Skip to content
Family engaged in eco-friendly activities in a bright, modern kitchen, sorting recycling and discussing energy-saving practices.

Privacy Policy

PRIVACY NOTICE

Barking and Dagenham Reside Regeneration Ltd

Prepared by – Data Privacy Advisory Service

December 2024

  1. WHO WE ARE?

    ⁠Barking and Dagenham     Reside Regeneration Ltd (“B & D Reside”) is a limited company registered in England and Wales under registration number 09512728 with a registered office at Town Square, Barking, England, IG11 7LU. B & D Reside are the ‘Controller’ of any personal information we collect about you unless otherwise stated.

    ⁠B & D Reside is a housing company that provides affordable properties in Barking and Dagenham. We work closely with the London Borough of Barking and Dagenham council to achieve this. We also work closely with Regen Ltd to provide Market rent properties. We, together with the other Reside entities listed below, currently own and manage over 2500 properties, and our portfolio is ever expanding.

    ⁠B & D Reside must process personal data (this may at times also include sensitive personal data), so that it can provide their housing services, in doing so, B & D Reside act as a data controller. 

    ⁠B & D Reside will process your personal information in accordance with all applicable laws, including the UK General Data Protection Regulations (GDPR) and the Data Protection Act 2018 (DPA 2018).

    ⁠B & D Reside have a number of associated companies and LLP’s who form the “B&D Reside group” who will have access to your information on the basis of joint data controllers: 

    ⁠Barking and Dagenham Reside Ltd
    ⁠B & D Reside Weavers LLP
    ⁠Barking and Dagenham Reside Regeneration Ltd
    ⁠B&D Reside Regeneration LLP
    ⁠Barking and Dagenham Reside Roding Ltd
    ⁠Barking and Dagenham Homes Ltd

    ⁠This notice applies to data processed by B & D Reside about housing applicants, residents, tenants, leaseholders, job applicants, and any other customers. This notice applies to personal data held by, or behalf of B & D Reside as well as the other registered subsidiaries listed above that together form the “B&D Reside group”, whether that information is collected via our website or through any other contact.

  2. WHAT IS PERSONAL DATA?
    Personal data means any information relating to you that identifies you, or through which you can be identified, directly or indirectly. In particular, by reference to an identifier such as a name, an identification number, location data, or an online identifier or to one or more factors specific to you physical, physiological, genetic, mental, economic, cultural or social identity.

  3. THE PURPOSE OF THIS PRIVACY NOTICE
    The purpose of this Privacy Notice is to let you know how we process your Personal Data when you engage with our services or visit our website. This Privacy Notice therefore explains what Personal Data we collect from you and how we collect, use, store and disclose it. This Privacy Notice also contains information about your rights under applicable data protection legislation.

    ⁠We are committed to compliance with the applicable data protection legislation. We believe that ensuring data protection compliance is the foundation of trustworthy relationships. 

    ⁠It is important that you read this Privacy Notice together with any other Privacy Notice we provide on specific occasions when we are collecting or processing Personal Data about you so that you are fully aware of how and why we are using your data. This Privacy Notice supplements the other notices and is not intended to override them.

  4. WHAT DATA DO WE COLLECT?
    ⁠As a housing provider, landlord, and employer, we may collect and process the following information (this list is not exhaustive):

    ⁠Your full name
    ⁠Reference numbers we may assign you (tenancy or payment reference)
    ⁠Residential history
    ⁠Photographic ID
    ⁠National Insurance Number
    ⁠Date of birth
    ⁠Banking and payment card details
    ⁠Benefits and council tax information
    ⁠Employment status
    ⁠CCTV Images
    ⁠Your full business address and/or home address.
    ⁠Telephone number/s, including business landline, home landline and mobile numbers.
    ⁠Email address (where applicable)
    ⁠We may also collect special category data, such as information relating to your health/disability status or other vulnerabilities

    Special Category Data

    There may be instances where it is necessary for you to share information with us containing special categories of personal information. This includes information relating to racial or ethnic origin, physical or mental health, sex life or sexual orientation, religious or philosophical beliefs, political opinions, membership of a Trade Union, allegations of criminal offences and criminal convictions and offences, along with biometric data such as fingerprints.

