Keeping your information safe
Identity and contact details of Controller
Golding Homes (Golding) is a Housing Association and is a controller of personal information for the purposes of the UK-General Data Protection Regulation ('UK-GDPR’) and Data Protection Act 2018.
When we process your personal data Golding Homes is described as the ‘data controller’ under data protection law.
Our contact details for data protection purposes are as follows:
Data Protection Officer
Golding Homes
County Gate One
Staceys Street
Maidstone
ME14 1ST
www.goldinghomes.org.uk
0300 777 2600
dpo@goldinghomes.org.uk
Golding Homes Data Protection officer is Helen O'Neil.
Golding is registered with the Information Commissioners Office as a Data Controller. Our registration number is ZA255102
The UK-GDPR has a set of rules and guidelines we must follow when handling your information. Golding has a legal duty to protect any information we collect from you or have about you from other sources.
This Privacy Notice tells you what to expect when Golding collects and stores personal and sensitive information. It tells you the purposes for which we will process your personal information and the legal basis for the processing (‘processing’ includes us keeping your personal information).
Please contact us if you have any questions about this Notice, information we hold about you or our overall approach to data protection and confidentiality.
What is personal data?
Personal data is defined by the UK GDPR and the Data Protection Act 2018 (collectively, “the Data Protection Law”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.
Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.
Who we collect personal information about
Customers
This includes current, former and potential customers who live in our properties or access our support and other services and could also include their family and people associated with them.
Colleagues
This includes current, former and potential colleagues, as well as Board and Committee members, apprentices and volunteers.
Anyone who makes a complaint or enquiry and visitors to our websites and offices.
Security of information
We operate a range of information and communication systems and technologies for the efficient operation of our business. Personal information is stored and managed within those systems which are maintained to achieve a high level of confidentiality, integrity and availability including following best practice cyber security standards.
We hold information in IT systems which may be copied for testing, backup, archiving and disaster recovery purposes.
For further information on how we maintain the security of your information, please see our IT Security Policy.
Emailing us
We use Transport Layer Security (TLS) to encrypt and protect email traffic in line with government guidance on email security. Most webmail such as Gmail and Hotmail use TLS by default.
We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. You must ensure that any email you send is within the bounds of the law.
Phishing
Phishing is the name given to attempts to steal personal details and financial account information from a website user. “Phishers” use fake or spoof emails to lead users to counterfeit websites where the user is tricked into entering their personal details, such as credit card numbers, user names and passwords. Our colleagues receive training on how to spot phishing and take preventative action. We will never send emails asking you for such details.
Transfers of personal data to third countries
Personal data relating to Golding’s customers, colleagues and others is usually stored in the UK or in the European Economic Area (EEA) or other jurisdictions recognised as adequate by the UK and the European Union.
If we need to share information with organisations outside the UK, the EEA or a jurisdiction that the European Commission regards as having adequate levels of protections for personal data, we will put in place appropriate safeguards (such as contractual commitments), in accordance with applicable legal requirements, to ensure that your data is adequately protected.
What we will not do
We will not send you unsolicited marketing material.
We will not sell your personal data on to third parties.
We will not pass your personal data to unrelated third parties unless we are allowed or required to do so by law, or we have your explicit permission to do so.
We will not keep a record of your card details when you provide them to make a payment for your rent or other service.
Your rights under UK GDPR
You have a number of rights under the UK-GDPR. We're committed to respecting your rights when we deal with your personal data.
- Access to personal information
Under the UK-GDPR, you have a right to ask us what personal information we hold about you, and to request a copy of your information. This is known as a Subject Access Request (SAR).
We have a Golding Homes - Subject Access Request Form.pdf [pdf] 150KB which provides further information to help you to submit your request. We'll also request two forms of identification.
Once you have completed the form, please return this to us via the following address:
Data Protection Officer
Golding Homes
County Gate One
Staceys Street
Maidstone
ME14 1ST
dpo@goldinghomes.org.uk
We'll respond to your request with all the information we are legally required to provide within the legal timescales.
Your right to certain information may be restricted. For example, information relating to a third person or information relating to a police investigation.
