Privacy Notice for suppliers and other business contacts
Last updated 6 September 2018
Personal data we collect
We collect personal data about you that you give to us or which your organisation provides to us. This typically includes your:
- Business email
- Business telephone number
- Business postal address
- Details of your qualifications or accreditations, if appropriate
If you visit one of our offices, we will ask for your name, organisation, mobile number, email and car registration details when you sign-in at reception. You may also be recorded by CCTV that we use at our offices.
How we use your personal data
We use your personal data for the purposes of our relationship with you and your organisation and to manage any contract we have with in place. It is in our legitimate interests to work and communicate with individuals at our suppliers and potential suppliers, and at agencies we collaborate with and with other business contacts.
If you visit one of our offices, we use your sign-in information for visitor management and health and safety purposes. We use this information to know who is on site because it is in our legitimate interests to ensure the safety of visitors in the event of an emergency, such as a fire evacuation.
CCTV images are recorded and used only for the purposes of preventing and detecting crime, or a breach of our onsite policies. It is in our legitimate interests to protect our property and assets and to ensure the safety of our employees and visitors.
Sharing your data
Who we share your personal data with
We will share your data with third parties if it is necessary for the purpose for which we have collected and process it. We may also share your personal data with third parties who provide us with services, including our IT and cloud software and service providers.
All third-party service providers to Origin Housing (our data processors) with whom we share your personal data are required to take appropriate security measures to protect your personal data in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
We may also share your personal data with our professional advisers, including our lawyers and auditors where it is strictly necessary or to comply with applicable laws or with valid legal processes, such as in response to a court order.
Location of your personal data
We do not transfer your personal data out of the UK, but our IT and cloud service providers may transfer the personal data we store on their systems outside the European Union, to data centres located in other countries, such as the USA. Where this happens, we will ensure that appropriate safeguards are in place that ensure your personal data is protected to the standard expected in the European Union. These safeguards typically include standard contractual clauses approved by the European Commission for international transfers or (in the case of processors located in the USA) participation in the EU-US Privacy Shield Framework.
How long we keep your data
We only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. In some circumstances we may anonymise your personal data so that it can no longer be associated with you, in which case we may use such information without further notice to you.
Our Data Retention Policy sets out the retention periods for the different types of information we collect and hold. Please contact us is you would like to know the retention period applicable to your personal data.
How we protect personal data
We have implemented appropriate technical and organisational measures to prevent the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, your personal data.
We apply information governance and security best practice. We have implemented appropriate policies and procedures and provide all employees with information security and data protection awareness training. We restrict access to personal data to only those employees who need to know it for the purposes of their role. We have implemented technical security controls, and have back-up and disaster recovery systems in place.
Data subject rights
You have the following rights in respect of your personal data:
- You have the right of access to your personal data (commonly known as a “subject access request”) and can request copies of it and information about our processing of it.
- If the personal data we hold about you in incorrect or incomplete, you can ask us to rectify or add to it.
- Where we are using your personal data with your consent, you can withdraw your consent at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
- Where we are using your personal because it is in our legitimate interests (or those of a third party) to do so, you can object to us using it this way.
- Where we are using your personal data for direct marketing, including profiling for direct marketing purposes, you can object to us doing so.
You can ask us to restrict the use of your personal data if:
- It is not accurate;
- It has been used unlawfully but you do not want us to delete it;
- We do not need it any-more, but you want us to keep it for use in legal claims; or
- if you have already asked us to stop using your data but you are waiting to receive confirmation from us as to whether we can comply with your request.
- In some circumstances you can compel us to erase your personal data or request a machine-readable copy of your personal data to be transferred to another service provider.
How to exercise your rights
If you wish to exercise your rights, please contact us using the information provided below.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
Your duty to update us
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your working/volunteering relationship with us.
If you have any questions, or wish to exercise any of your rights, then you can:
Call us on 0300 323 0325
Email us at firstname.lastname@example.org
Use the enquiry form on our Contact Us page of our website
Write to us at:
St Richards House
110 Eversholt St
You can also contact our data protection officer by emailing email@example.com.
Origin Housing reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. When changes are made, we will update the ‘Last Updated’ date at the top of this page. We may also notify you in other ways from time to time about the processing of your personal information.