Privacy Policy

Applications for rented properties

When you apply to live in an Orbit home, we collect information directly from you and from relevant third parties, about you and your household, in order to assess your eligibility and suitability for the application you have made.

We receive your contact details and housing need information from the Local Authority if you have been nominated by them and we take up references from former landlords.

Some decisions are made automatically about your eligibility, based on the answers you provide in your application, but you will always be given the opportunity to challenge an automatically made decision.

This processing is necessary for being considered for, and for signing up to, a tenancy agreement, which means entering into a contract with us. We need to know that you are eligible, and that you can afford the property, and/or sustain your tenancy and we may need to offer you additional support as part of your tenancy. If you do not provide the information we need to be able to process your application, we may not be able to offer you a tenancy.

If you provide us with special categories of data, such as health, or disability in your housing application, we will process this data only as far as it is necessary for us to manage your application and ensure you are housed appropriately and safely, in line with our legal and statutory obligations as a housing provider and employer.

In some cases, we will process information about criminal offences and convictions, where it is necessary to do so in order to protect the safety and wellbeing of individuals and our communities , in line with our legal and statutory obligations as a housing provider and employer.

When we ask for information about race/ethnic origin, religion, health/disability, or sexual orientation, this is where it is necessary for us to monitor and improve equality of opportunity and treatment, in the substantial public interest, and it is optional for you to provide this information. . This monitoring information will not be used as part of your eligibility assessment.

Joint Developments

When Orbit works in partnership with developers to offer mixed tenure developments of new homes, we will make it clear which organisation is collecting your data when you register interest in the development. For example, if you register interest in shared ownership properties, Orbit will lead on collecting and processing your data, and if you’re interested in homes for outright sale, our private market partner will lead on collecting and processing your data. At the early stages of enquiries, your data will be shared between Orbit and our partners where appropriate, to make sure you are able to access property ownership in the way that suits your individual situation best. Data sharing will be carefully planned and carried out securely.

In the early stages of making enquiries, data is processed on the basis of consent, and as a purchase progresses data is processed on the basis that it is necessary for entering into (or negotiating to enter into) a contract.

Shared Ownership applications

 When you apply to purchase a share of an Orbit home, we collect information directly from you and from relevant third parties including any referees and your solicitor and mortgage provider, about you and your household, in order to assess your eligibility and suitability for the application you have made.

We will communicate directly with your solicitor and mortgage provider as necessary to facilitate the purchase.

This processing is necessary for entering into a purchase agreement with us. We need to know that you are eligible and can afford the property.

In some cases, we will process information about criminal offences and convictions, where it is necessary to do so in order to protect the safety and wellbeing of individuals and our communities, , in line with our legal and statutory obligations as a housing provider and employer.

When we ask for information about race/ethnic origin, religion, health/disability, or sexual orientation, this is where it is necessary for us to monitor and improve equality of opportunity and treatment, in the substantial public interest, and it is optional for you to provide this information. This monitoring information will not be used as part of your eligibility assessment.

Outright Sales

When you apply to purchase a share of an Orbit home, we collect information directly from you and from relevant third parties, including any referees and your solicitor and mortgage provider , about you and your household, in order to assess your eligibility and suitability for the application you have made.

We will communicate directly with your solicitor and mortgage provider as necessary to facilitate the purchase.

This processing is necessary for entering into a purchase agreement with us. We need to know that you are eligible and can afford the property.

In some cases, we will process information about criminal offences and convictions, where it is necessary to do so in order to protect the safety and wellbeing of individuals and our communities, , in line with our legal and statutory obligations as a housing provider and employer.

When we ask for information about race/ethnic origin, religion, health, or sexual orientation, this is where it is necessary for us to monitor and improve equality of opportunity and treatment, in the substantial public interest, and it is optional for you to provide this information. This monitoring information will not be used as part of your eligibility assessment.

CORE reporting

So that the Department for Levelling Up, Housing and Communities (DLUHC)  can produce statistical information, we are required to report information to them about our lettings and shared ownership sales via the CORE (Continuous Recording) system. The information provided does not include your name or full address, but it does contain special categories of data.

The processing of this information by the DLUHC is necessary for the performance of a task in the public interest and so far as the data includes special categories, the DLUHC states that the processing is necessary for reasons of substantial public interest. The data is used to compile statistics on the use of social housing, including reviewing equality of opportunity and treatment.

Please see the CORE website for more details.

