Sanctuary Scotland Privacy Statement - Freedom of Information (Scotland) Act 2002
1. Purpose of our Privacy Statement
1.1 Under the Data Protection Act 2018 and the General Data Protection Regulation, we are required to explain to you why we are asking for this information about you, how we intend to use the information you provide and whether we will share this with anyone else.
2. Who are we?
2.1 We are Sanctuary Scotland Housing Association Limited, a part of Sanctuary Group (“Sanctuary”) one of the UK's leading providers of housing, care and commercial services. Our address is 7 Freeland Drive, Priesthill, Glasgow, G53 6PG.
3. Our Data Protection Officer
3.1 Our Data Protection Officer is responsible for overseeing what we do with your information and monitoring our compliance with data protection laws.
3.2 If you have any concerns or questions about our use of your personal data, you can contact our Data Protection Officer by writing to The Data Protection Officer, Sanctuary House, Chamber Court, Castle Street, Worcester, Worcestershire, WR1 3ZQ or emailing firstname.lastname@example.org.
4. Why are we collecting your information?
4.1 The information that you provide during the course of your interaction with us is required by Sanctuary in order to process your request for information under the Freedom of Information (Scotland) Act 2002 (“FOI”) or the Environmental Information (Scotland) Regulations 2004 (“EIR”).
4.2 We will also use your information if you ask us to review a decision we have made in response to your FOI/EIR request, or if you make an appeal to the Scottish Information Commissioner about your request.
4.3 Our aim is that by further understanding your individual needs, we will be able to provide an improved service.
5. What information are we collecting?
5.1 We are collecting information about you which you provide to us on the forms completed and in any correspondence or discussions with you during the course of your interactions with us. This will include your name, your contact details (email, phone or correspondence address), and details about anyone who is authorised to act on your behalf.
5.2 Some of the information which we collect may be special categories of personal data (also called sensitive personal data), which could include information about your specific needs or any disability you may have.
6. What we are going to do with your information
6.1 The information you provide to us will be used for the following purposes:
6.1.1 It will be stored and used by us in accordance with this privacy statement and also in accordance with your rights under the Data Protection Act 2018 and the General Data Protection Regulation;
6.1.2 It will be collected and used by us fairly and openly for the purpose of responding to and dealing with your FOI/EIR request, and any reviews or appeals raising out of your request;
6.1.3 It will allow us to provide a service which are tailored to your needs;
6.1.4 It will be used to improve the services we provide to you or others; and
6.1.5 It will be used to provide you with a suitable response and potentially signpost you to more appropriate agencies;
6.1.9 It will be used for the fulfilment of our regulatory and legislative requirements, and specifically our obligations under the FOI and EIR; and
6.1.10 It will allow us to make contact with you in the most appropriate way. For example, we may be able to provide literature in large print if you have difficulty reading smaller print; or provide documents in an alternative language if English is not your first language.
6.2 An understanding of your personal situation and individual needs will allow us to provide a tailored service that meets any physical, cultural or financial needs that you may have.
7. What is the legal basis for using your information?
7.1 In accordance with the data protection laws, we need a "legal basis" for collecting and using information about you. There are a variety of different legal basis for processing personal data which are set out in the data protection laws.
7.2 The lawful basis on which we rely in order to use non-sensitive information which we collect about you for the purposes set out in this notice will be that it is necessary for us to comply with a legal obligation to which we are subject.
7.3 The lawful basis on which we rely, in order to use your special categories of personal data which we collect about you (in other words, your sensitive data), will be that it is necessary for us to assess your needs, so that we can comply with our obligations under social protection law and as a social landlord.
8. Sharing your information
Members of Sanctuary Group
8.1 Sanctuary Group is made up of a number of related companies. We will share your information with other members of Sanctuary Group where necessary in order to best provide the services to you in accordance with the contract between us.
8.2 Your information will only be accessed by other companies in the Group where it is necessary to do so in order to provide services to you in accordance with our contract. The obligations which are set out in this notice shall apply to the other members of the Group to the same extent that they apply to us.
8.3 For more information on which companies make up Sanctuary Group, please go to www.sanctuary-group.co.uk/about-us.
Contractors and sub-contractors
8.4 It may be necessary to share information about you with our contractors and sub-contractors in order to provide you with the services in accordance with the contract between us. We will only share information about you with the contractors and sub-contractors which is relevant and necessary to address your individual needs. The contractors and sub-contractors shall be contractually required to ensure that they adhere to the security requirements imposed by the Data Protection Act 2018 and / or the General Data Protection Regulation (as applicable).
8.5 Our contractors and sub-contractors will not share your information with any other parties and will only be able to use the information when completing work on behalf of us.
Regulators and other legal obligations
8.6 We may also be required to share your information with our regulators who are permitted access to this information by law and with other organisations where we have a legal obligation to share the information with them.
8.7 We may from time to time share your information with other organisations, including, but not limited to:
8.7.1 the police for the purpose of detection and prevention of crime;
8.7.2 organisations such as local government, with a function of auditing and / or administering public funds for the purpose of detection and prevention of fraud or reduction of homelessness;
8.7.3 statutory and / or voluntary bodies with a function of providing support and social care;
9. Transferring your information abroad
9.1 We will not transfer the information you provide to us outside of the European Economic Area.
10. Security of your information
10.1 The information that you provide will be stored securely on our systems and any forms that you complete will be shredded. Our security measures and procedures reflect the seriousness with which we approach security and the value we attach to your information.
10.2 Only relevant members of staff will access the information you provide to us, and all staff are subject to duties of confidentiality.
11. Can we use your information for any other purpose?
11.1 In limited circumstances we may use your information for a purpose other than those set out in this policy. If we intend to do so, we will provide you with information relating to that other purpose before using it for the new purpose.
12. Storing your information and deleting it
12.1 We will store the personal data which you provide to us in accordance with the provisions of our Records Management Policy. Once the identified purpose comes to an end, unless there is another identifiable purpose for which it is necessary to hold on to your information, we will delete it.
13. Your rights
13.1 In relation to the information which we hold about you, you are entitled to:
13.1.1 Ask us for access to the information;
13.1.2 Ask us to rectify the information where it is inaccurate or is incomplete;
13.1.3 Ask us to erase the information, and take steps to ask others with whom we have shared your information, to erase it;
13.1.4 Ask us to limit what we do with your information;
13.1.5 Object to our use of your information and ask us to stop that use;
13.1.7 Instruct us to provide you with the information we hold about you in a structured and commonly used format or transmit that information directly to another organisation (for example, if you want the information to be sent to another housing provider).
13.2 Our obligations to comply with the above rights are subject to certain exemptions.
13.3 Where we are using your information because you have provided your consent to that use, you are entitled to withdraw your consent at any time. The lawfulness of our use of your information before consent was withdrawn is not affected.
13.4 To exercise any of the rights referred to above, you should contact our Data Protection Officer by writing to The Data Protection Officer, Sanctuary House, Chamber Court, Castle Street, Worcester, Worcestershire, WR1 3ZQ or emailing email@example.com.
13.5 You also have the right to complain to the Information Commissioner's Office (the "ICO") if you are not satisfied with the way we use your information. You can contact the ICO by writing to Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.