Privacy statement

Laws apply to Acis’ use of anyone’s personal information and everyone has rights regarding how their personal information is handled. We have published this Statement to tell you:

• What information we may collect about you
• How we store your personal information
• What we use your personal information for
• Who (if anyone) we may pass it on to and how they use it, and
• Your rights as an individual

In this Privacy Statement, when we use the following words or abbreviations they will have the following meanings:

Word or abbreviation	Meaning
Board member or members	Member/s of the Acis Board of Directors
Customer	An individual who is a recipient of Acis’s services, for example tenancy services, right to buy or other outward facing services
Employee or employees	Any or all people employed whether full time or part time, permanent, temporary or fixed term contract. This Statement also applies to
Intranet	The internal Acis sharepoint system
Member or members	Member/s of any group member boards, committees or panels (e.g. Tenant Led Scrutiny Panel) and includes (but is not limited to) other people that may from time to time be involved with the operation of the organisation such as consultants, volunteers, people on work placements, interns etc.
Personal data or personal information	Information from which the identity of a living individual may be determined. Examples of Personal Data include (but are not limited to) first and last name, home or other physical address, email address, phone number, work history and other contact information.
Sensitive or special category personal data or information	This is defined as personal data consisting of information about one or more of: Racial or ethnic origin Political opinion Religious or philosophical beliefs Trade union membership Genetic or biometric data Physical or mental health or condition Sex life or sexual orientation Criminal convictions and offences as well as alleged offences
Visitor	An individual visiting our website
Website	www.acisgroup.co.uk

Your rights under data protection legislation

Acis will ensure that the rights of people about whom information is held can be fully exercised under data protection legislation. These rights are:

• The right to information – under this right we must provide information to you and demonstrate that we collect and process your personal data fairly. We do this through the Acis Privacy Statement.
• Right to access – you have the right to obtain confirmation that your data is being processed; access to your personal data; and other supplementary information
• The right to rectification – you have the right to have information about you corrected and / or to challenge us about the accuracy of the information we hold
• Right to erasure - the right to erasure (also known as the right to be forgotten) states that the you can have personal data erased under a number of specific circumstances
• Right to restrict processing – you are allowed, under certain specific circumstances, to prevent us from conducting specific processing of your data
• Right to data portability – you can request a copy of the information you have provided to us in a useful electronic format that another organisation could use
• Right to object – you can object to us processing your data if we cannot demonstrate legitimate grounds for that processing
• Right to withdraw consent – you have the right in certain circumstances to withdraw your consent for us to process your personal information.
• Right to appropriate decision making – you have the right not to be subject to a decision based solely on automated processing; Acis do not use this form of automated processing
• Right to notification; it is our duty to notify any third parties that may process our data if the you exercise your rights to rectify, restrict or erase your data;
• Right to make a complaint to the Information Commissioner’s Office.

Should you wish to exercise any of your rights, please contact us using the details above.

Retention of information

We retain your information only as long as we need it. We base our record keeping on the Acis Retention Schedule. If you have a specific query regarding how long we retain your information please contact us using the details above.

Consent

Where we have requested your specific consent for processing your information (for marketing for example), you have the right to withdraw that consent at any time by contacting us using the details above. You may unsubscribe from marketing emails by following the instructions given at the bottom of the email.

Complaints

If you are dissatisfied with the way we have handled your personal data you should contact us using the details above so that we can investigate in the first instance. Following our response to you, if you are still dissatisfied then you have the right to complain to the Information commissioner’s Office (ICO).

2.1 Cookies and how we use them

A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website however.

2.2 Links to other websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

2.3 Controlling your personal information

You may choose to restrict the collection or use of your personal information in the following ways:

• Whenever you are asked to fill in a form on the website, look for the box that you can click to indicate that you do not want the information to be used by anybody for direct marketing purposes.

• If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing to us or emailing us.

We will not sell, distribute or lease your personal information to traders in personal data, marketing companies or similar third parties unless we have your permission.

2.4 List of the cookies used on the Acis websites

Acis uses Google Analytics, a web analytics service provided by Google, Inc. Google Analytics sets a cookie in order to evaluate your use of our websites which are used in aggregate form to improve the performance and user experience on our site. Google Analytics uses only first party cookies and collects no personally identifiable information.

