Privacy notice

Data protection legislation gives individuals the right to be informed about how organisations use their personal data. We process the personal data that we collect for a number of different purposes. This privacy notice provides details of the personal data we collect, how we use it and your data rights.

Who we are

We are GreenSquareAccord Limited.

Our registered office address is:

2nd Floor, 
10 Brindleyplace, 
Birmingham, 
B1 2JB

This privacy notice covers GreenSquareAccord Limited and its subsidiaries.

We are a ‘data controller’. This means we are responsible for determining, by ourselves, or along with others, the purpose, methods and systems for processing personal data.

Our data protection officer

Our data protection officer is responsible for overseeing what we do with your information and monitoring compliance with data protection laws. The data protection officer is the company secretary of GreenSquareAccord.

If you have any concerns or questions about our use of your personal data, you can contact our data protection officer using our registered address above or by emailing data.protection@greensquareaccord.co.uk

How we use your personal data

We will only collect data when it is essential to do so or where we are required by law. We will collect the minimum amount of data possible, only use it for its specified purpose and keep it only for as long as it is needed. The data we capture, the reason we capture it and the way we use or ‘process’ your data will depend on your relationship with us.

Information for prospective customers

Our purpose for collecting your data

Applications for tenancy or care and support services

The personal data that you provide to us will be used to:

  • Confirm your identity
  • Assess your need for housing or support
  • Assess the suitability and affordability of a property or service

We need to collect this information because without it we will not be able to enter into a contract with you. If you enter a contract with us, this data will be used to manage our relationship with you.

Homeownership and property sales

The personal data that you provide to us will be used to:

  • Administer your sales query and property transaction
  • Confirm your identity and prevent money laundering

Without this information, we will not be able to enter a contract with you. If you enter a contract with us, this data will be used to manage our relationship with you.

The categories of data that we collect

To process an application or transaction, we will typically capture the following information for the prospective residents of a household:

  • Full name and proof of identity/photo ID
  • Contact details such as phone, email, correspondence address
  • Basic details, such as gender and date of birth and National Insurance number
  • Details of next of kin, nominated representatives, children and family relationships
  • Proof of your eligibility for housing and if you have any interest or equity in any other property
  • Financial and affordability information, details of income and expenditure
  • Details of previous tenancies that you have held including references from other housing providers/private landlord
  • Whether you have pets 

We may also collect additional data on a case-by-case basis including:

  • Audio, video, CCTV and still photographic images
  • Digital identifiers such as IP address
  • Your vehicle registration number

Some of the data we collect is more sensitive and requires additional protection, such as special category data and details of any criminal convictions. The sensitive information which we collect, and process includes:

  • Details of any criminal convictions, offences or court orders
  • Equality/diversity data including gender identity and sexual orientation
  • Details of any health conditions or disabilities
  • Details of your racial or ethnic origin
  • Data concerning your immigration or citizenship 

Our sources of personal data

We collect personal data from various sources both directly from you, and from third parties. This includes, but is not limited to:

Data obtained directly from you:

  • When you complete one of our online or paper forms, tenancy agreements, licences or leases
  • When you contact us by post, email, online forms and telephone
  • In person when we meet with you
  • When you and/or your property are captured on CCTV

Data may also be obtained from other sources, for example:

  • Partner organisations, specialist care providers, charities, the NHS, police and fire service
  • Local, regional and national government, including but not limited to government departments, agencies and bodies
  • Other housing providers and landlords
  • Credit reference agencies and financial institutions
  • Councillors, MPs or other representatives acting on your behalf
  • Private landlords, estate agents or mortgage brokers
  • Solicitors or legal representatives

Who we share personal data with

We may share information between the GreenSquareAccord group of companies, or with others where we have a lawful basis to do so including, but not limited to:

  • Partner organisations including specialist care providers, charities, the NHS, police and fire services, and crime reduction partnerships
  • Government departments including the Ministry of Housing, Communities and Local Government, The Home Office, The Department for Work and Pensions, HM Courts and Tribunals Service and HMRC
  • Local authorities
  • Regulatory authorities including the Regulator of Social Housing, The Housing Ombudsman and the Information Commissioner’s Office
  • Data processors or contractors who are carrying out services on our behalf
  • Utility providers
  • Interpretation services
  • Appointed solicitors, surveyors and mortgage brokers and lenders who will be acting on either our or your behalf through the sale process

Continuous Recording of Social Housing Lettings and Sales (CORE)

Data is gathered by the Ministry of Housing, Communities & Local Government under CORE for statistical purposes. Some of this data is sensitive personal information. To find out how your data is used, visit the Ministry of Housing, Communities & Local Government website.

