Privacy Notice

This Privacy Notice explains how HTS Group Limited (as the ‘Data Controller’) collects, processes (uses) and protects personal data generally.

HTS Group Limited currently consists of the following companies:

HTS (Property and Environment) Limited – providing repairs, facilities management, environmental services, compliance, capital and planned works to residents, leaseholders and organisations in the community, and

HTS (Housing and Regeneration) Limited – carrying out the acquisition and management of properties for renting in Harlow

When we collect your personal data, we will provide you with specific information regarding why we are collecting it, and how it will be used.

Your personal data

Personal data relates to a living individual who can be identified from that data.  Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession.

Some of your personal data is classed as “special categories of personal data” because it is the information that is considered to be more sensitive and therefore requires more protection.  This includes information that identifies your racial/ethnic origin, political opinions, religious/philosophical beliefs, sexual orientation and information regarding your physical and mental health.

For information on how we will protect special category data, you can read our appropriate policy statement

The processing of personal data is governed by the General Data Protection Regulation (the GDPR’) 2018 and the principles set out in it.

Who are we?

HTS Group Limited is the Data Controller (contact details below) and decides how your personal data is processed and for what purposes.

How do we process your personal data?

We comply with our obligations under the GDPR and the principles of the Data Protection Act 2018 by:

• keeping personal data up to date
• storing and destroying it securely
• not collecting or retaining excessive amounts of data
• protecting personal data from loss, misuse, unauthorised access and disclosure
• ensuring that appropriate technical measures are in place to protect personal data

Under the DPA, we have a legal duty to protect any personal data we collect from you. We use leading technologies and encryption software to safeguard your data and keep strict security standards to prevent any unauthorised access to it.

Further information is available in our Data Protection Policy.

We will not process any data relating to a child (under 16) without the express parental/ guardian consent of the child concerned.

What is the legal basis for processing your personal data?

Depending on how we are processing your personal data will determine the legal basis for processing.  Generally, the legal bases for processing by HTS Group Limited as the Local Authority Trading Company (LATC) to Harlow District Council will be:

  1. To perform a function or provide a service required by statute (Article 6(1)(e) GDPR);
  2. To comply with a legal obligation (Article 6(1)(c) GDPR);
  3. Where the processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract (Article 6(1)(b) GDPR);
  4. Where disclosure is in the vital interests of yourself or another person (Article 6(1)(d) and 9(2)(c) GDPR); and
  5. With your explicit consent (Articles 6(1)(a) and 9(2)(a) GDPR).

Where the purpose for processing your personal data has changed, we will seek your consent.

In certain circumstances you will be able to withdraw your consent to processing. Please contact the HTS Data Protection Officer on the details provided below, who will explain if your consent cannot be withdrawn.

Sharing your personal data

Depending on the purpose for which we originally obtained your personal data and the use to which it is to be put, it may be shared with other organisations. For example, personal data may be shared, where necessary, with other organisations that provide services on our behalf such as contractors carrying out repairs to Council houses. In such cases, the personal data provided is only the minimum necessary to enable them to provide services to you.

In most cases we will not disclose your personal data without your consent, however there are circumstances when your consent is not required such as the legal bases (1) – (4) above.

Where we require your consent to share or disclose your personal data, we will seek your consent.

How long do we keep your personal data?

We will only keep your personal data for as long as is necessary for the purpose for which we are processing it, unless we have a legitimate reason for keeping it, for example, any legal requirement to keep the data for a set time period.

However, where possible we will anonymise this data so that you cannot be identified.

Where we do not need to continue to process your personal data, it will be securely destroyed.   

Your rights and your personal data

Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:

  1. to request a copy of your personal data which we hold about you;
  2. to request that we correct any personal data if it is found to be inaccurate or out of date;
  3. to request that your personal data be erased where it is no longer necessary for us to retain such data;
  4. to withdraw your consent to the processing at any time;
  5. to request that we provide you with your personal data and where possible, to transmit that data directly to another Data Controller (where applicable) – please note this only applies where the processing is based on consent or is necessary for the performance of a contract with you, and in either case where we process the data by automated means;
  6. to request that a restriction be placed on further processing where there is a dispute in relation to the accuracy or processing of your personal data;
  7. to object to the processing of personal data (where applicable) – please note this only applies where processing is based on legitimate interests (or the performance of a task in the public interest/exercise of official authority); direct marketing and processing for the purposes of scientific/historical research and statistics;
  8. to be informed of the processing of your personal information by:
  • automated means which results in a decision being made (without human intervention) and
  • profiling which is used for the purpose of evaluating certain characteristics about you without human intervention (for example, to predict your behaviour or interests) that have legal or similarly significant effects on you as an individual. Where these methods of processing are used, you have the right to be informed as to how you can request human interaction and how to challenge a decision.
  1. to lodge a complaint with the Information Commissioners Office.

You can access the personal information that we hold about you (a. above) by submitting a Subject Access Request (SAR) to HTS Group Limited.  This request must be in writing and clearly specify the information you require.

If you would like to make a request in regard to the processing of your personal data, please contact the Data Protection Officer on the details provided below.  However, it is not always possible for requests to delete information to be fulfilled and the Data Protection Officer can provide you with more information on request.

Further information is available in our Data Protection Policy.

Copies of HTS policies

You may request copies of our policies from the Data Protection Officer at the address below.

Complaints or queries

We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.

If you have any concerns, questions or comments please contact the Data Protection Officer at:

Mead Park Industrial Estate
River Way
CM20 2SE


01279 446900

If having exhausted the complaint process you are not content that your request or review has been dealt with correctly, you can appeal to the Information Commissioner’s Office to investigate the matter further by writing to:

Information Commissioner’s Office
Wycliffe House
Water Lane