Rectification
If you need us to correct any mistakes contained in the information we hold about you, you can let us know by contacting our Customer Services team at 0300 777 2600.
Erasure (‘right to be forgotten’)
You have the right to ask us to delete personal information we hold about you. You can do this where:
- The information is no longer necessary in relation to the purpose for which we originally collected/processed it
- You withdraw consent
- You object to the processing and there is no overriding legitimate interest for us continuing the processing
- We unlawfully processed the information
- The personal information has to be erased in order to comply with a legal obligation
We can refuse to erase your personal information where the personal information is processed for the following reasons:
- To exercise the right of freedom of expression and information
- To enable functions designed to protect the public to be achieved e.g. government or regulatory functions
- To comply with a legal obligation or for the performance of a public interest task or exercise of official authority
- For public health purposes in the public interest
- Archiving purposes in the public interest, scientific research historical research or statistical purposes
- The exercise or defence of legal claims
- Where we have an overriding legitimate interest for continuing with the processing.
Restriction on processing
You have the right to require us to stop processing your personal information. When processing is restricted, we are allowed to store the information, but not do anything with it. You can do this where:
- You challenge the accuracy of the information (we must restrict processing until we have verified its accuracy)
- You challenge whether we have a legitimate interest in using the information
- If the processing is a breach of the UK-GDPR or otherwise unlawful
- If we no longer need the personal data but you need the information to establish, exercise or defend a legal claim
If we have disclosed your personal information to third parties, we must inform them about the restriction on processing, unless it is impossible or involves disproportionate effort to do so.
We must inform you when we decide to remove the restriction giving the reasons why.
Objection to processing
You have the right to object to processing where we say it is in our legitimate business interests. We must stop using the information unless we can show there is a compelling legitimate reason for the processing, which override your interests and rights or the processing is necessary for us or someone else to bring or defend legal claims.
Withdrawal of consent
If the basis on which we are using your personal information is your consent. We will seek your consent to contact you for non-essential services. Examples of this include marketing information about our services, community development activities or employment support. You have the right to withdraw your consent to us processing your information at any time. We must stop using the information. We can refuse if we can rely on another reason to process the information such as our contractual obligations or legitimate interests.
Right to data portability
Residents can request a copy of their data in a .csv / excel file from the Data Protection Officer if:
- The legal basis for processing the data is consent or performance of a contract; and
- The processing is carried out using automated means
We will ask for two forms of identification and a description of the data requested.
If we are able to provide the data, we will provide the information within one calendar month. We will send the file via email and we will ask the resident to confirm their email address and the password to access the file.
We will not accept data portability files from residents or other housing associations at this time. It’s a requirement of the UK-GDPR that the data we hold is accurate and up-to-date. To ensure the data meets our requirements and is not in breach of the UK-GDPR we will obtain data directly from residents in line with our internal sign-up procedures.
We only keep your data for as long as it is needed in line with our Retention Policy.
Our privacy notice
The links below will take you to more information on our Privacy Notice. We understand that sometimes it is hard to find what you want in documents like this, which is why we have included shortcuts so that you can easily find what you’re looking for depending on whether you are a current customer, a potential customer, an employee or applying for a job and so on.
A current or former Golding Homes or Golding Places customer
We’re committed to protecting your privacy and our Customer Privacy Notice explains how we use information about you and how we protect your personal data. Data protection in the UK is governed by the UK General Data Protection Regulations (UK GDPR) and Data Protection Act 2018. When we process your personal data Golding Homes is described as the ‘data controller’ under data protection law. Read the Customer Privacy Notice - May 2024.pdf here.
Applying to be a Golding Homes or Golding Places customer
How we collect your information
When you enquire about becoming a Golding customer we may collect your personal information in a variety of ways, including when you:
- complete one of our application forms, tenancy agreements, licences or leases. You may be asked to undergo a verification check
- call us, write to us, e-mail or meet with us
- visit our offices or some of our other properties (we operate CCTV systems at our offices and at some of our properties for the detection and prevention of crime)
- use our social media sites or websites
Phone calls to our 0300 777 2600 number may be recorded for training and monitoring purposes.
