Data Protection


Data Protection Policy

Hits Homes Trust needs to collect and use certain types of information about the 
Data Subjects who come into contact with it in order to carry on our work. This 
personal information must be collected and dealt with appropriately– whether on 
paper, in a computer, or recorded on other material - and there are safeguards to 
ensure this under the Data Protection Act 1998.
The following list below of definitions of the technical terms we have used and is 
intended to aid understanding of this policy.
Data Controller – The person who (either alone or with others) decides what 
personal information Hits Homes Trust will hold and how it will be held or used.
Data Protection Act 1998 – The UK legislation that provides a framework for 
responsible behaviour by those using personal information.
Data Protection Officer – The person(s) responsible for ensuring that it follows its 
data protection policy and complies with the Data Protection Act 1998 
Data Subject/Service User – The individual whose personal information is being held 
or processed by Hits Homes trust (for example: a client, an employee, a supporter)
‘Explicit’ consent – is a freely given, specific and informed agreement by a Data 
Subject (see definition) to the processing* of personal information* about her/him. 
Explicit consent is needed for processing sensitive* data
* See definition
Notification – Notifying the Information Commissioner about the data processing 
activities of Hits Homes trust as certain activities may be exempt from notification.
Information Commissioner – The UK Information Commissioner responsible for 
implementing and overseeing the Data Protection Act 1998.
Processing – means collecting, amending, handling, storing or disclosing personal 
Personal Information – Information about living individuals that enables them to be 
identified – e.g. name and address. It does not apply to information about 
organisations, companies and agencies but applies to named persons, such as 
individual volunteers or employees within Hits Homes Trust.

Sensitive data – means data about:
• Racial or ethnic origin
• Political opinions
• Religious or similar beliefs
• Trade union membership
• Physical or mental health
• Sexual life
• Criminal record 
• Criminal proceedings relating to a data subject’s offences
Data Controller
Hits Homes Trust is the Data Controller under the Act, which means that it 
determines what purposes personal information held will be used for. It is also 
responsible for notifying the Information Commissioner of the data it holds or is likely 
to hold, and the general purposes that this data will be used for.
Hits homes Trust may share data with other agencies such as the local authority, 
funding bodies and other voluntary agencies. 
The Data Subject will be made aware in most circumstances how and with whom 
their information will be shared. There are circumstances where the law allows Hits 
Homes Trust to disclose data (including sensitive data) without the data subject’s 
consent. Hits Homes Trust will endeavor to get specific written consent for sensitive 
information wherever possible. Processing may be necessary to operate Hits Homes 
Trust policies such as Whistle Blowing, Child Protection, Adults who are vulnerable 
and Health & Safety. Unless already specified, a third party will have to show signed 
consent for receiving personal data.
These are:
1. Carrying out a legal duty or as authorised by the Secretary of State 
2. Protecting vital interests of a Data Subject or other person
Information that is already in public domain is exempt from the 1998 Act. 
3. Information that is already in public domain is exempt from the 1998 
4. Conducting any legal proceedings, obtaining legal advice or defending 
any legal rights 
5. Monitoring for equal opportunities purposes – i.e. race, disability or 
6. Providing a confidential service where the Data Subject’s consent cannot 
be obtained or where it is reasonable to proceed without consent: e.g. where we 
would wish to avoid forcing stressed or ill Data Subjects to provide consent 
Purposes for Which Personal Data may be Held

Personal data relating to employees may be collected primarily for the purposes of:
• recruitment, promotion, training, redeployment, and/or career 
• administration and payment of wages and sick pay;
• calculation of certain benefits including pensions;
• disciplinary or performance management purposes;
• performance review;
• recording of communication with employees and their representatives;
• compliance with legislation;
• provision of references to financial institutions, to facilitate entry onto 
educational courses and/or to assist future potential employers; and educational 
courses and/or to assist future potential employers; and
• staffing levels and career planning.
• Marketing
• Procurement