Information for customers

Our purpose for collecting your data

The personal data you provide will be used to:

  • Manage your tenancy or provide a care, support or ancillary service
  • Keep your files/account information up to date
  • Comply with the law for safeguarding, data privacy, financial transactions, health and safety and landlord responsibilities
  • Conduct research to improve services
  • Investigate complaints, grievances, policy compliance and queries
  • Support physical security, crime deterrence and investigation
  • Make representation during disputes, litigation or conflict resolution

The categories of data that we collect

Typically, we will collect the following information for the residents of a household.

  • Full name and proof of identity/photo ID
  • Basic details, such as gender and date of birth
  • National Insurance number
  • Contact details such as phone, email, correspondence address
  • Details of next of kin, nominated representatives, children and family relationships
  • Banking details if you pay your rent by Direct Debit
  • Proof of your eligibility to housing and if you have any interest or equity in any other property 

We may also collect additional data on a case-by-case basis including:

  • Audio, video, CCTV and still photographic images
  • Digital identifiers such as IP address
  • Your vehicle registration number

Some of the data we collect is more sensitive and requires additional protection, such as special category data and details of any criminal convictions. The sensitive information which we collect, and process includes:

  • Details of any criminal convictions, offences or court orders
  • Equality/diversity data including gender identity and sexual orientation
  • Details of any health conditions or disabilities
  • Details of your racial or ethnic origin
  • Data concerning your immigration or citizenship status

Our sources of personal data

We collect personal data from various sources both directly from you, and from third parties. This includes, but is not limited to:

Data obtained directly from you:

  • When you complete one of our online or paper forms, tenancy agreements, licences or leases
  • When you contact us by post, email, online forms and telephone
  • In person when we meet with you
  • When you and/or your property are captured on CCTV

Data may also be obtained from other sources, for example:

  • Partner organisations including specialist care providers, charities, the NHS, police and fire service
  • Local, regional and national government, including but not limited to government departments, agencies and bodies
  • Other housing providers and landlords
  • Regulators and the Housing Ombudsman Service
  • Councillors, MPs or other representatives acting on your behalf
  • Utility providers, insurance services and solicitors
  • Estate maintenance and partner contracting companies
  • Friends, family, other residents or members of the public
  • Interpretation services

Who we share personal data with

We may share information between the GreenSquareAccord group of companies, or with others where we have a lawful basis to do so including, but not limited to:

  • Partner organisations including specialist care providers, charities, the NHS, police and fire services, and crime reduction partnerships
  • Government departments including the Ministry of Housing, Communities and Local Government, The Home Office, The Department for Work and Pensions, HM Courts and Tribunals Service and HMRC
  • Local authorities
  • Training providers or learning institutions (for our involved customers)
  • Members of parliament and councillors
  • Regulatory authorities including the Regulator of Social Housing, the Housing Ombudsman and the Information Commissioner’s Office
  • Data processors or contractors who are carrying out services on our behalf
  • Utility providers
  • Interpretation services
  • Insurance services
  • Solicitors
  • Other housing providers and landlords

Continuous Recording of Social Housing Lettings and Sales (CORE)

Data is gathered by the Ministry of Housing, Communities & Local Government under CORE for statistical purposes. Some of this data is sensitive personal information. To find out how your data is used, visit the Ministry of Housing, Communities & Local Government website.

Information for job applicants

Our purpose for collecting your data

The information provided by you (or by a third party such as a recruitment agency), will be used to assess your application to work for GreenSquareAccord.

