Your Privacy

Introduction

Northamptonshire Partnership Homes (NPH) is committed to protecting and respecting your privacy. NPH and our subsidiary Happy to Help, hold personal information about our customers to allow us to provide a range of services.

Both NPH and Happy to Help are registered Data Controllers with the Information Commissioners Office (ICO).

On 1st January 2021 the UK GDPR replaced the GDPR, which is substantially similar to the EU GDPR, and works in conjunction with the Data Protection Act 2018.

You can contact our designated Data Protection Officer (DPO) by email at dataprotectionNPH@nph.org.uk , or by phone on 0300 330 7003. You can also write to the DPO by post at Northamptonshire Partnership Homes, The Guildhall, St Giles Square, Northampton, NN1 1DE.

Scope/ Purpose

This policy deals with NPH’s collection, use, sharing, retention and destruction (this is known as ‘processing’) of your information. The policy will also explain how the information is kept securely.

The policy covers the data which NPH and Happy to Help hold, as well as any data provided to contractors or service providers who carry out services on behalf of NPH.

The information mentioned in the policy includes all paper records, electronic records as well as audio and video records.

This privacy notice was last updated April 2025.

 

Personal Information is defined in the UK GDPR. It is any information which can be used to identify a living individual either directly or indirectly. It therefore includes for example, name, address, online profiles, cookie identifiers, and other identifiable information. Special Category Data – is personal data which is considered to be sensitive and therefore requires specific protection. The categories of special category data are:
  • race or ethnic origin
  • political views and affiliations
  • religious or philosophical beliefs
  • trade union membership
  • genetics
  • biometrics (where used for ID purposes, for example, facial recognition)
  • health
  • sex life or sexual orientation
NPH will collect personal information and when necessary relevant special category data so that we can manage and provide services to you as set out in the tenancy agreement.

All processing of personal information held by NPH is done in accordance with the provisions of the UK GDPR and the Data Protection Act 2018. The UK GDPR sets out the key principles for processing information as:
  • The processing must be done lawfully, fairly and transparently;
  • The information must be collected for a specific legitimate purpose;
  • Only the data relevant for the specific purpose is to be collected;
  • The data must be kept Accurate and up to date;
  • Data is only retained for as long as is necessary for the purpose for which it was collected or in accordance with legal provisions;
  • That there are appropriate technical and/ or organisational measures in place to ensure that the personal information is kept secure.

We can only process your personal information if we have a legal basis for doing so. The lawful bases which NPH will utilise are:
  • Performance of the contract we have entered into with you;
  • To comply with a legal obligation;
  • It is necessary for the performance of a task carried out in the public interest or an official function which has a clear basis in law;
  • Pursuit of a legitimate interest of NPH or a third party;
  • To protect your vital interests;
  • You, your legal representative or other properly authorised person have provided consent for the processing of the information. To ensure that the consent is freely given, specific and understood you will be requested to either tick a box or provide a signature confirming the consent. At the time your consent is requested, NPH will provide:
  1. Details on what the information will be processed for;
  2. Who will have access to the information;
  3. Who it will be shared with;
  4. How long the information will be retained;
  5. The steps that will be taken to ensure it is stored securely, and
  6. That the consent may be withdrawn at any time.
In order to withdraw consent please contact the Data Protection Officer on 0300 330 7003 or by email at dataprotectionNPH@nph.org.uk If the information you provide us contains special category data, this requires a further lawful basis to those listed above. These are:
  • for reasons of substantial public interest
  • to establish, exercise of defend legal claims
  • for preventative and occupational medicine and the assessment of the working capacity of an employee
  • provision of health and social care treatment or the management of health and social care systems
  • carrying out obligations and exercising specific rights in the field of employment and social security and social protection law with your explicit consent
  • to protect an individual’s vital interests
  • processing personal data which are manifestly made public by you

Your information is collected in several ways:
  • Directly from you when you contact NPH or sign up to a service. This includes face to face contact, telephone calls, letters, documents and emails;
  • We sometimes receive personal data about individuals from third parties – for example, we may be working with another organisation such as the police or social services.
  • We may use third parties to help us conduct research and analysis on personal data and this can result in new personal data being created. We will let you know if this happens.
  • We collect information from social media when you have given us permission to do so, this includes posting on one of our social media sites.
  • Surveillance systems such as CCTV

NPH will collect and use personal information to manage your tenancy and to understand your needs in order to offer appropriate services to you. Your personal information will also be used to make contact with you and to involve you in surveys or consultations so as to obtain your opinion.

