General Data Protection Regulation

We are Oak Tree Housing Association Ltd. We are a Scottish Charity (Scottish Charity Number SC05300), a registered society under the Co-operative and Community Benefit Societies Act 2014 with Registered Number HCB137 and having their Registered Office at 40 West Stewart Street, Greenock, PA15 1SH.

We are notified as a Data Controller with the Information Commission under registration number Z6295637 and we are the data controller of any personal data that you provide to us.

Our appointed Data Protection Officer is RGDP LLP, Level 2, One Edinburgh Quay, 133 Fountainbridge, Edinburgh EH3 9QG who can be contacted at info@rgdp.co.uk

The Association has a Data Protection Lead Officer (DP), who will take charge of the day-to-day management of data protection. The DP Lead Officer is Kirsty Davis.

Any questions relating to this notice and our privacy practices should be sent to Oak Tree Housing Association, 40 West Stewart Street, Greenock, PA15 1SH. Telephone 01475 807000, E-mail: info@oaktreeha.org.uk

We collect information about you:

• When you apply for housing with us, become a tenant, request services/ repairs, enter into a factoring agreement with us or otherwise provide us with your personal details;
• When you supply us with goods and services
• When you visit us
• When you enter into a shared ownership occupancy agreement;
• When we receive a Homeless referral or a Community Care Referral from the Health and Social Care Partnership (HSCP) or a referral from Women’s’ Aid or a referral for an adaptation;
• When you apply to become a member of the Association;
• from your use of our online services, whether to report any tenancy/ factor related issues, complete a survey, make a complaint or otherwise;
• From your arrangements to make payment to us (such as employment details, salary payment dates, benefit entitlement) & in taking any income and expenditure related information;
• During office appointments or visits to your home;
• When you enter information on our web portal
• When you use our website, through the use of cookies on our website. For more information about Cookies please see our Cookies Notice on our website.

We may collect the following information about you (and in the case of applicants, other members of your household):

• name;
• address (previous addresses);
• date of birth;
• telephone numbers;
• e-mail address(es);
• National Insurance Number;
• Date of entry/termination;
• Rent charge;
• Banking details if you pay your rent by Direct Debit and payment card details (these records are not stored);
• Employer’s details;
• Next of Kin;
• Details of anyone authorised to act on your behalf;
• Relationship to staff, members of committee & ex staff/members of committee in the last 12 months;
• Household details including dependants;
• Previous addresses;
• Medical information;
• Proof of residence (collected at home visit);
• For sharing owners, we will also collect solicitor’s details, mortgage lender details;
• For factored customers we will also collect principal home address for billing purposes;
• Other personal information that will vary on a case-by-case basis to help us resolve breach of tenancy, alleged anti-social behaviour of fraud;
• Details of any claim you might have with Inverclyde Council’s Housing Benefit Department, Discretionary Housing Benefit and Universal Credit;
• CCTV footage;
• Special Category information (for example ethnic origin, disability status, economic status, sexuality, restricted information regarding Multi Agency Public Protection Arrangements risk, medical information, language, supporting agencies and communication needs;
• Details of any repairs requested and any access arrangements;
• Details of any incident(s) which may have occurred which may pose a risk to our staff and/or contractors;
• Any complaint made by you;
• Details of any legal action we have taken relating to when a condition of your tenancy has been breached.
• Your information as a visitor, including car registration, photo if required for ID badge, name and contact details
• Your information as a supplier of goods and services, including contact details, address, bank details for payment of goods and services.

We receive the following information from third parties:

• Inverclyde Common Housing Register Partners; (ICHR)
• Benefits information, including awards of Housing Benefit/ Universal Credit from Department of Work and Pensions (DWP) and Inverclyde Council;
• Referrals from various agencies for adaptations or rehousing;
• Payments made by you to us;
• Complaints or other communications regarding behaviour or other alleged breaches of the terms of your Scottish Secure Tenancy (SST), Short SST, Occupancy Agreement, Lease, and Shared Ownership Agreement with us, including information obtained from Police Scotland and Inverclyde Council's Problem Solving Unit and Anti-Social Behavioural Team and other residents, press articles and witness statements;
• Reports as to the conduct or condition of your tenancy, including references from previous tenancies, rechargeable repairs, outstanding debt and complaints of anti-social behaviour form other RSLs;

The accuracy of your information is important to us - please help us keep our records updated by informing us of any changes to your email address and other contact information.