The personal data you provide will be used to:

  • Process your job application
  • Assess your suitability for the role which you have applied for
  • Contact you about the recruitment process

Typically, we will collect the following information for employees and prospective employees:

  • Personal contact details such as your name, address, contact telephone numbers (landline and mobile) and personal email addresses
  • Detailed personal information such as age, gender, date of birth, National Insurance number, information about your marital status, next of kin, dependants and emergency contacts
  • Recruitment information including references and other information included in a CV or cover letter or as part of the application process
  • Information about your entitlement to work in the UK, including a copy of your passport or similar photographic identification and /or proof of address documents
  • A copy of your driving licence
  • Employment and education history including your qualifications, job application, employment references, right to work information and details of any criminal convictions that you declare
  • Security and DBS check details including basic checks and enhanced disclosures according to your role
  • Details of criminal convictions

Some of the information which we collect will be special categories of personal data (also called sensitive personal data), which includes information about your health and racial or ethnic origin.

Our sources of personal data

We collect personal data from various sources both directly from you, and from third parties. This includes, but is not limited to:

Data obtained directly from you, for example:

  • When you complete our application forms
  • When you provide a CV or resume
  • From your passport or other identity documents such as your driving licence
  • Through correspondence with you or through interviews, meetings or other assessments

Data may also be obtained from other sources, for example:

  • Recruitment agencies
  • Your former employers
  • Employment background and criminal record check providers
  • Credit reference agencies

We may also record factual information from time to time and any action we take, so we have a record of what happened. If you make a complaint, we will keep the details separate from our other information about you.

Who we share personal data with

We may share information between the GreenSquareAccord group of companies, or with others where we have a lawful basis to do so including, but not limited to:

  • Internally, including with members of the People and Finance teams (including payroll), your line manager, managers in the business area in which you work and IT employees, if access to the data is necessary for performance of their roles
  • Third parties to obtain pre-employment references from other employers, obtain employment background checks or criminal records checks
  • Banks, for example to carry out payments through a secure system

We may share your data with others who have a legal right to request information from us for their own purposes:

  • Utility companies
  • Debt collection agencies acting for others
  • For crime prevention or detection, risk assessment, insurance, resolution of complaints or other issues
  • Local authorities, safeguarding boards, regulators, government departments and other public authorities, such as for safeguarding, preventing payment errors or fraud
  • The police, fire service, health authorities or medical practitioners
  • Regulatory bodies (such as the Care Quality Commission, Housing Ombudsman Service or the Regulator of Social Housing)

We will not give anyone else access to your information in return for payment for their marketing or commercial purposes.

Information for colleagues

Our purpose for collecting your data

We use this information to manage our contract with you, to give you access to the systems you need for your role and manage our human resources processes. We will also use it for legal and regulatory purposes. 

The personal data you provide will be used to:

  • Fulfil our contract with you
  • Manage employees, support workers and contractors
  • Manage the payment of your salary, pension and other employment related benefits.
  • Administer statutory and contractual leave entitlements such as holiday or maternity leave.
  • Assess your performance
  • Conduct pay and grading reviews
  • Deal with any employer / employee related disputes.
  • Monitor your compliance with our policies and procedures
  • Identify training needs
  • Ensure the security of our premises, IT systems and employees
  • Comply with our legal obligations and for equal opportunities monitoring
  • Ensure the health, safety and wellbeing of our employees

The categories of data that we collect

Typically, we will collect the following information for employees in addition to the data collected for job applicants:

