Privacy Policy


Privacy Policy

Our overall privacy notice

When we process your personal data Bromford is described as the data controller under data protection law.

Our contact details are: 

Bromford Housing Group 
Shannon Way
Tewkesbury 
Gloucestershire
GL20 8ND

www.bromford.co.uk

Our data protection officer is Chris Down. You can contact him by calling 01454 821034 or emailing dpo@bromford.co.uk.

Please contact us if you have any questions about this statement, information we hold about you or our overall approach to data protection and confidentiality.

Data protection and privacy policy statement

We are committed to a Privacy by Design approach to personal data which is consistent with our values.

  • we believe in privacy by default and we embed privacy into design
  • we believe in visibility and transparency and are committed to end-to-end security
  • we are proactive not reactive, preventative not remedial. We won’t trade privacy off against other objectives
  • we respect user privacy 

For further information on our commitment to ‘Privacy by Design’ please see our Data Protection & Privacy Policy.

Who we collect personal information about 

Customers - this includes current, former and potential customers who live in our properties or access our support and other services and could also include their family and people associated with them.

Colleagues - this includes current, former and potential colleagues, as well as Board and committee members, apprentices and volunteers.

Anyone who makes a complaint or enquiry and visitors to our website and offices.

Security of information

We operate a range of information and communications systems technologies for efficient operation of the business. Personal information is stored and managed within those systems which are maintained to achieve a high level of Confidentiality, Integrity and Availability (CIA) including following best practice cyber security standards.

We hold information in IT systems which may be copied for testing, backup, archiving and disaster recovery purposes.

Emailing us 

We use Transport Layer Security (TLS) to encrypt and protect email traffic in line with government guidance on email security. Most webmail such as Gmail and Hotmail use TLS by default.

We’ll also monitor any emails sent to us, including file attachments, for viruses or malicious software. You must ensure that any email you send is within the bounds of the law.

Phishing

Phishing is the name given to attempts to steal personal details and financial account information from a website user. Phishers use fake or spoof emails to lead users to counterfeit websites where the user is tricked into entering their personal details, such as credit card numbers, user names and passwords. We will never send emails asking you for such details.

Humidity monitoring in customers' homes

When you agree to humidity monitoring in your home the sensor installed will collect data such as current temperature and humidity. This data may be linked to information we ask you for about your lifestyle and will therefore be processed as personal data by us. The lawful basis for processing data relating to humidity and temperature in your home and your lifestyle is legitimate interest. 

Transfers of personal data to third countries

Personal data relating to our customers, colleagues and others is usually stored in the UK or in the European Economic Area (EEA) or other jurisdictions recognised as adequate by the UK and the European Union.

If we need to share information with organisations outside the UK, the EEA or a jurisdiction that the European Commission regards as having adequate levels of protections for personal data, we will put in place appropriate safeguards, such as contractual commitments, in accordance with applicable legal requirements, to ensure that your data is adequately protected.

What we will not do

We will not send you unsolicited marketing material. We will not sell your personal data on to third parties.

We will not pass your personal data to unrelated third parties unless we are allowed or required to do so by law, or we have your explicit permission to do so.

We will not keep a record of your card details when you provide them to make a payment for your rent or other service.

Your data, your rights

We are committed to respecting your rights when we deal with your personal data. This is part of our commitment to Privacy by Design.

You have the following rights:

  • right to be informed
  • right of access
  • right to rectification
  • right to erasure
  • right to restrict processing
  • right to data portability
  • right to object
  • rights in relation to automated decision making and profiling

Further information on your rights is available.

We only keep your data for as long as it is needed in line with our retention policy.

Changes to our privacy notice 

This privacy notice will be updated to reflect changes either to the way in which we operate or changes to the data protection legislation. To make sure that you keep up to date, we suggest that you revisit this notice from time to time.

Our other privacy notices can be found here.