We use personal data to communicate with you. This includes keeping you up to date with our news, updates, campaigns and ways you can get involved. We may use your data to contact you by text message regarding your rent account payments and repairs appointments. We may use the information to notify you of forthcoming events and to send you the NPH newsletter, Your Voice. You can opt into or out of these services at any time by sending an email to dataprotectionNPH@nph.org.uk

We use your personal data for administrative purposes and this includes:
  • receiving rent payments
  • maintaining databases of our staff, Board, panel members and contractors;
  • performing our obligations under the tenancy contract, such as repair appointments; and
  • to help us respect your choices and preferences.
We process personal information to enable us to provide social housing accommodation and services which include:
  • letting, renting and leasing properties;
  • carrying out research;
  • contacting you to take part in surveys;
  • administering housing and property grants;
  • providing associated welfare services, advice and support;
  • maintaining our accounts and records;
  • supporting and managing our employees, agents, and contractors;
  • the sale or disposal of property owned by WNC; and
  • customer engagement, feedback and satisfaction surveys.
We evaluate and categorise personal data so that we can tailor needs, services and communications. This also helps us improve our organisation and the service we provide. When we use information in this way, we will make sure that the data is deleted immediately after use or if stored that it cannot be linked to a specific individual.

Information will be shared among officers, Councillors and partner agencies where the law requires or allows it in order to deliver necessary services to you. Where this happens we will comply with all aspects of the Data Protection Act (DPA). There may be occasions when we are legally obliged to share data without your/the data subject’s consent, but we will be able to advise you why the data was shared. Where necessary or required we share information with:
  • current, past or prospective employers;
  • family, associates and representatives of the person whose personal data we are processing;
  • educators and examining bodies;
  • third party suppliers and service providers;
  • financial organisations;
  • central government, MP’s and Councillors;
  • auditors;
  • survey and research organisations;
  • other housing associations or trusts;
  • trade unions and associations;
  • health authorities;
  • enquirers and complainants;
  • health and social welfare organisations;
  • professional advisers and consultants;
  • probation services;
  • charities and voluntary organisations;
  • police forces;
  • courts and tribunals;
  • professional bodies;
  • employment and recruitment agencies;
  • credit reference agencies;
  • debt collection agencies;
  • private landlords;
  • press and the media;
  • local Government ombudsman and housing ombudsman; and
  • consulting and advisory services.
Information is sometimes processed for consultancy and advisory services that are offered. For this reason, the information processed may include name, contact details, family details, financial details, and the goods and services provided. We will, where possible anonymise the data being shared for this purpose. As part of the Rental Exchange scheme, we will share your tenancy information with Experian, including your rent history, to enable tenants to strengthen their credit report without the need to take on new credit. Full details of the Rental Exchange scheme is available either on request, or by visiting The Rental Exchange for Tenants The Experian Rental Exchange scheme privacy notice can be found here: Privacy and Your Data | Experian Any concerns about the use of your personal data in the Rental Exchange Scheme should be address to the NPH Data Protection Officer: information@nph.org.uk We take part in the Continuous Recording of Lettings and Sales in Social Housing in England, otherwise known as CORE, for all new tenancies. CORE provides the Ministry of Housing, Communities and Local Government (MHCLG) with details of all new lettings, including personal information for research and statistical purposes The MHCLG has produced two Privacy Notices for your information
  • Privacy Notice – All Tenants
  • Privacy Notice – New Tenants
Any concerns about the use of your personal data in CORE should be addressed to dataprotection@communities.gsi.gov.uk NPH has partnered with Energy Angels (EA) to provide services which include transferring the energy supply at the void stage of a property and ensuring that new tenants are offered a choice and value for their energy supply in their new property. To comply with the Data Protection Act 2018 and GDPR, please refer to the Energy Angels Privacy Notice here: Energy Angels Privacy Notice

We have a responsibility to make sure that the information we hold is accurate and up to date. To help us with this, we would ask that you speak to your Housing Officer or call 0300 330 7003 to report any changes that may affect your tenancy. This includes:
  • new or alternative telephone numbers;
  • additions or reductions to your household; and
  • any other changes to your circumstances which may affect your tenancy.
You have the right to request that incorrect data is corrected, blocked from sharing, erased or destroyed. This may not always be possible, we will let you know the reasons if your request cannot be met.

NPH will not keep information for longer than is necessary. There are specific legal requirements which NPH must comply with, and which may result in the information being kept for longer periods than would be expected. NPH has a Data Retention and Destruction Policy to make sure that your information is destroyed within the appropriate timescale – a copy of the policy is available on request. We may anonymise your personal data (so it can no longer be associated with you) for research or statistical purpose. In this case we may use the information indefinitely without further notice to you.

NPH will make sure that appropriate technical and organisational measures are taken to prevent unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data. We will also make sure that any recipients of shared data will abide by the Data Protection Act and have in place an adequate level of training for staff, security procedures and programmes which meet the Data Protection Act 2018 and the General Data Protection Regulations required standard.

Our publication, ‘Your Voice’, may contain marketing for third party services such as our Community Interest Company ‘Happy to Help’ and for services such as home insurance which are aimed at assisting and benefitting out tenants. You can opt into or out of receiving the publication at any time. We will comply with the provisions of the Privacy and Electronic Communications Regulations 2003 (PECR) in respect of all electronic communications relating to marketing.