Information related to your employment
  • Location of your employment
  • Details of any secondary employment, gift declarations or conflict of interest declarations, including whether you are a GreenSquareAccord Limited tenant, previous tenant, or related to an existing employee, board member or GreenSquareAccord Limited contractor
  • Any content featuring you such as videos, articles, blog posts and speech transcripts
  • Your responses to staff surveys if this data is not anonymised
Information related to your salary, pension and loans
  • Information about your job role and your employment contract including; your start and leave dates, salary (including grade and salary band), terms and conditions, any changes to your employment contract, working pattern (including any requests for flexible working)
  • Information about your remuneration, including entitlement to benefits such as pensions or insurance cover
  • Details of working time and any overtime, expenses or other payments claimed, including details of any loans such as for travel season tickets
  • Details of any leave including sick leave, holidays, special leave etc
  • Pension details including membership of both state and occupational pension schemes (current and previous)
  • Your bank account details, payroll records and tax status information
  • Details relating to Maternity, Paternity, Shared Parental and Adoption leave and pay, including applications for leave, copies of paperwork and certificates and any other relevant documentation relating to the nature of the leave you will be taking
Information relating to the performance of your role
  • Information relating to your performance at work e.g. probation reviews, Personal Development Reviews, promotions
  • Details of your schedule including days of work and working hours and attendance records
  • Information regarding grievances and investigations to which you may be a party or witness
  • Disciplinary records including documentation related to any investigations, hearings and warnings/penalties issued
  • Whistleblowing concerns including those raised by you, or to which you may be a party or witness
  • Information related to your training history and development needs
  • Photographs, CCTV footage and other electronic information, such as swipe card records including information about your use of our information and communications systems
Information relating to your health and wellbeing and other special category data
  • Health and wellbeing information either declared by you or obtained from health checks, eye examinations, occupational health referrals and reports, sick leave forms, health management questionnaires or fit notes i.e. Statement of Fitness for Work from your GP or hospital
  • Accident records if you have an accident at work
  • Details of any desk audits, access needs or reasonable adjustments.
  • Information you have provided regarding Protected Characteristics as defined by the Equality Act for the purpose of equal opportunities monitoring (including racial or ethnic origin, religious beliefs, disability status, gender identification, social mobility and caring responsibilities)
  • Any information you provide to any of our equality and diversity networks

Our sources of personal data

We collect personal data from various sources both directly from you, and from third parties. This includes, but is not limited to:

Data obtained directly from you, for example:

  • When you complete our application forms
  • When you provide a CV or resume
  • From your passport or other identity documents such as your driving licence
  • From other forms completed by you at the start of or during employment (such as benefit nomination forms)
  • Through correspondence with you or through interviews, meetings or other assessments

Data may also be obtained from other sources, for example:

  • Our partner organisations and third parties
  • Recruitment agencies
  • Your former employers
  • Employment background and criminal record check providers
  • Credit reference agencies

We may also record factual information from time to time and any action we take, so we have a record of what happened. If you make a complaint, we will keep the details separate from our other information about you.

Who we share personal data with

We may share information between the GreenSquareAccord group of companies, or with others where we have a lawful basis to do so including, but not limited to:

  • Internally, including with members of the People and Finance teams (including payroll), your line manager, managers in the business area in which you work and IT employees, if access to the data is necessary for performance of their roles
  • Third parties to obtain pre-employment references from other employers, obtain employment background checks or criminal records checks
  • Banks, for example to carry out payments through a secure system
  • Companies that assist us in mailing out our letters, leaflets and newsletters
  • Driver management service providers
  • Health service providers
  • IT providers who own or manage the computers, phones or systems we use
  • Lease car providers
  • Our professional advisors and providers of financial services
  • Payroll service providers
  • Benefit providers

We may share data with partner organisations whose purposes dovetail with ours:

  • Training providers or learning institutions
  • Local authorities and government departments who provide relevant services
  • The police, fire services, health authorities or medical staff who provide services

We may share your data with others who have a legal right to request information from us for their own purposes:

  • Utility companies
  • Debt collection agencies acting for others
  • For crime prevention or detection, risk assessment, insurance, resolution of complaints or other issues
  • Local authorities, safeguarding boards, regulators, government departments and other public authorities, such as for safeguarding, preventing payment errors or fraud
  • The police, fire service, health authorities or medical practitioners
  • Regulatory bodies (such as the Care Quality Commission, Housing Ombudsman Service or the Regulator of Social Housing)

We will not give anyone else access to your information in return for payment for their marketing or commercial purposes.

Information for visitors and others

Our purpose for collecting your data

The personal data you provide will be used to:

  • Manage visitor access and maintain building security
  • Protect the safety of colleagues, residents, and visitors
  • Comply with health and safety and safeguarding requirements
  • Assist with emergency or incident response
  • Keep records of visits for audit, compliance, or contractual reasons

The categories of data that we collect

Typically, we will collect the following information for visitors:

  • Your name
  • Contact details (e.g. phone number, organisation, vehicle registration number)
  • Date and time of arrival and departure
  • Images from CCTV systems (where in operation)
  • Photographs or ID details (for security or safeguarding purposes)
  • Health or access information, if you share this with us (e.g. for emergency evacuation planning or visitor accessibility needs)

