Fair processing notice

The Data Protection Act 1998

Index

1. Summary
2. What is Personal Data?
3. What is Sensitive Data?
4. Why does the Affinity Sutton Group need to collect and store Personal Information?
5. Joined Up Services – Sharing Basic Details across Affinity Sutton Group Services
6. Sharing Information with Councils, Community Partners and other Agencies 
7. How can I find out what personal information you hold about me whether it is accurate and whom you share it with?
8. What are the eight Data Protection Principles?
9. What is the difference between the Data Protection Act and the Freedom of Information Act

 

1. Summary

The Affinity Sutton Group is committed to complying not only with the letter but also the spirit of Data Protection Legislation. The accuracy and security of your personal information is a key responsibility of the Affinity Sutton Group and is recognised as an overriding factor in securing your trust and confidence.

The Affinity Sutton Group will only use the information it holds about you for the purpose you provided it. It will also only collect the minimum information necessary to fulfil that purpose.

When you provide the information you will be told what it will be used for and whom it will be shared with.  However, you need to be aware that the Affinity Sutton Group is required periodically to share your information with other agencies to help reduce crime or investigate fraud for example.  An example of this is in reducing Housing Benefit fraud and involves the Affinity Sutton Group sharing Housing Benefit data to ensure that tenants are not claiming illegally.  This is managed under the direction and security of a National Government Agency known as The Audit Commission.  The shared data will not used for any other purpose. 

The Affinity Sutton Group also works closely with local authorities and community organisations and often needs to share information with them in order to deliver your services. However, the Affinity Sutton Group will not supply these organisations with your information unless it is satisfied that equal measures are in place to protect the information from unauthorised access. The Affinity Sutton Group will not supply your information to any organisation for marketing purposes.

The Affinity Sutton Group has a responsibility to promote social wellbeing and to work with local authorities and community partners such as the Police, Fire & Rescue Service, the voluntary services and Health Services in order to preserve life, reduce accidents, reduce crime and improve our tenants’ life circumstances.

To promote the social wellbeing of our tenants the Affinity Sutton Group may need to share your personal and sensitive information with local authorities and partners. However, in all cases the Affinity Sutton Group will notify you if your information is intended to be used in this way and provide the opportunity for you to say NO.

Wherever possible, we will seek your direct consent at the time that the information is provided, for example on housing application forms or when signing your tenancy agreement. However, where the Affinity Sutton Group and its partners already hold information this may not always be practical. In such circumstances the Affinity Sutton Group and its partners will maximise awareness by prominent articles in Residents’ Magazines, newsletters, leaflets and on the Affinity Sutton Group website.

These articles and leaflets will not identify you or any other individual but will provide details about the type of personal information to be shared so that you will be able to judge whether your personal information is likely to be used. A named officer and contact details will also be supplied to enable you to find out further information and if necessary allow you to stop your personal and sensitive information being used in this way.

The need to share this information for promoting social wellbeing will only be in circumstances where the balance of benefit to you and the community far outweighs the remote possibility that you or any other individual could suffer any detriment.

The likelihood of any such detriment will also be further reduced by strict data sharing protocols between the Affinity Sutton Group and its partners and tight security in terms of the transfer of information. Access to your personal information will also be restricted to authorised individuals on a strictly need to know basis.

2. What is Personal Data?

Personal Data is information that relates to a living individual who can be identified either:

1. From the information or
2. From the information combined with any other information which is already in the possession of, or likely to come into the possession of, the person or organisation holding information.

All organisations handling personal information need to have a nominated person responsible for the information known as the Data Controller.

The information includes any expression of opinion about the individual, and any indication of the intentions of the data controller or any other person in respect of the individual. Personal data will therefore cover basic details such as name, address, telephone number, and date of birth.

The law says that for the Affinity Sutton Group to use your basic personal information you must be made aware of what the information will be used for and with whom it will be shared. Generally this is achieved by seeking your consent when you make an application for Affinity Sutton Group services but it can also be achieved by providing you with information, for example in a letter, and giving you an opportunity to say NO.