Google stores the information collected by the cookie on servers in the United States. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. By using the Acis website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

2.4.1 How to reject or delete this cookie

http://www.google.com/intl/en/privacypolicy.html

Cookies used to show how visitors use our site

Cookie name	Expires	Linked Information	Functions
_utma	2 years	Anonymous	Gather information about site visitors, in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited.
_utmc	On closing browser
_utmb	30 minutes
_utmz	6 months

2.4.2 Cookies used by VerseOne Content Management System (CMS)

VerseOne CMS does not use any cookies by default. However, three 'session' cookies are created when a visitor to the Acis website does the following:

• logs in to the website;
• clicks one of the contrast buttons.

The three cookies are used to cross-reference each other for improved security.

Session cookie profile

Cookie	Type	Expiry	Linked information	Functions
CFID CFTOKEN	Persist	2 hours	Anonymous	Remembers that the user has chosen a high contrast or low contrast stylesheet. Caches data against the session in order to maximise performance.
JSESSIONID	Session	Browser close	Username	When a user logs in, maintains authentication state, access rights, etc.

These cookies do not store any personal information about you, your computer, your visit, or your browsing history. After the time indicated above, the cookies’ validity is destroyed and the browser instructed to remove the cookie from your computer.

3.1 Information we may collect from you

We may collect the following personal information about you:

When you first come to see us

• Your name and contact details for use across Acis and by our suppliers and partners
• Detailed personal information (including sensitive personal information) such as age, sex, date of birth, ethnicity, particular needs or preferences so that we can understand our customers and their needs better

For housing management purposes

• Your housing needs, so we can ensure your nominated property suits you
• Bank details and direct debit information to manage payments such as rent or service charges (we only exchange details with the account holder and the third party who manages our Direct Debits)
• Payment card details (we do not keep payment card details once they are entered onto our payment system where they are held securely)
• Benefit and council tax information to verify your circumstances
• Details relating to the repair and maintenance of your home
• Information that you provide through the Customer Contact Centre
• Information that you provide to other employees of Acis group companies
• Feedback from our contractors, about their appointments with you
• Voice and video recordings for safety, crime reduction and quality management

To enhance your experience with Acis

• You can give us details of your friends, relatives or neighbours who you trust to contact us on your behalf e.g. to arrange one of our services for you
• You can give us details of anyone whom you have given a Power of Attorney to contact us on your behalf
• Your name and contact details for customer satisfaction surveys, newsletters and service information
• With your consent, your name, photo, video or story for marketing materials, advertising or press releases or use by the media
• Any information about complaints about our service or other individuals, or accidents or incidents involving you or your home
• Your comments about services from us or our suppliers

If you ask for additional Acis services

• If you ask us for care and support requirements we will hold detailed information about your needs and your family’s needs
• We will hold records of payments for the services
• If you contact us about money problems we will hold detailed information about your income and debts
• If you use any of our training and/or employment projects we will ask about your employment and learning history
• If you access any of our other involvement and support projects we will ask you for personal information relevant to those projects

In addition

• We may hold information about your history. For example, regarding credit or offences, if we need it to look after our colleagues, business or anyone else

We may get the information, or related information, from you or our partner organisations (see below), other people, our colleagues or public information sources including credit reference agencies or the Disclosure and Barring Service (formerly the Criminal Records Bureau).

We may also record factual information whenever you contact us or use our services, and of other actions we take, so we have a record of what happened.

The legal basis’ we rely on for using personal information in these ways are as follows:

• Consent has been obtained;
• Processing is necessary for the performance of a contract;
• Processing is necessary for compliance with a legal obligation; or
• Processing is necessary for our legitimate interests.

3.2 Where we store your personal information

We are committed to holding your personal information securely. This means only those of our colleagues and contractors that need to see it have access.

If we can store your personal information solely on computers we will, however there will be cases where we have paper copies instead, or as well.

Our computer system is at our offices but we do use mobile devices outside our offices if they are secure and under our control.

Sometimes we also use computers which are owned or managed by our suppliers, if the computers are secure and comply with our security requirements and all relevant information management legislation.

Occasionally our processors or sub-processors may process information outside the European Economic Area (EEA). Where this happens we will ensure that the processor is compliant with the data protection legislation including transfer agreements that incorporate approved model clauses.

