Privacy Notice for tenants of Southampton City Council’s Housing Service
Why do we collect and use this information?
In order to carry out this function, Southampton City Council processes personal data about the following types of people:
- Tenants of Southampton City Council and household members
- Carers or representatives
- Complainants, enquirers or their representatives
- Customers / Clients
- People’s images captured by our concierge service
- Professional advisers and consultants
- Recipients of benefits
- Representatives of other organisations
- Staff, persons contracted to provide a service
- Applicants of Housing
We hold this personal data securely and use it to:
- Undertake multi-agency audit activity, such as case file audits
- Provide training courses, forums and briefings, including pre and post evaluation
- Carry out staff surveys for monitoring and evaluation purposes
- Undertake statistical and financial forecasting and planning
- Complete statutory return
Unless stated, we are the data controller for your personal data, and the following sections provide detail about the information we process, and explains what allows us to do this (the lawful basis), who we may share it with, and how long we keep it for (the retention period).
The categories of information that we collect, hold, and share
As a local authority, we only process data that is necessary for us to carry out our statutory functions. To carry out our duties in respect of the management of the homes and tenancies of Southampton City Council tenants and leaseholders , the type of information we process is as follows:
- Banking or payment details
- Business activities
- Carers and representatives
- Case file information
- Contact details (name, address, telephone number, etc.)
- Electoral registration information
- Employment details
- Education details
- Family details
- Financial details
- Goods and services
- Housing needs
- Lifestyle and social circumstances
- National Insurance Number
- Relevant Contact (eg Next of kin / carer)
- Visual images, personal appearance and behaviour
Special categories (or sensitive personal data)
- Immigration status
- Physical or mental health
- Racial or ethnic origin
The lawful basis on which we use this information
The use of your personal data is compliant with the following conditions of the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA2018):
- Article 6(1)(c) of the GDPR – It is necessary for us to process your information so we can comply with our legal obligations
- Article 6(1)(e) of the GDPR – It is necessary for us to process your information so we can carry out our official functions or public tasks
These articles under the GDPR and the DPA2018 are supported by the following specific legislation:
- Housing Act 1985
- Housing Act 1996
- Prevention of Social Housing Fraud Act 2013
- Homeless Act 2002
- Housing and Regeneration Act 2008
- Localism Act 2011
- Care Act 2014
- Children Act 1989
- Housing and Planning Act 2016
- Homeless Reduction Act 2017
Further details of our statutory powers and duties can be found on the Local Government Association’s website.
Under this lawful basis we do not require your consent to process this information but we are required, through this privacy notice, to ensure that you are fully informed of why we are collecting this information and what we will do with it.
Storing and Securing Data
The information provided to us for the management of your tenancy and home will be held in the following format: Digital
The information provided to us will be held in accordance with the Council’s Retention Schedule, and then it will be securely destroyed.
For information held for the purposes of the management of your tenancy and home, your personal data will be held for the following period: 6 years from the ending of your tenancy
The technical security measures will differ between service areas, depending on the nature of the information being processed, but the Council has an information governance structure in place to ensure privacy risks are identified and addressed.
The Council also has suite of information governance polices in place that staff are required to adhere to. These policies cover information security, records management, and the access and use of information.
The GDPR requires personal data to be processed in a manner that ensures its security. This includes protection against unauthorised or unlawful processing and against accidental loss, destruction or damage.
It requires that appropriate technical or organisational measures are used, and the Council’s handling of its data satisfies this requirement.
Southampton City Council takes its data security responsibilities seriously and has policies and procedures in place to ensure the personal data held is:
- Prevented from being accidentally or deliberately compromised
- Accessed, altered, disclosed or deleted only by those authorised to do so
- Accurate and complete in relation to why we are processing it
- Continually accessible and usable
- Protected by levels of security ‘appropriate’ to the risks presented by our processing.
Who do we share information with?
We may share your personal information with external organisations, such as the Police, to prevent and detect crime, however, this would only occur when the law allows us to do so.
We may have to share your information with other teams and departments in the Council, in order to fulfil this, and other statutory duties, and to deliver a sufficient level of service, in the public interest, as a local authority.
For the purposes of the management of your home and tenancy, we will routinely have to share your data with the following types of organisations:
- Business Partners
- Central Government
- Commissioned Providers
- Corporate Suppliers
- Debt Collection and Tracing Agencies
- Fire Services
- Emergency Services
- Healthcare Providers
- Housing Associations and Landlords
- Local Government Authorities
- Ombudsmen and Regulatory Authorities
- Probation Services