In all circumstances the Affinity Sutton Group must comply with the 8 Principles of Data Protection when handling your personal information.

3. What is Sensitive Personal Data?

Certain data is categorised as ’Sensitive Personal Data’, for example:

• Racial or ethnic origin
• Physical or mental health or condition
• Sexual life
• Offences (including alleged offences)
• Religious or other beliefs of a similar nature

The law says that for the Affinity Sutton Group to use your Sensitive Personal Information they should seek your explicit consent for how the information will be used for and with whom it will be shared. Generally this is achieved by seeking your consent when you make an application for Affinity Sutton Group services. However under certain circumstances, where there is significant benefit and it is impractical to seek such consent, it can also be achieved by a comprehensive resident awareness campaign and the provision of an opportunity for you to opt out.

In all circumstances the Affinity Sutton Group must comply with the 8 Principles of Data Protection when handling your personal information.

4. Why Does the Affinity Sutton Group Need to Collect and Store Personal Data?

In order to provide you with adequate services the Affinity Sutton Group need to collect personal data for correspondence purposes and/or detailed service provision. The Affinity Sutton Group may also need to share your personal data with other service providers who are contracted to carry out services on our behalf. These providers are obliged to keep your personal details secure and use them only to fulfil your service request.

The Affinity Sutton Group will process, i.e. collect, store and use the information you provide in a manner that is compatible with the Data Protection Act. The Affinity Sutton Group’s aim is not to be intrusive, and it undertakes not to ask irrelevant or unnecessary questions. Moreover, the information you provide is subject to rigorous measures and procedures to minimise the risk of unauthorised access or disclosure.

Once your service has been delivered or your tenancy ended, your information will be retained for a specified period to enable any further related services to be delivered to you or to allow you or the Affinity Sutton Group to deal with any follow up issues about the quality of the service provided. The information will then be destroyed in a controlled manner. The retention of this information will be in accordance with the Affinity Sutton Group’s Document Retention Policy.

5. Joined Up Services – Sharing Basic Details Across Affinity Sutton Group Services

The Affinity Sutton Group is serious about delivering accessible, appropriate, timely and effective services and it is important that it can properly co-ordinate what it does for your benefit. To achieve this it aims to improve its centralised customer database so that it acts as a hub for all services. This means, for example, that the system can report any change of address to all the services that use the database, so you won’t have to repeat it every time you contact the Affinity Sutton Group

Over time the Affinity Sutton Group’s aim is to ensure that it has one master record containing your details, together with information about the nature of your transactions. It will help the Affinity Sutton Group to tailor services to meet your needs, and ensure that your requests are being dealt with effectively and help to prevent them getting lost in the system.

You will always have the right to opt out of this or any other data sharing initiatives. However, remember that the Affinity Sutton Group is only collecting it for the purpose of providing the services on offer to you. We will not use your information for other purposes without your permission and will certainly not supply it for third party marketing purposes.

6. Sharing Information with Local Authorities, Community Partners and Other Agencies

The Affinity Sutton Group has a responsibility to promote social wellbeing and to work with local authorities and community partners such as the Police, Fire & Rescue Service, voluntary services, charities and Health Services in order to preserve life, reduce accidents, reduce crime and improve our tenants’ life circumstances. To promote our tenants’ social wellbeing the Affinity Sutton Group may need to share your personal and sensitive information with these local authorities and partners.

If the Affinity Sutton Group needs to share your sensitive personal data with a third party it will only do so once it has obtained your consent and in all circumstances the Affinity Sutton Group will be open and informative about why the data sharing is necessary and with whom it will be shared. Wherever possible your consent will be obtained at the time the information is collected, for example on your housing application form or when signing your tenancy agreement.

You need to be aware that the Affinity Sutton Group is periodically required to share your information with other agencies to help reduce crime or investigate fraud.  An example of this is in reducing Housing Benefit fraud and involves the Affinity Sutton Group sharing Housing Benefit data to ensure that claimants are not claiming illegally.  This is done under the direction and security of a National Goverment Agency known as The Audit Commission.  The shared data is not used for any other purpose. 

