This Privacy Notice explains how HTS (Property and Environment) Limited (as the ‘Data Controller’) collects, uses and protects personal data generally.
When we collect your personal data, we will provide you with specific information regarding why we are collecting it, and how it will be used.
Your personal data – what is it?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession.
Some of your personal data is classed as “special categories of personal data” because it is the information that is considered to be more sensitive and therefore requires more protection. This includes information that identifies your racial/ethnic origin, political opinions, religious/philosophical beliefs, sexual orientation and information regarding your physical and mental health.
The processing of personal data is governed by the General Data Protection Regulation (the GDPR’) 2018 and the principles set out in it.
Who are we?
HTS is the Data Controller (contact details below) and it decides how your personal data is processed and for what purposes.
How do we process your personal data?
We comply with our obligations under the GDPR and the principles of the DPA by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
Under the DPA, we have a legal duty to protect any personal data we collect from you. We use leading technologies and encryption software to safeguard your data and keep strict security standards to prevent any unauthorised access to it. The Data Protection and Security Policy contains full details of HTS’ Data Protection Policy.
We will not process any data relating to a child (under 16) without the express parental/ guardian consent of the child concerned.
What is the legal basis for processing your personal data?
Depending on how we are processing your personal data will determine the legal basis for processing. Generally, the legal bases for processing by HTS as a Local Authority Trading Company (LATC) to Harlow District Council will be:
- To perform a function or provide a service required by statute (Article 6(1)(e) GDPR);
- To comply with a legal obligation (Article 6(1)(c) GDPR);
- Where the processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract (Article 6(1)(b) GDPR);
- Where disclosure is in the vital interests of yourself or another person (Article 6(1)(d) and 9(2)(c) GDPR); and
- With your explicit consent (Articles 6(1)(a) and 9(2)(a) GDPR).
Where the purpose for processing your personal data has changed, we will seek your consent.
In certain circumstances you will be able to withdraw your consent to processing. Please contact the HTS Data Protection Officer on the details provided below, who will explain if your consent cannot be withdrawn.
Sharing your personal data
Depending on the purpose for which we originally obtained your personal data and the use to which it is to be put, it may be shared with other organisations. For example, personal data may be shared, where necessary, with other organisations that provide services on our behalf such as contractors carrying out repairs to Council houses. In such cases, the personal data provided is only the minimum necessary to enable them to provide services to you.
In most cases we will not disclose your personal data without your consent, however there are circumstances when your consent is not required such as the legal bases (1) – (4) above.
Where we require your consent to share or disclose your personal data, we will seek your consent.
How long do we keep your personal data?
We will only keep your personal data for as long as is necessary for the purpose for which we are processing it, unless we have a legitimate reason for keeping it, for example, any legal requirement to keep the data for a set time period. However, where possible we will anonymise this data so that you cannot be identified. Where we do not need to continue to process your personal data, it will be securely destroyed.
Your rights and your personal data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:
- to request a copy of your personal data which we hold about you;
- to request that we correct any personal data if it is found to be inaccurate or out of date;
- to request that your personal data be erased where it is no longer necessary for us to retain such data;
- to withdraw your consent to the processing at any time;
- to request that we provide you with your personal data and where possible, to transmit that data directly to another Data Controller (where applicable) – please note this only applies where the processing is based on consent or is necessary for the performance of a contract with you, and in either case where we process the data by automated means;
- to request that a restriction be placed on further processing where there is a dispute in relation to the accuracy or processing of your personal data;
- to object to the processing of personal data (where applicable) – please note this only applies where processing is based on legitimate interests (or the performance of a task in the public interest/exercise of official authority); direct marketing and processing for the purposes of scientific/historical research and statistics;
- to be informed of the processing of your personal information by:
- automated means which results in a decision being made (without human intervention) and
- profiling which is used for the purpose of evaluating certain characteristics about you without human intervention (for example, to predict your behaviour or interests) that have legal or similarly significant effects on you as an individual. Where these methods of processing are used, you have the right to be informed as to how you can request human interaction and how to challenge a decision.
- to lodge a complaint with the Information Commissioners Office.
You can access the personal information that we hold about you (a. above) by submitting a Subject Access Request (SAR) to HTS. This request must be in writing and clearly specify the information you require. A SAR form is available on the HTS website to assist you with submitting your request.
If you would like to make a request in regard to the processing of your personal data, please contact the Data Protection Officer on the details provided below. However, it is not always possible for requests to delete information to be fulfilled and the Data Protection Officer can provide you with more information on request.
Further information is available in our Data Protection and Security Policy.
Copies of HTS policies
You may request copies of our policies from the Data Protection Officer at the address below.
Complaints or queries
We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
If you have any concerns, questions or comments please email the Data Protection Officer at firstname.lastname@example.org
Or write to:
Data Protection Officer
HTS (Property and Environment) Limited
Mead Park Industrial Estate
If having exhausted the complaint process you are not content that your request or review has been dealt with correctly, you can appeal to the Information Commissioner’s Office to investigate the matter further by writing to:
Information Commissioner’s Office