The organisation considers that the following personal data falls within the categories 
set out above:
• personal details including name, address, age, status and qualifications. 
Where specific monitoring systems are in place, ethnic origin and nationality will also 
be deemed as relevant;
• references and CVs;
• emergency contact details;
• notes on discussions between management and the employee;
• appraisals and documents relating to grievance, discipline, promotion, 
demotion, or termination of employment;
• training records;
• salary, benefits and bank/building society details; and 
• absence and sickness information.
Tenant’s date kept for:
• Accountability 
• Support Planning
• Development 
• Promotion
Hits Homes Trust intends to ensure that personal information is treated lawfully and 
Hits Homes Trust fully endorses and adheres to the eight principles of the Data 
Protection Act. These principles specify the legal conditions that must be satisfied in 
relation to obtaining, handling, processing, transportation, and storage of personal 
data. Employees and any others who obtain, handle, process, transport and store 
personal data for the Law Society must adhere to these principles.
Specifically, the Principles require that personal data shall:
1. Shall be processed fairly and lawfully and, in particular, shall not be 
processed unless specific conditions are met;
2. Shall be obtained for a specified and lawful purpose and shall not be 
processed in any manner incompatible with that purpose;
3. Shall be adequate, relevant and not excessive in relation to those 
4. Shall be accurate and, where necessary, kept up to date;
5. Shall not be kept for longer than is necessary for that purpose;
6. Shall be processed in accordance with the data subject’s rights;
7. Shall be kept secure from unauthorised or unlawful processing and 
protected against accidental loss, destruction or damage by using the appropriate 
technical and organisational measures;
8. Shall not be transferred to a country or territory outside the European 
Economic Area unless that country or territory ensures an adequate level of 
protection for the rights and freedoms of data subjects in relation to the processing of 
personal information.
In order to meet the requirements of the principles, Hits Homes Trust will:
• Observe fully the conditions regarding the fair collection and use of 
personal data;
• Meet its legal obligations to specify the purposes for which the personal 
data is used;
• Collect and process appropriate personal data only to the extent that it is 
needed to fulfill its operational needs or to comply with any legal requirements;
• Ensure the quality of personal data used;
• Apply strict checks to determine the length of time personal data is held;
• Ensure that the rights of individuals about whom personal data is held, 
can be fully exercised under the Act. These include: 
o The right to be informed that processing is being undertaken,
o The right of access to one’s personal information
o The right to prevent processing in certain circumstances and 
o The right to correct, rectify, block or erase information which is regarded 
as wrong information
• Take appropriate technical and organisational security measures to 
safeguard personal data;
• Ensure that personal information is not transferred abroad without 
suitable safeguards;
• Treat people justly and fairly whatever their age, religion, disability, 
gender, sexual orientation or ethnicity when dealing with requests for personal data;
• And set out clear procedures for responding to requests for information.
Data collection
Informed consent
Informed consent is when
 A Data Subject clearly understands why their information is needed, 
who it will be shared with, the possible consequences of them agreeing or refusing 
the proposed use of the data 
 and then gives their consent.
Hits Homes Trust will ensure that data is collected within the boundaries defined in 
this policy. This applies to data that is collected in person, or by completing a form.
When collecting data, Hits Homes Trust will ensure that the Data Subject:
• Clearly understands why the information is needed, usually during tenant 
selection, commencing a tenancy and recruitment
• Understands what it will be used for and what the consequences are 
should the Data Subject decide not to give consent to processing
• As far as reasonably possible, grants explicit consent, either written or 
verbal for data to be processed
• Is, as far as reasonably practicable, competent enough to give consent 
and has given so freely without any duress
• Has received sufficient information on why their data is needed and how 
it will be used
Data Storage
Information and records relating to service users will be stored securely and will only 
be accessible to authorised staff and volunteers.
Information will be stored for only as long as it is needed or required statute and will 
be disposed of appropriately.
It is Hits Homes Trust responsibility to ensure all personal and company data is 
non-recoverable from any computer system previously used within the organisation, 
which has been passed on/sold to a third party.
Data access and accuracy
All Data Subjects have the right to access the information Hits Homes Trust holds 
about them. Hits Homes Trust will also take reasonable steps ensure that this 
information is kept up to date by asking data subjects whether there have been any 
In addition, Hits Homes Trust will ensure that:
• It has a Data Protection Officer with specific responsibility for ensuring 
compliance with Data Protection,
• Everyone processing personal information understands that they are 
contractually responsible for following good data protection practice,
• Everyone processing personal information is appropriately trained to do 
• Everyone processing personal information is appropriately supervised,
• Anybody wanting to make enquiries about handling personal information 
knows what to do,
• It deals promptly and courteously with any enquiries about handling 
personal information,
• It describes clearly how it handles personal information,
• It will regularly review and audit the ways it hold, manage and use 
personal information 
• It regularly assesses and evaluates its methods and performance in 
relation to handling personal information 
• Compliance with this policy is a condition of employment and any 
deliberate breach or persistent failure to follow this policy will result in disciplinary 
action, which may include dismissal and possible legal action.
• Any Data Subject who considers that the policy has not been followed in 
respect of personal data about themselves should raise the matter following the 
relevant complaints procedure
• Accessing another employee’s records without authorization is a 
criminal offence under the Data Protection Act 1998, section 55
• Access to Personal Data (“Subject Access Requests”) 
Employees have the right to access personal data held about them. The Company 
will arrange for the employee to see or hear all personal data held about them within 
40 days of receipt of a written request. Some of the files may not be available for 
inspection if we are waiting for consent from a third party. This inspection will be 
under the supervision of the Data Controller.

• Retention of records. 
The organisation follows the retention periods recommended by the Information 
Commissioner in its Employment Practices Data Protection Code.

These are as follows, in the absence of a specific business case supporting a longer 
Document Retention period
Application form Duration of employment
References received 1 year
Payroll and tax information 6 years
Sickness records 3 years
Annual leave records 2 years
Unpaid leave/special leave records 3 years
Annual appraisal/assessment records 5 years
Records relating to promotion, transfer, training, disciplinary matters 1 year from 
end of employment
References given/information to enable references to be provided 5 years from 
reference/end of employment
Summary of record of service, eg name, position held, dates of employment 
10 years from end of employment
Records relating to accident or injury at work 12 years
Any data protection queries should be addressed to your line manager or our Data 
Protection Officer.
This policy will be updated as necessary to reflect best practice in data management, 
security and control and to ensure compliance with any changes or amendments 
made to the Data Protection Act 1998.
In case of any queries or questions in relation to this policy please contact the Hits 
Homes Trust Data Protection Officer:
Naila Siddiqui Walker Project Manager 86 Evington Road, Leicester LE2 1HH Tel: 
0116 2545429

This Policy should be read in conjunction with Hits Homes Trust:
Confidentiality Policy
Child Protection Policy
Adults Who Are Vulnerable Policy
Whistle Blowing Policy

Breach of Tenancy Policy
Harassment Policy

Further information on data protection can be gained from:

Policy agreed by the Management Committee on 17th August 2010

Policy due for review August 2011