GDPR

Privacy Policy – Your Rights and Our Obligations under the GDPR

We process personal data in accordance with the General Data Protection Regulation (GDPR). This policy explains your rights as a data subject and our obligations as the data controller.

Your Rights

When we process your personal data, you are entitled to the following rights:

1. Right to be informed
You have the right to be informed about which personal data is collected and how it is used.

2. Right of access
You have the right to request access to the personal data we process about you and the purposes for which it is processed.

3. Right to rectification
You have the right to have inaccurate or incomplete personal data corrected.

4. Right to erasure
In certain circumstances, you have the right to request that your personal data be deleted.

5. Right to restriction of processing
You may request that the processing of your personal data be restricted, for example if you believe the data is inaccurate.

6. Right to object
You have the right to object to processing based on legitimate interests.

7. Right to data portability
You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format.

8. Right to withdraw consent
Where processing is based on your consent, you may withdraw that consent at any time.

9. Right to lodge a complaint
You always have the right to lodge a complaint with the supervisory authority if you believe your personal data is not being processed in accordance with applicable law.

Our Obligations

When processing personal data, we are required to comply with the fundamental principles of the GDPR. The GDPR Guide sets out the following key obligations applicable to us as data controller:

1. Lawfulness, fairness, and transparency
Personal data may only be processed where there is a lawful basis, and the processing must be carried out in a fair and transparent manner.

2. Purpose limitation
Personal data may only be collected for specified, explicit, and legitimate purposes that have been communicated in advance.

3. Data minimisation
We may only process personal data that is necessary for the stated purpose.

4. Accuracy
We must ensure that personal data is accurate and kept up to date.

5. Storage limitation
Personal data may only be retained for as long as necessary.

6. Integrity and confidentiality
We must protect personal data against unauthorised access, loss, or damage through appropriate technical and organisational measures.

7. Accountability
We must be able to demonstrate compliance with the GDPR, including through appropriate documentation.

Examples of Situations Where the GDPR Applies

The housing association document provides clear examples of practical situations in which the GDPR applies, including:

registration of necessary contact details
processing of personal identity numbers where justified
requirements for secure handling of member data
reporting of personal data breaches

These examples illustrate how the principles of the GDPR are applied in practice.

Contact