Orbit customers

When you are an Orbit customer, we will collect information from our interactions with you, including any complaints or allegations that are made by you, or about you, and we process this information to allow us to manage our relationship with you, collect your rent, and provide you with tenancy or sales related services appropriate support services and to manage any complaints or alleged ASB or similar issues.

This will involve sharing information with, and receiving information from, third parties, as explained below.

Where crimes have been committed or alleged, we share information with the police and other agencies with investigative and prosecution powers.

Where we have concerns about anyone requiring safeguarding for any reason or requiring protection from financial abuse due to a mental or physical health issue, we share information with the relevant authorities in order to get help for the people affected.

We share rent information with local authorities for the purposes of administration of appropriate benefits;

Where local authorities require information for council tax purposes, we confirm tenancy information to allow the correct tax to be paid.

When necessary, we share information with debt collection agencies so they can collect debts on Orbit’s behalf.

We sometimes share information with utilities companies so they can collect debts on bills.

Personal data is shared between teams internally at Orbit, but is only shared, accessed and used on a need-to-know basis, to enable relevant teams to carry out their tasks.

Most of the information we collect and use as part of our ongoing interactions with you is necessary for the performance of your contract and is linked to ensuring both you and Orbit are complying with the requirements of the contract.

We have a legal obligation to keep business and financial transaction records as appropriate.

We will offer you further support based on both our and your legitimate interests to enable you to sustain your relationship (tenancy/shared ownership relationship) with us to the best of your ability.

If we contact you by email or text to let you know about our services, we will do so based on either our legitimate interests of keeping you updated about the services you receive from Orbit, or based on your consent where we are contacting you about new services.

If we contact you by post to let you know about new services, we will do so based on our and your legitimate interests of keeping you updated about the services available to you.

You can opt out of receiving information about new services at any time.

We contact customers from time to time to ask for honest feedback, based on our and your legitimate interests of helping us to improve our services.

If we refer you to an external agency for further support, we will do so only with your consent to pass your details on to them, unless we believe there is an overriding lawful basis for the referral without your consent.

When we share information for the reasons explained, we will do so on the basis of it being necessary to protect individuals and communities, is for a task in the public interest (crime, benefits and tax payment) or for the legitimate interests of debt collection.

Sometimes we ask for information about race/ethnic origin, religion, health/disability, or sexual orientation, where we deem it is necessary for us to monitor and improve equality of opportunity and treatment, in the substantial public interest, and it is optional for you to provide this information.

Our support services

Orbit does not just provide housing, we also provide support to people who need it, through our specialist services, some of which are linked to your tenancy and some of which are standalone, for example help with money management, getting back into work, or more general day to day support.

We process your data as part of providing this support on the basis of our contract with you, where it is tenancy-linked support, or on the basis of it being necessary for complying with our legal obligations or carrying out a task in the public interest.

Where we process special categories of data, or criminal information, about you as part of providing this support, we do this where it is necessary to protect individuals in line with our legal and statutory obligations as an employer and as a housing and support provider. Where this (or another) basis is not appropriate, we will ask for your consent.

Sometimes we ask for information about race/ethnic origin, religion, health/disability, or sexual orientation, where we deem it is necessary for us to monitor and improve equality of opportunity and treatment, in the substantial public interest, and it is optional for you to provide this information.

Emergency situations

Unfortunately, there will always be emergency situations that negatively impact on our customers, employees and wider communities, and we will respond as appropriate and as quickly as possible in order to protect people and property. Whether we are responding to fire, flood, crime, safeguarding issues, pandemic, or any other emergency situation, Orbit will treat people’s health and wellbeing as a priority, which we acknowledge includes protecting personal data and ensuring it is handled lawfully and securely.

Processing of data in the immediate response to emergency situations is done only where it is necessary to protect individuals and communities, on the basis that we are acting under employment or social protection law, or in the public interest / substantial public interest.

Orbit is dedicated to treating everyone fairly and providing equal opportunities, regardless of differences in race or ethnic origins, religious or philosophical beliefs, physical or mental health or sexual orientation. In order to monitor and improve performance in this area, we collect information about race, beliefs, health and sexual orientation from customers and employees, if you are happy to provide this information.

The processing of these special categories of data is necessary for a task which is in the substantial public interest, specifically for the purposes of identifying and monitoring equality of opportunity and treatment between different groups of people, with a view to enabling equality to be promoted or maintained.

