We at National Affordable Homes are committed to safeguarding the privacy of customers, employees, contractors and partners. This policy applies to personal information held by us as data controllers.
2. Information we collect
We will only collect your information in line with relevant regulations and law. We may collect it from a range of sources. Some of it will come directly from you, e.g. when you provide ID during the recruitment process. It can also come from industry sources or from publicly available sources. The type of information we collect will differ depending on whether you are an end user of our assets, a contractor or partner, or one of our employees. We will always aim to collect only the minimum information necessary to perform our duties and only for as long as required.
The information we collect may include:
- Information that you provide to us, e.g.:
- personal details, e.g. name, date and place of birth;
- contact details, e.g. address, email address, landline and mobile numbers;
- information concerning your identity e.g. photo ID, passport information, National Insurance number, and nationality;
- user login;
- other information about you that you give us by filling in forms or by communicating with us, whether face-to-face, by phone, email, online, or otherwise;
- information regarding your beneficiaries for pension and life assurance policies;
- family members or other third parties who might be covered by employee benefits;
- details about your criminal convictions or related information. This will include information relating to offences or alleged offences.
- Information we collect or generate about you, e.g.:
- Information about change of energy supplier;
- Meter data including electricity and gas meter serial number, MPAN and MPRN;
- geographic information, e.g. location of a meter that we own and you use;
- records of correspondence and other communications between us, including email;
- information that we need to support our regulatory obligations, e.g. information about industry flows.
3. How we use the collected information
We will only use your information where we have your consent or we have another lawful reason for using it. These reasons include where we:
- need to pursue our legitimate interests;
- need to process the information to carry out an agreement we have with you;
- need to process the information to comply with a legal obligation;
- need to establish, exercise or defend our legal rights;
- need to deliver on our commitments to you.
The reasons we use your information include to:
- deliver our services;
- carry out your instructions;
- carry out checks in relation to your creditworthiness;
- ensure security and business continuity;
- manage risk;
- protect our legal rights and comply with our legal obligations;
- correspond with solicitors and other third-party intermediaries;
4. Who do we share the information with and under which circumstances
We may share your information with others where lawful to do so including where we or they:
- have a public or legal duty to do so;
- need to in connection with regulatory reporting, litigation or asserting or defending legal rights and interests;
- have a legitimate business reason for doing so
- have asked you for your permission to share it, and you’ve agreed.
We may share your information for these purposes with others including:
- law enforcement, government, courts, dispute resolution bodies, our regulators, auditors and any party appointed or requested by regulators to carry out investigations or audits of our activities;
- anybody that we’ve been instructed to share your information with by either you;
5. How long we’ll keep your information
We keep your information in line with our data retention policy. For example we’ll normally keep your data for a period of seven years from the end of our relationship with you. This enables us to comply with legal and regulatory requirements or use it where we need to for our legitimate purposes. We may need to retain your information for a longer period where we need the information to comply with regulatory or legal requirements. If we don’t need to retain information for this period of time, we may destroy, delete or anonymise it more promptly.
6. Transferring your information overseas
Your information may be transferred to and stored in locations outside the European Economic Area (EEA), including countries that may not have the same level of protection for personal information. When we do this, we’ll ensure it has an appropriate level of protection and that the transfer is lawful. Even in these cases, we’ll only share your information with people who have the right to see it.
7. Your rights
You have a number of rights in relation to the information that we hold about you. These rights include:
- the right to access information we hold about you and to obtain information about how we process it;
- in some circumstances, the right to withdraw your consent to our processing of your information, which you can do at any time. We may continue to process your information if we have another legitimate reason for doing so;
- the right to request that we rectify your information if it’s inaccurate or incomplete;
- in some circumstances, the right to request that we erase your information. We may continue to retain your information if we’re entitled or required to retain it;
- the right to object to, and to request that we restrict, our processing of your information in some circumstances. Again, there may be situations where you object to, or ask us to restrict, our processing of your information but we’re entitled to continue processing your information and/or to refuse that request.
You can exercise your rights by contacting us at the address below. You also have a right to complain to the UK Information Commissioner’s Office by visiting www.ico.org.uk.
8. Steps we take to ensure information stay private
We use a range of measures to keep your information safe and secure which may include encryption and other forms of security. We require our staff and any third parties who carry out any work on our behalf to comply with appropriate compliance standards including obligations to protect any information and applying appropriate measures for the use and transfer of information.
We will continue to work to ensure that your information stays private even after your relationship with us ends.