TENANTS PRIVACY NOTICE
Effective Date 3 June 2021
Beresfords is committed to protecting the privacy and security of your personal information. We take care to protect the privacy of our prospective tenants, former tenants and those that resided with them throughout any active tenancy.
Throughout this document we refer to Data Protection Legislation which means the Data Protection Act 2018 which incorporates the General Data Protection Regulation (GDPR), the Privacy and Electronic Communications (EC Directive) Regulations 2003 and any legislation implemented in connection with the General Data Protection Regulation which is the governing legislation that regulates data protection across the EEA. This includes any replacement legislation coming into effect from time to time.
Our Data Protection Officer is;
The DPO Centre Ltd
50 Liverpool Street
London EC2M 7PY
1) Purpose of this document
Beresfords is a "data controller". This means that we are responsible for deciding how we hold and use personal information about you. This policy is designed to make you aware of how and why your personal data will be used as stated below, and how long it will usually be retained for. It provides you with certain information that must be provided under the Data Protection Act 2018.
In general, we use your personal information to comply with the law, carry out our obligations to you and to ensure you are and remain a suitable tenant able to fulfil your obligations to us.
What personal information is being collected:
In connection with your application, we will collect, store, and use the following categories of personal information about you:
- Personal contact details such as name, title, addresses, telephone numbers, and personal email addresses.
- Date/s of birth.
- Marital status, number and age of children and dependants.
- Next of kin and where relevant, information on any Guarantors or emergency contacts.
- Financial details such as bank accounts, financial history, credit history and County Court Judgements (CCJs) (if relevant).
- Employment details such as salary, national insurance number, workplace location and employer reference.
- Immigration details such as passport, visa, or other proof of right to reside in the UK.
- Previous tenancy details and landlord reference.
- Educational details if you are a student and student card.
- CCTV footage obtained through electronic means when on our premises.
We may also collect, store, and use the following types of more sensitive personal information:
- Information about your race or ethnicity, religious beliefs, sexual orientation, and political opinions. This data is collected for FCC Paragon (fccparagon.com) who act as our third-party referencing service. They collect these types of data which is based on consent and is optional for equality monitoring.
- Information about your health, including any medical condition, health, and sickness records. This data is collected by Beresfords to support your offer of a tenancy to any prospective landlords if you have a disability or claiming benefits (as examples). FCC Paragon will additionally ask for this data and supporting documents for their referencing purposes.
- Information about criminal convictions and offences. As part of the tenancy application process Beresford’s use FCC Paragon to conduct referencing and credit checks on any prospective tenants over the age of 18 who are part of the application process. Such checks may reveal information about any related criminal convictions or offences. Beresford’s do not keep a copy of any convictions or offences in any of our files or systems.
2) How we gather personal information
We gather personal information:
- Directly from you, for example when you call to book a viewing or apply to let a property.
- By observing how you use our products and services, for example from the transactions and operation of your accounts and services from other organisations such as credit reference and fraud prevention agencies.
- From other people who know you including joint account holders, guarantors, and people you are linked to financially.
- We also may gather personal information from monitoring or recording calls and if we use CCTV. We may record or monitor phone calls with you for regulatory purposes, for training and to ensure and improve quality of service delivery, to ensure safety of our staff and customers, and to resolve queries or issues. We may also use CCTV on our premises to ensure the safety and security of our staff and customers.
- We may also gather personal information from referees such as previous and current employers, past landlords and accountants if you are self-employed.
3. How we use information about you and our legal basis
The law requires that we provide you with information about the legal basis on which we process your personal data, and for what purposes.
In general terms, we will use the personal information we collect about you to:
- Assess your suitability for a tenancy and reaching a decision over your related application.
- Carry out background and reference checks, where applicable.
- Communicate with you about the tenancy process
- Determine the terms on which you rent from us.
- Check the Right to Rent – this is a legal obligation as it is a legal requirement to collect this information to check that a prospective tenant is legally entitled to reside in the United Kingdom.