We need your information and will use your information:

• to undertake and perform our obligations and duties to you in accordance with the terms of our Scottish Secure Tenancy, Occupancy Agreement and Factoring Agreement with you;
• To process your online housing application and ensure that allocation of housing is made according to our policy;
• To record voids, shared ownership transactions and allocations made;
• To process all referrals e.g., Community Care, Homeless and Women’s Aid Referrals and ensure that allocation of housing is made correctly;
• To record incidents of unacceptable behaviour including health and safety information to protect staff and contractors;
• To consider adaptations to housing;
• To manage the rent account, rent collection, factoring account and debt collection;
• For reporting statistical information including Annual Return Charter and Committee reports;
• to enable us to supply you with services and information which you have requested;
• to enable us to respond to your repair request, housing application and complaints made, Universal Credit and Housing Benefit applications;
• to analyse the survey information that we collect so that we can administer, support and improve and develop our business and the services we offer;
• to contact you in order to deliver services or to send you details of any changes to our contractors or suppliers which may affect you;
• For publicity and PR information;
• for all other purposes consistent with the proper performance of our operations and business; and
• to contact you for your views on our products and services including our customer newsletters, where you have or have had a tenancy, occupancy agreement or factoring agreement with us and you have not opted out from receiving these messages.

Where you have entered into a contract with us (a lease, for example) we will process your personal data in order to implement that contract and to carry out our contractual obligations and exercise our contractual rights.

Where we are performing one of the following statutory public functions, we are processing your personal data because it is necessary for us to perform a task carried out in the public interest:

• the prevention and alleviation of homelessness;
• the management of social housing accommodation (i.e., where an RSL has granted a Scottish secure tenancy or short Scottish secure tenancy);
• the provision and management of sites for gypsies and travellers; and
• supplying information to the Scottish Housing Regulator in relation to its financial well-being and standards of governance.

In other cases, we have a legitimate interest in processing personal data which allows us to provide you with a better customer service and to promote our work, to use CCTV and phone recordings, and for void property management

We may process your personal data if there is a recognised legitimate interest, as defined under the Data (Use and Access) Act 2024 and by the relevant Secretary of state for example for the purposes of national security, public security, defence, responding to emergencies, preventing or detecting crime, safeguarding children or individuals at risk.

We may also process your personal data as required by law and to comply with a legal obligation to which we are subject.

In some cases, we may require your consent to process certain types of personal data. Where we seek consent from you, we will provide full details of what we are seeking consent for, so that you will be able to carefully consider whether to provide consent.

The information you provide to us will be treated by us as confidential and processed in accordance with the principles of data protection law.

We may disclose your information to other third parties who act for us for the purposes set out in this notice or for purposes approved by you, including the following:

