Data Protection Policy

Policy Brief & Purpose

 

This Data Protection Policy (the “Policy”) outlines how ReAnchor Housing Solutions CIC (“We”) commitment to safeguarding personal information belonging to our employees, service users, customers, partners, and other stakeholders for the purpose of applicable Data Protection Legislation. It ensures We process data fairly, transparently, and in compliance with UK Data Protection Laws, (including but not limited to the Data Protection Act 2018, the General Data Protection Regulation (Regulation (EU) 2016/679), and the UK General Data Protection Regulation), the data controller of your personal information is ReAnchor Housing Solutions CIC of 85 Great Portland Street, First Floor, London, W1W 7LT.

 

​

Scope

 

This policy applies to all individuals and entities involved in the operations of ReAnchor Housing Solutions CIC, including employees, contractors, partners, suppliers, and any external service providers. It covers the handling of personal data across all business functions, ensuring accountability and protection of individuals’ privacy rights.

 

​

Who is covered under the Policy? 

 

Employees of our company and its subsidiaries must follow this, Policy. Contractors, consultants, partners and any other external entity are also covered. Most importantly this covers the personal details of any of our service user’s data that we hold, generally, our policy refers to anyone we collaborate with or acts on our behalf and may need occasional access to data. 

 

​

Policy Elements

 

As part of our operations, we collect and process personal information, which may include offline or online data that can identify an individual. This includes details such as names, addresses, usernames, passwords, digital activity records, photographs, national insurance numbers, and financial information.

 

All information we collect about you is securely stored on our servers. Payment transactions are encrypted using SSL technology to ensure protection. If you have been provided with, or have chosen, a password to access specific areas of the Website, it is your responsibility to keep this password confidential and not share it with others.

 

While we take extensive measures to safeguard your personal information, it is important to note that transmitting data over the internet is not entirely secure. Although we will make every effort to protect your information, we cannot guarantee the security of data transmitted to the Website. Sending information is at your own risk. Once we receive your information, we implement strict procedures and robust security measures to prevent unauthorised access.

 

We are committed to handling this data transparently and responsibly, ensuring the full cooperation and informed consent of those involved. Once collected, the following principles are adhered to in managing and protecting this information.

 

​

​

Our Commitments

 

We will ensure that personal data is:

 

• Accurate and up-to-date: Regularly reviewed and corrected if necessary.

• Processed lawfully, fairly, and transparently: Collected for specific, explicit, and legitimate purposes.

• Minimised: Limited to what is necessary for the intended purpose.

• Secure: Protected against unauthorised access, alteration, or loss through physical and digital safeguards.

 

​

Data Handling Practices

 

Storage and Retention:

• Physical documents are stored securely in locked cabinets within restricted access offices.

• Digital data is encrypted and stored on password-protected systems.

• All personal data will be retained only for as long as necessary (e.g., three years for community service forms) and securely destroyed thereafter.

 

Sharing and Transfers:

• Personal data will only be shared with consent or under legal obligations.

• Transfers outside the UK will comply with appropriate safeguards, such as Standard Contractual Clauses.

 

Transparency and Accountability:

• Individuals will be informed about the data we collect, how it is used, and who has access.

• Data subject rights, including access, correction, deletion, and portability, will be upheld.

 

​

Security Measures

 

To protect personal data, we will:

• Train employees in best practices for handling sensitive information.

• Use firewalls, encryption, and secure access controls for digital systems.

• Regularly back up data and perform security audits.

• Implement breach notification procedures to promptly address and mitigate risks
  
   

Specific Provisions for Service Users

 

Given our community-focused mission, additional steps include:

• Collecting only essential information from service users.

• Ensuring data collection processes are clear and consent is informed.

• Responding swiftly to concerns raised by vulnerable individuals or those requiring special support.

 

​

Actions to Ensure Compliance

 

• Restricting data access to authorised personnel only.

• Including data protection clauses in contracts with external providers.

• Monitoring data handling and conducting annual reviews.

• Publishing this policy on our website to maintain transparency.

 

​

Disciplinary Consequences

 

Non-compliance with this policy may result in disciplinary action up to and including termination of employment, contract cessation, or legal consequences where applicable.

 

​

Policy Review

 

This policy will be reviewed annually every December or sooner if required to align with changes in data protection regulations or operational needs.

 

Last reviewed: December 2024