Calls are not recorded when you give us card details to make a payment for your rent or other service.
We may receive information about you from third parties including information from:
- your council, relating to your housing needs
- your benefits office, relating to your benefits
- prior landlords and credit reference agencies when you apply for housing
- marketing agencies relating to the marketing and sale of our properties
- the help to buy service (if you are interested in one of our shared ownership homes)
- police, welfare or support organisations who are dealing with you
- councillors, MPs or other representatives acting on your behalf / instruction
- financial institutions when you apply for our services
Commercial leaseholders
If you are applying for a commercial lease for one of our shop or commercial units we may ask for references from your bank or suppliers. We may also require a business guarantor.
Verifications
When you apply for a Golding tenancy we will request proof of identity and carry out verification checks. This is a way of profiling prospective customers to help ensure they can afford the property they have applied for. Credit checks and references will be requested from credit reference agencies.
The information you provide will be considered by us to make a decision on your application. We do not use any automated decision making.
What data do we collect?
When you apply to become a Golding customer, we request and hold on file information necessary to assess your application. This includes:
- your full name (and proof of your identity / photo ID)
- your date of birth
- your National Insurance Number (your unique identifier)
- your contact details (phone, email or correspondence address)
- details of anyone authorised to act on your behalf (if applicable)
- basic details (name and date of birth) of all household residents
- banking details if you pay your rent by Direct Debit
- your housing history including your proof of your eligibility housing and if you have any interest or equity in any other property
- details of offending history including current risk assessments
Information may be provided by:
- references from other housing providers / private landlords
- your mortgage lender (if you own/have owned your own home)
- credit reference agencies
- police and probation services
We may also ask for your consent to collect special categories of data as explained below.
If you provide us with personal information relating to members of your family or your associates we will assume that you do so with their knowledge and their consent to the collection and processing of the information.
It is important that you notify us of any changes to your personal information.
How we use personal information and the lawful basis for processing
Contractual necessity
Most of the information we require from you is used to enter into or manage a tenancy, leasehold agreement or other contract between you and Golding.
Please read your tenancy agreement, lease, licence or contract carefully for specific details as ‘performance of a contract’ is usually the lawful basis for processing your information as set out in Data Protection Law.
The processing we conduct can be summarised as:
- managing your account charges and payments, including arrears
- managing the repairs, maintenance and adaptations of our properties
- ensuring tenancy (or contract) conditions are complied with, such as dealing with anti-social behaviour or fraud
- complying with relevant legislation and regulation
Legitimate Interests
The other lawful basis for processing your data (as defined in Data Protection Law) that we regularly rely on is ‘legitimate interest’ (processing is necessary for the purposes of legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject).
Our legitimate interests may include the need to:
- eliminate discrimination or advance equality of opportunity
- prevent and detect crime including anti-social behaviour
- conduct research and statistical analysis to help improve our business processes and the services offered to our customers
- evaluate our performance against other benchmarks
When your personal data or information is used for statistical or research purposes it is anonymised or pseudonymised so that you cannot be identified. Golding conducts surveys regularly and periodically relating to our services in order to gauge satisfaction and make improvements based on feedback.
Where you believe that our legitimate interests are overridden by your interests, rights or freedoms, as the data subject you have the right to object.
We also seek your consent to hold some information about your lifestyle.
We will always give you a ‘prefer not to answer’ option when we ask for information about your lifestyle. Please note however that this information helps us to improve services.
Other lawful bases
In exceptional circumstances there may be another lawful basis for processing your data for example ‘compliance with a legal obligation’ or to ‘protect the vital interests of a data subject or another person’.
Special categories of data
Under Data Protection Law certain categories of personal information are classified as sensitive or special categories of data. These categories are data relating to:
- racial or ethnic origin
- political opinions
- religious or philosophical beliefs
- trade union membership
- genetic data and biometric data processed for the purpose of uniquely identifying a natural person
- data concerning health
- data concerning a natural person’s sex life or sexual orientation
We minimise the use of special categories of personal data but given the services we provide there are times when we may have a legitimate interest in processing special categories of data and therefore we may collect and process this data.
