in public areas to deter crime and anti-social behaviour and to promote public safety by helping to identify and prosecute criminal offenders. You can ask for a copy of any CCTV images taken of yourself by making a 'subject access request'. See Accessing your Information.
We carry out an impact assessment for all locations where we user CCTV. This helps ensure that our use of CCTV is appropriate and proportionate to issues of crime and public safety we are seeking to address and minimises intrusion into individual rights to privacy.
Images may be captured during events organised and hosted by Bromford using film photography, digital photography, video or other medium. Prior to recording/taking images, notification of use of the images will be made available or signs visible. These recordings/images and may be used on this website, brochures, other publicity material (such as internal and external newsletters), and may be provided to the media for publication in local or national newspapers.
Bromford acknowledges its responsibilities in capturing images by photography or other means under the provisions of the following legislation.
The Protection of Children Act 1978: Bromford recognises that it is a criminal offence to take, permit to be taken, distribute, have in one’s possession or publish indecent photographs (including films and other imagery) of children.
The Human Rights Act 1998: We recognise an individual’s rights to privacy as protected by this Act.
The General Data Protection Regulation: We undertake to inform all those whose images may be recorded (or their parents/guardians if under 18 years of age) of the purposes for which the images may be used by us. Bromford informs all persons taking part in Bromford activities that they may be photographed, filmed, videoed or otherwise captured in image form.
Where possible and practical to do so Bromford seeks written consent to image capture and always when an image is requested to be used/published. Where this is not possible for practical reasons, unless express objections are received, individuals attending a Bromford event are deemed to have given their consent by attending or remaining at the event. Any queries or complaints should be raised with the event host in the first instance.
Telephone call recording
We may monitor and record your telephone calls to us. We do this to check we are meeting the standards of customer service agreed with customers and for training purposes to develop our colleagues. The recordings can also be used as evidence in disputes or investigations of our customers or colleagues.
Sharing your information
Your personal information will be kept secure and confidential. Usually we will not disclose personal data without consent but we may share information between the Bromford group of companies, with contractors or third parties and other agencies we work with, including Local Authorities, Social Services, Police, other social landlords and other agencies when Bromford believes it is in your or the public’s interest to do so, or as required by law.
In particular, please be aware:
◦Current or forwarding addresses may be shared with utility companies and Council Tax offices to ensure billing details are correct.
◦If you default upon any tenancy/licence conditions information about you may be provided to authorised debt recovery agencies, to enable them to recover the debt. This may affect future applications for tenancies, credit and insurance.
◦We may discuss your financial situation, rent payments (including any arrears) and any claims made for welfare benefits with; an external debt advice agency, Welfare Rights Advisor, the housing benefit department or the local authorities housing advice and homeless prevention team to make sure that benefits are paid correctly.
◦All customer names, addresses and rent amounts are shared at the end of each year with local authority benefits teams to help claims for housing benefits and changes to housing benefits happen more quickly and easily for everyone. All customers are included as we do not always have records of who receives benefit, due to direct payment.
Accessing your information
Please contact us using your preferred contact method if you would like copies of some specific information from your files, and we will try to provide it as quickly as possible.
If you require a substantial amount of your personal information, there is a formal process for this, under the General Data Protection Regulation, known as a Subject Access Request (SAR).
What you need to know about making a Subject Access Request:
You can write to us or email us with your request, or download the SAR form for your convenience, which you can post or email back to us. Please write to Head of Governance, Bromford, 1 Exchange Court, Brabourne Avenue, Wolverhampton, WV10 6AU or email email@example.com.
We may require proof of your identity and address – we will let you know this when we receive your request. There is more information on this on the SAR Form (link above.)
When we receive your valid request – with proof of id/address if required- we will respond and provide your information within 30 calendar days at the latest.
You can request to see any of the information that we may hold about you, including CCTV images, however the more specific you can be about what you require, the quicker we can respond to your request.
If you are requesting CCTV footage of yourself, please specify the time, date and location of the footage, and supply a clear photograph so that we can find you on the footage.
Please be aware that we may need to edit some information out, if it relates to other people, as we must protect the privacy rights of all individuals.
If you have any queries about accessing your information please contact your Neighbourhood Coach, our customer services team or email firstname.lastname@example.org.
Security of information
We are committed to ensuring that your information is secure and we operate secure data networks protected by industry standard security systems. In order to prevent unauthorised access or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect on line.
For further information on how we maintain the security of your information, please see our 'Information Governance Policy’.
Phishing is the name given to attempts to steal personal details and financial account details from a website user. “Phishers” use fake or “spoof” emails to lead users to counterfeit websites where the user is tricked into entering their personal details, such as credit card numbers, user names and passwords. We will never send emails asking you for such details.
Viruses, hacking and other offences
You must not misuse our site by knowingly introducing viruses, Trojans, worms, logic bombs or other material which is malicious or technologically harmful. You must not attempt to gain unauthorised access to our site, the server on which our site is stored or any server, computer or database connected to our site. You must not attack our site via a denial-of-service attack or a distributed denial-of service attack.
By breaching this provision, you would commit a criminal offence under the Computer Misuse Act 1990. We will report any such breach to the relevant law enforcement authorities and we will co-operate with those authorities by disclosing your identity to them. In the event of such a breach, your right to use our site will cease immediately.
We will not be liable for any loss or damage caused by a distributed denial-of-service attack, viruses or other technologically harmful material that may infect your computer equipment, computer programs, data or other proprietary material due to your use of our site or to your downloading of any material posted on it, or on any website linked to it.
We make every effort to ensure that our systems and website are free from viruses, defects and harmful files. However, all of the material accessed through the use of our website is entirely at your own risk. Bromford is not liable for any loss or damage to your software or computer systems or loss of data as a result of using, or the inability to use, this website.
Link to other websites
The notice is limited to this website only. If you follow a link to an external site, we recommend that you check the privacy notice of that site before giving any personal details.
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. Using these sites is entirely at your own risk and we are not responsible for any loss or damage your may suffer as a result of viewing or using these sites. You should exercise caution and look at the privacy statement applicable to the website in question.
Changes to our privacy notice
This privacy notice will be updated to reflect changes either to the way in which we operate or changes to the data protection legislation. To make sure that you keep up to date, we suggest that you revisit this notice from time to time.