Privacy policy

Introduction

To operate as a housing business, RHP Group (which includes Co-op Homes (South) Ltd) must get, process and store personal information about our applicants for housing, tenants and customers. This Privacy Policy supports our Privacy Notice. It explains how RHP Group treats your personal details.

What is personal information?

Personal information is information about a living individual (‘data subject’) that allows them to be identified. Personal data includes information about:

  • contact details and preferences
  • finances
  • education and employment
  • safety and security.

Certain types of personal information are classed as 'sensitive'. They might relate to:

  • racial or ethnic origin
  • political opinions
  • religious or philosophical beliefs
  • membership of a trade union
  • genetic or biometric data
  • health
  • sexual preference.

We usually only collect personal data so we can provide housing and management services, provide regulatory and legal returns and otherwise comply with our legal obligations (see section, "How will we use your information?").

What information does RHP Group collect?

When you contact us, you might need to provide:

  • your name, address and contact details. These will only be used, as necessary, within RHP Group or by our suppliers and partners
  • your age, sex, date of birth, ethnicity, information about disability and any other needs or preferences.

We may also get your personal details from organisations you’ve dealt with in the past like councils and past landlords. We use this information so we can understand our customers and their needs better

When we provide you with a housing service, we might gather information on:

  • your housing needs, so we can find a property that suits you
  • bank accounts and direct debits so you can make payments like rent or service charges (we only exchange the details with the
  • account holder and we don’t store any card details)
  • benefit and council tax information
  • voice and video recordings for safety and crime reduction
  • support you’re receiving from another organisation, for example, the council’s social services team

You might also provide us with other information when you chat to us or our contractors.

We might gather the following information to improve our service:

  • details of any friends, relatives, neighbours or carers you trust to contact us on your behalf
  • your name and contact details for customer satisfaction surveys, newsletters and service information
  • your name, photo, video or story for brochures, press releases, advertising or use by the media (but only with your explicit consent)
  • information about complaints about our service. We keep this separate from other information about you
  • accidents or incidents involving you or your home

If you ask for additional services from us:

  • we’ll hold detailed information about yours and your family’s needs
  • we’ll hold records of payments for the services
  • we’ll hold detailed information about your income and debts if you contact us about money issues. We keep this separate from our other information about you
  • If we need it to look after our employees, business or anyone else, we may hold information about your history, e.g. regarding credit, or offences.

We’ll only request personal data that’s relevant for delivering our services and meeting our legal obligations. If you feel any requests aren’t appropriate you can refuse to provide information, but this might mean we’re unable to carry out requested or essential work, like repairs. We may also get your personal details from organisations you’ve dealt with in the past, like referral agencies, councils and past landlords.

Controlling your personal data

Here’s how we’re committed to protecting your privacy:

  • We’ll process, (collect, store and use) the information you provide in a way that meets the relevant data protection legislation
  • We’ll do our best to keep your information accurate and up to date and not keep it for longer than we need it for. Sometimes the law sets the length of time information has to be kept, but in most cases, we’ll follow housing sector regulations and legal guidelines to make sure we’re not keeping information for longer than we need.
  • We don’t want to be intrusive, so we won’t ask irrelevant or unnecessary questions. We won’t use the information you give us inappropriately
  • We won’t sell, distribute or lease your personal data to third parties unless we’re required by law to do so or need it to deliver our services. We may use your personal data to send you promotional information about third parties which is related to your tenancy or that we think you may find interesting. We will only do this with your consent.
  • If you’ve previously agreed to us using your personal data for direct marketing purposes, you can change your mind at any time by emailing [email protected] or [email protected]
  • If you believe any information we hold about you is incorrect or incomplete, email [email protected] or [email protected] ASAP and we’ll put it right
  • We gather and analyse personal data, but we don’t draw any conclusions from it. This is called ‘profiling’ and it’s covered later.

Where do you store my data?

We’re committed to storing your personal data securely. This means only RHP employees and contractors that need to see it can. We’ll always store it electronically if possible – but sometimes we’ll need to keep a paper copy.

Our computer systems are secure and protected. Sometimes we also use computers which are owned or managed by our suppliers. Their computers will always be secure and protected too.
Where we share your information with others in line with the legislation, we will make sure that those third parties also have relevant security systems in place to make sure that your information is kept safely.


How will you use my information?

We’ll only use your data where we have a legal reason to do so.

