Housing privacy notice - Privacy notices

What personal information do we collect?

We collect and process a range of information about you. This can include

  • your name, address and contact details, including email address and telephone number, date of birth, gender and ethnicity or race
  • information about your marital status, next of kin and their emergency contact detail
  • financial information such as bank details and transactional data including payments to or from you and credit checks
  • details of your bank account and payment card details
  • information about medical or health conditions, including whether or not you have a disability and support needs
  • employment details, including your national insurance number and income
  • information about the property you live in and your housing history
  • We collect this information in a variety of ways. For example, data is collected through application forms and correspondence with you about our services or your information may have been referred to us from a third party.

Please note: Telephone calls may be recorded for training and monitoring purposes.

Why do we process personal data?

Processing your information is necessary for the performance of a task carried out in the public interest or in the exercise of our official authority. For example to

  • assess housing and re-housing needs
  • deliver our landlord and other housing services
  • meet our regulator requirement by consulting with you on any major changes to our service
  • monitor services to ensure they are delivered in a fair and equitable way
  • monitor services to support future service development and delivery
  • monitor services to provide statistical data for statutory returns and governance and compliance purposes
  • provide advice and guidance to help you sustain your tenancy
  • in order to help facilitate rent payments We also need to process data for the performance of a contract with you. For example, we may need to collect and share information to manage your tenancy or lease.
Who has access to your personal data?

Where necessary your information will be shared with the parties set out below for the purposes stated above.

  • Other council departments including Benefits and Debt recovery
  • Surrey County Council, including Social Services and Education
  • NHS & Health Agencies
  • Police
  • Council Contractors
  • Commissioned partners
  • Other Local Authorities
  • Registered Providers such as Housing Associations
  • Other Public Bodies
  • Department for Work and Pensions (DWP) and job centre
  • Her Majesty's Revenue and Customs (HMRC)
  • Government and Ministry of Housing, Communities and Local Government (MHCLG)
  • Non-profit and voluntary sector agencies
  • Credit check companies such as Experian and Equifax
  • Courts and probation service
  • Grillo LLP - data is shared for the purpose of progressing house sales if so requested
  • Noise App - tenants upload their own data and sound clips but we subscribe to the service on their behalf to assist in evidence gathering and recover uploaded data from the App
  • Utility Companies

We may also need to contact these agencies to check information provided by you, or information about you provided by a third party with other information we hold. We may also get information from third parties, or give information to them to check the accuracy of information, to prevent or detect crime, or to protect public funds, if the law allows it. Where we need to disclose sensitive information such as medical details to a third party, we will only do so once we have obtained your explicit consent, or where we are legally required to or have another lawful basis to do so.

We may disclose information when necessary to prevent risk of harm to an individual. Local authorities are required by law to protect the public funds they administer. We may use any of the information you provide for the prevention and detection of fraud. We may also share information with other bodies that are responsible for auditing or administering public funds, including the DWP to assist in the prevention and detection of fraud. We require all third parties to respect the security of your personal data and to treat it in accordance with the law.

We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions and with data protection laws. They are also obliged to implement appropriate technical and organisational measures to ensure the security of data. We will not transfer your data to countries outside the European Economic Area.

How do we protect personal data?

The Council takes the security of your data seriously. The organisation has internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties. Data will only be processed by members of staff authorised by us for this purpose. Access to our systems is limited to authorised members of the Housing team whose job role requires access to the personal data.

How long do we keep your personal data?

We will keep your data for 7 years after your case has closed or your transaction with us has ended. We will keep a permanent record of personal details relating to tenancies held, including the tenancy of temporary accommodation.

Your rights

As a data subject, you have a number of rights, including access to your data. A request for access can be made via our website or by sending an email to foi@runnymede.gov.uk

Data Protection Subject Access Request(SAR) | Introduction – Runnymede Borough Council

To find out more about your rights please see the ‘Your Rights’ section of our main privacy statement

If you believe that Runnymede Borough Council has not complied with your data protection rights, you should initially try to resolve it with the relevant department.

If you are unable to resolve the issue to your satisfaction contact our Data Protection Officer (DPO) who will investigate. If you remain dissatisfied with the outcome of the DPO’s review you can make a complaint to the Information Commissioner. You can find out further information on making a complaint to the Information Commissioner on their website Information Commissioner's Office (ICO)