Logo

Data Protection Policy

Policy Statement

Greater Manchester Tenants Union (GMTU) is a subsidiary of Tenants Union UK (TUUK)

Tenants Union UK (“TUUK”) is committed to a policy of protecting the rights and privacy of individuals, TUUK members, volunteers, staff and others in accordance with The Data Protection Act 1998. The policy applies to all voluntary and TUUK members and staff. Any breach of The Data Protection Act 1998 or TUUK Data Protection Policy is considered to be an offence and in that event, disciplinary procedures apply.

TUUK needs to collect and use certain types of information about the Individuals or Service Users who come into contact with TUUK in order to carry on its work. This personal information must be collected and dealt with appropriately whether is collected on paper, stored in a computer database, or recorded on other material and there are safeguards to ensure this under the Data Protection Act 1998 and the General Data Protection Regulation (Regulation (EU) 2016/679 which applies from 25 May 2018).

As a matter of good practice, other organisations and individuals working with TUUK, and who have access to personal information, will be expected to have read and comply with this policy. It is expected that any members or staff who deal with external organisations will take responsibility for ensuring that such organisations sign a contract agreeing to abide by this policy.

Legal Requirements

Data are protected by the Data Protection Act 1998, which came into effect on 1 March 2000. Its purpose is to protect the rights and privacy of individuals and to ensure that personal data are not processed without their knowledge, and, wherever possible, is processed without their consent.

The Act requires us to register the fact that we hold personal data and to acknowledge the right of 'subject access' - TUUK members and staff must have the right to copies of their own data. Additional protections will come into force with the General Data Protection Regulation (Regulation (EU) 2016/679 which applies from 25 May 2018

Managing Data Protection

Our details are registered with the Information Commissioner and the trading arm of TUUK, Tenants Union Services Ltd (“TUS Ltd”) is also registered. Each is represented through its nominated individual, the Data Controller, who determines for what purposes personal information is held, will be used for. They are also responsible for notifying the Information Commissioner's Office (ICO) of the data TUUK or TUS Ltd holds or is likely to hold, and the general purposes that this data will be used for, subject to any exemption to register with the ICO relevant to these organisations.

Data Collection

Informed consent is when: An individual clearly understands why their information is needed, who it will be shared with, and the possible consequences of them agreeing or refusing the proposed use of the data, and then giving their consent. TUUK will ensure that data is collected within the boundaries defined in this policy. This applies to data that is collected in person, or by completing a paper or online form.

When collecting data, TUUK will ensure that the Individual:

  1. Clearly understands why the information is needed;
  2. Understands what it will be used for and what the consequences are should the Individual/Service User decide not to give consent to processing;
  3. As far as reasonably possible, grants explicit consent, either written or verbal for data to be processed;
  4. Is, as far as reasonably practicable, competent enough to give consent and has given so freely without any duress; And
  5. Has received sufficient information on why their data is needed and how it will be used.

Purpose of data held by TUUK

Data may be held by us for the following purposes:

  1. Obtaining Legal Representation for TUUK members through our trading arm, Tenants Union Services Ltd.
  2. Fundraising
  3. Realising the Objectives of TUUK
  4. Accounts & Records
  5. Advertising, Marketing & Public Relations
  6. Information and Databank Administration
  7. Journalism and Media
  8. Processing For Not For Profit Organisations
  9. Research
  10. Political Campaigning and Lobbying
  11. Volunteer Staff Administration
  12. Offering support to our members

Disclosure

TUUK and TUS Ltd may share data with other agencies such as a local authority, funding bodies and other voluntary agencies. The Individual will be made aware in most circumstances how and with whom their information will be shared. There are circumstances where the law allows TUUK and TUS Ltd to disclose data (including sensitive data) without the data subject's consent. These are:

  1. Carrying out a legal duty or as authorised by the Secretary of State.
  2. Protecting vital interests of an Individual/Service User or other person.
  3. The Individual/Service User has already made the information public.
  4. Conducting any legal proceedings, obtaining legal advice or defending any legal rights.
  5. Monitoring for equal opportunities purposes - e.g. race, disability or religion
  6. Providing a confidential service where the Individual/Service User's consent cannot be obtained or where it is reasonable to proceed without consent: e.g. where it would wish to avoid forcing stressed or ill Individuals/Service Users to provide consent signatures.

TUUK and TUS Ltd regard the lawful and correct treatment of personal information as very important to successful working, and to maintaining the confidence of those with whom it deals.

TUUK and TUS Ltd intend to ensure that personal information is treated lawfully and correctly. To this end, TUUK and TUS Ltd will adhere to the Principles of Data Protection, as detailed in the Data Protection Act 1998 and the General Data Protection Regulation 2016.