Sharing your data with our ‘Processors’

When Orbit uses other companies to supply goods or services on our behalf, sometimes we need to share relevant information with those suppliers and contractors so they can carry out that work. They are known as our ‘Processors’ and are legally bound by contract to act only on our instructions regarding your personal data, and not use it for their own purposes.

The relevant legal basis for each Processor we use will be dependent on the type of work they are carrying out for us, and our legal basis for undertaking the processing that is linked to that work.

For example, we carry out emergency repairs work on the basis of our contract with you, and in some circumstances the repairs may be contracted out to contractors who need your address etc. in order to carry out the repair. This makes the contractor our Processor.

The contracts we use with Processors comply with Article 28 of the General Data Protection Regulation (GDPR), which rules how Processors are appointed, and sets out their relevant responsibilities.

Sharing your data with other contractors

Sometimes, we share personal data with suppliers, contractors or consultants where they process the data on the basis of their own knowledge and expertise, not just acting on our instructions. For example, solicitors. In these cases they are not our Processors, but instead are Data ‘Controllers’ in their own right.

As Data Controllers these organisations have their own legal obligations and responsibilities to handle your data lawfully and safely, and are also bound by contract to comply with their data protection obligations.

We share information with contractors etc. who are Controllers only when it is necessary for us to carry out our tasks in the public interest, to carry out our legal obligations, or for our legitimate interests of outsourcing the provision of some services and of providing appropriate support, to enable us to run the business efficiently. We do not share your data with any Controllers that we are not confident will protect your data, and therefore we protect your rights, freedoms and interests.

Insurance

If you are an Orbit insurance customer, we will process your information so we can provide you with a policy and to manage any claims you make, which may involve sharing information with third parties about the circumstances in order to assess the claims.

This processing is necessary for the performance of your insurance contract. If it is suspected that a claim is not legitimate, we will process information to protect our business from fraudulent claims, which breach the insurance contract.

Our Insurance Claims

If a claim is made against Orbit's own insurance policies, by Orbit or a third party, we will sometimes need to share personal data with our insurance providers so they can assess the claim and handle it appropriately. Only minimal information will be shared, and it will be shared securely.

Data is shared with our insurance providers when it is necessary for us to fulfil our legal obligations, for example our responsibility to insure against employee and public liability and enable claims under the insurance cover.

Where special categories of data is shared with our insurance providers, such as health data, this is on the basis of it being necessary for a task in the substantial public interest, namely insurance purposes.

Complaints

Customer complaint related processing is done on the basis of it being necessary for us complying with the terms of your contract with us. For complaints from non-customers, depending on the nature of the complaint, the processing is necessary for us to comply with our legal obligations or for carrying out our tasks in the public interest. If special categories of data are processed (including health, race, religion, sexual orientation) it is on the basis of being necessary for defending a legal claim or for acting in the substantial public interest. This includes responding to elected representatives such as MPs, who have raised a matter on your behalf.

General contacts

For members of the public who are not customers but come into contact with Orbit in another way, such as to make an enquiry, we will collect information from our interactions with you, so that we can provide you with the information you have requested.

We process this information on the basis that it is necessary for our legitimate interests of responding to your enquiry, complaint or allegation, as appropriate. If we need to process any special categories of data in order to handle the issue, we do so with your explicit consent, or on the basis of it being necessary for a task in the substantial public interest, such as reviewing equality of opportunity and treatment.

Business contacts

Contact details for people, organisations and companies we work with is personal data and we treat it accordingly.  We will use it only as part of our relationship with your organisation, whether we work in partnership or have a customer/supplier relationship.

This processing is based on our legitimate interests of managing business relationships appropriately. We use the data only for the purposes explained, keep the data secure and safe, and protect your rights, freedoms and interests.

Surveys and feedback

In order to understand our customers’ experiences and improve our services and products, we will contact you at various “touch-points” during our relationship with you and ask you to complete a survey and give us feedback, by email, text or over the telephone. We contract with specialist companies to carry out surveys on behalf of Orbit, which involves sending them your contact details and they gather your responses for us. You can opt out of this sort of contact if you prefer.

Orbit, and the specialist companies we work with, process data in order to ask for your feedback, based on our legitimate interests of improving our customer services and products.

Our Software Providers

Our software providers are Orbit “Data Processors”, which means they carry out work on our behalf, and under our control, which means they have access to the personal data we hold.