Where the Affinity Sutton Group has a genuine need to share sensitive personal data for a purpose other than the purpose it was originally supplied for and where it is impractical for the Affinity Sutton Group to seek your consent directly it will seek consent by maximising publicity about the type of information to be shared and the purpose(s) the data is to be used, and the agencies it is to be shared with. It will also provide an opportunity for you to contact a named person and to say NO to the data being shared.

These articles and leaflets will not identify you or any other individual but will provide information about the type of information to be shared so that you will be able to judge whether your personal information is likely to be used. A named officer and contact details will also be supplied to enable you to find out further information and if necessary allow you to stop your personal and sensitive information being used in this way.

The sharing of sensitive personal data where your consent has not been directly secured will only be for promoting your personal or community wellbeing for example in saving life, reducing crime, reducing accidents and improving health.

It will only be used where the benefit to you and the community far outweighs the potential for any personal detriment. That detriment will also be reduced to the absolute minimum by strict data sharing protocols between the Affinity Sutton Group and its partners and tight security in terms of the transfer of information. Access to your personal information will also be restricted to authorised individuals on a strictly need to know basis.

7. How can I find out what personal information you hold about me, whether it is accurate and whom it is shared with?

You have a right to know what personal data is held about you and whom it is shared with. This is known as a Data Subject Access Request. You also have the right to correct any inaccuracies.

You should simply write to or email the Data Protection Officer of the Affinity Sutton Group (the Data Controller). If the Affinity Sutton Group is working with local authorities or community partners there may be more than one Data Controller involved.

Data Protection Officer
Affinity Sutton Group Limited
Level 6, 6 More London Place
London
SE1 2DA

company.secretariat@affinitysutton.com

The Data Protection Officer will usually send you a form to complete, which asks you for the type of information you are interested in obtaining. You can of course ask for everything we hold on you but this can be time consuming and costly for the Group to respond to, so please narrow it down if you can.

You will also be asked for proof of your identification to ensure that your personal information is not provided to someone else. A fee of £10 is charged to process your request. Copies of your personal information will then be supplied to you within the 40-day period required by the Act but we strive to provide it well within that period.

You should be aware that in supplying you with your personal information, the Data Controller cannot supply you with the personal information of anyone else and you may find that documents have been edited to remove third party names and addresses.

All organisations that handle personal information need to be registered with the Information Commissioner. The Commissioner is responsible for enforcing the Data Protection Act and providing guidance. The Registration is a public document and provides information about the classes of data held, the classes of data subjects and to whom the data is disclosed or shared with. The Registrations are renewed each year and updated during the year as required.

The contact details for the Information Commissioner are:

The Information Commissioner
The Information Commissioner’s Office
Wycliffe House
Wilmslow
Cheshire
SK9 5AF

Tel: 01625 545 700
Visit their website

8. The 8 Guiding Principles of Data Protection

The Data Protection Act contains eight guiding principles, which all organisations must comply with. The Affinity Sutton Group and its partners will ensure that these are always complied with when processing your personal and sensitive information.

• Fairly and lawfully processed
• Processed for limited purposes
• Adequate, relevant and not excessive
• Accurate and up to date
• Not kept for longer than is necessary
• Processed in line with your rights
• Secure
• Not transferred to other countries without adequate protection

9. Freedom of Information

Unlike local authorities and other public bodies, the Affinity Sutton Group’s subsidiary housing associations, as registered social landlords with charitable status, are not 'public authorities' as defined in the Freedom of Information Act 2000.  

Despite the fact that we are not obliged to provide information requested under the Freedom of Information Act the Affinity Sutton Group as a whole is committed to being as open and transparent as reasonably possible and therefore staff are encouraged to use their professional judgement to consider whether or not it would be reasonable to disclose non-personal information requested by individuals.