Usually we will seek your consent to processing this data by giving you a ‘prefer not to answer’ option when we ask certain questions. Please note however that if you choose not to provide the information we may not be able to provide all our services to you.
Where we ask for data concerning your health, and this is relevant to your housing needs, the condition for processing is that this is “necessary for the purposes of carrying out the obligations and exercising specific rights of the controller (us) or of the data subject (you) in the field social protection law”.
Providing us with special categories of data helps us deliver our services when providing accommodation for disabled people (including adaptations), people with substance abuse problems or when helping someone to access care services.
Collecting special categories of data also helps us ensure that we meet the Public Sector Equality Duty giving due regard to the need to eliminate discrimination, advancing equality of opportunity and fostering good relations. This means that we may ask you for information about ethnicity, religion or belief and so on but our responsibilities under the Public Sector Equality Duty do not override your right to privacy.
When we collect specific sensitive data we will notify you of how we will use it, and we will tell you who it may be shared with.
We do not process genetic or biometric data for the purpose of uniquely identifying a natural person.
CCTV
We operate CCTV systems at our offices and in public areas at some of our properties. Wherever CCTV systems are operating we will place a notice showing that the scheme is in operation and controlled by Golding.
Our CCTV systems deter crime and promote public safety by helping to identify and prosecute criminal offenders. These systems operate continuously and recordings are held for one month.
You can ask for a copy of any CCTV images taken of yourself by making a Subject Access Request.
We carry out an impact assessment for all locations where we use CCTV. This helps ensure that our use of CCTV is appropriate and proportionate to issues of crime and public safety we are seeking to address and minimises intrusion into individual rights to privacy.
Information we collect via our websites
When you visit our websites we collect standard internet log information, such as your IP address, host name, browser type and operating system.
For more information about our sites usage information from session cookies, please refer to our Cookies Policy - September 2022.pdf [pdf] 123KB .
This information may be used to help diagnose problems with our server and to administer our websites, so we can improve your experience of viewing the sites. We may also use this information for other purposes deemed reasonable and necessary.
Links to other websites
Our websites may contain links to other websites of interest. If you follow a link from the Golding Homes or Golding Places website to an external site, we recommend that you check the Privacy Notice of that site before giving any personal details.
Complaints and enquiries
If you make a complaint or enquiry we may collect and store personal information in relation to it. We will keep your information secure and use it only for the purpose it was collected. When the complaint is resolved or the enquiry is completed, we will retain the information in accordance with our Retention Policy and then destroy it.
How long we keep information
If you become a Golding customer, information relating to your tenancy, lease or other contractual agreement will be kept for as long as the agreement is active or where money is owed on the account, and for a period not exceeding six years afterwards unless required to do so by law as set out in our Retention Policy. The basic history of who occupied a property and when will be held forever.
If you do not become a Golding customer information relating to your application will be held for up to five years after your application is withdrawn or refused.
When we dispose of information we do so securely.
A current or former colleague
Once a person has taken up employment with Golding, we will compile a file relating to their employment. The information contained in this will be kept secure and will only be used for purposes directly relevant to that person’s employment. Once their employment with Golding has ended, we will retain the file in accordance with the requirements of our Retention Policy and then delete it.
What data do we collect from our colleagues?
When you start work for Golding we will ask for:
- your full name (and proof of your identity / photo ID)
- your date of birth
- your Equality and Diversity data
- your National Insurance Number (your unique identifier)
- your student loan and tax status
- details of your driving licence (if relevant to your role)
- your contact details (phone, email, or correspondence address)
- banking details, so we can pay you
We may also collect your personal data via our CCTV systems or in still photographs.
We collect personal and sensitive information relating to our workforce, this includes colleagues, contractors, temporary workers and volunteers. We do this for:
- recruitment and appointment purposes
- administration purposes (e.g. to operate payroll, pensions etc.)
