This website uses cookies. By continuing to browse the site you are agreeing to our use of cookies. For more details about cookies and how to manage them, see our cookie policy.

Learn More CONTINUE

From 1 February 2024, Bury Council is responsible for managing and maintaining all council homes previously supported by Six Town Housing.
Please use this website and other contact points as usual. Further information is also available on the council’s website.
Find out more here: Six Town Housing Update

Your Data Protection Rights

More +
  1. Home
  2. Privacy Policy
  3. Your Data Protection Rights

Your Data Protection Rights

This data protection framework places obligations on organisations and strengthens the rights that individuals have over the processing of their personal information.

The UK General Data Protection Regulation (UK GDPR) as supplemented by the UK Data Protection Act 2018 has legal effect. 

The Greater Manchester Authorities have produced this guide to explain your enhanced rights and how we will deal with any requests we may receive from you.

You can also obtain full information about your rights from the Information Commissioner’s Office (ICO). The ICO is the UK's independent regulator responsible for upholding and enforcing the rights of individuals under data protection law.

In brief, you have the following rights:

  • the right to be informed
  • to ask us for access to copies of the personal information we hold about you through a Subject Access Request
  • to ask us to rectify your personal information if it is inaccurate or incomplete
  • to ask us to stop processing your personal information, known as the 'right to object'
  • to ask us to erase personal information we hold about you, known as the 'right to be forgotten'
  • to ask us to 'restrict' the processing of your personal information, for example; restrict our access and use pending our consideration or of any objection or erasure request you have submitted
  • to ask us ensure that a decision which legally affects you is reviewed by a person if the decision has been made solely using an automated computerised process
  • to ask us to put the personal information you have given us into a portable electronic machine readable format so it is capable of being transmitted to someone else.

Please be aware that these rights are not absolute and are subject to conditions and exemptions.

In some cases the rights described above only apply if the processing activity is undertaken on specific legal grounds and/or in defined circumstances. Therefore, all of these rights are unlikely to be engaged in all cases.

This guide sets out:

  • a summary of your rights; what they are, when and how they apply
  • how you can exercise these rights; what we'll need from you and what you can expect from us
  • an explanation to the terms we have used.

Right to be informed

Access your personal information

Rectification

Objection to processing

Restriction on use or access

Right to be forgotten

Data portability

Automated decision making

Data Protection glossary

Right to be informed

Every time we seek to collect information from you, we must inform you why we need to process your personal information, including:

  • how we propose to use it
  • who we intend to share it with
  • the data safeguards we have put in place.

If we receive information about you from someone else, we will usually tell you before we use or share your personal information unless we are aware you already have this information or, where the law says this is not necessary, such as where this would be prejudicial to ongoing law enforcement/criminal investigations.

We meet these obligations in various ways depending on how you come into contact with us, including directing you to our Privacy Notice viewable on our web site.

Access your personal information

You are entitled to ask us for copies of the personal information that we hold about you, known as a Subject Access Request.

At the time of fulfilling your subject access request, we will provide the following information:

  • the reasons why it is necessary to process your personal information
  • the types of personal information we process
  • the recipients or categories of recipient to whom your personal information have been or will be disclosed, including any recipients in third countries or international organisations and if relevant, the safeguards applicable to the transfer
  • where possible, the envisaged period for which your personal information will be stored, or, if not possible, the criteria used to determine that period
  • the right to request rectification, erasure of personal information or to object or seek to restrict such processing
  • the right to lodge a complaint with a supervisory authority
  • the source(s) of any personal information we hold that has not been collected directly from you
  • whether or not decisions are made about you solely using automated means, including profiling, without human intervention and, if so, provide meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.

We will also explain if we have redacted any information that identifies third parties.

If we withhold information on the basis that it is exempt from disclosure, where it is possible to do so, we will explain the exemption(s) we are relying on and the reason why one or more exemptions apply.

In certain circumstances we may refuse to respond to your request if we consider that it is unfounded, excessive or repetitive in nature.

Rectification

You are entitled to ask us to:

  • correct inaccurate information about you
  • update the information we hold if it is incomplete.

If we agree that the personal information you have identified is factually inaccurate, we will correct it. We will:

  • endeavour to inform anyone with whom we may have shared your personal information of any correction(s) we have made so they can rectify the information they hold about you
  • tell you who the recipients of your information are if you ask us to do this so you can check they if have updated the personal information they hold about you.