In particular, some software providers will need to access the personal data in order to review and fix problems with the software, from time to time. This involves the use of “Break-fix environments” some of which are outside of the UK and EU, in particular in India. Where this happens, the access is well controlled with appropriate safeguards including contract clauses, non-disclosure agreements, access controls, and close monitoring. This is only done when the issue that needs to be fixed is a priority as it is affecting the way we can provide our services, and needs specialist work carried out.

Our Data Processors work on our personal data on the same legal bases on which we process personal data. We only use software providers that are able to demonstrate their compliance with data protection legislation, and we ensure controls are used as explained in the first column.

Marketing

We will send you information that we think will be useful or of interest to you about the services we provide, whether they are paid for services or free of charge. We will sometimes make decisions about what information to send based on your profile, for example your age if we are letting people know about age-related services such as our over 55s schemes.

Orbit will send you hard copy marketing materials on the basis of our legitimate interests of increasing our customers’ knowledge of other relevant services and products.

We will only send you emails or texts (electronic direct marketing) with this type of information if we have your consent to do so. For commercial services or products, which includes where you have bought, or entered into negotiations with us, for a similar service or product, this is regarded by the law as implied consent. However, every time we send an email or text you will have the option to unsubscribe from similar marketing messages.

Exercising of Data Rights

If you ask us about exercising any of your Data rights, such as accessing copies of your data, or objecting to the way your data is being processed, or requesting relevant information as a resident in a so-called “higher-risk” building (high-rise buildings), we need to obtain relevant information from you in order to identify that you are the data subject in question, or acting on their authority.

When we fulfil requests such as these, specialist staff members will review the documents in question in order to fulfil the request lawfully, which will include redacting information about third parties.

The information processed to check your identity and to fulfil your request is only used for these purposes and is kept securely.

This processing is carried out as necessary for us to carry out our legal obligations of upholding your Data Protection rights and Building Safety information rights.

Recruitment

If you apply for a job with Orbit, we collect information about your suitability via our trusted recruitment partner organisations.

Most of this processing is on the basis that it is necessary for an employment contract, or entering into an employment contract, with Orbit.

When we ask for information about race/ethnic origin, religion, health/disability, or sexual orientation, this is where it is necessary for us to monitor and improve equality of opportunity and treatment, in the substantial public interest, and it is optional for you to provide this information. This monitoring information will not be used as part of assessing your application.

Employees

We collect and process information about current and former employees as part of managing your relationship with Orbit.

Most of this processing is on the basis that it is necessary for managing your employment contract with Orbit, and for us to fulfil our legal obligations under employment law in relation to current and former employees.

When we ask for information about race/ethnic origin, religion, health/disability, or sexual orientation, this is where it is necessary for us to monitor and improve equality of opportunity and treatment, in the substantial public interest, and it is optional for you to provide this information. This monitoring information will not be used as part of assessing your employment.

Please see the Employee Privacy Notice on the Orb for more details.

Building safety related data

Sometimes it is necessary for us to collect, hold and process information about people who live in, or are otherwise connected with, our buildings for the purposes of managing and protecting the safety of all people connected with our sites; our customers and family members, guests, and neighbours, as well as our colleagues, contractors, and the wider community.

This includes the use of CCTV, as explained above, resident engagement activities for safety purposes, emergency evacuation planning, and monitoring and reviewing building access records in the case of suspected crime or misconduct affecting safety.

We process data for purposes related to building safety in order to comply with Health & Safety and Building Safety legal obligations to protect people, and acting in the substantial public interest to protect the community from potential harm.

Phone calls to our main telephone number are recorded so that we can monitor and review the quality and content of calls as necessary.

This processing is on the basis of our legitimate interest of providing good customer service, as well as protecting our colleagues and other people from any problems or issues arising from ambiguity in phone call conversations.

CCTV

Orbit uses CCTV in our offices and in some of our housing/schemes, as well as during development of new sites, for the safety and security of premises, property, colleagues, contractors, customers, neighbours, the public and any third parties.

CCTV footage will be disclosed to those organisations acting on official authority, including the police, as necessary to investigate potential crimes and to prosecute crimes.

We process data from CCTV for the purposes of our legitimate interest of protecting property and premises, and for carrying out tasks under our legal obligations and in the public interest/substantial public interest; these include protecting the safety of people and premises and supporting investigations into and prosecutions of crime and fraud, and other serious misconduct..