    ⁠We minimise our holding and use of special category data but, given the services we provide, there are times when we use it to understand our customers and their needs better, for example when providing accommodation for disabled persons or those with problems around substance abuse, when resolving neighbourhood disputes involving alleged criminal activity or when helping someone to access care services. 

    ⁠We will usually be processing this information to allow us to comply with our legal obligations, act in the substantial public interest in relation to the services we provide, to provide you with social care, or to deal with any legal action. We will inform you of what we will do with this information and who we will share it with.

    ⁠We may also automatically collect information when you visit our website such as:

    Information about your visit such as the URL.
    ⁠Date and time of visit
    ⁠Length of time spent on certain pages and interactive information such as scrolling and clicks.
    ⁠Methods used to browse away from the page such as links.
    ⁠Traffic data
    ⁠Location data
    ⁠Any data provided when requesting further advice or services such as through our enquiry service.
    ⁠IP address used to connect your device to the internet, domain, country, browser type, operating system and/or platform.

    Use of CCTV Images
    We use CCTV in some of our locations and premises for the protection of visitors and communities. When using CCTV, we do so in accordance with the Surveillance Camera Code of Practice, in addition to the applicable UK legislation.

  5. HOW WE USE THIS INFORMATION

    ⁠We collect your Personal Data for the purpose of providing you with B & D Reside housing services. We will collect data about you, both personal data (such as your name and contact details) and Sensitive Personal Data, if applicable.

    ⁠We will only use your Personal Data for the purpose we collected it and in accordance with the law. We will not use your Personal Data for any other purpose without your prior consent. The only exception to this is if it is required or permitted by law, such as where it is necessary for the prevention, investigation, detection or prosecution of criminal offences or the enforcement of civil law matters.  

    ⁠Sensitive personal data, also referred to as Special Category Personal Data, which is defined as data that needs more protection due to its sensitive nature. Additional obligations are placed on the Data Controller and/or Processor for them to process Special Category Personal Data lawfully, which comes under Article 9 of the UK GDPR.

    ⁠We use the information that you have given us in order to:

    1. Assess your property application and manage our contract with you. - Manage your tenancy or leasehold. We need this to deliver our services to you. We collect most of this information because it is necessary in the performance of a contract. You will not be able to opt-out of providing this type of information.

    2. Promote community safety and a peaceful community environment, and to safeguard individuals - Promote a peaceful and safe community environment; this can include information about anti-social behaviour, criminal activity/convictions. We process this information to prevent/detect unlawful acts, because it is necessary for the performance of a task carried out in the public interest, and/or for reasons of substantial public interest.

    3. Process information about safeguarding individuals, to fulfil our legal obligations and because there is a substantial public interest for us to do so.

    4. Contact you about your property - We use your contact details (including telephone numbers and email addresses) to get in touch with you about issues relating to your tenancy or leasehold and to deal with any legal matters arising from it. This includes repairs and maintenance, rent collection, complaints, and housing management issues, in the event of an emergency, or to enforce the terms of your tenancy or lease.

    5. We may pass on your details to contractors that provide services on our behalf, so that they can contact you to carry out essential services related to your property. We do this because it is necessary for the performance of a contract. It is not possible to opt-out of this type of data processing. 

    6. Contact you about other services - We also use your contact details to keep you updated about our events or other services which do not form part of our contractual landlord service, but which may be of interest to you. 

    7. Investigate claims and complaints - We will use your information to detect, establish and defend any legal claims we raise or is raised against us. 

