Privacy and Data Policy

Brighton and Hove Community Housing CIC

8 Holmstead

166 Upper Lewes Road

Brighton

BN2 3FB

01273 628505


office@bhchousing.org.uk

Principles

Brighton and Hove Community Housing CIC (BHCH) welcomes improved personal data transparency and protection regulations (GDPR). You can find more information about the rules and your rights at https://ico.org.uk/your-data-matters.

BHCH endeavours to securely hold and process your personal data, and only data that we need to hold or function.

Whilst we hold and process your data, we seek to do so securely, transparently and fairly.

BHCH will not sell your personal data. BHCH will not purchase your personal data from other parties without your explicit consent each time. E.g., a Disclosure and Barring Service (DBS) check if working with children. BHCH will not share your data with external parties except where required to:

If you have suggestions to improve our privacy policy, queries, concerns or complaints, please contact us using any of the contact details above.

Website

Cookies

Cookies are small files that are stored on your computer that help with the functioning of BHCH's website, and of websites providing services to you and BHCH.

You can block and delete cookies through your browser settings. BHCH strongly advises that browsers are set to delete cookies automatically when closed. This helps prevent unnecessary tracking and improves security.

The BHCH website will operate with cookies prevented but services and performance may be impaired.

External Services On Our Website

The BHCH website includes services provided by external parties, including hosting the website itself. These services may be easily viewed and restricted via a script-blocker, such as the open source browser add-on NoScript.

The BHCH website will work with scripts blocked but performance and some services might be impaired.

Data Sharing for Website Functionality:

Communications

With your consent, BHCH may hold your contact details to contact or identify you.

You have the right to remove consent from BHCH contacting you unless it is required by law or for functionality. If consent is removed from us contacting you, you may not receive important information from BHCH.

If you contact us, there will be a legitimate interest in acting on your communication to us, recording the communication and replying, and holding that data in order to be able to respond and address your communication.

Communication Records

We may keep records and notes of our communication to you, and your communications to us whilst your consent is in place, for up to 2 years after permission has ended. This allows us to meet your needs, and audit and analyse performance.

You may request your personal data be deleted if not needed for functionality or legal purposes. At 2 years from the date of communication or upon successful request, the personal data will be deleted within 60 days.

We will not share your communications outside of BHCH without your direct consent unless a legal requirement or an emergency.

Communication Suppliers

Those not already reported:

Membership, Engagee and Tenancy Information

Lawful basis for process: consent, contract and legitimate consent (e.g. contacting members about member business)

Necessary personal data will be recorded and held whilst memberships and tenancies are active.

Personal data that is no longer needed for functionality or legal purposes will be deleted within 12 months of no longer being needed or within 60 days of a successful request to do so earlier.

Financial and legal data will be held according to the limits of the Statute of Limitation Act 1980, irrespective of ended memberships and tenancies, to allow for financial and legal investigations and analysis. This will mean the data will be kept up to 6 years from the date of transaction or 6 years from the end of the respective tax year filing deadline. Data will be deleted within 12 months of becoming available to do so.

Exceptions to deletion will be the company accounts and minutes, membership register, company bank statements, active legal action, and a change in laws and regulations.


Surveys and Ballots

Lawful basis of processing: surveys - consent, ballots - contract

All responses to our surveys and ballots will be anonymised by encryption or other administration.

All anonymised survey and voting responses that are non-identifiable will no longer be personal data, and will be used for internal analysis and public publishing.

All identifiable and non-anonymised data will be destroyed as soon as practically possible.

Suppliers of Financial Services

Employees, Contractors and Volunteers

Only personal data that is required by law or to function in your role will be requested from you.

If your role requires or you have consented to BHCH calling you via electronic means or in person, we will not do so outside the hours of 9am and 6pm from Monday to Friday and not at all on Saturdays or Sundays. Messages may be sent outside of these hours but responses are not expected outside of these hours.

The exception to this is if you have agreed an exception as part of your role, given your one-off specific consent or an emergency.

Personal data will only be shared by those in BHCH who need to know. No person connected with BHCH has any right to access your personal data.

If we need to collect or are given any special category data, this will be highly restricted to those approved internal processors of this information. E.g. deductions from earnings of trade union subscriptions or support for personal health conditions.

Exceptions to this will be an emergency or laws and regulations.

Improvements

Build HTML5 website from scratch (underway) and emigrate web hosting from Yola to Freeola, with only UK-based servers and removing imposed functions by Yola.

By emigrating from Yola to Freeola, we can then apply the SSL website encryption facility we have purchased from Freeola but Yola will not allow to be used on their servers, nor will they sell one for websites they don't register.

Review and Amendments

We will review the policy at least annually and advise changes at least 1 month in advance.

Information Commissioner's Office

Contact or complain to the ICO:

0303 123 1113 or 01625 545700

casework@ico.org.uk

https://ico.org.uk/

Advice

Restrict scripts to only trusted domains

Restrict cookies to only trusted domains

Use encrypted services

Install anti-virus, anti-malware, anti-spyware

Check your firewall settings on all devices, including smartphones and internet connected devices

Passwords to be made up of capital letters, lower case letters, number and symbols

Don't share your passwords

Install an email blocker





V2.0 Effective 25th May 2018