Your information header

Your information header

Your information

'Your Information' is where customers and tenants can access personal data held by Bolton at Home. If you are an organisation you can access the Bolton at Home disclosures process here. 

For further information on GDPR and your personal data please look at the Information Commissioners Office website.

Customers and tenants

Subject access request:

Click here to request access to your personal data

Downloadable version:

Subject access form [docx] 678KB

Request a copy of all information held on you by Bolton at Home.

 

Individuals right request:

Click here to complete an individuals right request

Your rights under GDPR. For example, right to erasure of your personal data.

Businesses

Disclosure request:

Click here to complete a disclosure request

Apply for personal data held by Bolton at Home.

For further information

For further information on GDPR and your personal data please look at the Information Commissioners Office website.

Bolton at Home's Privacy Notice

We've divided our Privacy Notice into a question and answer format to make it easier for you to read, understand and digest.

Click or tap any of the sections to read further details.

Who are we?

At Bolton at Home (BH), we are committed to maintaining the trust of our customers, tenants, workers and job applicants. In particular, we want you to be confident that we are handling your personal data in accordance with the Data Protection Act 2018 (DPA) and UK General Data Protection Regulation (UK GDPR).

We are registered as the data controller with the Information Commissioner's Office under ZA304342 as we will decide how and why we process your personal data.

If you would like to know when and why we collect your personal data, how we use it, the limited conditions under which we may disclose it to others and how long we may keep it for, please read on.

What personal data do we collect and why?

We may collect your personal data and / or special category personal data from you. Personal data are any information that can directly or indirectly identify you. This could include your name, date of birth, IP address and other identifiable data. Special category personal data are any information about your biometrics, ethnic or racial origin, genetics, health, political opinions, religion, sex life, sexual orientation and trade union membership.

See below for details.

Data subjects

Categories of personal data

Purposes for processing

Basis / condition for processing

Customers and tenants.

Personal data and / or Special category data.

Tenancy applications and support (e.g. property allocation and bids, support to sustain tenancy).

Legal bases for processing:

  • with your consent; 

  • because it is necessary for our contract with you for your tenancy;

  • because it is necessary for a legal obligation under your tenancy;  or

  • because it is necessary for our legitimate interests which are linked to your tenancy.

Condition for processing:

  • with your explicit consent relating to your tenancy application and  tenancy.

Customers and tenants.

Personal data and / or Special category data.

Property repair and maintenance (e.g. disability adaptations, general repairs).

Legal bases for processing:

  • because it is necessary for our contract with you for your tenancy;

  • because it is necessary for a legal obligation under your tenancy; or

  • because it is necessary for our legitimate interests which are linked to your tenancy.

Condition for processing:

  • with your explicit consent relating to your tenancy and property requirements.

Customers and tenants.

Personal data and / or Special category data.

Support into work (e.g. CV writing support, training, work placements).

Legal bases for processing:

  • with your consent ; or

  • because it is necessary for our legitimate interests which are linked to your tenancy.

Condition for processing:

  • with your explicit consent relating to the support received to help you back to work.

Customers and tenants.

Personal data and / or Special category data.

Welfare support (e.g. budgeting, debt advice Urban Care and Neighbourhood Centres [UCANs]).

Legal bases for processing:

  • with your consent; or 

  • because it is necessary for our legitimate interests which are linked to your tenancy

Condition for processing:

  • with your explicit consent relating to the welfare support that you accessed .

Customers and tenants.

Personal data and / or Special category data.

Financial processes

(e.g. grant applications, rent payments).

Legal bases for processing:

  • with your consent; 

  • because it is necessary for a legal obligation under your tenancy; or

  • because it is necessary for our legitimate interests which are linked to your tenancy.

Condition for processing:

  • with your explicit consent relating to your tenancy or service accessed.

Customers and tenants.

Personal data and / or Special category data.

General service enquiries.

Legal basis for processing:

  • with your consent. 

Condition for processing:

  • with your explicit consent relating to your service enquiry. 

Customers and tenants.

Personal data and / or Special category data.

Legal requirements        (e.g. criminal offences, court proceedings, insurance claims).

Legal bases for processing:

  • because it is necessary for a legal obligation under the Criminal Justice Act 2015; or

  • because it is necessary for the establishment, exercise or defence of legal claims or where courts are acting in their judicial capacity.

Condition for processing:

  • with your explicit consent relating to your legal requirements. 

Customers and tenants.