    8. Prevent and detect fraud (Including illegal subletting and money laundering) - We process some personal data to guard against fraud and illegal subletting, for example, proof of identity, data matching. Failure to provide any information we require in relation to this could put your application or tenancy at risk. We process this type of information to fulfil our legal obligations and to prevent and detect unlawful acts. In most instances, you are unable to object to this type of processing.

    9. Monitor equality, diversity and inclusion - We may ask you to provide us with your diversity data (ethnicity, religion, disability, sexual orientation). This information is not always used to inform any decisions we make about you individually but is gathered for statistical purposes to help us understand who is living in our communities. It helps us to ensure fairness and equality in the services we provide and allows us to fulfil our legal and regulatory obligations. You do not have to provide this information, (and there will always be an option of ‘prefer not to say’), but it helps us if you choose to do so.

    10. Profiling - We use some of your personal data to create a profile of you so that we can identify relevant services that might be of interest or helpful to you. 

    11. Application for service or employment opportunity Where you have applied for a service or an employment opportunity, we will process the necessary amount of information to satisfy the entry to that process and fulfil services upon appointment as part of performance of that contract. (i.e., job seekers recruitment and interview selection etc).

  6. HOW DO WE COLLECT YOUR PERSONAL DATA?

    Most of the personal information we process is provided to us directly by you for one of the following reasons:

  • You are enquiring about our services via an inbound enquiry

  • You are applying for one of our properties

  • When you write, email or meet with us

  • When you respond to a survey

  • You are applying for a job with us


We also receive personal information indirectly, from the following sources in the following scenarios:

  • We may process information that you post on social media about is, if it relates to a situation that we need to be aware of an/or take action on. 

  • Organisations that we have a contract with to provide services on our behalf (our data processors), for example, maintenance and repairs, customer surveys etc. 

  • Local authorities (councils).

  • Central government departments.

  • Former landlords for your rental history and references e.g., rent arrears, evictions etc. 

  • Credit reference agencies – for credit checks and information about your financial status/history when you apply for any Reside properties, for debt recovery purposes, and fraud investigations/data matching checks. For commercial tenants, we may carry out ongoing risk assessments on commercial viability using credit reference data. 

  • Police forces and other public bodies such as fraud departments, enforcement authorities – eg, crime prevention, fraud prevention etc. 

  • Other residents – if we receive information in relation to complaints about behaviour eg, noise nuisance, anti-social behaviour (ASB), safeguarding concerns etc.

  • Relevant utility providers – where your heat/energy bills are included in your rent/service charge, we receive information about your energy usage.

  • Managing agents – where they manage properties on our behalf.




  1. OUR LEGAL BASES FOR PROCESSING YOUR DATA


The UK GDPR requires that a Controller must have a legal basis for processing Personal Data. These may be:


  1. Your consent. We will obtain your consent directly from you, and you are able to withdraw your consent at any time. You can do this by contacting legal@BDreside.co.uk

  2. We have a contractual obligation.

  3. We have a legal obligation.

  4. We have a vital interest.

  5. We need it to perform a public task. 

  6. We have a legitimate interest.


In some cases, we may process special category data. This is afforded some extra protection due to its sensitive nature, and therefore, under UK and EU GDPR we are required to provide a lawful basis for processing, and a secondary condition under Article 9. The conditions we may rely on are:


  1. Explicit consent.

  2. Employment, social security and social protection (if authorised by law.

  3. Vital interests.

  4. Not-for-profit bodies.

  5. Made public by the data subject.

  6. Legal claims or judicial act.

  7. Reasons of substantial public interest (with a basis in law).

  8. Health or social care (with a basis in law.

  9. Public health (with a basis in law).

  10. Archiving, research and statistics (with a basis in law).


  1. WHO HAS ACCESS TO YOUR DATA


We may share your personal information with third parties where required by law, where it is necessary to administer the contract we have entered into with you. 


Recipients of your data may include third-party service providers, other related business entities, the local council, a regulator, or to otherwise comply with the law.


If you choose to fund your purchase with us using one of the finance products we offer to our customers as a credit broker on behalf of lenders, we will share your data with the relevant lender, so they are able to process your finance application.


