The General Data Protection Regulation came into force on May 25th 2018. It is an extension to the Data Protection Action 1988. The Trust is serious about protecting your privacy and your personal data and as such we have detailed some of our obligations and your rights below.
Information on how the Trust uses and shares personal information is provided in our WVHT Privacy Statement.pdf [pdf] 220KB
Our Data Protection Officer oversees our processing of personal information and can be contacted using the details below:
Data Protection Officer
Weaver Vale Housing Trust Limited, Gadbrook Point, Rudheath Way, Gadbrook Park, Rudheath, Northwich, Cheshire, CW9 7LL
0300 303 9848
Some key definitions relating to GDPR
Data Controller: The Trust is the data controller and determines the purposes and manner in which personal data is processed.
Data Processor: Any organisation or person who processes personal data on behalf of the Trust.
Data Subject: Any living individual who we hold personal data on.
Personal Data: Data which relates to a living individual and they in turn can be identified by that data. This is data such as name, address or location data.
Special Category Data: More sensitive personal data that reveals racial or ethnic origin; political opinions religious beliefs; data concerning health or sexual orientation.
Processing: Essentially it means anything that is done to or with personal data including simply collecting, storing or deleting that data.
Privacy Statement: A statement from an organisation informing data subjects what that organisation is going to do with that data.
Lawful Basis for Processing
Under GDPR the Trust has to have a lawful basis for processing personal data.
There are 6 lawful bases for processing.
- Legal obligation
- Vital Interests
- Public Task
The most likely basis for processing will be ‘contract’. The Trust will need to process your personal data in relation to managing your tenancy with us. Each time the Trust collects data the privacy statement will inform you of the reason for collection.
The Principles of Processing Personal Data
The Trust is expected to process your personal data
- In a way that is fair lawful and transparent
- For specific, legitimate and explicit purposes
- Uses the minimum of data
- That is anonymised as soon as possible
- With appropriate security
GDPR gives individuals more rights (the rights relate to the reason of the lawful basis for processing the personal data). These are covered in the privacy statement but briefly individuals can have:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to object
- Rights in relation to automate decision making and profiling
If you want to access the information the Trust holds about you the request has to be made in writing. This can be done by letter, email or via our Contact Us page. You can also request information via our Data Subject Acccess Request Form.docx [docx] 55KB . The request can also be made over the phone if needed. In any event the Trust will still need to collect all the necessary information and complete the Data Subject Access Request Form on your behalf.
The Trust has one month to respond to your request. This is from the date of identity validation and not from the date of receipt of the request.
The Information Commissioner’s website can be reached here
Please not that this website contains links to other organisations. We cannot guarantee the content of those sites.