- the purposes of conducting performance reviews, managing performance, and determining performance requirements
- the provision and offer of any necessary support requirements in your role
- compliance with legal or industry standards (e.g. to prove eligibility to work in the UK and meeting our Health and Safety requirements)
- the purpose of conducting transactional surveys to monitor and improve our services, for example following training courses
- monitor Equality and Diversity purposes (the information provided is anonymised and used only for statistical monitoring purposes which help us make improvements)
We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:
- where we need to perform the contract we have entered into with you
- where we need to comply with a legal obligation
- where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests
We may also use your personal information in the following situations which are likely to be rare:
- where we need to protect your interests (or someone else's interests); and
- where it is needed in the public interest or for official purposes
Information is held centrally by our People Team on our computer system. Individuals and line managers can access certain personal information through the People System. Information is held securely and we have security measures in place to protect it.
We will share your data with third parties, including third-party service providers, for example payroll, pension administration, training and support.
We require third parties to respect the security of your data and to treat it in accordance with Data Protection Law.
Unless we advise you otherwise, we will only collect and process personal information to carry out these functions.
Sometimes our People Team may want to make a voice recording of meetings we have with you. This will be for the purpose of accurate notetaking. We will always notify you if we would like to make a digital voice recording of the meeting and seek your approval to do so. Once notes have been typed up and agreed, we will delete any voice recordings.
We may also ask for your consent to collect special categories of data as explained below.
If you provide us with personal information relating to members of your family, next of kin contact information for example, we will assume that you do so with their knowledge and their consent to the collection and processing of the information.
It is important that you notify us of any changes to your personal information.
How we use personal information and the lawful basis for processing
Contractual necessity
Most of the information we collect from our colleagues is required as part of your contract of employment.
Please read your contract of employment for specific details as ‘performance of a contract’ is usually the lawful basis for processing your information as set out in Data Protection Law.
The processing we conduct can be summarised as:
- managing the employer – employee relationship
- arranging to pay your salary, wages, pensions or other benefits
- complying with relevant legislation and regulation
Legitimate interests
The other lawful basis for processing your data, as defined in Data Protection Law, that we regularly rely on is ‘legitimate interest’ (processing is necessary for the purposes of legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests, rights, or freedoms of the data subject).
Our legitimate interests may include the need to:
- eliminate discrimination or advance equality of opportunity
- prevent and detect crime
- conduct research and statistical analysis to help improve our business
- track our vehicles to ensure they are driven responsibly
- monitor, and in some circumstances charge for, the charging of electrical vehicle
- evaluate our performance against other benchmarks
- arranging to provide non contractual benefits
Where you believe that our legitimate interests are overridden by your interests, rights or freedoms, as the data subject you have the right to object.
Special category data
We may process special category or sensitive personal data relating to your health where this is necessary in connection with employment law and/or for the purposes of preventive or occupational medicine.
We also seek your consent to collect some ‘special category’ information from you. This includes information relating to your gender, religious beliefs, ethnicity, and sexual orientation.
We will always give you a ‘prefer not to answer’ option when we ask for this information.
Other lawful bases
In exceptional circumstances there may be another lawful basis for processing your data for example ‘compliance with a legal obligation’ or to ‘protect the vital interests of a data subject or another person’.
How long we keep information
Information relating to your employment is normally kept for six years after your employment ends unless otherwise required by law. Where information relates to employees who worked with asbestos or other substances hazardous to health the retention period is forty years after your employment ends.
When we dispose of information we do so securely.
Sharing your information
Your personal information will only be available to relevant leaders and colleagues in the People team and other relevant teams for the reasons outlined in this Privacy Notice.
Your personal information will be kept secure and confidential. Usually, we will not disclose personal data without consent, but we may share information between the Golding group of companies, with contractors or third parties and other agencies we work with.
Golding shares limited personal information with contractors who are carrying out services on our behalf. This includes payroll and pension providers, companies who provide colleague benefits, companies who provide occupational health services and so on. Our contractors are required to comply with the law to ensure data is managed appropriately and for specified purposes.
All requests for ad-hoc sharing are considered by the Data Protection Officer. In exceptional circumstances we may share your personal information with the police as required by law or where sharing is in your vital interests.