Personal data and / or Special category data.

Property purchases (new build and ‘right to buy’).

Legal bases for processing:

  • because it is necessary for a legal obligation under the Government legislation for ‘right to buy’;

  • because it is necessary for a legal obligation under property legislation); or

  • because it is necessary for our legitimate interests which are linked to the property purchase.

Condition for processing:

  • with your explicit consent relating to your property purchase. 

Customers and tenants.

Personal data and / or Special category data.

Neighbourhood safety (e.g. anti-social behaviour, hazard and fault reporting, outreach groups).

Legal bases for processing:

  • with your consent; 

  • because it is necessary for our contract with you for your tenancy;

  • because it is necessary for a legal obligation under your tenancy; or

  • because it is necessary for our legitimate interests which are linked to your tenancy.

Condition for processing:

  • with your explicit consent relating to your anti-social behaviour report, fault or hazard report, or neighbourhood safety.

Customers and tenants.

Personal data and / or Special category data.

Support for tenants with disability (e.g. Careline, property adaptations, rapid response service).

Legal bases for processing:

  • because it is necessary for our contract with you for your tenancy;

  • because it is necessary for a legal obligation under your tenancy; or

  • because it is necessary for our legitimate interests which are linked to your tenancy.

Condition for processing:

  • with your explicit consent relating to your tenancy and tenancy support received.

Customers and tenants.

Personal data and / or Special category data.

Customer complaints, feedback and service evaluation (in relation to service accessed or tenancy).

Legal bases for processing:

  • with your consent;

  • because it is necessary for our contract with you for your tenancy; or 

  • because it is necessary for our legitimate interests which are linked to the service you accessed.

Condition for processing:

  • with your explicit consent relating to your access to our services.

Workers.

Personal data and / or Special category data.

Training & development (e.g. job related and or mandatory training).

Legal bases for processing:

  • because it is necessary for our contract of employment with you; or

  • because it is necessary for our legitimate interests which are linked to your job.

Condition for processing:

  • with your explicit consent relating to your job.

Workers.

Personal data and / or Special category data.

Health and safety (e.g. health and safety and / or risk assessments, occupational health, and public health).

Legal basis for processing: 

  • because it is necessary for a legal obligation under health and safety regulation. 

Condition for processing: 

  • with your explicit consent relating to occupational health and safety. 

  • where it is in your vital interests (GDPR Article 9 (2) (c) 

  • to collect it for public health and or to fulfil a legal obligation (GDPR Article 9 (2) (i) as per the Coronavirus Act 2020 and for a COVID-19 Purpose, as defined by the Health Service (Control of Patient Information) Regulations 2002 

  • to analyse your information (GDPR Article 9 (2) (j) 

Workers.

Personal data and / or Special category data.

Facilities management (e.g. access fobs, identity badges, lockers).

Legal basis for processing:

  • because it is necessary for our legitimate interests which are linked to your job.

Condition for processing:

  • with your explicit consent relating to your job.

Workers.

Personal data and / or Special category data.

Human resources (e.g. absence, employment contracts performance monitoring).

Legal basis for processing

  • because it is necessary for our contract of employment with you.

Condition for processing:

  • because it is necessary for the purposes of preventive or occupational medicine, for assessing the working capacity of an employee, medical diagnosis, the provision of health or social care or treatment or management of health or social care systems and services on the basis of EU or Member State law or a contract with a health professional.

Tenants, customers and workers.

Personal data and / or Special category data.

Partnerships and communications (e.g. corporate events, corporate Facebook account, filming and photographs for marketing).

Legal bases for processing:

  • with your consent; or 

  • because it is necessary for our legitimate interests which are linked to your job.

Condition for processing:

  • Not applicable.

Workers.

Personal data and / or Special category data.

On boarding new starters (induction process).

Legal basis for processing:

  • because it is necessary for our contract of employment with you.

Condition for processing:

  • with your explicit consent relating to your job.

Job applicants.

Personal data and / or Special category data.

Recruitment and selection (recruitment process).

Legal basis for processing:

  • because it is necessary for our contract of employment with you.

Condition for processing:

  • with your explicit consent relating to your job.

Others. Personal data and / or Special category data. Health and safety (e.g. warning codes).

Legal basis for processing:

  • because it is necessary for a legal obligation under the Health & Safety at Work Act 1974.

Condition for processing:

  • because it is necessary for the purposes of carrying out the obligations and exercising BH’s or BH workers’ specific rights in the field of employment law.