For example:

  • a lot of the information we collect about you will be so that we can process your housing application and manage your tenancy with us, to ensure we are both complying with the terms of that agreement.
  • some information is used to provide you with additional support outside of the terms of your tenancy agreement, and it is in the legitimate interests of both RHP and you to use the information in this way to provide you with housing information and information about other support and services available.
  • we have legal and regulatory obligations to collect certain information and we sometimes need information to defend or pursue legal claims.
  • There may be times where we need your consent to use your information in certain ways, for example, if you want to agree to us sending you promotional material. You don’t have to give us your consent but refusing to give your consent may mean that we can’t carry out work for you or provide you with specific services. This will be explained to you at the relevant time.

Information collected about you is used to:

  • process your housing application
  • maintain our records and provide a quality housing service
  • contact you about your rent account
  • manage and enforce your tenancy conditions
  • carry out repairs and maintenance work to your home
  • support you to help you live independently
  • support any claims you make for benefits or grants
  • help improve and shape our services
  • provide you with general housing information
  • provide management services
  • allow us to meet our legal and regulatory requirements
  • conduct surveys and provide statistics on tenant and household profiles when the Social Housing Regulator or other agencies appointed by the government ask for them
  • prevent, detect and investigate crime using Closed Circuit Television (CCTV)
  • carry out data matching. This is when we compare computer records to help us identify fraudulent claims or payments

If we need to use your personal data for any other reason, we’ll always make sure that it is in line with the law. For example, there we may need to use your information if a crime’s been committed or if there are risks to the public or our employees. We might also have a legal duty to use your data in a certain way, for example through a court order.

How long do you keep my information for?

We generally hold information contained in your tenancy file for six years after your tenancy ends. In some circumstances, we may be required to hold some information for longer in order to comply with our legal obligations, or to protect our or your interests, for example to defend legal claims or pursue legal claims.

If you would like further information on specific periods, please contact us.

Who has access to my information?

Those working with and for RHP are trained to handle your information properly and protect your privacy. Only those who have an operational need to see your data will be allowed to see it. We aim to maintain high standards, adopt best practice for record-keeping and regularly check and report on how we’re doing. Your information is never sold on to third parties or processed overseas.

Where appropriate, we may need to pass your personal data on to our service providers and contractors, for example to those who:

  • undertake repairs and maintenance services so that we can meet our obligations under the terms of your tenancy;
  • assist us with collecting and processing rent payments by card or direct debit and collecting rent arrears;
  • provide us with facilities and support for our CCTV operations;
  • help us to carry out market research or customer survey calls.

Where we work closely with these contractors, they must store your details securely and use them only to undertake the work we have asked them to do. When the job is done they will securely dispose of the details as set out in RHP Group’s procedures and the relevant data protection legislation.

We also work closely with partners to help us provide you with services and support and may need to pass on your personal data to those organisations.

For example:

  • Housing benefits departments and government benefits offices – e.g., to help process a customer’s Housing Benefit claim
  • Local authorities and the police – examples include responding to a councillor enquiry on behalf of a customer, supporting the council with disabled adaptations to a customer’s home or asking the police for information about a crime report that affects an RHP property
  • Utility companies (electricity, water and gas) – e.g., to confirm a customer has moved out of an RHP property
  • Our insurance company - to ensure that they are aware of any relevant accidents or incidents and our policy is kept up to date.

We will always ensure that when sharing your information, it is appropriate, relevant, and in line with the legislation. We have data-sharing agreements with a number of other organisations. They sign up to a code of how data will be exchanged and used.

In some circumstances, we need to share information in an emergency or because we have a legal or regulatory obligation to do so. For example:

  • for the prevention or detection of crime and fraud
  • in connection with legal proceedings
  • in relation to someone’s physical or mental health, to protect them or others from serious harm
  • for making a safeguarding alert where there’s a concern about a child or vulnerable adult’s safety
  • for research and statistical purposes – for example, for government research on who we let homes to
  • to protect the health and safety of our employees
  • to comply with the law.

From time to time we’ll use credit reference agencies to make sure our records are up to date. We’ll also use them for the prevention, detection and prosecution of crime, including social housing and benefit fraud. This information won’t be used for any inappropriate purposes.

Profiling

Profiling is automated processing that’s designed to evaluate an individual and analyse or predict characteristics such as:

  • economic situation
  • health
  • personal preferences
  • reliability
  • behaviour
  • location
  • movements.