Microsoft Intune
Golding uses Microsoft Intune to control how devices are used, including mobile phones, tablets, and laptops. Intune allows people to use their personal devices for work. On personal devices, Intune helps make sure your Golding data stays protected and can isolate Golding data from personal data.
When you enrol a corporate or personal device with Intune, Intune collects, processes, and shares some personal data to support business operations, conduct business with the customer and to support the service. Required personal data includes identifiable data that may directly identify the end user, or pseudonymized data with a unique identifier generated by the system that is used to deliver the enterprise service to users, support data, and account data.
Intune does not collect nor allow anyone to see the following data:
- An end users’ calling or web browsing history
- Personal email
- Text messages
- Contacts
- Passwords to personal accounts
- Calendar events
- Photos, including those in a photo app or camera.
The lawful basis for processing your personal data for Microsoft Intune, as defined in data protection law, is ‘legitimate interest’. The UK GDPR highlights fraud prevention and network and information security as specific types of processing that are considered legitimate interest.
Windows Hello
Colleagues may be issued with a laptop or other device which has biometric security functionality (fingerprint and facial recognition). This functionality is provided by Microsoft via Windows Hello which may be used by Golding as part of our information security strategy to keep our laptops and systems secure. Colleagues may be asked to set up these new access controls.
Microsoft advise that the biometric data used to support Windows Hello is stripped of any information that could be used to specifically identify you and is stored on the local device only. It does not roam and is never sent to external devices or servers. This means that your biometrics are not processed by Microsoft or Golding as personal data when you log in to our systems.
Personal Use of Golding IT Services
Where Golding provides you with an e-mail address, a way of saving documents or any other IT service, these are provided for business use. Personal use of these services to send private messages or to save personal data or documents is not recommended as it may be necessary for your manager to be given access to your e-mail account or file storage when you leave or in other circumstances. This access will however only be given when there is a clear business need for the access and will be approved by an Executive Director.
Photographs
We may take your photograph for use on your Golding ID card. We may also take photographs at our events, at our properties and in our communities to use for general marketing and publicity.
In these circumstances the legal basis for processing is legitimate interest as described above. We will however respect your wishes if you do not want your photograph to be used in any marketing or publicity materials.
CCTV
We operate CCTV systems at our offices and in public areas at some of our properties. Wherever CCTV systems are operating we will place a notice showing that the scheme is in operation and controlled by Golding.
Our CCTV systems deter crime and promote public safety by helping to identify and prosecute criminal offenders. These systems operate continuously, and recordings are held for one month.
You can ask for a copy of any CCTV images taken of yourself by making a Subject Access Request.
We carry out an impact assessment for all locations where we use CCTV. This helps ensure that our use of CCTV is appropriate and proportionate to the issues of crime and public safety we are seeking to address and minimises intrusion into individual rights to privacy.
Door entry data
Your Golding ID card is used to gain access to our offices via access-controlled door entry systems. These systems record the dates and times you access a Golding office. This data may be reviewed as part of monitoring the effective use of our workspaces and how and where our colleagues are working. The lawful basis for processing data relating to the dates and times colleagues access a Golding office is legitimate interest.
Data matching and analytics
Data matching involves comparing computer records held by one body against other computer records held by the same or another body to see how far they match. This is usually personal information.
Computerised data matching allows employee and benefit fraud to be identified. Where a match is found it may indicate that there is an inconsistency which requires further investigation.
No assumption can be made as to whether there is fraud, error or another explanation until an investigation is carried out.
We may participate in the National Fraud Initiative (NFI) data matching exercise carried out by the Cabinet Office. Our participation in NFI will assist in the prevention and detection of fraud against Golding and other organisations within the private and public sector.
Disclosure & Barring Service (DBS) and Consumer Credit Checks
Golding may carry out DBS and consumer credit checks to screen colleagues and candidates for roles. Under Data Protection Law, the lawful basis for this processing is “legitimate interest”. Golding’s legitimate interest is based on the need to safeguard our customers, especially vulnerable customers, in their homes and elsewhere and safeguarding the business from risks to our financial wellbeing and the integrity of business-critical data.
