This Privacy Notice tells you what to expect when Radian processes personal information. It applies to information about applicants, residents/customers and other service users. It tells you the purposes for which we may process your personal information and the legal basis for the processing (‘processing’ includes us just keeping your personal information).
The Radian group of companies are controllers of personal information for the purposes of the General Data Protection Regulation (‘GDPR’)1 . These companies include/are:
They trade under the names of Radian, Radian Homes and SMART.
Radian needs to collect, process and store personal information about you and other household members (when you provide information about household members we assume that you do so with their full knowledge and consent) in order to operate as a registered provider of housing and deliver efficient and effective services.
Legal basis for processing
Our main legal basis for processing personal data is where it is necessary for the purposes of the legitimate interests pursued by Radian or by a third party to process your information. We can do that so long as we do not interfere with your fundamental rights or freedoms.
The other reasons we can rely upon to process your personal information under GDPR is as follows:
The information we hold on our records concerns our relationship with you. For example:
This list is not exhaustive, as we hold records of most contacts we have with you, or about you, and we process this information so we can deliver services to you. Generally the information we hold will have been provided by you (on application or enquiry forms or when we communicate with you), but we may also hold information provided by third parties where this is relevant to your housing circumstances e.g. from social workers and health professionals (such as doctors and occupational therapists).
We will only ask for personal information that is appropriate to enable us to deliver our services. In some cases you can refuse to provide your details if you deem a request to be inappropriate. However, you should note that this may impact our ability to provide some services to you if you refuse to provide information that stops us from doing so.
How we manage your personal information
We process your personal information in accordance with the principles of GDPR.
We will treat your personal information fairly and lawfully and we will ensure that information is:
Access to personal information is restricted to authorised individuals on a strictly need to know basis.
We are committed to keeping your personal details up to date, and we encourage you to inform us about any changes needed to ensure your details are accurate.
To help us to ensure the security and confidentiality of your personal information we may ask you security questions to confirm your identity when you contact us and before we can process your call or enquiry further. We will not discuss your personal information with anyone other than you, unless you have given us prior authorisation to do so.
Periods for which we will store your personal information
We will only hold your records during the period of our relationship with you and for a set period afterwards to allow us to meet our legal obligations including resolving any follow up issues between us (for example if you live in one of our properties we will hold information about you for the duration of your tenancy).
Normally, only Radian staff will be able to see and process your personal information. However, there may be times when we will share relevant information with third parties for the purposes as outlined above, or where we are legally required to do so. When sharing personal information, we will comply with all aspects of the GDPR. Special categories of personal data about health, sexual life, race, religion and criminal activity for example is subject to particularly stringent security and confidentiality measures and we will seek your specific consent before sharing this information.
Where necessary or required, we may share information as follows:
Radian may use a data matching process, where appropriate, to prevent fraud. This involves comparing sets of data, such as the payroll or benefits records of a body, against other records held by the same or another body to see how far they match. The data is usually personal information.
Data matching allows potentially fraudulent claims and payments to be identified. Where a match is found it may indicate there is an inconsistency that requires further investigation. No assumption will be made as to whether there is fraud, error or other explanation until an investigation has been carried out.
We reserve the right to access and disclose individually identifiable information to enable us to comply with applicable laws and lawful government requests to operate its systems and to protect itself or its users. Please click here to download the Third Party Authority Form.
You have a number of rights under the GDPR:
Access to personal information
Under the GDPR, you have a right to ask us what personal information we hold about you, and to request a copy of your information. This is known as a ‘subject access request’ (SAR). SARs need to be made in writing and we ask that your written request is accompanied by proof of your identify. We have one calendar month within which to provide you with the information you’ve asked for (although we will try to provide this to you as promptly as possible).
Following your SAR, we will provide you with a copy of the information we hold that relates to you. This will not generally include information that relates to your property such as repair logs or details of contractor visits, as this is not considered personal information.
If you need us to correct any mistakes contained in the information we hold about you, you can let us know by contacting Customer Services by telephone on 0300 123 1 567 or firstname.lastname@example.org
Erasure (‘right to be forgotten’)
You have the right to ask us to delete personal information we hold about you. You can do this where:
We can refuse to erase your personal information where the personal information is processed for the following reasons:
Restriction on processing
You have the right to require us to stop processing your personal information. When processing is restricted, we are allowed to store the information, but not do anything with it. You can do this where:
If we have disclosed your personal information to third parties, we must inform them about the restriction on processing, unless it is impossible or involves disproportionate effort to do so.
We must inform you when we decide to remove the restriction giving the reasons why.
Objection to processing
You have the right to object to processing where we say it is in our legitimate business interests. We must stop using the information unless we can show there is a compelling legitimate reason for the processing, which override your interests and rights or the processing is necessary for us or someone else to bring or defend legal claims.
Withdrawal of consent
You have the right to withdraw your consent to us processing your information at any time. If the basis on which we are using your personal information is your consent, then we must stop using the information. We can refuse if we can rely on another reason to process the information such as our legitimate interests.
Right to data portability
The right to data portability allows us to obtain and reuse your personal data across different services. It allows us to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way. The right only applies to personal data you have provided to us where the reason we are relying on to use the information is either your consent or for the performance of a contract. It also only applies when processing is carried out by us using automated means.
Changes to this Privacy Notice
We keep our privacy notice under regular review and will place any updates on our website; you will be notified of any major changes to it.
For further information on how to request your personal information and how and why we process your information, you can contact us using the details below:
Data Protection Officer,
Hampshire SO50 6AD
Tel: 0300 123 1 567
The Information Commissioner’s Office (ICO) is also a source of further information about your data protection rights. The ICO is an independent official body, and one of their primary functions is to administer the provisions of the GDPR.
You have the right to complain to the ICO if you think we have breached the GDPR. You can contact the ICO at:
Information Commissioner’s Office,
Cheshire SK9 5AF
0303 123 1113
Page last updated 18 May 2018
1 By this we mean the Regulation as supplemented and amended by the Data Protection Act 2018
2 Special categories of personal data is defined within the GDPR and covers racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a person’s sex life or sexual orientation