 

 

Where you do not provide this personal data and / or special category personal data above, we may not be able to fulfil the corresponding purposes and this may adversely impact on the Services that we are able to provide to you.

We may carry out profiling for the purposes of the Careline and Concierge Services, debt enforcement and recovery, marketing, money advice, property maintenance and repair, recruitment of Board members, tenancy applications and sign up and terminations, and workers’ development and training.

Who do we share your personal data with?

We may share your personal data in certain circumstances with one or more of the following: BH subsidiaries such as Maxmedia and Starts With You, British Gas, DBS check providerseducational and training organisations, external auditors, external property valuers, external service providers, financial organisations, health and social welfare organisations including NHS agencies, care providers, companies directly involved with the provision of food parcels, Support Groups for people who are enlisted to provide emergency responses to vulnerable groups, Home Swapperinsurance companies, local and national government bodies, other employers regarding job references, other housing associations or landlords, pension providers, prison service, regulatory authorities, research organisationssolicitors, the mediatrade unions, Trustmarqueand where required by lawwith other bodies such as the courts and the police. 

How long do we keep your personal data?

We may keep your personal data for no longer than necessary and for a period of up to 15 years in order to provide our Services to you and to fulfil legal, contractual and regulatory requirements.

How do we keep your personal data secure?

We have implemented appropriate technical and organisational measures to protect the confidentiality, integrity and availability of your personal data against unauthorised, unlawful or accidental loss, destruction or damage, including:

  • mandatory and ongoing training and awareness for BH workers to help them understand the importance of information security;
  • conducting a Data Protection Impact Assessment (DPIA) when the intended processing of your personal data is likely to result in a high risk to your rights and freedoms;
     
  • restricting access to your personal data;
     
  • contracts and data sharing agreements with other organisations to help them understand what they are allowed to do with your personal data;
     
  • use of secure email;
     
  • regular system back-ups; and
     
  • secure deletion and / or shredding when your personal data are no longer required.

What rights do you have in respect of your personal data?

You have rights, subject to exemptions, under the DPA and GDPR:

 

  • to be informed via this Privacy Notice about our collection and use of your personal data;
  • to withdraw your consent at any time, where we are relying on your consent as a basis and / or condition for processing;
  • to make a subject access request for a copy of your personal data;
  • to request that we correct your personal data if it is inaccurate or out of date;
  • to request that we erase your personal data where it is no longer necessary for us to retain it;
  • to request a restriction is placed on further processing where there is a dispute in relation to the accuracy or processing of your personal data;
  • to request that we provide you with your personal data and where possible, transmit that data directly to another data controller;
  • to object to the processing of your personal data;
  • to not be subject to automated decision making including profiling; and
  • to lodge a complaint with the Information Commissioner's Office by writing to: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or casework@ico.org.uk.

You may be able to exercise these rights on behalf of other individuals with their express permission.

However, information about a deceased person does not constitute personal data and is not subject to the DPA and GDPR. Therefore, we are not obliged and we will not respond to, requests under the DPA and GDPR in respect of the information of deceased individuals (regardless of your relationship to them) as a matter of course. 

How can you contact us about your personal data?

If you would like to make a subject access request to BH, please complete the online request form here or you can print a copy and submit by post to the address below, if preferred Subject access form[docx] 678KB

Bolton at Home ,

Information Governance Team,

Valley House,
98 Waters Meeting Road,
Bolton BL1 8SW
or email IG@boltonathome.org.uk

Please ensure that you follow the instructions within the form, such as the requirement to provide proof of your identity, as failure to do so may delay our processing of your request.

You can also contact us at the same address if you have any questions or complaints about how we handle, or you would like to exercise your other rights in respect of, your personal data.

Why are we not subject to Freedom of Information?

We are a charitable Community Benefit Society. We do not constitute a public authority under the Freedom of Information Act 2000 (FOIA) and Environmental Information Regulations 2004 (EIR), and therefore, we are not obliged and we will not respond to, requests under such legislation as a matter of course.

However, you are able to consider corporate information that we have chosen to make publicly available in the 'About us' section of our website.

If you would like independent advice in regard to our status under the FOIA and EIR, you may wish to contact the Information Commissioner's Office, which is the regulator for this legislation, by writing to: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or casework@ico.org.uk.

When do we update this Privacy Notice?

We will review this Privacy Notice annually, or sooner if required. The last date of review for this Privacy Notice was 05 February 2024.