How we collect your data

We collect personal data from various sources both directly from you, and from third parties. This includes, but is not limited to:

Data obtained directly from you:

  • When you sign in manually using a paper visitor book or digitally using an electronic sign-in system or tablet
  • Through building security systems and CCTV cameras that operate in and around our buildings
  • Through correspondence with you by telephone, post, email or calendar invitations, online forms or booking systems
  • Through Incident reports, accident books, or safeguarding records

Data may also be obtained from other sources, for example:

  • Your employer or organisation, when they book a meeting or site visit on your behalf
  • A contractor or partner organisation, if you are visiting as part of a service or project delivery
  • Event organisers or training providers hosting sessions at our premises
  • Regulators, care providers, or local authorities, where visits relate to audits, inspections, or service delivery
  • In some cases, security contractors or reception management services may collect visitor details under our instruction

Who we share personal data with

We may share information between the GreenSquareAccord group of companies, or with others where we have a lawful basis to do so including, but not limited to:

  • We may share your information with
  • Security, facilities management, or IT contractors who maintain our systems
  • Emergency services or regulatory bodies, if required by law
  • Our insurers or legal advisers, in the event of an incident

We will not give anyone else access to your information in return for payment for their marketing or commercial purposes.

Our lawful basis for processing personal data

We must have a valid lawful basis in order to process personal data. Throughout processing, the legal basis we rely upon for processing personal data about you falls into one of the following six categories:

  • Consent: You provide us with consent
  • Contract: We enter into a contract with you – this includes pre-contractual processing
  • Legal obligation: In scenarios where we have to comply with other laws
  • Vital interests: To safeguard your life or the life of someone else connected to you
  • Public task: For the performance of a task carried out in the public interest
  • Legitimate interest: Where we are pursuing the legitimate interest of the business – however, our legitimate interests cannot override yours

Our lawful basis for processing special category data:

  • Explicit consent: You provide us with explicit consent
  • Employment and social protection: In relation to the provision of housing and care services
  • Vital interests: To safeguard your life or the life of someone else connected to you
  • Where you make information public: For example on social media
  • Substantial public interest: To ensure the equality of opportunity and treatment
  • When we have to mount or defend a legal challenge

How long we keep your personal data for

The purpose for processing your personal data, will determine the length of time it remains under our control. The length of time personal data remains under our control is referred to as the ‘retention period’.

We document retention periods for data processing activities in our retention schedule. If you would like to know how long we keep your personal data for a specific processing activity, please email data.protection@greensquareaccord.co.uk.

How we protect personal data under our control

GreenSquareAccord uses a combination of organisational and technical measures to keep personal data safe.

We do this by:

  • Hiring professionals with subject matter expertise to advise, plan, strategise and implement appropriate organisational and technical measures
  • Providing training to people joining our organisation, to educate them about what to do, why, when and how to do it
  • Investing in digital technology and physical security
  • Conducting data protection impact assessments before procuring new systems or modifying legacy systems
  • Carrying out periodic internal and external audits to assess compliance and security standards
  • Learning from the mistakes of others and past mistakes we have made
  • Disposing of data and retired hardware responsibly

Your rights over the personal data under our control

The UK GDPR provides the following rights to individuals:

  • Right to be informed: We have to tell you why, what, how, and with whom we share your personal information.
  • Right of access: You may ask to see your personal information under our control.
  • Right of rectification: If for any reason your personal information under our control is not accurate, you have the right to have it updated.
  • The right to erasure: Under certain circumstances, you can instruct us to erase your personal information. If this right applies to the particular processing, we will delete your personal information from our systems.
  • Right to restrict processing: Sometimes, you might want us to suspend processing for a limited period. For example, you may want us to hold on to your data even after the retention period expires, because you envisage a need for it. Our data protection officer will let you know whether your instruction to restrict processing was upheld or not and why.
  • Right to data portability: If you require your personal data to be sent to another controller, or you would like a copy for yourself, this right allows you to request it from us in a digital format.
  • Right to object: When we use legitimate interest as our lawful basis for processing, it cannot be used to override your interests. If we use this lawful basis, you have the right to object to the processing.
  • Rights in relation to automated decision making and profiling: If we use systems that make decisions without human intervention, you may have the right to request for the processing to be carried out in whole or in part by a living person. There are restrictions to exercising this right. One such restriction is when we are processing your personal data with the intent to enter into a contract with you.
  • Right to withdraw consent: If we required your consent before processing your personal data, you have the right to withdraw that consent at any time during processing.

