NEC Housing Management System privacy notice
This privacy notice should be read in conjunction with Colchester City Council’s Privacy Policy.
This privacy notice sets out what personal data we will use, how we will use it, and why we need to in respect of holding tenant and leaseholder details on our management system.
Information collected
We collect and process personal data that you provide to us which may include:
- Name
- Contact details (such as address, telephone number, email address)
- Date of birth
- National Insurance Number
- Banking or payment details
- Dependants
- Image
Special categories of personal data being processed (if appropriate)
- Race
- Ethnic origin (including nationality)
- Health (mental or physical)
- Sexual orientation
- Criminal convictions or offences
Agencies we may share your data with
Whilst working with you, we may share your information with some of the following third parties:
- HI Mail, which generates letters and emails in relation to your tenancy.
- Contractors in order to carry out repairs and maintenance visits.
- Police (should this be required).
- DWP.
- Universal Credit.
- Text services such as Optitime and Cloud Dialog to allow us to maintain bookings for maintenance and repairs to properties.
The purpose and lawful basis for processing
The lawful basis for the processing of your personal data is legal obligation GDPR Article 6 (1)(c). We require the above information to comply with our obligations under: Part 6 of the Housing Act 1996 (as amended), Homelessness Act 2002, and Localism Act 2011.
When we collect your ‘special categories of personal data’, (such as health) we rely on the following legal bases under GDPR Article 9(2) (G):
- Substantial public interest conditions.
We only request the minimum amount of information and ensure that is it stored securely.
How long will we keep your personal data?
We will only hold your personal data for as long as necessary and in line with our retention schedules. We hold your details for 6 years on the basis of end of tenure or last activity on the record.
How we protect and store your personal data
We take the confidentiality of personal information very seriously and use recognised security and access controls to protect your information from unauthorised access, loss, misuse, alteration or corruption. We have procedures and processes in place to ensure that your personal information is managed appropriately.
Your information may be held outside of the UK. Where this is the case, we ensure that additional measures are in place to protect your data and to ensure that we continue to comply with data protection requirements.
We use cloud providers and online application providers to help us run our business. Therefore the use of some of our systems may include the transfer of your personal data to other countries. Your data will only be transferred to other countries which have adequate provision in place to protect personal data to an equivalent level as personal data held in the UK.
Updates to this privacy notice
We will continually review and update this privacy notice to reflect changes in our processes and procedures, as well as to comply with changes in the law. When such changes occur, we will revise the 'last updated' date on this notice. We encourage you to periodically review this notice and to be informed of how we are protecting your information.
Page last reviewed: 19 June 2024