  1. MARKETING


With your consent we may contact you via email and/or phone to promote or inform you about our services. If you have provided consent, we may also contact you to promote services provided by third parties. Where we are legally required to obtain your consent to provide you with marketing materials, we will only provide you with such marketing materials if you have provided consent for us to do so.


Where we contact you for direct marketing purposes, we will comply with the requirements set out in the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR).


You will always have full control of your marketing preferences. If you do not wish to continue receiving marketing information from us at any time you can unsubscribe or 'opt-out’ by contacting us at legal@BDreside.co.uk.


  1. HOW LONG WE WILL KEEP YOUR PERSONAL DATA


We will only keep your Personal Data for as long as is necessary to fulfil the purposes we collected it for, which may include satisfying any legal, accounting, or reporting requirements. The retention period depends on the type of Personal Data and the reason we are processing it.


When calculating the appropriate retention period for your data, we consider the nature and sensitivity of the data, the purposes for which we are processing the data, and any applicable statutory retention periods. Using these criteria, we regularly review the Personal Data which we hold and the purposes for which it is held and processed.


When we determine that Personal Data can no longer be retained (or where we must comply you request us to delete your data in accordance with your right to do so) we ensure that this data is securely deleted or destroyed.


  1. SECURITY OF YOUR PERSONAL DATA


In order to protect your Personal Data, we put in place appropriate organisational and technical security measures. These measures include ensuring our internal IT systems are suitably secure and implementing procedures to deal with any suspected data breach.


In the unlikely event of a data breach, we will take steps to mitigate any loss or destruction of data and, if required, will notify you and any applicable authority of such a breach.


Although we use appropriate security measures once we have received your Personal Data, you will appreciate that the transmission of data over the internet (including by email) is never completely secure. We endeavour to protect Personal Data, but we cannot guarantee the security of data transmitted to or by us.


Examples of our security include:

  • Encryption, meaning that information is hidden so that it cannot be read without special knowledge (such as a password). This is done with a secret code or what is called a ‘cypher’. The hidden information is said to then be ‘encrypted’.

  • Pseudonymisation, meaning that we’ll use a different name or key so we can hide parts of your personal information from view.  This means that someone outside of B & D Reside could work on your information for us without ever knowing it was yours.

  • Controlling access to systems and networks allows us to stop people who are not allowed to view your personal information from getting access to it.

  • Data stewardship is a way for us to be clear about who is responsible for what data and sets out clearly who has access to the data – limiting access to only those who need it to carry out our duties.

  • All our staff undertake annual mandatory data protection training.  Training our staff allows us to make them aware of how to handle information and how and when to report when something goes wrong.

  • Regular testing of our technology and ways of working including keeping up to date on the latest security updates.


  1. TRANSFERRING YOUR PERSONAL DATA OUTSIDE THE EEA

To provide our services, we may need to share your Personal Data with third parties and suppliers outside the European Economic Area (the “EEA”).  If we do this, we will ensure your Personal Data receives the same protection as if it were being processed inside the EEA. For example, our contracts with our suppliers stipulate the standards they must follow to process Personal Data.  


Your data may be transferred to one or more of the following third countries:


We currently implement the following safeguards to protect your personal data:

  • Encrypting data when in transit.

  • Implementing standard contractual clauses (SCCs), as approved by the European Commission. 


  1. YOUR RIGHTS


You have rights under the data protection legislation and, subject to certain legal exemptions, we must comply when you inform us that you wish to exercise these rights. There is no charge, unless your requests are manifestly unfounded or excessive. In such circumstances, we may make a reasonable charge or decline to act on your request. Before we action your request, we may ask you for proof of your identity. Once in receipt of this, we will process the request without undue delay and within one calendar month. In order to exercise your rights please contact legal@BDreside.co.uk.


You can contact us if you wish to complain about how we collect, store and use your Personal Data. It is our goal to provide the best possible remedy with regard to your complaints. 


