Privacy and Cookies Policy
How We Use Your Information
This privacy notice tells you what to expect when we collect personal information. It applies to information we collect about:
- visitors to our websites
- people who use our housing and support services
- job applicants and our current and former employees
Visitors to our Website
When someone visits our website we collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. We collect this information in a way which does not identify anyone. If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.
We operate online accounts for some users of our services and we will manage these accounts using industry standard security. Users are responsible for looking after log on and password details and should be aware that we never contact our service users to ask for their online account details
Cookies are small text files that are placed on your computer by web sites that you visit. They are widely used in order to make web sites work, or work more efficiently.
To help us improve our Web Site, we use Google Analytics which uses only first-party cookies. Google Analytics collects information in anonymous form, including the number of visitors to our Web Site, where visitors have come from, the pages they have visited and the files they have downloaded. We do not use any other cookies.
You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies; go to the Help menu on the menu bar of your browser, which should provide you with a range of options in respect of cookies. However, if you select this setting you may be unable to access certain parts of the Web Site.
To learn more about cookies go to http://cookiecentral.com
People who call our Contact Centre
When you call our contact centre we collect Calling Line Identification (CLI) information. We use this information to help improve its efficiency and effectiveness.
We record calls for training and monitoring purposes. Additionally, our call handlers will make a record of your call in order to manage your query. We may need to share information with other organisations within or outside Pennaf Group in order to respond to your call, for example so that we can organise maintenance or repairs or other support. We will usually tell you if it is necessary for us to pass information on to other organisations
People who Email Us
Any email sent to us, including any attachments, may be monitored and used by us for reasons of security and for monitoring compliance with office policy. Email monitoring or blocking software may also be used. Please be aware that you have a responsibility to ensure that any email you send to us is within the bounds of the law.
People who make a Complaint to us
When we receive a complaint from a person we make up a file containing the details of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint.
We will only use the personal information we collect to process the complaint and to check on the level of service we provide. If a complainant doesn’t want information identifying him or her to be disclosed to any person that the complaint is about, we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis.
We will keep personal information contained in complaint files in line with our retention policy. This means that information relating to a complaint will be retained for two years from closure. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.
Similarly, where enquiries are submitted to us we will only use the information supplied to us to deal with the enquiry and any subsequent issues and to check on the level of service we provide.
People who use our services
We hold the details of the people who request and use our services so that we can provide these services and for other closely related purposes. For example, we use information about our service users to develop and improve our services and to make sure we are delivering services to different groups fairly
We do not usually share information about our service users with others unless they agree or unless we have a legal obligation to share information (for example in order to protect vulnerable people).
If because of the type of service we are providing, we think it will be necessary for us to share information with other organisations we will usually tell you about this.
We do not sell your information to any third party, but in certain limited circumstances we may disclose your personal information to:
- any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 736 of the UK Companies Act 1985; and/or
- third parties:
- if we are under a duty to disclose or share your personal data in order to comply with any legal obligation;
- in order to enforce or apply our terms and conditions and other agreements;
- to protect the rights, property, or safety of Pennaf Group, our customers, or others;
- to investigate or prevent a crime. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction;
- to obtain any professional advice; and/or
- with your consent.
We will also use details of our service users to keep them informed about additional services that may be of interest to you provided you have agreed to be contacted for such purposes. We will always give you the opportunity to opt out of receiving marketing communications.
Job Applicants, Current and Former Employees
When individuals apply to work for us, we will only use the information they supply to us to process their application and to monitor recruitment statistics. Where we want to disclose information to a third party, for example where we want to take up a reference or obtain a ‘disclosure’ from the Criminal Records Bureau we will not do so without informing them beforehand unless the disclosure is required by law.
Personal information about unsuccessful candidates will be held for 12 months after the recruitment exercise has been completed; it will then be destroyed or deleted. We retain de-personalised statistical information about applicants to help inform our recruitment activities, but no individuals are identifiable from that data.
Once a person has taken up employment with us, we will compile a file relating to their employment. The information contained in this will be kept secure and will only be used for purposes directly relevant to that person’s employment. Once their employment with us has ended, we will retain the file in accordance with the requirements of our retention schedule and then delete it.
Access to Personal Information
We try to be as open as we can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’ under the Data Protection Act 1998. If we do hold information about you we will:
- give you a description of it;
- tell you why we are holding it;
- tell you who it could be disclosed to; and
- let you have a copy of the information in an intelligible form.
To make a request for any personal information we may hold you need to put the request in writing addressing it to the Data Protection Officer at firstname.lastname@example.org at the address provided below.
If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.
If we do hold information about you, you can ask us to correct any mistakes by, once again, writing to the Data Protection Officer at email@example.com
Keeping Information Secure
Because we respect your privacy we make sure that our IT systems are secure. We have detailed policies that all our staff must follow in relation to confidentiality and data security. These policies apply to computerised information and to paper files. You should however be aware that email enquiries submitted to us are transmitted by insecure means and are stored off line. Pennaf Group can accept no responsibility or liability for the security of personal information transmitted to us via email or the internet
We have signed up to the WASPI and follow its guidelines whenever we share information with social care and healthcare bodies in Wales. When we share personal information with other agencies on a regular basis we comply with the Information Commissioner’s Data Sharing Code of Practice.
Changes to this Privacy Notice
We keep our privacy notice under regular review. This privacy notice was last updated on April 2014Tweet