If we disagree with your view that the information we hold about you is factually wrong, then in our response we will explain the basis for our decision and your right to complain to the Information Commissioner if you are not satisfied.

If you consider that personal information we hold about you is incomplete and we do not agree with this, we may offer you the option of adding a supplementary statement explaining why you consider the information we hold is incomplete.

Objection to processing

You have the right to object to us using your personal information where it is being processed for:

  • direct marketing
  • profiling whether linked to direct marketing or for other purposes
  • performing our statutory functions, tasks carried out in the public interest or when exercising official authority
  • our legitimate interest or those of a third party
  • scientific/historical research/statistics where
  • this is likely to cause substantial damage or substantial or distress, or
  • involves decision-making about an individual.

If you object to us using your personal information for direct marketing (or profiling linked to direct marketing) we will cease processing for this purpose(s).

If you object to the use of your personal data for scientific/historical research or statistical purposes on one or both of the above grounds, we will carefully consider your request and let you know the outcome. It may not always be possible to meet your objection if for example, the processing is carried out for the purpose of measures or decisions with respect to particular individuals where this is in accordance the law and is necessary for specified bodies to carry out approved medical research.

Where you object to us processing your personal information for any of the other reasons above, we will:

  • consider if we have compelling legitimate grounds for continued processing; and
  • whether or not these grounds are sufficiently compelling to justify overriding your privacy rights.

Where the law requires us to process your information to meet our statutory functions and public tasks, including our law enforcement functions, it is very likely that we will not be able to comply with your request. For example, you will not be able to use this right to prevent us from:

  • collecting and administering council tax or assessing benefit entitlements
  • taking measures to protect the health and safety of our staff
  • establishing, exercising or defending our legal rights
  • pursuing criminal investigations or proceedings.

If we do not uphold your objection, we will explain our reasons in our response and your right to complain to the Information Commissioner if you are not satisfied.

Restriction on use or access

This right may be exercised in circumstances where:

  • we need time to consider your representations where you are;
  • contesting the accuracy of the personal information we hold about you; or
  • objecting to our processing of your information
  • it has already been determined the processing is 'unlawful' and you ask us to retain and 'restrict' its use
  • we no longer need to retain your personal information but you ask us to retain it for the establishment, exercise or defence of own legal claims.

If you make a request, we will let you know if we agree to restrict access to your information for one or more of the above reasons.

If we decide a restriction is appropriate, we will endeavour to notify any recipients of your personal information and let you know who they are if you ask us to do so.

Where processing is restricted, as well as storing your personal information we will only process it during the period of restriction with your consent or if it's necessary for:

  • the establishment, exercise or defence of legal claims
  • the protection of the rights of another person
  • necessary for reasons of important public interest, including for example, communicating with the Information Commissioner.

Where a restriction is applied pending a determination of 'accuracy' or any 'objection' you may have submitted, we will let you know the outcome of your representations and will notify you prior to lifting the restriction.

Where the reason for the restriction is for one of the other reasons above, the erasure of the personal information will not take place until we have resolved evidential issues with you.

We will also tell you about your right to complain to the Information Commissioner if you are not satisfied.

Right to be forgotten

You have the right to request to be forgotten, also known as 'erasure', of your personal information in defined circumstances. These defined circumstances are:

  • if we are storing your personal information for longer than is necessary or in breach of a legal obligation that requires its erasure
  • you decide to withdraw your consent and you ask us to erase your personal information where there is no other legal ground for processing
  • we have accepted an objection made by you to our processing of your personal information and you have further requested that we erase the personal information in question
  • we are processing or publishing your personal information without a legal basis for doing so;

We will carefully consider a request for erasure. Our response will outline whether or not we consider retention of your personal information is unwarranted.

There are circumstances why it may not always be possible to agree to your erasure request and we have listed a number of grounds below where it may be necessary for us to retain your information:

  • in the interests of freedom of expression (special journalistic purposes)
  • in order to comply with a legal obligation
  • for archiving in public interest
  • for public health functions in public interest
  • for exercising legal rights or defending legal claims.

If we agree to erase your personal information, we will endeavour to notify any recipients and let you know who they are if you ask us to do so.

If we refuse your request for erasure we will explain our reasons in our response and your right to complain to the Information Commissioner if you are not satisfied.

Data portability

In certain circumstances, you have the right to request that personal information you have supplied to an organisation be converted into a structured, commonly used and machine-readable format so that it can be transmitted to another organisation. This right is primarily intended to stimulate competition in the commercial sector by making it easier for consumers to switch from one supplier to another.