Applying for a job with us
Job applicants
Personal information about unsuccessful candidates will be held for 12 months after the recruitment exercise has been completed, it will then be destroyed or deleted. We retain de-personalised statistical information about applicants to help inform our recruitment activities, but no individuals are identifiable from that data.
Once a person has taken up employment with Golding, we will compile a file relating to their employment. The information contained in this will be kept secure and will only be used for purposes directly relevant to that person’s employment. Once their employment with Golding has ended, we will retain the file in accordance with the requirements of our Retention Policy and then delete it.
Where we receive CVs from a recruitment agency, we will assume that the candidate has consented to the sharing of their personal information with us by the recruitment agency.
CCTV
We operate CCTV systems at our offices and in public areas at some of our properties. Wherever CCTV systems are operating we will place a notice showing that the scheme is in operation and controlled by Golding.
Our CCTV systems deter crime and promote public safety by helping to identify and prosecute criminal offenders. These systems operate continuously and recordings are held for one month.
You can ask for a copy of any CCTV images taken of yourself by making a Subject Access Request.
We carry out an impact assessment for all locations where we use CCTV. This helps ensure that our use of CCTV is appropriate and proportionate to the issues of crime and public safety we are seeking to address and minimises intrusion into individual rights to privacy.
How we use personal information and the lawful basis for processing
Contractual necessity
Most of the information we collect from colleagues is required as part of your contract of employment between you and Golding.
Please read your contract of employment for specific details as ‘performance of a contract’ is usually the lawful basis for processing your information as set out in Data Protection Law.
The processing we conduct can be summarised as:
- managing the employer – employee relationship
- arranging to pay your salary, wages, pensions or other benefits
- complying with relevant legislation and regulation
Legitimate interests
The other lawful basis for processing your data, as defined in Data Protection Law, that we regularly rely on is ‘legitimate interest’ (processing is necessary for the purposes of legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject).
Our legitimate interests may include the need to:
- eliminate discrimination or advance equality of opportunity
- prevent and detect crime
- conduct research and statistical analysis to help improve our business
- evaluate our performance against other benchmarks
Where you believe that our legitimate interests are overriden by your interests, rights or freedoms, as the data subject you have the right to object.
Consent
We also seek your consent to collect some ‘special category’ information from you. This includes information relating to your health, religious beliefs, ethnicity and sexual orientation.
We will always give you a ‘prefer not to answer’ option when we ask for this information.
Other lawful bases
In exceptional circumstances there may be another lawful basis for processing your data for example ‘compliance with a legal obligation’ or to ‘protect the vital interests of a data subject or another person’.
Data matching and analytics
Data matching involves comparing computer records held by one body against other computer records held by the same or another body to see how far they match. This is usually personal information.
Computerised data matching allows employee and benefit fraud to be identified. Where a match is found it may indicate that there is an inconsistency which requires further investigation.
No assumption can be made as to whether there is fraud, error or another explanation until an investigation is carried out.
We may participate in the National Fraud Initiative (NFI) data matching exercise carried out by the Cabinet Office. Our participation in NFI will assist in the prevention and detection of fraud against Golding and other organisations within the private and public sector.
Right to Work Checks
Golding may carry out right to work checks to screen candidates for roles. Under Data Protection Law the lawful basis for this processing is “legitimate interest”. Golding’s legitimate interest is based on the need to check details of a job applicant’s right to work in the UK, including the types of work they are allowed to do and how long they can work in the UK for, if there is a time limit
Disclosure & Barring Service (DBS) and Consumer Credit Checks
Golding may carry out DBS and consumer credit checks to screen colleagues and candidates for roles. Under Data Protection Law the lawful basis for this processing is “legitimate interest”. Golding’s legitimate interest is based on the need to safeguard our customers, especially vulnerable customers, in their homes and elsewhere and safeguarding the business from risks to our financial wellbeing and the integrity of business-critical data.
