Laws such as General Data Protection Regulation 2016 (GDPR), govern what information we collect and how we collect it. These laws are designed to protect your privacy as an individual. Central and Cecil is committed to:
- Upholding privacy laws
- Being open and transparent about how we use information collected about you and how we contact you for marketing purposes (where you have opted-in).
In this Privacy Notice we use "we" or "us" or "our" or "C&C" to refer to the Central and Cecil Housing Trust.
Central and Cecil is a registered provider of housing, support and care services in London. This privacy notice relates to residents, employees. website visitors, users of social media, and other digital marketing campaigns we run.
C&C is a Data Controller and a Data Processor under the terms of the EU General Data Protection Regulation (GDPR). We are legally responsible for ensuring that all personal information that we process about you is done in compliance with data protection laws. All Data Controllers must notify the Information Commissioner’s Office (ICO) of all personal information processing activities. Our registration number is Z9921835 and our entry can be found in the Data Protection Register on the Information Commissioner’s Office website.
Information you give us
’Personal data’ is any information submitted to C&C that can or has the potential to identify you as an individual. As the data controller C&C will use your information to process:
- your service provision
- your employment
- any enquiries
- relevant information
Personal data may also be visible to C&C’s IT staff and contracted service providers. We will share your information with these companies under the strictest data protection arrangements. If you would like further information regarding these third party companies, please contact our Risk & Governance Manager, Ronny Moreno, at Ronny.Moreno@ccht.org.uk.
You may give us information about yourself by filling in forms for a new tenancy, completing a form on the website, or contacting us directly. This may also include any personal or medical information you provide when you: enquire about any of our services, apply for a job with us, or when you report a problem with the site. Please note that telephone calls are often either recorded or transcribed into note form.
The personal information we hold about you may include the following:
- Contact details, such as postal address, email address and telephone numbers
- Benefit information
- Responses to surveys or questionnaires
- Correspondence relating to a complaint
- Your specific information requirements
- Next of kin
- Bank details
If you provided data to us for matters of Tenancy or Care provision, we will also hold information known as a special category of personal data under the law, meaning that it must be handled even more sensitively. The special categories of personal information we hold about you may include the following:
- Details of your current or former physical or mental health. This may include information about any healthcare you have received (both from C&C directly and other healthcare providers such as GPs or hospitals (private and/or NHS)) and details of medicines previously and currently taken.
- Details of Care services you have received from us
- Details of your lifestyle and social circumstances
- Details of your nationality, race and/or ethnicity
- Details of your religion
- Details of any genetic data or biometric data relating to you
- Data concerning your sex life and/or sexual orientation.
You may also choose to opt-in to hear from us by email about our latest news, offers, events, health or housing blogs, Social media engagement, and/or information about our services. This can be done through phone enquiry, via the website or by completing a printed form. We will only add you to our mailing list where you have told us to do so. You can unsubscribe at any time.
Calls to C&C may be recorded for quality assurance purposes which includes assessing the way staff respond to calls and also the range of services we provide. The content of the calls will not be used for direct marketing purposes.
Please note that while C&C takes every possible precaution under UK and international law to protect our website and internal databases, and any information you provide once we have received it. However it must be understood that the use of digital methods for transferring data is not without risk and you should always bear this in mind when considering what information you provide, and by which method.
We cannot guarantee the security of any information you provide to us while it is being sent across the internet Information you send this way will be at your own risk. You will always remain responsible for the security of your own systems and devices.
Information we may collect automatically
In order to ensure that your visit to our websites or payment portals are as easy and productive for you as we can make it, we use tools (such as Google Analytics) to collect certain types of ‘background’ information every time you click on our website pages. This will include:
- Technical information, used to connect your computer to the Internet, such as browser type and version, Internet Protocol (IP) address, time zone setting, browser plug-in types and versions, operating system and platform.
- Information about your visit, including all webpages visited by you on the site, services you viewed or searched for, page response times, time spent on each page, page interaction information (such as scrolling, clicks, and what you hold your mouse over), and any phone number used to call us.
- Information about your browsing sessions help us track user interaction with our website so that we can use this information to improve your experience.
