Access to Information, Confidentiality and the Data Protection Act
We hold and use significant personal information about our tenants, employees and others who access our services.
The Data Protection Act 1998 governs the processing of that personal information. This includes the collection, storage, access, changing, disclosing, sharing and disposal of personal data about you.
When processing your personal information, we must comply with the eight Data Protection principles set out in the legislation. These require that personal information is:
- processed fairly and lawfully
- only obtained and processed for specified and lawful purposes
- adequate, relevant and not excessive for the purpose
- accurate and, where necessary, kept up to date
- not kept for longer than is necessary
- processed in line with your rights
- kept secure and
- not transferred to other countries without adequate protection
The Data Protection Act gives you a number of rights in respect to the personal information or data we hold about you.
- To access the information we hold about you. This is called a Subject Access Request
- To have inaccurate information corrected.
- To prevent processing of your information, in certain circumstances, if it is causing you unwarranted and substantial damage or distress.
- To prevent unsolicited marketing.
- To prevent significant decisions, in certain circumstances, being taken about you solely by automatic processing
- To claim compensation if you have suffered damage caused because of a breach of the Act.
These rights apply to everyone whether you are an employee, Board member or a tenant.
How we use your information
The processing of personal data is essential to many of our services and functions, and this processing will often involve sensitive personal data. (explained in the next section) Compliance with the Act will ensure that this processing is carried out fairly and lawfully.
Our Privacy Notice explains what information we hold and how we use it. We collect and retain personal information for the purpose of administration, regulation and service provision. We keep personal information in order to provide services such as the collection of rent.
The personal information we hold will depend on the service being provided. For tenants we will usually hold basic information including name, address, age, date of birth, gender, next of kin, the nature of the service provided and any decisions regarding the provision of any services. Other, more sensitive, data may also be held.
Sometimes we may need to share information about you with others, for example, in order to provide you with the services you require, meet our statutory obligations and assist in the prevention and detection of fraud and other unlawful acts. The Humber Information Sharing Charter adobe acrobat icon (76 kb) * sets out the principles we will follow when sharing or disclosing your personal information with others. This will often be to other bodies and agencies carrying out their own statutory functions and will be subject to specific protocols agreed between those bodies depending on particular services or subject matter involved.
Personal data (or information) is any data or information which, on its own or when referenced against other data we hold, can be used to identify a living individual. Examples of the personal data we may hold about you include your name, address or any reference number. Personal data also includes expressions of opinion about you and our intentions towards you.
Sensitive personal information
The Act recognises that some types of personal data are more sensitive that others, and have issued extra protection for the processing of sensitive personal data (or information). Examples of sensitive personal data are;
- racial or ethnic origin
- political opinions
- religious or other similar beliefs
- trade union membership
- physical or mental health or condition
- sexual life
- commission or alleged commission of any offence or
- any proceedings for any offence committed or alleged to have been committed by them, the disposal of such proceedings or the sentence of any court in such proceedings.
How to access the personal information we hold about you
You can make a subject access request by:
- completing the Data Protection Act Subject Access Request form available from our Customer Services
- sending an e-mail or by writing to
The Company Secretary
Shoreline Housing Partnership
Processing your request
In order to process your request, we may need to confirm your identity; this is to prevent fraud and is common practice for all requests under the Act. In order to do this, we will require you to prove your identity by confirming your unique pin number or providing other personal information about yourself and, if requested, one or more documents or similar from the list below.
- Birth/adoption certificate
- Driving Licence
- Medical card or
- Bank/ Building Society Statement
- Utility bill (electric, gas, telephone or water)
- Letter from Solicitor/Social Worker/Probation officer/HM Revenues and Customs/Inland Revenue/Benefits Agency or Employer
We are only interested in confirming your identity, so you can delete any financial or other irrelevant personal information you do not wish us to see.
Your request will be placed on hold until we have received adequate proof of identity.
Responding to your request
We will provide you with the requested information within 40 calendar days once you have provided us with all the details we need to deal with your request.
Where appropriate our response will provide you with
- A description and explanation of the personal data held
- Why that data is held
- Who else might have been given that data
- A copy of the data if practicable
- Any information about the original source of your personal data
There are situations where we may withhold some information such as if it refers to other people who have not consented to disclosure, or if disclosure might cause serious harm to you or someone else or where it might prejudice crime prevention or legal proceedings. We will still try to tell you the type of data and why we hold it even where we cannot show it to you.
Requesting personal data about others
You only have a statutory right to access your own personal data. You do not have the right to access personal data about other family members, friends or neighbours unless for example you have written proof of your authority to act on behalf of the relevant other person. Even in those circumstances we may still consider that the presumption in favour of confidentiality means that we refuse to disclose.
Charges for subject access requests
Under the Act we can charge a fee for dealing with Subject Access Requests. At present we do not charge a fee but if our Policy changed we will always advise you in advance of any costs involved. If we do charge we will not process your request until the fee is paid.
Concerns about the accuracy of data
Under the Act we must try to keep your personal data accurate and up to date. If you think that your personal data is incorrect you can write telling us why and asking us to correct the data. We must reply within 21 days to let you know what we have done about your request. For tenants we will ask you to confirm personal details at your annual tenancy inspection.
If we agree that your personal data is incorrect we will take appropriate action. If we do not agree we will add a note to your file that you disagree with our version of the data.
The best way to be sure is to let us know about any changes in circumstances that might affect the services we provide to you.
How do we keep your personal information?
Personal information is kept on computerised and manual filing systems. We have a duty to maintain records and keep them secure. We use various technical means to keep your information secure within our systems and our employees must abide by a code of conduct which stresses the importance of confidentiality of the personal information we hold.
The Act provides that data may be kept by us only for as long as is necessary. If there is no legal requirement to retain records of personal information they will be destroyed as soon as is practicable in accordance with agreed guidelines. Records may be retained for up to six years or longer in line with our document retention policy.
What to do if you are unhappy about how we have processed your personal data
If you wish to complain about any aspect of how we have processed your personal information or applied the Act you should contact the Corporate Quality Officer who will deal with your complaint through our complaints process.
If you are not satisfied with our response to your complaint, you can appeal to the Information Commissioner, who is independent of us at:
Cheshire SK9 5AF
Telephone: 016 2554 5700
This is a brief summary statement of your rights under the Act. You can view our Access to Information, Confidentiality and Data Protection Policy for a more detailed explanation.
If you have any questions about your rights under the Data Protection Act, then please contact the Company Secretary.
Further independent information about the Data Protection Act 1998 can be found on the website of the Information Commissioner.