- Receive your rent and deposit.
- Administer the contract that we have entered into with you.
- Business management and planning, including accounting.
- Make decisions about you continuing as a tenant when your tenancy expires.
- Make arrangements for the termination of your tenancy.
- Deal with legal disputes involving you, including accidents at your rented premises.
- Comply with health and safety obligations.
- Prevent fraud.
- Conduct data analytics to review and better understand tenancy retention and attrition rates.
Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information.
- When you have entered into a tenancy contract with us.
- Where we need to comply with a legal obligation.
- Where it is necessary for our legitimate interests (or those of a third party). Your interests and fundamental rights do not override those interests.
- You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.
- Special protection is given to certain kinds of personal information that is particularly sensitive. This includes information about your health status, political views, religious or similar beliefs, racial or ethnic origin, sex life or sexual orientation, genetic or biometric identifiers, trade union membership or criminal convictions or allegations. We will only use this kind of personal information where:
- We have a legal obligation to do so.
- It is necessary for us to do so to protect your vital interests.
- It is in the substantial public interest.
- It is necessary for the prevention or detection of crime.
- It is necessary for insurance purposes.
- You have given us explicit consent to use the information.
4. If you fail to provide personal information
If you fail to provide information when requested, which is necessary for us to consider your application, we will not be able to process your application successfully. For example, if we require a credit check or references for this tenancy and you fail to provide us with relevant details. Sharing your Information
We may share limited personal data with our contractors who are carrying out services on our behalf including but not limited to:
- To carry out emergency, responsive, or planned property repairs
- To provide a language translation service if it is necessary to translate any information into or from a foreign language for you.
- To carry out research, survey, and segmentation on our behalf to help us to improve the services we offer to you, and
- Seek advice from our professional and legal advisors for the purposes of taking advice.
- Our contractors are required to comply with the law and our own Data Processing Agreement or Data Processing Clauses within our contracts to ensure data is managed appropriately and for specified purposes.
- We may need to share personal information with local authorities, government departments and agencies, with our regulator and auditors, with utility companies or with other organisations and agencies where we are legally allowed to do so.
- We may be required to share personal information with statutory or regulatory authorities and organisations to comply with statutory obligations.
- If we do share personal information with external third parties, we will only share such personal information strictly required for the specific purposes and take reasonable steps to ensure that recipients shall only process the disclosed personal information in accordance with those purposes.
- All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
Beresford’s undertake marketing to help promote our products and services. In each communication you have the ability to ‘opt out’ and unsubscribe. We do not share any personal data for marketing purposes with any third-party companies.
6. Data Security
- We have put in place appropriate security measures to prevent your personal information from being accidentally lost, misused, or accessed in an unauthorised way, altered, or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your personal information on our instructions and are subject to a duty of confidentiality.
- We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
- Your personal information is stored on our paper and IT filing systems which may be copied for testing, backup, archiving and disaster recovery purposes. Access to your information is limited to those who require it to provide services to you. All data is held within the UK.
- If any of your personal information is transferred out with the European Union or the European Economic Area by any of our contractors, we will ensure that there are adequate safeguards in place to protect your personal information in accordance with the General Data Protection Regulation and applicable UK Data Protection Legislation.
7. Data Retention
The personal information that you provide will be retained by us in accordance with applicable laws and our internal Retention Policy. We will only hold your personal information on our systems for as long as is necessary and will destroy or de-identify personal information we hold after its retention period. You can request a copy of our Retention Policy by contacting us at firstname.lastname@example.org
Under certain circumstances, by law you have the right to:
- Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your situation, which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party.
If you want to review, verify, correct, or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact email@example.com
If you have any questions about this privacy notice or how we handle your personal information, please contact the DPO using their details above or firstname.lastname@example.org
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues.
Information Commissioner - https://ico.org.uk/
Telephone helpline - 0303 123 1113