wdh

Covid-19 Privacy Notice

We ask that you read this privacy notice carefully as it contains information about how we are collecting information about you relating to the Coronavirus pandemic (COVID-19).

We may collect, process and share your personal data in response to the COVID-19 pandemic to ensure your safety and the wellbeing of residents, tenants, leaseholders, service users, contractors, our employees and general members of the public. Some of the information we collect will be in relation to your health and will include information required so that we are able to manage and complete essential repairs and servicing to your property.

Any information we collect will be limited to what is proportionate and necessary, taking into account the latest guidance issued by the government, the Information Commissioner’s Office and health professionals, in order to manage and contain the virus. It will enable us to effectively fulfil our functions and to keep people safe, put contingency plans into place to safeguard those vulnerable and aid business continuity. You may also wish to consider our main Privacy Notice which sets how we process your information.

Who we are

We are a registered charitable Community Benefit Society that provides social housing and support. We are a controller of personal information and collect, use and are responsible for certain personal information about you. When we do so, we are regulated under The Data Protection Act 2018, including The UK GDPR (General Data Protection Regulation). Our contact details for data protection purposes are as follows.

Information Governance Team
WDH
Merefield House
Whistler Drive
Castleford
WF10 5HX
Email: informationgovernance@wdh.co.uk

The individual responsible for data protection compliance is our Data Protection Officer, who is contactable using the above details.

What information we need

We may collect the following information.

  • Basic details about you including your name, address, contact details, details about your health to identify if you (or those closely linked to you) are in any of the high-risk categories and would be considered vulnerable or have any underlying health conditions

How we collect your personal data

We may already have some of your personal data that you have provided as an applicant, tenant or an employee and which has been provided for a specific reason. In the current crisis, we may need to share this information for a different reason and it may not always be possible to inform you of this in advance. We may also request further information from you or from a third party which we have not previously collected or processed. If you do not provide the information we need then we may not be able to provide all services to you.

How we will use the information we hold about you

We will use the information you provide to:

  • protect the health of our employees and contractors who may have to visit your home to provide an essential service; and
  • safeguarding the health and safety of our tenants.

Why we need your personal information

The legal basis for processing the data is that it is in the public interest for us to deal with the outbreak of COVID-19.

The General Data Protection Regulation requires specific conditions to be met to ensure that the processing of personal data is lawful. These relevant conditions are below.
  • Article 6(1)(e) – is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
  • Section 8(c) of the Data Protection Act sets out that such a task must be necessary for the performance of a function conferred on a person by an enactment or rule of law.
  • The processing of special categories of personal data, which includes data concerning a person’s health, are prohibited unless specific further conditions can be met. These further relevant conditions are below
    • Article 9(2)(i) – is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health
    • Schedule 1, Part 1(1) – is necessary for the performance or exercising obligations or rights which are imposed or conferred by law on the controller or the data subject in connection with employment, for example, Health and Safety at Work Act 1974.
      Schedule 1, Part 1(3) – is necessary for reasons of public interest in the area of public health and is carried out by or under the responsibility of a health professional, or by another person who in the circumstances owes a duty of confidentiality under an enactment or rule of law, such as governmental guidance published by Public Health England

Who we will share your information with

  • We will normally only share your information with other partner organisations as part of the response to the COVID-19 outbreak and where it is necessary and proportionate to do so. We may also share limited personal data with our contractors who are carrying out services on our behalf.

How long we will keep your personal information

  • We will only keep your information for as long as it necessary, taking into account government advice and the ongoing risk presented by COVID-19. As a minimum the information outlined in this privacy notice will be kept for the duration of the COVID-19 response

Your rights

Please see our Data Protection Rights Notice.

Keeping your personal information secure

Your personal information relating to COVID-19 is stored on our Customer Relationship Management (CRM) system which may be copied for testing, backup, archiving and disaster recovery purposes. Access to your information is limited to those who require it to provide services to you.

Transferring your personal information out of the UK

To deliver services to you, it may be necessary for us to share your personal information outside the UK, for example if we were to use a cloud service provider based outside the UK. These transfers are subject to special rules under UK data protection law. In such a situation, we will make sure that we have adequate safeguards and security measures in place as required by the GDPR.

How to complain

We hope that we can resolve any query or concern you raise about our use of your information.

The GDPR and Data Protection Act 2018 also gives you the right to complain to a supervisory authority where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who can be contacted at Information Commissioner, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF or by phone on 0303 123 1113.

Changes to this privacy notice

We may change this privacy notice from time to time, when we do we will inform you by an update on our website at www.wdh.co.uk.

How to contact us

Please contact us if you have any questions about this privacy notice or the information we hold about you.

If you wish to contact us, please email informationgovernance@wdh.co.uk or write to our Information Governance Team, WDH, Merefield House, Whistler Drive, Castleford, WF10 5HX or email informationgovernance@wdh.co.uk or call us on 0345 8 507 507.

Do you need extra help?

We are committed to giving everyone equal access to information. If you would like this information in another format please phone us on 0345 8 507 507.