3.3 What we use your personal information for

• As above, and generally for providing our services for you
• Data sharing between organisations that are within the Acis group of companies
• Keeping in touch with our customers, understanding your needs and preferences, inviting you to events, and offering and booking appointments with you
• Telling you about changes to Acis and its services
• Meeting your housing management needs and requirements including (but not limited to) repairs, maintenance, relocation, exchange or purchase and routine inspection
• Managing payments from you to your or on your account, and for accounting purposes
• Providing additional services, where available, at your request including skills training, adaptations and every day support services
• Prevention, detection and prosecution of crime
• Quality management
• Informing our staff, contractors or others (as appropriate) about past incidents (for example, anti-social behaviour), for their protection, in line with our policies
• Meeting our legal obligations including our funders or regulators
• Us or your other suppliers exercising legal rights, including under contract with you
• Other purposes. We may anonymise your information so that it cannot be linked to you. In that case we may use the data for any purpose

3.4 Who else we may pass on your information to

Normally, only Acis will be able to access your personal information. However there may be times when we disclose your details to others, and we will comply with data protection legislation when disclosing this information.  Where it is required or necessary in accordance with data protection legislation, we may share information with:

• Organisations that are within the Acis group of companies
• Our suppliers who enable us to provide our services to you, or who provide services on our behalf:
• Housing contractors. For example to undertake repairs or improvements to your home
• IT providers who own or manage the computers, phones or systems we use
• Our contractors who handle your out of hours service calls for us
• Banks. For example to carry out payments through a secure system
• Payment service companies that act on our behalf to enable you to make rent payments for example
• Companies that assist us in printing and mailing out our letters, leaflets and newsletters
• Additional staff resources, such as consultants or agency staff
• Our professional advisors and providers of financial services
• Our partner organisations whose purposes dovetail with ours:
• Training providers or learning institutions
• Other housing associations
• External assistance where you have agreed to the referral, for example to do with money problems or domestic abuse
• Local authorities and government departments who provide relevant services for you, including benefits
• Credit reference agencies; to help assess your applications, manage your tenancy, verify your identity and undertake checks to prevent or detect crime
• The police, fire services, health authorities or medical staff who provide services for you
• Others who may request information from us for their own purposes:
• Utility companies
• Debt collection agencies acting for others
• For crime prevention or detection, risk assessment, resolution of complaints or other issues
• Local authorities, safeguarding boards, regulators, government departments and other public authorities, such as for preventing payment errors or fraud
• The police, fire service, health authorities or medical practitioners

We may sometimes be obliged to disclose your personal data by law such as by a regulator with appropriate power (for example Homes England) or court order.

We do not sell your information to others for their marketing or commercial purposes.

We will not share your personal information with anyone who claims to represent you unless we are satisfied that you have appointed them or they act in some recognised official capacity. There may be a delay to us dealing with requests whilst we confirm the caller’s identity, or check that we have your approval to deal with them.

3.5 Social media

We may get your information from social media, whether on our own accounts or elsewhere. Where you use our own website or social media you grant us an irrevocable, royalty-free, non-exclusive licence, and give us your consent, to copy, use and reproduce any of your contributions for any purpose.

Where you make a contribution to any social media (whether on our own accounts or elsewhere) we may use that information for any of the purposes stated in this Privacy Statement.

Where a contribution to any social media (whether on our own accounts or elsewhere) constitutes a breach of Acis terms and conditions, agreements, or laws that apply, we may take the following actions:

• Start legal proceedings against you for reimbursement of all costs on an indemnity basis (including, but not limited to, reasonable administrative and legal costs) resulting from the breach.
• Take further legal action against you (including, but not limited to, proceedings for a breach of any contract you may have with us).
• Report you and disclose such information to law enforcement authorities in any jurisdiction as we reasonably feel is necessary.
• Report you and disclose such information to any local government or statutory body in the United Kingdom as we reasonably feel is necessary.
• Report you and disclose such information as we reasonably feel is necessary to the account administrator and/or take action against you through the account administrator’s procedures to enforce the policies and terms and conditions that apply between you and the account administrator and/or between you and us.

The responses described in this Privacy Statement are not limited, and we may take any other action we reasonably deem appropriate and we are not obliged to take any action.

4.1 Information we may collect from you

We may collect the following personal information about you:

When you first come into contact with us

• Your name and contact details for use across Acis and by our partners
• Sensitive personal information such as age, sex, date of birth, ethnicity, particular needs or preferences so that we can meet your needs and those of employment legislation

For employment and/or board/committee/panel membership purposes

• Attendance, equality and diversity, disciplinary, pension, benefits, references, employee services, training, welfare and sickness absence and any other information necessary to fulfil obligations of both employer and employee (or board/committee/panel member) as given by law and/or contract of employment and/or contract of engagement
• Next of kin information so that we have contact details in case of emergency
• Bank details to make salary and any other payments to you
• National Insurance (NI) details to fulfil obligations relating to tax and NI payments and deductions
• Information that you provide through the application process
• Information that you provide to other employees of Acis group of companies
• Coaching and roadmap information
• Photographs, voice and/or video recordings, written stories etc. to be used for example in ID cards, for company promotion and publicity, and for safety, crime reduction and quality management