However, if you are not satisfied with our answer, you can also contact the relevant competent supervisory authority. In the UK, the relevant supervisory authority is the ICO, contact details of which can be found below.


Your rights in connection with personal information are set out below:

  

Subject Access Request - You have a right to receive a copy of all the Personal Data we hold about you.


Rectification - If any of the Personal Data we hold about you is incomplete or inaccurate, you have a right to have it corrected.


Erasure - This is also known as the “right to be forgotten”. You have a right to ask us to delete your Personal Data where there is no good reason for us continuing to process it. However, certain criteria apply and if we have a legitimate reason to continue processing your personal data, we will not be legally required to delete it.


Objection - You have a right to object where we are relying on legitimate interests as our legal basis for processing your Personal Data but, in certain circumstances we may be able to continue with the processing. For example, if we have compelling legitimate grounds which override your interests, rights and freedoms or your personal information is needed for the establishment, exercise or defence of legal claims. However, you have an absolute right to object to us processing your Personal Data for direct marketing purposes.  


Restriction - You have a right to ask us to restrict the processing of your Personal Data in certain circumstances. For example, you may require us to suspend processing information about you whilst checks are made to ensure it is accurate. 


Portability - You have the right to ask us to transfer any Personal Data you have provided to us to another party, subject to certain criteria being satisfied. We will provide this Personal Data in a structured, commonly used and machine-readable format.


Right to withdraw consent - If you have given us your consent for the processing of your Personal Data, you can withdraw this at any time. Please note, the withdrawal has no effect on the legality of the data processing carried out in the past on the basis of your consent. To exercise your right to withdraw consent contact us at legal@BDreside.co.uk.


Right to complain - If you are unhappy with the way in which your personal information has been or is being processed, you have the right to make a complaint about it to the Information Commissioner’s Office (ICO). They can be contacted at:


Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow
Cheshire
SK9 5AF


www.ico.org.uk


  1. YOUR OBLIGATIONS


If any of your Personal Data changes whilst you are a user of our services, it is important that you update the information within your account to ensure that the data we hold about you is accurate and up to date. 

 

  1. THE DATA PROTECTION PRINCIPLES

We will comply with the UK GDPR and the DPA 2018. Article 5 of the UK GDPR contains the data protection principles, which require that Personal Data shall be:


  • Processed lawfully, fairly and in a transparent way.

  • Collected for specified, explicit and legitimate purposes and not used in any way that is incompatible with those purposes.

  • Adequate, relevant and limited to what is necessary.

  • Accurate and, where necessary, kept up to date.

  • Kept for no longer than is necessary for the purposes we have told you about.

  • Kept securely.


We operate according to the principles of the UK GDPR, and PECR, regardless of the location of the data subject. 


  1. CHANGES TO THIS PRIVACY NOTICE  


We reserve the right to update this Privacy Notice from time to time. Updates to this Privacy Notice will be published on our website. To ensure you are aware of when we make changes to this Privacy Notice, we will amend the revision date at the top of this page.  Changes apply as soon as they are published on our website. We therefore recommend that you visit this page regularly to find out about any updates that may have been made.


  1. NOTICE REVIEW


This notice will be regularly reviewed and updated as and when necessary to reflect best practices and changes in legislation.


DOCUMENT HISTORY AND VERSION CONTROL


Version No.

Author

Effective Date

Status/Comments

1.0

Data Privacy Advisory Service

December 2024

Complete






REVIEW AND APPROVAL


This policy will be reviewed regularly and may be altered from time to time in light of legislative changes or other prevailing circumstances.  

 

Reviewer

Job Title

Signed Off Date

Status/Comments

Sophie Donegal

General Counsel & Head of Governance

20.12.2024

Complete






Next Review Date

All policies should be reviewed at least annually or when significant change occurs to the policy subject matter.

The next review date for this policy is February 2025 due to expected changes.