Protecting your personal information
The General Data Protection Regulation (GDPR) is a new regulation that covers how companies collect, store, use and share our personal data. It will come into force on 25 May 2018.
GDPR gives individuals more rights and more control.
Sapphire Independent Housing, and every other organisation that gathers and uses personal data, will have to meet these new standards.
-
What we’re doing
It’s our responsibility to make sure that we will comply with the new regulation. So we’re reviewing all of our systems and making changes where we need to.
-
Your new rights – from 25 May 2018
If you’re an EU citizen, the new regulation means your rights will be stronger, in the following ways:
- You will have the right to know why a company is using your data, how long they’ll keep it, and who can see it
- You will have the right to access any data a company holds on you. You can ask for a ‘subject access request’, which means the company must give you access to all the data they hold about you
- You will have the right to be forgotten. This means you can ask a company to delete your data if it’s no longer necessary for the purpose they collected it for, or if you no longer consent to them using your data (although there are reasons why a company can keep your data – depending on the products and services they provide you with)
- If your information is shared with other organisations, companies will be responsible for updating them with any changes to your information, and telling them if you’ve asked to be forgotten
-
What counts as personal data?
The definition of ‘personal data’ has grown under the new regulation. It will include any of the following:
- Names, titles, and aliases
- Your demographic information, such as gender, race or ethnic origin, age, date of birth, marital status, nationality, education/work histories, employment details, family composition and dependents – if this information is linked to you as an individual
- Convictions, proceedings and criminal acts
- Photographs and CCTV images – if there is something in the picture that means you can be identified from it (eg. a name badge)
- Health information
- Contact details, such as telephone numbers, postal addresses and email addresses
- Passport numbers, driving licence numbers, taxpayer identification numbers, tax reference codes, and national insurance numbers
- Financial identifiers, such as bank account numbers, payment card numbers, payment/transaction identifiers, policy numbers, and claim numbers
- Recordings of telephone conversations, IP addresses and website visit histories, logs of visitors to our offices, and logs of accidents, injuries and insurance claims
-
For information or guidance
At Sapphire, we won’t collect data about you that we don’t need. We’ll make sure that the personal data we do collect is updated in our systems in a timely and accurate manner.
- Our Privacy Notice sets out how we collect, store and use your data.
- Visit the Information Commissioner’s Office website for information on the law, helpful hints and to find out what sort of breaches are being investigated by the regulator
- If you think there may have been a breach where data or information may have been used or secured incorrectly, please contact Sapphire on 020 8485 8889 or email information.datagoverance@sih.org