We don’t use profiling at RHP Group.

How to contact us: If you have any questions about this privacy statement, the practices of our sites or services, you can contact us at:

8 Waldegrave Road, Teddington, TW11 8GT or by emailing [email protected] 

Your Rights

Data Protection law gives you the following rights:

  • The right of access to see the information we hold on you. To ask for this please contact [email protected] or [email protected] There is no charge for this service and we have 1 month to provide you with this information - unless it interferes with other people’s rights and freedoms or requests are repetitive, excessive or unfounded
  • The right for your information to be rectified it’s inaccurate or incomplete
  • The right to ask for erasure (right to be forgotten) where we no longer need to continue processing your information
  • The right to ask for restriction of processing your information
  • The right to data portability – where processing is automated, based on consent and not in the public interest or necessary ‘in the exercise of official authority’, you have the right to request your data from us in a commonly used, machine readable format.
  • The right to object to how your information is used if we’re not using it for legitimate business reasons.
  • If you have provided us with your consent for us to use your information in a certain way, you will always be able to withdraw that consent by contacting us. This might affect the services we can provide, but we will explain the consequences to you.

Contacting us and complaints

If you have any questions about how your information is used or want to let us know your information has changed please email [email protected] or [email protected] If you want to see your information, believe that it’s not accurate, or if you want to make a complaint about the use of your information then contact the Data Protection Officer at 8 Waldegrave Road, Teddington, TW11 8GT or by emailing [email protected].

If you’re not happy with the way we deal with your query you can write to:

The Information Commissioner, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Tel: 0303 123 1113; Fax: 01625 524 510; Email: [email protected]
Website: https://ico.org.uk/


 

Website service: You agree to use the services as they’re intended. You agree not to access (or try to access) the services in another way.

You acknowledge and agree that if we deactivate your account you may be prevented from accessing the services, your account details or any other content.

You agree and understand that you’re responsible for maintaining the confidentiality of passwords associated with your accounts. You agree you’ll be solely responsible for all activities that relate to your account. If you become aware of any unauthorised use of your password or of your account, you agree to let us know immediately.

Cookies

Use of cookies and cookie-like technologies

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or information related to login. Cookies can be set by us and are called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting. You can find out more about cookies at allaboutcookies.org

You can update and change your cookie preferences by using the preference centre.

We use cookies and other tracking technologies for the following purposes:

  • Strictly necessary cookies

    These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you, which amount to a request for services, such as logging in or filling in forms. They protect your data from being accessed in an unauthorised way.

    You can set your browser to block or alert you about these cookies, but some parts of the site will not then work.

     

    Name Purpose Expires

    RHP.AuthToken

    Is a cookie that is used as part of the login process to control access to content. and is removed on closing the browser.

    End of browser session

    RHPAuthCookie

    Is a cookie that is used as part of the login process to control access to content. and is removed on closing the browser.

    End of browser session

    RHP_SelectedAccount

    Is used in conjunction with RHP.AuthToken to identify the account number you are currently viewing. It is only set when you login and  is removed on closing the browser.

    End of browser session

    ASP.NET_SessionId

    Is a cookie which is used to identify the users session on the server. The session being an area on the server which can be used to store data in between http requests and is removed on closing the browser.

    End of browser session 

    __RequestVerificationToken

    This is an anti-forgery cookie set by web applications built using ASP.NET MVC technologies. It is designed to stop unauthorised posting of content to a website, known as Cross-Site Request Forgery. It holds no information about the user and is removed on closing the browser.

    End of browser session 

    currentCustomPaymentValue

    Is a cookie that is used as part of the payment process to persist the payment override amount. . It is removed on closing the browser.

    End of browser session 

    OptanonConsent

    Is used as part of the cookie law compliance solution from OneTrust.  It is set after visitors have seen a cookie information notice and in some cases only when they actively close the notice down.  It enables the website not to show the message more than once to a user.  The cookie has a one year lifespan and contains no personal information.

    1 year

     

    OptanonAlertBoxClosed

    Is used as part of the cookie law compliance solution from OneTrust. It is set after visitors have seen a cookie information notice and in some cases only when they actively close the notice down.  It enables the website not to show the message more than once to a user.  The cookie has a one year lifespan and contains no personal information.