If you ask for additional Acis services

• If you ask us for care and support requirements we will hold detailed information about your needs and your family’s needs (where appropriate)
• We will hold records of any payments for services where a charge may be made, for example a cycle to work scheme

In addition

• We may hold information about your history such as credit or offences, if we need it to look after our colleagues, organisation or anyone else

We may obtain the information, or related information, from you or our partner organisations (see below), our colleagues or public information sources including credit reference agencies or the Disclosure and Barring Service (formerly the Criminal Records Bureau).

We may also record factual information from time to time, and any action we take, so we have a record of what happened.

The legal basis’ we rely on for processing personal information in this way are as follows:

• Consent has been obtained;
• Processing is necessary for the performance of a contract;
• Processing is necessary for compliance with a legal obligation; or
• Processing is necessary for our legitimate interests.

Failure to provide the personal information requested may result in us being unable to fulfil our obligations to you.  For example, if you failed to provide your bank details we would be unable to pay you.

4.2 Where we store your personal information

We are committed to holding your personal information securely. This means only those of our colleagues and partners that need to see it have access.

If we can store your personal information solely on computers we will, however there will be cases where we have paper copies instead, or as well.

Our computer system is at our offices but we do use mobile devices outside our offices if they are secure and under our control.

Sometimes we also use computers which are owned or managed by our suppliers, if the computers are secure and comply with our security requirements and all relevant information management legislation.

Occasionally our processors or sub-processors may process information outside the European Economic Area (EEA). Where this happens we will ensure that the processor is compliant with the data protection legislation including transfer agreements that incorporate approved model clauses.

4.3 What we use your personal information for

• As above, and generally for providing our services for you
• Data sharing between organisations that are within the Acis group of companies
• Keeping in touch with our employees, understanding your needs and preferences, inviting you to events and offering and booking appointments with you
• Telling you about changes to Acis and its services
• Meeting your employment needs and requirements
• Managing payments to you and for accounting purposes
• Providing additional services, where available, at your request including skills training, adaptations and every day support services
• Prevention, detection and prosecution of crime
• Quality management
• Meeting our legal obligations including those of Her Majesty’s Revenue and Customs (HMRC) and other regulators
• Other purposes – we may anonymise your information so that it cannot be linked to you. In this case we may use the data for any purpose

4.4 Who else we may pass on your information to

Normally only Acis will be able to access your personal information, however there may be times when we disclose your details to others, and we will comply with data protection legislation when disclosing this information.  Where it is required or necessary in accordance with data protection legislation, we may share information with:

• Organisations that are within the Acis group of companies
• Our suppliers who enable us to provide our services to you, or who provide services on our behalf:
• Banks, for example to carry out payments through a secure system
• Companies that assist us in mailing out our letters, leaflets and newsletters
• Driver management service providers
• Health service providers
• Lone worker protection service providers
• Vehicle tracking service providers
• IT providers who own or manage the computers, phones or systems we use
• Lease car providers
• Our professional advisors and providers of financial services
• Payroll service providers
• Pension service providers
• Shopping discount providers
• Our partner organisations whose purposes dovetail with ours:
• Training providers or learning institutions
• Local authorities and government departments who provide relevant services
• The police, fire services, health authorities or medical staff who provide services
• Others who may request information from us for their own purposes:
• Utility companies
• Debt collection agencies acting for others
• For crime prevention or detection, risk assessment, resolution of complaints or other issues
• Local authorities, safeguarding boards, regulators, government departments and other public authorities, such as for preventing payment errors or fraud
• The police, fire service, health authorities or medical practitioners.

We may sometimes be obliged to disclose your personal data by law such as by a regulator with appropriate power (such as Homes England), or by court order. Information held by public bodies can be subject to Freedom of Information legislation.

We do sell your information to others for marketing or commercial purposes.

We will not share your personal information with anyone who claims to represent you unless we are satisfied that you have appointed them or they act in some recognised official capacity. There may be a delay with us dealing with such requests whilst we confirm identity or check that we have your approval to deal with them.

4.5 Social media

We may obtain your information from social media, whether on our own accounts or elsewhere. Where you use our own website or social media you grant us an irrevocable, royalty-free, non-exclusive licence, and give us your consent, to copy, use and reproduce any of your contributions for any purpose.