How to exercise your personal data rights

When you exercise any of these rights, we refer to your action as an Information Rights Request. You can make a request at any time through any avenue where we interact with you and collect your personal data. We aim to respond to all valid requests within one month of receipt. If you’re not satisfied with our response, you can complain directly to the Information Commissioner’s Office (ICO), who oversees data protection law in the UK 

The Information Commissioner’s Office

You have the right to refer unresolved data protection issues to the Information Commissioner’s Office (ICO). The ICO is the data protection supervisory authority in the UK.

Contact the ICO

Online:
https://ico.org.uk/make-a-complaint/

Email:
icocasework@ico.org.uk

Phone:
0303 123 1113

Post:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Frequently asked questions

Am I authorised to make a data subject access request?

The information below will help you determine whether you are authorised to make a DSAR. All DSARs are subject to identity checks, which may include a request to see one or more of the below:

  • A valid or ‘in date’ nationally accepted photo ID – passport, driving licence, citizen or NUS card
  • Correspondence from a public authority dated within the last three months
  • Proof of residence or utility bill dated within the last three months
  • Valid proof of parental rights

Who can make a valid request

  • For a child under the age of 13: A parent, guardian, foster parent, advocate or legal representative
  • For a young person between 13-16 years of age: The individual, a parent, guardian, foster parent, advocate or legal representative
  • For a person 16 years of age and older: The individual, a nominated person, advocate or legal representative
  • For a person older than 16 years of age but without capacity to consent (due to ill health or disability): A parent, guardian, advocate or legal representative
  • For a deceased person: Person named in the letter of administration or an executor with grant of probate

What happens if GreenSquareAccord need more information to process my request?

If your request is not clear or it appears excessively demanding and burdensome, we might seek more information from you. If this is required, the team will get in touch via your preferred method of contact. You could be asked to:

  • Clarify the reason for requesting access
  • Provide a date or time range
  • Narrow your request to relevant records only.

When we do this, we will normally allow you 14 days to respond. During these 14 days, the one month calendar countdown will be paused.

Can GreenSquareAccord refuse to process my request?

Yes. A DSAR may be refused when:

  • A requester has made more than two repetitive requests within the current calendar year
  • Our data protection officer judges the request to be manifestly unfounded or excessive in nature
  • There are legal prohibitions or safeguarding concerns for the requester or other persons at that particular time.

The team dealing with your DSAR will let you know our decision in good time and in any case no later than one calendar month.

Is GreenSquareAccord compliant with the national data opt-out?

We review all our data processing annually to assess if the national data opt-out applies. We also assess all new processing requirements to see if the national data opt-out applies.

If any data processing falls within scope of the national data opt-out, we use the secure Message Exchange for Social Care and Health (MESH) to check if any of our service users have opted out of their data being used for this purpose.

At this time, we do not share any data for planning or research purposes for which the national data opt-out would apply. We review all the confidential patient information we process annually to see if this is used for research and planning purposes. If it is, then individuals can decide to stop their information being shared for this purpose.

For more about national data opt-out, please visit the NHS website.

How do I make a request for data on behalf of my organisation?

In certain circumstances, in line with this privacy agreement, we will share data and CCTV with public authorities and other organisations. If you would like to request information on behalf of an organisation listed below, you must complete the Third Party Data Disclosure Request Form and submit it to our Data Protection team:

  • The emergency services – fire service, ambulance and NHS
  • Local authorities, government departments, members of parliament and councillors
  • Academic institutions
  • Regulatory authorities
  • Specialist care provider organisations and charities
  • Utility providers
  • Insurance services and solicitors

If you are requesting information on behalf of the police, you must submit police service DP1 form to data.protection@greensquareaccord.co.uk 

Data Subject Access Request Forms

  • Data Subject Access Request Form (Word)

  • Data Subject Access Request Form (PDF)