Information from third parties
We may receive information about you if you use other C&C websites or use other services we provide. Sometimes we exchange your information with certain other organisations (known as ‘third parties’) and we receive information from them about you which can help us to deliver effective resident care. This includes your personal information and special categories of personal data. Such third parties may include:
- Consultants and their medical secretaries to process your enquiry or appointment booking
- NHS providers and GP practices
- Private medical insurers
- Solicitors (personal injury claims etc.)
- If you engage with us through social media platforms.
Using your information
In order to comply with any changes in the law, or to offer a better user experience, we may update this policy periodically. If these changes result in any material difference to the way we process your personal data we will tell you when you next visit our website. You should check this page from time to time to ensure that you are happy with any changes.
Where we retain any information you provide to us, we will use it to better understand your needs and to provide you with the best service we can offer. This may include holding information for the following purposes:
- To answer an enquiry sent by you. For example, we will use your personal information to reply regarding a complaint or enquiry, or to arrange external health care appointments. In order to achieve this, we may pass on your information to external organizations or bodies in order to provide that service.
- Internal record keeping and database maintenance.
- To improve our products and services using anonymous statistics.
- From time to time, we may also use your information to contact you for market research purposes. Such contact will be strictly optional and imposes no obligation. We may contact you by email, phone or mail. We may use the information to customize the website according to your interests, and will use your contract preferences, where possible and practical.
- To enable us to contact you where you have opted-in to hear from us.
Outside these circumstances, there may be rare occasions when we are required by law (for example, to comply with law enforcement or Court proceedings) to pass on information to certain authorities or government agencies. In such cases, we will abide by data protection principles and share the minimum information necessary.
The table set out in the Schedule below summarises the purposes for which we process your personal information and our legal justification for each of our processing activities. If you would like any further details on our purposes for processing your personal information, please contact the Governance & Compliance Manager using the details found below.
We will only keep your personal information for as long as reasonably necessary to comply with our legal and regulatory obligations. If you would like further information regarding the periods for which your personal information will be stored, please contact our Risk & Governance Manager for further details.
We (or third parties acting on our behalf) may store or process information that we collect about you in countries outside the European Economic Area ("EEA"). Under the EU General Data Protection Regulation (GDPR), companies transferring information outside of the EEA must ensure that such transfers are subject to appropriate safeguards to ensure an adequate level of data protection. Where we make a transfer of your personal information outside of the EEA we will take the required steps to ensure that your personal information is protected.
Under data protection law you have certain rights in relation to the personal information that we hold about you. These include rights to know what information we hold about you and how it is used, to have incorrect information updated, or in some circumstances, ask to have you data removed, or provided in a transportable format. You may exercise these rights at any time by contacting C&C’s Risk & Governance Manager (contact details can be found below).
There will not usually be a charge for handling a request to exercise your rights. If we cannot comply with your request to exercise your rights we will usually tell you why. There are some special rules about how these rights apply to health information as set out in the relevant legislation. If you make a large number of requests, or it is clear that it is not reasonable for us to comply with a request, then we do not have to respond or we can charge you for responding.
Your rights include:
- The right to access your personal information - You are entitled to a copy of the personal information we hold about you and details about how we use it. Please note that in some cases we may not be able to fully comply with your request. For example, if your request involves the personal data of another person and it would not be fair to that person to provide it to you.
- The right to restriction of processing - In some circumstances, you can ask us to suspend the use of your personal data. Sometimes we won’t be able to comply with your request if it is necessary to keep your information in order to perform tasks which are in the public interest, including Housing Tenancies, or public health matters, or for the purposes of establishing, exercising or defending legal claims.
- The right to data portability - You can ask us to transfer your personal information to you or to another individual or organisation. The information must be transferred in an electronic format.
- The right to object to processing - You can ask us to stop processing your information where we are relying on legitimate interests as the legal ground for processing (when we refer to ‘legitimate interests’, this means that we have an appropriate business need to process your personal information and this business need does not cause harm to you). It does not extend this right where such processing, such as a Housing Tenancy, is a requirement for the provisioning of service.
