Data protection legislation gives individuals the right to be informed about how organisations use their personal data.
We are committed to protecting and respecting your privacy. We think it’s extremely important to keep any personal information we have about you secure and confidential.
We process the personal data that we collect for a number of different purposes. This privacy statement gives a general overview of how we use personal data.
This privacy statement may change from time to time, so we suggest you check it before you request a new service or meet with GreenSquare, to make sure you are kept up to date. If we make any significant changes affecting how we use your personal information, we will make changes to this privacy statement, and we will contact you to inform you of these changes.
GreenSquare Group is a Data Controller. Our head office is located at Methuen Park, Chippenham, Wiltshire, SN14 0GU.
We are a Registered Social Landlord (RSL) regulated by the Homes and Communities Agency (HCA). Our normal activities can be summarised as:
We also provide additional optional services including:
Where we refer to ‘we’ or ‘us’ in this privacy statement, we are referring to GreenSquare Group (GreenSquare). GreenSquare are a 'Group' of companies, including holding and subsidiary companies.
| GreenSquare Group company | ICO reference |
| GreenSquare Group Limited (Parent) | ZA225832 |
| GreenSquare Community Housing | ZA094918 |
| GreenSquare Construction Limited | Z3140835 |
| GreenSquare Estates Limited | ZA094904 |
| GreenSquare Homes Limited | Z8805001 |
| GS Energy Services Limited | ZA062570 |
| Westlea Housing Association Limited | Z6710635 |
Personal information is information relating to an identified or identifiable natural living person. An identifiable natural person is one who can be identified, directly or indirectly, by name and address, or by other details such as an identification number, location data or an online identifier.
In other words, it’s information that is clearly about a particular living person.
We may collect personal information about:
The information we collect about individuals can include:
We may also collect what is known as special categories of information. These include:
We also collect equalities data to fulfil our equalities and monitoring obligations.
In some instances, we will also collect personal data relating to criminal convictions or offences.
We collect and process your personal information to provide you with our services, such as related to your tenancy, lease or support. The word ‘process’ covers most things that can be done with personal information, including collection, storage, use and destruction of data.
Our lawful basis for processing your information are defined in the GDPR as:
As an employer and landlord, we are required to collect information to ensure we meet requirements placed on us in law. For example, we owe a duty of care to visitors to our premises under the Health and Safety Act.
In some cases, we collect information through a contractual agreement with an individual. For example, under a tenancy agreement when someone occupies one of our properties, we will collect information relevant to fulfilling our contractual obligations
When you contact us about accessing a service or with an issue you wish us to look into it is reasonable for us to take that contact as your consent to process and use your personal information for that purpose.
When there isn’t a legal reason or overriding interest for sharing your personal information, we will seek your consent if we want to share your personal data with a third party.
We will collect your consent when we want to add your name to a mailing list.
We also process personal information to pursue our legitimate interests. This means helping us to do our job as a housing provider, for example making sure our properties are let to appropriate people or reducing the risk of damage to our properties.
To support NHS Test and Trace (which is part of the Department for Health and Social Care) in England, we will share with them (only when specifically requested) records of staff, customers and visitors who come onto our premises or when a visit has been made to a property. This is in the interests of the individual, the organisation, and the public health efforts to tackle Covid-19, to identify people who may have been exposed to the coronavirus for the purpose of contact tracing. You can ‘opt out’ of this by notifying us during a booking to carry out a service that may require close contact. Read our track and trace informing notice here.
Some of our services are provided by other organisations on our behalf. In these cases, we usually disclose personal data to them either under contract or because our powers or duties require us to do so. These providers also have to meet data protection requirements.
Where we process information on behalf of a public body, where the processing is necessary to perform a task in the public interest or for official functions.
Where we ask for data concerning your health, and this is relevant to your housing needs, the condition for processing is that this is “necessary for the purposes of carrying out the obligations and exercising specific rights of the controller (us) or of the data subject (you) in the field social protection law”.
Providing us with special categories of data can help us deliver our services when providing accommodation for disabled people (including adaptations), people with substance abuse problems or when helping someone to access care services.
As we provide a range of services, there are many different purposes we could use personal data for; however, we will only ever use the information you provide us for specific purposes, which we will make clear to you when the data is collected.
These purposes could include:
We sometimes need to share information with other organisations, where it’s relevant. Where this is necessary we are required to comply with all aspects of data protection law.
Who we share your personal information with depends on the products and services we provide to you and the purposes for which we use your personal information. For most products and services we will share your personal information with our own service providers such as our IT suppliers, with credit reference agencies and fraud prevention agencies.
We may share personal information with organisations that are within the GreenSquare group of companies (see Who we are).
Who else we may pass your information to may include:
Personal data may be shared with regulatory and statutory bodies and where required by law, such as to prevent and detect crime or fraudulent activity.
Personal data may be shared within councils to check the accuracy of your contact details to ensure our records are accurate and up to date and also to ensure that officers are aware of your circumstances and other services you are receiving when visiting or supporting you.
We keep personal data for different lengths of time depending on the purposes for which it was collected. Sometimes the law will specify how long we have to hold personal data for. We base our retention periods on guidance issued by the National Housing Federation. View our data retention schedule.
A large majority of the personal data that we collect is held within the United Kingdom and European Economic Area (EEA). Data protection law allows GreenSquare to hold personal data if it is inside the EEA. The EEA includes all EU Member countries as well as Iceland, Liechtenstein and Norway.