It may sometimes be necessary to transfer personal information overseas if NPH used third party providers who held the data outside the UK. There are specific guidelines within the Data Protection Regulations which govern the security of any such transfers whether within the European Economic Area (EEA) or to a country outside of it. Any transfers made will be in full compliance with all aspects of the Data Protection Regulations. If you wish to obtain information about the specific mechanism used by us when transferring your personal data out of the EEA, this is available on request.

You have several rights in relation to the personal information that NPH holds about you:
  • Access – You have the right to ask us for copies of your personal information. This can be done by email, telephone call, letter, in person or by completing this Subject Access Request form.
  • Rectification – You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • Erasure – You have the right to ask us to erase your personal information in certain circumstances.
  • Restriction of processing – You have the right to ask us to restrict the processing of your information in certain circumstances.
  • Object to processing – You have the right to object to the processing of your personal data in certain circumstances.
  • Data portability – You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.
  • Automated decisions and profiling – You have the right to object and opt out of your personal information being used for profiling, direct marketing or research purposes. We will only use your information to profile you with your consent and in order to deliver appropriate services to you. In some circumstances the law requires us to carry out automated decision-making activities, but you will be advised of these.
  • Consent – where we have asked for your consent to process your personal data, you have the right to withdraw that consent at any time.
To exercise your rights please contact the Data Protection team on dataprotectionNPH@nph.org.uk or on 0300 330 7003. You can also write to the DPO by post at Northamptonshire Partnership Homes, The Guildhall, St Giles Square, Northampton, NN1 1DE. For further information on your rights or if you are not satisfied with the way NPH has handled your personal information, you have the right to complain to the Information Commissioner’s Office. The ICO is an independent body set up to uphold information rights in the United Kingdom. They can also provide advice and guidance, and can be contacted through their website, via their helpline on 0303 123 1113, or in writing to: Information Commissioner’s Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF

NPH participates in the Cabinet Office’s National Fraud Initiative (NFI), a data matching exercise to assist in the prevention and detection of fraud, as we are required by law to protect the public funds it administers. We are required to provide sets of data to the Minister for the Cabinet Office for data matching. Data matching involves comparing computer records held by one body against other computer records held by the same or another body to see how far they match. This is usually personal information. We may therefore share information with other bodies responsible for auditing and administering public funds. Computerised data matching allows potentially fraudulent claims and payments to be identified. Where a match is found it may indicate that there is an inconsistency which requires further investigation. No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out. The Cabinet Offices requires us to participate in a data matching exercise to assist in the prevention and detection of fraud. We are required to provide particular sets of data to the Cabinet Office for matching for each exercise, and these are set out in the Cabinet Office Guidance. For further information on the Cabinet Office’s legal powers and the reasons why it matches particular information, see the National Fraud Initiative privacy notice. The data controller for your matched personal data is the Cabinet Office. The contact details for the data controller are: Head of the NFI 1 Horse Guards Road London SW1A 2HQ Email: nfiqueries@cabinetoffice.gov.uk Most of the personal information NPH processes is provided to us directly by you or your representative including:
  • as part of an application for a service, discount or benefit.
  • supplier or contract for a service or product.
  • employee payroll.
  • social housing applications (current tenants and individuals on a housing waiting list).
  • Right to Buy applications (completed and in progress).
The data specifications setting out exactly what data we process in the above areas can be found on the National Fraud Initiative: public sector data specifications page. The NFI is conducted using the data matching powers bestowed on the Minister for the Cabinet Office by Part 6 of the Local Audit and Accountability Act 2014 (the Act). It does not require the consent of the individuals concerned under current data protection legislation. There are certain public sector bodies that are required to provide data for the NFI on a mandatory basis, including local authorities, such as West Northamptonshire Council. In addition, other bodies or organisations, such as Housing Associations, can provide data to the Cabinet Office for matching on a voluntary basis under schedule 9, 3 of the Act. Data matching by the Cabinet Office is subject to a Code Of Data Matching. We use the information that you have given us in order to enable NPH to fulfil its financial responsibility and regulatory requirements in preventing and detecting fraud or error. The information will only be used for these purposes. Information will not be sold, rented or provided to anyone else, or used for any other purpose than that for which it was originally collected unless required to by law. Information may be shared in the following circumstances:
  • Shared internally with other NPH services in order to identify fraud or error, ensure our records are accurate and up-to-date, and to improve the standard of the services we deliver.
  • Shared with other local authorities including West Northamptonshire Council, and/or government departments including law enforcement in order to identify fraud or error, to ensure our records are accurate and up-to-date, and to improve the standard of the services we deliver.
Information sharing is undertaken in accordance with UK GDPR and the Data Protection Act 2018. We keep your personal information for as long as regulatory bodies require us to and in line with NPH’s Retention and Destruction Policy. Where a possible fraud has been highlighted but no fraud identified, information will be securely destroyed and not retained for these purposes. All data matched records are retained until the end of the initiative program of two years. If a match leads to a fraud, the investigation records are held for two years from the conclusion date, unless convicted by a criminal court, where the record is held for five years from date of conviction.