Video Conferencing

Please see the information on MS Teams below.

Website

We collect information you submit through our website, and through the use of Cookies. Please see the Cookies section below for more details.

This information is processed for our legitimate interests of responding to any enquiries you make through our website, and to help us understand and analyse the effectiveness of our website.

Cookie

Name/Purpose

Type/Expiry

More Information

Website cookie acceptance

CookiesAccepted - This cookie is used to record if a user has accepted the use of cookies on the website

Find out how to withdraw your consent after accepting this cookie at www.aboutcookies.org

CFID

Linked information is the username. When a user logs in, maintains authentication state

Persist 2 hours

First party cookie

CFTOKEN

This cookie helps to uniquely identify a client device (browser) to enable the site to maintain user session variables.

Persist 2 hours

First party cookie

Facebook

HTTP headers
Pixel-ID data
Button click data
Optional values

Facebook Pixel – these cookies collect information about how you interact with the website. We use this information to compile reports and to help create relevant advertising on the platform.

180 days

First party cookie
Third party cookie

JSESSIONID

SessionSession – determines the end of the session by a user

Expires at the end of the session

First party cookie

VOPECRA

Anonymous – remembers when a user has elected to accept cookies

Persist Never

First party cookie

Google Analytics

_utma

_utmb

_utmc

_utmz

These cookies are used to collect information about how visitors use our websites. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they have visited

Persist 2 years

30 mins

End of session

6 months

Click here for an overview of privacy at Google

Third party cookie

Google Translate

googtransSession – stores your chosen language (if you decide to change if from English). This means that you do not have to select your chosen language every time you load a new page

End of session

Click here for an overview of privacy at Google

Third party cookie

Google Maps

PREF

NID

These cookies are used to remember Google maps preferences

Persist

6 months

Click here for an overview of privacy at Google

Third party cookie

Name

Format

Expires

Reason

o-alert

Alphanumeric String

Session

Alert message to user

font-size

Alphanumeric String

6 months

Selected website font size

colour-theme

Alphanumeric String

6 months

Selected website theme

o-area

Alphanumeric String

10 years

Selected local area

contour_XXX

Alphanumeric String

1 month

Form submissions

pagesRatedCookie

Alphanumeric String

1 month

Page ratings

yourAuthCookie

Alphanumeric String

Session

Scheme locator search

yourAuthCookie

Alphanumeric String

Session

Protected area

Purpose of Processing

Legal Basis

Your work contact details are used to provide you with a log in to MS Teams, so you can use it to contact colleagues and other contacts, and so you can be contacted by colleagues, so we can communicate while working remotely.

This is necessary for the legitimate interests of Orbit to operate our business and provide our services effectively even when working remotely. This is not considered to adversely affect the rights and interests of users as contact details are intended to be used for this purpose.

MS Teams has the ability to allow video calls and meetings, using your device’s camera, to allow ‘face to face’ meetings while working remotely.

We recognise that it is not always appropriate, nor is it usually necessary, to use the camera for calls/meetings, so this will be optional in most cases. When the camera is used, it will be on the basis of being necessary for the legitimate interests of Orbit to enhance communication and collaboration, only where it does not adversely affect the rights and interests of users to not be on camera. There may be exceptional circumstances where it is required that video is used, such as during disciplinary procedures, or senior level meetings, but these should be assessed on a case by case basis to establish the need and the appropriate legal basis.

MS Teams video calls and meetings can be recorded by the host, to be referred back to where necessary. This should only be done where it would not be unusual for the equivalent meeting to be recorded if carried out in person.

Recording of Orbit colleagues will only be done by exception, where it is necessary for the legitimate business interests of Orbit, and only with the full awareness of all participants, and allowing them the option to not be recorded.

One example where internal calls/meetings could be recorded is training sessions, so they can be accessed at a later time for those who could not attend live, or for a refresher.

If recording calls or meetings with external attendees (i.e. non-Orbit colleagues), which should be rare, this will be on the basis of consent being sought and there should be an audit trail of the consent, in the form of an email before recording begins.

By default, chat messages are stored by the system. Chat is another communication method for colleagues and contacts to use, where appropriate, to keep in touch without filling up email inboxes. It can be used more informally than email, but it should always be used in a professional and polite manner.

It is optional for users to use chat, and where it is used, it is on the basis of the legitimate business interests of Orbit to provide efficient communication between colleagues, only where it does not adversely affect the rights and interests of the users.