Visitors to our websites, to our offices or you get in touch with us in some other way
If you are not a customer or a Golding colleague we may still collect information from you. For example when you:
- apply for one of our properties or services (you may be asked to undergo a verification check)
- call us, write to us, e-mail or meet with us
- respond to a survey
- visit our offices or some of our other properties (we operate CCTV systems at our offices and at some of our properties for the detection and prevention of crime)
- use our social media sites or websites
- We may collect bank details from a family member where you have authorised a payment to be made to them on your behalf e.g. refund
- Provide details to us as a person authorised by one of our customers to make a payment to your bank account on their behalf
Phone calls to our 0300 777 2600 number are recorded for training and monitoring purposes and our recordings are held for a period of six months.
CCTV
We operate CCTV systems at our offices and in public areas at some of our properties. Wherever CCTV systems are operating we will place a notice showing that the scheme is in operation and controlled by Golding.
Our CCTV systems deter crime and promote public safety by helping to identify and prosecute criminal offenders. These systems operate continuously and recordings are held for one month.
You can ask for a copy of any CCTV images taken of yourself by making a Subject Access Request.
We carry out an impact assessment for all locations where we use CCTV. This helps ensure that our use of CCTV is appropriate and proportionate to the issues of crime and public safety we are seeking to address and minimises intrusion into individual rights to privacy.
Marketing
We will only contact you for marketing by electronic means (e.g. telephone calls, texts, emails) where you explicitly opt in and consent to this. When you opt in to receive information about properties we are marketing, we may send you information about similar properties in the same area. You can opt out of receiving our marketing information at any time, by following the guidance set out in the email or text for example. If you have any difficulty opting out you can contact our Data Protection Officer by emailing dpo@goldinghomes.org.uk
Information we collect via our websites
When you visit our websites we collect standard internet log information, such as your IP address, host name, browser type and operating system.
For more information about our sites usage information from session cookies, please refer to our Cookies Policy - September 2022.pdf [pdf] 123KB .
This information may be used to help diagnose problems with our server and to administer our website, so we can improve your experience of viewing the site. We may also use this information for other purposes deemed reasonable and necessary.
Links to other websites
Our websites may contain links to other websites of interest.
If you follow a link from the Golding Homes or Golding Places website to an external site, we recommend that you check the Privacy Notice of that site before giving any personal details.
Security of information
Golding operates a range of information and communications systems and technologies for efficient operation of our business. Personal information is stored and managed within those systems which are maintained to achieve a high level of confidentiality, integrity and availability including following best practice cyber security standards.
We hold information in IT systems which may be copied for testing, backup, archiving and disaster recovery purposes.
When we dispose of information we do so securely.
Board and Committee members
Throughout your appointment as a Board and/or Committee member we will collect and process personal information about you. We do this to:
- Contact you in relation to your role as a Board or a Committee member
- Monitor compliance with the terms of your Agreement for Services and terms of appointment
- Deliver tailored training and support
- Monitor Equality and Diversity (the information provided is anonymised and used only for statistical monitoring purposes which help us make improvements)
Sometimes we may want to make a voice recording of meetings we have with you. This will be for the purpose of accurate notetaking. We will always notify you if we would like to make a digital voice recording of the meeting and seek your approval to do so. Once notes have been typed up and agreed, we will delete any voice recordings.
Information is held centrally by our Governance and Compliance Team on our computer system and relevant contact information is held by individual teams in line with our Retention Policy.
It is held securely and we have security measures in place to protect it.
Contractors, suppliers, partners or agents
We will collect relevant information from you in accordance with our contracts or information sharing agreements.
This may include names and qualification information relating to your staff. The purpose is to enable you to provide services to our customers on behalf of Golding.
Information will be held centrally by our Procurement Team on our computer system and by the relevant team/department in line with our Retention Policy.
It is held securely and we have security measures in place to protect it.
Complaints
Golding tries to meet the highest standards when collecting and using personal information. We take any complaints we receive seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading, inaccurate or inappropriate. Find out more about making a complaint.
If you remain unhappy with our response you have the right to complain to the Information Commissioners Office by calling 0303 123 1113 or using their live chat function on their website Make a complaint | ICO or writing to:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Changes to our privacy notice
This Privacy Notice will be updated to reflect changes either to the way in which we operate or changes to the Data Protection Law.
To make sure that you keep up to date, we suggest that you revisit this Privacy Notice from time to time.