As most of the processing activities undertaken by us are governed by statute or as a result of legal obligations imposed on us, this right is only be engaged where:

  • we process your personal information on an automated basis, and the legal basis for our processing:
  • is based on your consent; or
  • is for entering into or the performance of a contract with you

If you make a request for the personal information you have supplied to us to be converted into a portable format where our legal basis for processing falls within one of the grounds above, we will let you know our decision and if you are not satisfied with our response of your right to complain to the Information Commissioner.

Automated decision making

In general, decisions which affect you legally or have similarly significant effects are not permitted using solely automated processing, especially if this involves the use of personal information which because of its nature, is termed 'Special' or 'Sensitive'. This is because decisions made using automated electronic programmes or software do not involve human beings.

But there are some exceptions where automated decision-making is permitted. This is where the processing:

  • is based on your explicit consent
  • is necessary for entering into or the performance of a contract with you
  • it is required or authorised by law.

Where an automated decision is made about you based on one of the reasons above, you are entitled to be:

  • informed that our processing activity involves automated decision making and to be informed about the logic involved and the likely consequences of the processing for you
  • told what measures and safeguards we have implemented to protect your privacy
  • within one month of your receipt of the above notification, you have the right to;
  • contest the automated decision
  • to ask that the automated decision be reconsidered by an appropriate person with the authority/seniority to reach a fresh decision that is not based solely on automated processing.

If you contest an automated decision and ask for it to be reconsidered, we will respond within the allowed time period and let you know whether or not this fresh decision has led to the same or a different outcome.

We will also explain your right to complain to the Information Commissioner if you are not satisfied.

Data Protection glossary

Automated Decision-Making (ADM)

Means a decision which is based solely on Automated Processing (including Profiling) which produces legal effects or significantly affects an individual. The UK GDPR generally prohibits Automated Decision-Making except in defined circumstances, subject to certain conditions and safeguards being met.

Automated Processing

Means any processing of personal information that is automated through the use of computers and computer software.

Consent

Must be freely given, specific, informed and unambiguous indication of an individuals' wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Explicit Consent

Requires a very clear and specific statement, leaving no room for misinterpretation.

Controller

Means the person or organisation (in this case us) that determines when, why and how to process personal information.

Data Protection Act 2018

Means UK legislation that repeals the 1998 Act, and provides for the role, responsibilities and enforcement powers of the Information Commissioner and sets data protection standards for processing activities that do not fall within the purview of the UK GDPR.

Data Subject

A living, identified or identifiable individual about whom we as the Controller hold personal information.

Latest due date

Means one calendar month counted from the first working day after proof of ID and any requested information is received by us, except where this falls on a weekend or a bank holiday in which case the "latest due date" is treated as the first working day after the weekend or bank holiday. The same method is applied to calculating the "latest due date" for complex requests where an extension of time is permitted and claimed.

Personal information

Means any information relating to an identified or identifiable living person. An identifiable person is anyone who can be identified, directly or indirectly, by reference to an identifier, such as a name, identification number or online identifier.

Privacy Notices

Are notices setting out the information given to you at the time we collect information from you or within a reasonable time period after we obtain information about you from someone else. These notices may take the form of an overarching privacy statement (as available on our web site) or apply to a specific group of individuals (for example, service specific or employee privacy notices) or they may be stand-alone, one time privacy statements covering processing related to a specific purpose.

Processing

Means any activity that involves the use of personal information. It includes obtaining, recording or holding the information, or carrying out any operation or set of operations on the information including organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transmitting or transferring personal information to other Recipients.

Profiling

Means the recording and analysis of a person's psychological and behavioural characteristics, so as to assess or predict their capabilities in a certain sphere or to assist in identifying categories of people.

Recipient

Means a person or organisation who receives your personal information from us. This may be a company with whom we have entered into a contract to provide services on our behalf or another Controller with whom we are either required or permitted to share personal information.

Special or Sensitive Personal information

Is information revealing racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health conditions, sexual life, sexual orientation, biometric or genetic data, and personal information relating to criminal offences and convictions.

Third Party

Is a living individual other than the person who is the data subject.

UK General Information Protection Regulation (UK GDPR)

Means the retained version of the General Information Protection Regulation ((EU) 2016/679).

© Copyright 2024 Six Town Housing
Logo