• If we instruct repair or maintenance works, your information may be disclosed to any contractor;
• If we are investigating a complaint, information may be disclosed to Police Scotland, Local Authority departments, Scottish Fire & Rescue Service, 1st Tier Tribunal and others involved in any complaint, whether investigating the complaint or otherwise;
• Your information may be disclosed to third parties (such as Council Tax Office, DWP, Inverclyde Council, Police Scotland and the Association’s Solicitors), contractors and software/IT providers maintaining our systems. If you have asked us to, we will share information with someone acting on your behalf;
• We will give tenancy references to other Registered Social Landlords about the conduct of your tenancy;
• If we are investigating payments made or otherwise, your information may be disclosed to payment processors, Housing Benefit Department and the DWP, Allpay and Bank of Scotland;
• If we are conducting a survey of our products and/ or service, your information may be disclosed to third parties assisting in the compilation and analysis of the survey results;
• If we process an on-line application form for you your details may be shared with the ICHR Team, staff within the partner Landlords, Police Scotland, and someone you have mandated to share your information with, elected official (e.g. MP, MSP, Councillor) and HSCP;
• If we process an application from you to purchase a shared ownership property we may share your information with our solicitors;
• If we receive a referral form for you we may share this information with partner landlords and funding agencies and we may make referrals to support agencies with your permission;
• If we are updating tenancy details your information may be disclosed to third parties (such as Utility companies and Inverclyde Council);
• When we take legal action, information will be shared with our lawyers and in the case of rent arrears court action the Homeless Service, Sherriff Officers and debt collectors;
• We hold a record of anti-social complaints and this information may be shared with ASIST Team, and Police Scotland under the agreed protocol;
• We hold a record of Service Complaints, Comments and Compliments and this information may be shared with the SPSO or the Scottish Housing Regulator;
• We send and receive text messages and this information will be shared with iTagg SMS service;
• We share information with contractors, association staff and ICHR about health and safety alerts to promote safety;
• We grant access to our external auditors, internal auditors, the Scottish Housing Regulator, OSCR, or anybody carrying out and audit of our services or systems;
• If we enter into a joint venture or merge with another business entity, your information may be disclosed to our new business partners;
• Home Connections if you complete an on-line application for housing;
• We may share your contact details collected for Test and Protect Covid-19 purposes with the Scottish Government, if someone who has tested positive for COVID-19 has attended our premises.

Unless required to do so by law, we will not otherwise share, sell or distribute any of the information you provide to us without your consent.

Some systems suppliers we use may store your personal data in countries outside the UK and EEA. If we do transfer your personal information outside the UK or EEA to our suppliers, we will put in place a contract with the supplier that means they must protect it to the same standards as the UK and EEA.

Our computer systems and network storage systems are all password protected, they are managed and monitored by specialist security software. Internal security permissions are used to manage access to files so only the relevant staff required to use the data have access to it.

Access to our computer databases and systems may be granted to IT Support Contractors, Software Providers doing maintenance and any other 3rd Party we have working on our computer network, communications software or systems. We take steps to ensure those third parties are covered by their own policies and our addendum to any contract or data sharing agreement.

We review our data retention periods regularly and will only hold your personal data for as long as is necessary for the relevant activity, or as required by law (we may be legally required to hold some types of information), or as set out in any relevant contract we have with you.

Information will be destroyed if it is no longer required for the reasons it was obtained.

You have the right at any time to:

• ask for a copy of the information about you held by us in our records;
• require us to correct any inaccuracies in your information;
• make a request to us to delete what personal data of your we hold;
• ask us to restrict the processing of your data;
• ask us to transfer your personal information to another organisation;
• ask for human intervention or challenge a decision made by automated decision making; and
• object to receiving any marketing communications from us.

When you make a request, we are required to verify your identity and may ask you for specific information to fulfil this purpose. Normally, you will not need to pay a fee when you make any of the above requests, but we may charge a reasonable fee or refuse to comply if your request for access is clearly unfounded or excessive

If you would like to exercise any of your rights above, please contact us at info@oaktreeha.org.uk

You should note that not all rights under the UK GDPR and Data Protection Act 2018 are absolute and are subject to qualification.

Queries and Complaints

If you are not satisfied with our handling of your request or have any other data protection related issue, in the first instance, you have the right to contact us with your complaint so that we can investigate, any complaints should be marked ‘GDPR Complaint’ and should be sent to our Data Protection Officer whose contact details are:

RGDP LLP
Level 2
One Edinburgh Quay
133 Fountainbridge
EH3 9QG
T: 0131 222 3239
E: info@rgdp.co.uk

If you still remain unsatisfied after your complaint has been processed by us, you also have the right to complain to the Information Commission in relation to our use of your information. The Information Commission contact details are noted below:

The Information Commission–
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
0303 123 1113
www.ico.org.uk

Dated 22nd July 2025
Document Owner Kirsty Davis
Approved By DPO RGDP LLP
Review Date July 2025