- The right not to be subject to automatic decisions - You have a right to not be subject to decisions that are made about you by computer alone. To find out more about the way we use automated decision making, please see the section of this Privacy Notice titled ‘Automated Decision Making’).
- The right to withdraw consent - In some cases we need your consent in order for our use of your personal information to comply with data protection legislation. Schedule 1 sets out instances where we will rely on your consent for the purpose of processing your personal information. You have the right to withdraw your consent at any time. You can do this by contacting C&C’s Governance & Compliance Manager whose details can be found below.
- The right to complain to the Information Commissioner's Office - You can complain to the Information Commissioner's Office if you are unhappy with the way that we have managed any of your rights above, or if you think we have not complied with our legal obligations. More information can be found on the Information Commissioner’s Office website. Making a complaint will not affect any other legal rights or remedies that you have.
Security and storage
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect about you.
A cookie is “a small file of letters and numbers that is downloaded on to your computer when you visit a website. Cookies are used by many websites and can do a number of things, e.g. remembering your preferences, recording what you have put in your shopping basket, and counting the number of people looking at a website.
Rules on cookies are covered by the Privacy and Electronic Communications Regulations.
Yes. C&C uses both session-based and persistent cookies. Session-based cookies are only stored while on your current visit to the website, so will be deleted when you close your browser. Persistent cookies are used to remember any site preferences for when you next visit our website, so they will stay on device after you close your browser.
They are also designed to enhance your experience of our website. For instance, recording when you complete or minimize a survey, so you do not get asked again when you visit other pages on the website.
Overall, cookies help us to provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
The below explains the cookies we use and why:
- Google Analytics - These cookies collect information about how visitors use our site. We use the information to compile reports and to help us improve our website. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited.
- Functional cookie - This is to identify your unique session on the website. Typically used to maintain the integrity of your session while transacting information with a website (accessing secure areas, forms submissions etc.)
- Cookie Control - When you click "I agree", to remember your preference.
- Retargeting - When you visit particular parts of our website, a cookie may be stored to enable us to show relevant C&C adverts on other websites you visit.
- Social media conversion tracking - to show how users have interacted with our website after seeing our post or advert on Facebook. This allows us to track a return on investment from running Facebook advertising.
- Call tracking - to enable links from our website to our phone system to effectively monitor calls coming through to C&C. For instance, if you originally came to C&C’s website through a search engine.
Yes. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. To find out how you can you modify and control cookies, visit this information page on the ICO website.
We store and handle all personal information we hold about you according to the rules laid down by the law and the codes of practice which govern information processing.
If you believe that any information we are holding about you is wrong or incomplete, please contact us and we will amend any information found to be incorrect.
You may contact us at any time to unsubscribe from any of our services or to request that we remove or amend your details in our records (with the exception of any direct healthcare data, or data held for legal, or service provision based purposes).
You will only receive marketing information from us where you have indicated consent to receive it. Please contact the local site directly if, for example, you are receiving marketing information not related to the website or C&C. We pay for advertising on Google (Google Adwords), where we provide relevant content based on search terms. We also use Facebook, sometimes paying for targeted adverts about relevant content, blogs and events. You can unsubscribe from marketing delivered by us at any time. Contact your local C&C site or email our Risk & Governance Manager.
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over any other website. Therefore, we cannot accept responsibility for the protection and privacy of any information or data which you provide whilst visiting such sites, and such sites are not governed by this privacy statement.
C&C’s Governance & Compliance Manager has been appointed to cover data protection to help ensure that C&C complies with data protection law and acts a a contact point for all residents.
You can contact our Risk & Governance Manager Ronny Moreno by:
- E-mail: Ronny.Moreno@ccht.org.uk
- Post: Risk & Governance Manager, Central and Cecil, Central Office, 266 Waterloo Road, London, SE1 8RQ
About the information we collect and hold
In the table below we have set out the majority of the individual purposes for which we will process your personal information and the legal justification for doing so. In some instances, we are also required to identify an additional legal justification where we are processing special categories of personal information (e.g. medical information). Beside each legal justification, we have cited the relevant article of the EU General Data Protection Regulations (GDPR). Please note this list is not exhaustive.
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
The tables below explains the cookies we use and why.
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org.
To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout.