Our Privacy Notice
This Privacy Notice applies to individuals contacting us, website users and visitors to our offices
Last Updated: 26 June 2018
Origin Housing (“we”, “our”, “us”) is a registered social landlord, providing affordable housing and related care and support services to the people who live in them.
We collect personal data from individuals (“you”) who visit our website, contact us, or visit our offices. Personal data means information which can be used to identify you directly or indirectly. The data controllers are Origin Housing Limited and Origin Housing 2 Limited, having registration numbers are Z6107036 and ZA003434.
The Privacy Notice explains what personal data we collect about you and how we use it. Your privacy is important to us and we are committed to protecting your personal data. We explain what your rights are below. You can contact us if you have any questions about how we use your personal data or about your rights.
Individuals contacting us
Personal data we collect
If you contact us by phone, email, using the contact forms on our website or through one of our social media channels (including Twitter, Facebook, LinkedIn and Instagram), we will collect the personal data you provide us. This mostly includes your:
- Email address, phone number and any other contact details
- Organisation/company/employer name (if applicable)
- Any additional information you include in your message
How we use your personal information
We use your personal data to respond to your enquiry and to get in touch with you because it is in our legitimate interests to respond to enquiries, complaints, compliments and other communications made by telephone or through our website, email or social channels. We may also ask you to respond to surveys or polls on our website because it is in our legitimate interests to improve our services and website.
If you have given us your consent, we will also use your personal data to contact you with our latest news and details of our services and for other marketing purposes. We will not share your personal details with third party marketing agencies. You can choose to opt out of receiving any direct marketing by contacting us.
To learn more about cookies and web beacons, and what you can do to opt-out of receiving them, please view our Cookies Notice.
Personal data we collect
We automatically collect limited personal data when you visit our website, using cookies and analytics technologies. These collect anonymous information on the behaviour of visitors rather than directly identifiable information.
The analytics tools we use on our website include:
- Google Analytics: This tracks your use of and interaction with our site, including the referring site which brought you to our website. The Google Analytics cookie includes a unique ID which is used to identify your browser and track your use of our site (and other sites which use Google Analytics). You can learn more about Google Analytics and Google’s approach to privacy at this link.
- Hotjar: Hotjar tracks your user behaviour when you visit our website including through heatmaps, screen activity recording, form analysis, feedback surveys and website polls. The Hotjar cookie includes a unique ID which is used to identify your browser and track your use of our site. It includes suppression tools to ensure that personal data which would directly identify you is not collected. You can learn more about Hotjar’s approach to privacy at this link.
How we use your personal data
Third party links and embedded videos our website
Our website includes links to and embedded content from third party sites. These sites may collect your personal data if you follow them or use the embedded content. We link to third party sites including LinkedIn, Twitter, Facebook and Instagram. If you follow these links, our privacy notice no longer applies and the data controller is the website provider (such as LinkedIn or Twitter). Please read the privacy notices provided by the third party sites for more information on how they collect and process your personal data.
If you view a YouTube video embedded on our website, Google will collect information about your viewing activity. This information includes your IP address and geographical location. Google is the data controller for this information. Google’s privacy notice is available at this link.
Other software embedded or linked to from our website
Our website also incorporates technology provided by our third party suppliers, who collect and process your personal data on our behalf as our data processor and who may only use your personal data in line with our instructions and not for any other purpose. These include:
- Orchard: self-service housing management software we use
- CIPHR: iRecruit recruitment software we use
- Typeform: webform and survey software we use
- Setmore: appointment scheduling software we use
- Skedda: venue booking and scheduling software we use
Some of these providers will set the necessary cookies to allow you to use the website and ensure your security.
Visitors to our offices
Personal data we collect
If you are a visitor to one of our offices, we will ask for your name, organisation, mobile number, email and car registration details when you sign-in at reception. You may also be recorded by CCTV that we use at our offices.
How we use your personal data
We use your sign-in information for visitor management and health and safety purposes. We use this information to know who is on site because it is in our legitimate interests to ensure the safety of visitors in the event of an emergency, such as a fire evacuation.
CCTV images are recorded and used only for the purposes of preventing and detecting crime, or a breach of our onsite policies. It is in our legitimate interests to protect our property and assets and to ensure the safety of our employees and visitors.
Sharing your data
Who we share your personal data with
We will share your data with third parties if it is necessary for your enquiry. We also share your personal data with third parties who provide you or us with services, including our IT and cloud software and service providers, such as those used on our website (listed above).
All of our third-party service providers (our data processors) who we share your personal data with are required to take appropriate security measures to protect your personal data in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
We may also share your personal data with our professional advisers, including our lawyers and auditors where it is strictly necessary or to comply with applicable laws or with valid legal processes, such as in response to a court order.
Location of your personal data
We do not transfer your personal data out of the UK, but our IT and cloud service providers may transfer the personal data we store on their systems outside the European Union, to data centres located in other countries, such as the USA. Where this happens, we will ensure that appropriate safeguards are in place that ensure your personal data is protected to the standard expected in the European Union. These safeguards typically include standard contractual clauses approved by the European Commission for international transfers or (in the case of processors located in the USA) participation in the EU-US Privacy Shield Framework.
How long we keep your data
We only keep your personal data for as long as needed for the purposes we collected it for, including satisfying any legal, accounting, or reporting requirements. In some circumstances we may anonymise your personal data so that it can no longer be associated with you, in which case we may use such information without letting you know.
We have a data retention policy which sets out how long we keep different types of information for. We follow legal requirements and best practice. Please contact us if you’d like to understand how long we retain your data for.
How we protect your personal data
We have implemented appropriate technical and organisational measures to prevent the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, your personal data.
We apply information governance and security best practice. We have implemented appropriate policies and procedures and provide all employees with information security and data protection awareness training. We restrict access to personal data to only those employees who need to know it for the purposes of their role. We have implemented technical security controls, and have back-up and disaster recovery systems in place.
These are your rights as an individual whose personal data we process, if you’d like to speak with us about this, please fill out the form on the Contact Us page.
- right to be informed: in this privacy notice we let you know how we use your personal data through our website.
- right of access: if you want to find out more about the personal information we have about you, you can make a subject access request.
- right to rectification: you can let us know that we’ve got incorrect or incomplete information about you, so that we update it and we’ll let you know we’ve done so.
- right to be forgotten: you can ask us to get rid of personal information we have about you unless we have reasonable grounds to refuse to get rid of it. If you’d like to find out what these grounds are, please use the contact form.
- right to restrict processing: if you ask us to stop processing your data, we’ll only keep the amount of personal data about you that we need to make sure no more processing happens.
- right to data portability: in some cases you can ask for a copy of your personal data and for it to be sent to another data controller.
- right to object: unless we have good enough legitimate grounds for processing your data, you can object to us processing it.
- rights with respect to automated decision-making and profiling: automated decisions and automated processing of personal data to evaluate certain things about you
- right to report a concern: you can report a concern to the Information Commissioner’s Office here.
What you can do if you’ve got a complaint
- If you feel we haven’t handled your personal data properly, you can log a complaint with us by using our contact form here, sending an email to firstname.lastname@example.org or by calling 0300 323 0325.
- You can also contact the Information Commissioner’s Office for advice on your rights.
You can contact us about data protection by:
St Richards House
110 Eversholt St
You can also contact our data protection officer by emailing email@example.com
We may update this Privacy Notice from time to time in response to changes in applicable laws and regulations, to our processing practices and to services we offer. When changes are made, we will update the ‘Last Updated’ date at the top of this page. Please review this Privacy Notice periodically to check for updates.