Heathfield Data Security Statement

Heathfield data flowchart

When do we collect data from you?

How we handle your data

1. How does new data arrive, where is it stored and how is it protected?

This is how personal data is handled at different stages in the flowchart.

The application form asks you to give us explicit consent to handle your data. It also makes it clear that you can withdraw your consent at any time, and tells you how to do this. 

You need to be aware that if you withdraw your consent, we will not be able to proceed to drawing up a tenancy agreement for you to come and live at Heathfield. 

Digital data

Stage 2: You provide us with personal data when you complete an application form. The data is stored in Flamingo Inmail on our website (protected by password). It is also sent (encrypted) via email to David Patey and Sarah Patey (protected by password). 

Stage 5: Once you confirm you would like to live at Heathfield, your data is stored on the Heathfield computers (protected by password). It is also uploaded to MailChimp (secured by 2-factor authentication), so that we can communicate with you during your time at Heathfield.

Stage 7, 8 & 9: Your guarantor's data is stored in Flamingo Inmail and on the Heathfield computers (protected as above).

Printed data

Stage 2: One copy of your application form is printed out and is stored in a locked filing cabinet. 

Stages 8 & 9: The tenancy agreement is stored in a locked cabinet. 

Stage 10: In order to comply with the law, we ask you on arrival at Heathfield to let us take a photocopy of a document proving your right to rent in the UK (usually, a passport or another form of ID), and a document proving your student status (offer letter, student ID card). The documents are returned to you, and the photocopies are kept in a locked filing cabinet. We need to retain these pieces of evidence for a certain length of time, as described in section 3 below.

2. What personal data do we collect, and why?

Full name: for room allocation and to draw up the contract

Current address: to know where you are visiting/arriving from

Home address (not required): this is useful if it is necessary to forward post to you during the holidays

Email: to communicate with you

Mobile phone number: to communicate with you

Gender: because Heathfield has a flat reserved for women only

Month of birth: to ensure a good mix in the flats

Studying at/applying to: to ensure a good mix in the flats

Course title: to ensure a good mix in the flats

Level of study: to ensure a good mix in the flats

When accommodation needed: for room allocation and to draw up the contract

Accommodation requirements: for room allocation (e.g disabled)

Forwarding address (collected as residents leave): to forward post

3. Who processes personal data on Heathfield applicants and residents?

The joint Data Controllers for your personal data at Heathfield are David and Sarah Patey. 

The Data Protection Officer at Heathfield is Sarah Patey.

All digital processing is carried out on machines with current virus protection that is regularly updated.

Students complete the online application form on the website. It is made clear that applicants must tick the checkbox to demonstrate consent for Heathfield to process the personal data collected. The application is stored in Flamingo Inmail in the website. Access to the website is secured by strong password.

David and Sarah Patey each receive a copy of the application form as an email.

Sarah’s email data is stored on her PC, which is protected by password and encrypted.

David’s email data is in Gmail, which is protected by password and encrypted. The application information is printed out and stored in a locked cabinet.

We take photocopies of right to rent and student status documents when students move in. These copies are needed in order to comply with the law and to demonstrate exemption from council tax. They are stored in a locked filing cabinet.

Application information is kept for a certain period before shredding (information on paper) or secure deletion (digital information):

  • for 3 years in the case of those who do not opt to live at Heathfield, in case they decide to reapply subsequently during their studies
  • for 7 years in the case of those who do opt to live at Heathfield, as the information forms part of the business’s financial records.
4. Your rights when we hold your data

When we hold your data, we process it in accordance with the General Data Protection Regulation.

You are entitled at any time to see the information we hold, and if it is inaccurate/incomplete, you are entitled to request that it be corrected/completed.

You are entitled at any time to withdraw consent for Heathfield and HomeLet to process your data. If you do this, we shall not be able to enter into contract with you.

To withdraw consent, please email live@heathfieldnorwich.co.uk

You need to be aware that if you withdraw your consent, we will not be able to proceed to drawing up a tenancy agreement for you to come and live at Heathfield.