Where you make a contribution to any social media (whether on our own accounts or elsewhere) that relates in any way to any of the Acis group of companies, your past or current employment here, or to the field of housing, we may use that information for any of the purposes stated in this Privacy Statement.

Where a contribution to any social media (whether on our own accounts or elsewhere) constitutes a breach of Acis Code of Conduct, policy, contract, terms and conditions or laws that apply, we may take the following actions:

• Issue you with a warning
• Start legal proceedings against you for reimbursement of all costs on an indemnity basis (including, but not limited to, reasonable administrative and legal costs) resulting from the breach
• Take further legal action against you (including, but not limited to, proceedings for a breach of your contract of employment or other contract you may have with us)
• Report you and disclose such information to law enforcement authorities in any jurisdiction as we reasonably feel is necessary
• Report you and disclose such information to any local government or statutory body in the United Kingdom as we reasonably feel is necessary
• Report you and disclose such information as we reasonably feel is necessary to the site administrator and/or take action against you through the site administrator’s procedures to enforce the policies and terms and conditions that apply between you and the site administrator and/or between you and us

The responses described in this Privacy Statement are not limited, and we may take any other action we reasonably deem appropriate and we are not obliged to take any action.

5.1 Information we may collect from you

We may collect the following personal information about you:

When you first come into contact with us

• Your name and contact details for use across Acis and by our partners
• Sensitive personal information such as age, sex, date of birth, ethnicity, particular needs or preferences so that we can meet your needs and those of employment legislation
• Your application details in order to process your application for employment

If you ask for additional Acis services

• If you ask us for care and support requirements we will hold detailed information about your needs (where appropriate)

In addition

• If you make a complaint we will keep the details separate from our other information about you

We may obtain the information, or related information, from you or our partner organisations (see below), our colleagues or public information sources including the Disclosure and Barring Service (formerly the Criminal Records Bureau).

We may also record factual information, interview details and interview responses so we have a record of what happened.

The legal basis’ we rely on for processing personal information in this way are as follows:

• Consent has been obtained;
• Processing is necessary for the performance of a contract (including negotiations to enter into a contract);
• Processing is necessary for compliance with a legal obligation; or
• Processing is necessary for our legitimate interests.

5.2 Where we store your personal information

We are committed to holding your personal information securely. This means only those of our colleagues and partners that need to see it have access.

If we can store your personal information solely on computers we will, however there will be cases where we have paper copies instead, or as well.

Our computer system is at our offices but we do use mobile devices outside our offices if they are secure and under our control.

Sometimes we also use computers which are owned or managed by our suppliers, if the computers are secure and comply with our security requirements and all relevant information management legislation.

Occasionally our processors or sub-processors may process information outside the European Economic Area (EEA). Where this happens we will ensure that the processor is compliant with the data protection legislation including transfer agreements that incorporate approved model clauses.

5.3 What we use your personal information for

• As above, and generally for providing our services for you
• Data sharing between organisations that are within the Acis group of companies
• Keeping in touch with our applicants, understanding your needs and preferences and inviting you to interview
• Providing additional services, where available, at your request including adaptations and interview support services
• Prevention, detection and prosecution of crime
• Quality management
• Meeting our legal obligations including those of Her Majesty’s Revenue and Customs (HMRC) and other regulators
• Other purposes – we may anonymise your information so that it cannot be linked to you. In this case we may use the data for any purpose

5.4 Who else we may pass on your information to

Normally only Acis will be able to access your personal information, however there may be times when we disclose your details to others, and we will comply with data protection legislation when disclosing this information.  Where it is required or necessary in accordance with data protection legislation, we may share information with:

• Organisations that are within the Acis group of companies
• Our suppliers who enable us to provide our services to you, or who provide services on our behalf:
• Companies that assist us in recruitment
• Driver management service providers
• Health service providers
• Our professional advisors
• For crime prevention or detection, risk assessment, resolution of complaints or other issues
• Local authorities, safeguarding boards, regulators, government departments and other public authorities, such as for preventing payment errors or fraud
• The police, fire service, health authorities or medical practitioners.

We may sometimes be obliged to disclose your personal data by law such as by a regulator with appropriate power (such as Homes England), or by court order.

We do not sell your information to others for marketing or commercial purposes.

We will not share your personal information with anyone who claims to represent you unless we are satisfied that you have appointed them or they act in some recognised official capacity. There may be a delay with us dealing with such requests whilst we confirm identity or check that we have your approval to deal with them.