    1 year

    _wc_cust_guid_

     

    Is used as part of the web chat to provide web chat service

    1 day

    _eiwebchat_session

    Is used as part of the web chat to provide web chat service

    1 day

    _eiwebchat_lastvisit

    Is used as part of the web chat to provide web chat service

    1 Month

  • Performance cookies

    These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous.

    The site uses a service from google; google analytics. Further information on google analytics is available at https://support.google.com/analytics/answer/6004245

    You can opt-out of google analytics by using a browser add-on provided by google https://tools.google.com/dlpage/gaoptout

    Google details the data retention at https://support.google.com/analytics/answer/7667196

    A summary of the cookies and their purpose is provided below, further information at https://developers.google.com/analytics/devguides/collection/analyticsjs/cookies-user-id

     
    Name Provider Purpose Expires

    __utma

    Google Analytics

    Is Used to distinguish users and sessions. The cookie is created when the javascript library executes and no existing __utma cookies exists. The cookie is updated every time data is sent to Google Analytics.

    2 years from set/update

    __utmb

    Google Analytics

    Not used in ga.js. Set for interoperability with urchin.js. Historically, this cookie operated in conjunction with the __utmb cookie to determine whether the user was in a new session/visit.

    End of browser session

    __utmt

    Google Analytics

    Used to throttle request rate.

    10 minutes

    __utmz

    Google Analytics

    Stores the traffic source or campaign that explains how the user reached your site. The cookie is created when the javascript library executes and is updated every time data is sent to Google Analytics.

    6 months from set/update

    _ga

    Google Analytics

    Google Analytics determine that two distinct hits belong to the same user, to achieve this a unique identifier, associated with that particular user, must be sent with each hit. The analytics.js library accomplishes this via the Client ID field, a unique, randomly generated string that gets stored in the browsers cookies, so subsequent visits to the same site can be associated with the same user.

    2 years from set/update

    _gid

     

    Google Analytics

    This cookie name is associated with Google Universal Analytics. This appears to be a new cookie and as of Spring 2017 no information is available from Google.  It appears to store and update a unique value for each page visited.

    0 days

    _gat_UA-120750349-1

    Google Analytics

    This is a pattern type cookie set by Google Analytics, where the pattern element on the name contains the unique identity number of the account or website it relates to. It appears to be a variation of the _gat cookie which is used to limit the amount of data recorded by Google on high traffic volume websites.

    729 days

    _ga_3YL38FCD5H

    Google Analytics

    This cookie name is associated with Google Universal Analytics - which is a significant update to Google's more commonly used analytics service. This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the sites analytics reports. By default it is set to expire after 2 years, although this is customisable by website owners.

    729 days

  • Functional cookies

    These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

    Name

    Provider

    Purpose

    Expires

    _Vuid

    Vimeo

    Is used by the Vimeo video player.

    729 days

Tags and other cookie-like technology

This website uses Cloudflare. Cloudflare’s global network enhance security, performance, and reliability of sites.

Further information on cloudflare is available at https://developers.cloudflare.com/fundamentals/

Mouseflow:

This website uses Mouseflow a website analytics tool that provides session replay, heatmaps, funnels, form analytics, feedback campaigns, and similar features/functionality. Mouseflow may record your clicks, mouse movements, scrolling, form fills (keystrokes) in non-excluded fields, pages visited and content, time on site, browser, operating system, device type (desktop/tablet/phone), screen resolution, visitor type (first time/returning), referrer, anonymized IP address, location (city/country), language, and similar meta data. Mouseflow does not collect any information on pages where it is not installed, nor does it track or collect information outside your web browser. If you'd like to opt-out, you can do so at https://mouseflow.com/opt-out. If you'd like to obtain a copy of your data, make a correction, or have it erased, please contact us first or, as a secondary option, contact Mouseflow at [email protected]

For more information, see Mouseflow’s Privacy Policy at http://mouseflow.com/privacy/

For more information on Mouseflow and GDPR, visit https://mouseflow.com/gdpr/

Logging

When you visit this website, we collect website usage information and information about your computer and internet connection, location (region), the type, and version of the browser and operating system you use as well as the activity you are performing.

We use this information to ensure, that our site is compatible with the browsers and operating systems used by most of our visitors. We also use it to improve our understanding of customer needs in developing the website.

Log information may be used by our helpdesk to check a caller’s identity in the event of an account query related to a particular session.

Search Log in