In very rare circumstances some of the personal data we collect may be stored overseas; however, if data is held outside the EEA then we can do so if we have ensured that there is suitable protection in place.
Phone calls to and from our main telephone numbers may be recorded for training and monitoring purposes. We may do this to check any instructions given to us, for training purposes, for crime prevention and to improve the quality of our customer service. Calls are not recorded when you give us card details to make a payment for your rent or another service.
We have closed-circuit television (CCTV) at all our office locations. We operate CCTV only for the security of our staff, visitors and premises and we have signs which clearly show it is in operation. We keep the images for 30 days, after which we delete them.
GreenSquare protects the privacy and security of all data that we control and process. This protection includes:
GreenSquare also ensures that its policies and procedures reflect good practice for data protection and that staff are aware of these. This includes:
Data protection law gives you a number of rights over your personal data. Not all of these rights are automatic, and some may not be available to you at all times. For instance, where there is a legal obligation for us to withhold or retain data. If GreenSquare refuses to oblige your rights, we will always explain why this is and our reasons for doing so.
To protect the confidentiality and integrity of the personal data we hold, we may ask for proof of your identity before proceeding with any rights that you wish to use, if we are not already satisfied with your identity. If you have authorised a third party to act on your behalf we will also ask them to prove in writing that they have your permission to act.
GreenSquare is required by the law to respond to your requests within one month of receipt of the request. We may extend that period by a further two months where necessary, for example when the request is complex. If we need to extend the period then we will tell you why.
You have the right to request a copy of the information we hold about you. Sometimes part or all of the information may be withheld, especially if it contains information about other individuals and if this is the case we will explain why.
In order to exercise this right, you must submit a “Subject Access Request” (SAR).
You have the right to withdraw your consent to GreenSquare processing your information. To do this, please email or write to us using our contact details. Please be aware that there may be some situations where we are still allowed to keep and use your information, even when you have withdrawn consent.
You have the right to request that GreenSquare correct information that you believe is inaccurate or incomplete. You may not always be able to change the information; however, we will correct factual inaccuracies and may include your comments in the records.
You have the right to request that GreenSquare delete your information when there is no compelling reason for us to continue using it. Please be aware that in certain situations we are still allowed to keep and use your information, even when you request that it should be erased.
You have the right to object to us using your information if you feel we have used it outside the remit of our public tasks or when you have received marketing from us. Please be aware that in certain situations we are allowed to still use your information if there are compelling legitimate grounds to do so.
You have the right not to be subject to a decision based solely on automated decision making, including profiling, which produces legal effects about you or significantly affects you. GreenSquare can only carry out solely automated decision making when it is authorised by law, you have given us your explicit, written consent, or when it is necessary for entering into a contract with GreenSquare.
You can contact the Data Protection Manager with any issues regarding the processing of your personal data:
In writing:
Data Protection Manager
GreenSquare Group, Methuen Park, Chippenham, Wiltshire, SN14 0GU
By email:
data.protection@greensquareaccord.co.uk
By telephone:
0300 111 7000
If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.
You can contact them by:
Please note we can't be responsible for the content of external websites.
Data Controller: GreenSquare Group, Methuen Park, Chippenham, Wiltshire, SN14 0GU
This privacy notice is an addendum to GreenSquare’s main privacy notice, and it explains how GreenSquare (as Data Controller) may use your personal data, specifically in relation to the Covid-19 (coronavirus) pandemic. It is an addendum to all privacy notices, including those for customers, employees and third parties.
You may have already provided information for a specific reason, and GreenSquare would usually seek to inform you that the data provided would be used for a different purpose. Due to the rapidly emerging situation regarding the current pandemic, this will not always be possible. If we already hold personal information about you, we may share this for emergency planning purposes or to protect your vital interests by sharing with services both inside and outside the organisation.
The Information Commissioner’s Office has published guidance on data handling during the pandemic.
In this current crisis, we may need to ask you for sensitive personal information that you have not already supplied, including any underlying illnesses, allergies or Covid-19 symptoms. This is so GreenSquare can provide safe services for customers, staff and third parties.
Personal data relates to a living individual who can be identified from that data. Some of your personal data is classed as ‘special category data’ because this information is more sensitive for example health information, ethnicity and religion and so on.
In this current pandemic, we may share your information with other public authorities, health trusts, emergency services, and other stakeholders as necessary and only when necessary in a proportionate and secure manner. Contact with you to obtain consent before sharing will not be required for all the reasons described in this notice. Please be assured that protection of personal data remains a priority at this time after the health and safety of everyone.
We will only share your personal information where the law allows, and we always aim to share the minimum data necessary to achieve the purpose required. Further, the information will only be used for the purposes listed and retained for limited specific times.
The General Data Protection Regulation (GDPR) and Data Protection Act 2018 allow us to share information for a wide variety of reasons. These are known as our ‘legal bases to process data’.
Data protection laws are written to facilitate valid information sharing, especially in times of emergency which often requires more collaborative working. The legal bases for processing data at GreenSquare during the Covid-19 pandemic are as follows:
We will refer to the following legal bases for processing in line with the General Data Protection Regulation (GDPR):
You have several rights with respect to your personal data and these remain all intact during the current coronavirus pandemic. Please refer to our substantive privacy notice. Any requests regarding your rights should be submitted to the Data Protection Officer.
For any questions regarding the above, please contact us at:
Data Protection Officer, GreenSquare, Methuen Park, Chippenham, Wiltshire, SN14 0GU
Email: data.protection@greensquareaccord.co.uk