Data Protection Principles

In terms of the Data Protection Act 1998, we are the 'data controller', and as such determine the purpose for which, and the manner in which, any personal data are, or are to be, processed. We must ensure that we have:

  1. Fairly and lawfully processed personal data
    We will always put our logo on all paperwork, and any online digital platform, stating our intentions on processing the data and state if, and to whom, we intend to give the personal data.
  2. Processed for limited purpose
    We will not use data for a purpose other than those agreed by data subjects (TUUK members, volunteers, staff and others). If the data held by us are requested by external organisations for any reason, this will only be passed on if data subjects (TUUK members, volunteers, staff and others) agree, or under strictly limited circumstances to protect the interests of the data subject or to fulfil a statutory duty as set out in The Data Protection Act 1998. Also external organisations must state the purpose of processing, agree not to copy the data for further use and sign a contract agreeing to abide by The Data Protection Act 1998 and TUUK Data Protection Policy.
  3. Adequate, relevant and not excessive
    TUUK will monitor the data held for our purposes, ensuring we hold neither too much nor too little data in respect of the individuals about whom the data are held. Periodically, we will review the data we hold. If data given or obtained are excessive for such purpose, they will be immediately deleted or destroyed.
  4. Accurate and up-to-date
    We will provide our members (TUUK members, volunteers, staff and others) with a copy of their data on request and update where relevant. All amendments will be made immediately and data no longer required will be deleted or destroyed. It is the responsibility of individuals and organisations to ensure the data held by us are accurate and up-to-date. Completion of an appropriate form (provided by us) will be taken as an indication that the data contained are accurate on that date. Individuals should notify us of any changes, to enable personnel records to be updated accordingly. It is the responsibility of TUUK to act upon notification of changes to data, amending them where relevant.
  5. Not kept longer than necessary
    We discourage the retention of data for longer than it is required. All sensitive personal data will be deleted or destroyed by us after one year of non- membership has elapsed where there is no statutory or regulatory requirement to retain it or unless specific additional consent has been obtained to retain it for a legitimate purpose.
  6. Processed in accordance with the individual's rights
    All individuals that TUUK hold data on have the right to:
    • a. Be informed upon request of all the information held about them within 40 days.
    • b. Prevent the processing of their data for the purpose of direct marketing.
    • c. Compensation if they can show that they have been caused damage by any contravention of the Act.
    • d. The removal and correction of any inaccurate data about them.
    • e. Treat people justly and fairly whatever their age, religion, disability, gender, sexual orientation or ethnicity when dealing with requests for information.
    • f. Set out clear procedures for responding to requests for information.
  7. Secure
    Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of data.
    All TUUK computers will have a log-in system and our Contact Database is password protected, which allows only authorised staff, members and officers to access personal data. Passwords on all computers are changed frequently. All personal and financial data is held in a secure database, accessible only on secure computers and can only be accessed by authorised staff, members and officers of TUUK. When using laptops in a public place care should always be taken to ensure that personal data on screen is not visible to strangers.
  8. Not transferred to countries outside the European Economic Area, unless the country has adequate protection for the individual
    Data must not be transferred to countries outside the European Economic Area without the explicit consent of the individual. TUUK takes particular care to be aware of this when publishing information on the Internet, which can be accessed from anywhere on the globe. This is because transfer includes placing data on a web site that can be accessed from outside the European Economic Area.

Glossary of Terms

Data Controller
The person who (either alone or with others) decides what personal information TUUK and TUS Ltd will hold and how it will be held or used.
Data Protection Act 1998 and General Data Protection Regulation 2016
The UK legislation that provides a framework for responsible behaviour by those using personal information.
Data Protection Officer
The person(s) responsible for ensuring that TUUK and TUS Ltd follows its data protection policy and complies with the Data Protection Act 1998.
Individual/Service User
The person whose personal information is being held or processed by TUUK and TUS Ltd for example: a client, an employee, or supporter.
Explicit consent
is a freely given, specific and informed agreement by an Individual/Service User in the processing of personal information about her/him. Explicit consent is needed for processing sensitive data.
Notification
Notifying the Information Commissioner about the data processing activities of TUUK and TUS Ltd, as certain activities may be exempt from notification.
Information Commissioner
The UK Information Commissioner responsible for implementing and overseeing the Data Protection Act 1998.
Processing
means collecting, amending, handling, storing or disclosing personal information.
Personal Information
Information about living individuals that enables them to be identified - e.g. name and address. It does not apply to information about organisations, companies and agencies but applies to named persons, such as individual volunteers or employees within TUUK and TUS Ltd.
Sensitive data - refers to data about:
  1. Racial or ethnic origin
  2. Political affiliations
  3. Religion or similar beliefs
  4. Trade union membership
  5. Physical or mental health
  6. Sexuality
  7. Criminal record or proceedings.