Westfield Housing Association is committed to ensuring that your privacy is protected. Any information that you provide will not be disclosed without your prior consent.
Subject access request
Westfield Housing Association is committed to be an organisation within which diversity, equality and human rights are valued and will not tolerate discrimination of any kind.
The Data Protection Act 2018 (DPA) and General Data Protection Regulation (GDPR) protect the personal information of individuals. The GDPR also gives individuals more control over their information. The rights to access under the GDPR extend only to living individuals.
The Association works to a framework for handling personal information in a confidential and secure manner to meet ethical and quality standards. This enables the Association to ensure personal information is dealt with legally, securely, effectively and efficiently to deliver the best possible service to our customers, Board, staff and partners.
Data Protection regulations state that individuals have the right to access personal information that we hold about them. This is called a Subject Access Request.
This procedure applies to all requests for access to personal data held by the Association.
An individual or a third-party representative have the right to request:
- Access to records, subject to certain safeguards.
- Copies of records.
- Have these records explained if they are illegible or unintelligible.
- To be information of the purpose(s) their information is used for; and
- The source(s) of that data.
The purpose for this procedure is to ensure that an individual’s rights are followed and that each SAR is treated equally within the law.
Customers can make such requests verbally or in writing, but proof of identity must be obtained and verified. Customers can also make a request via email at firstname.lastname@example.org.
The GDPR requires that the information we provide to an individual is in a concise, transparent, intelligible and easily accessible form, using clear and plain language.
At its most basic, this means that the additional information we provide in response to a request should be capable of being understood by the average person. However, we are required to ensure that that the information is provided in a form that can be understood by the particular individual making the request.
GDPR states that we should provide the information in a similar response to how it was received i.e. if the request is made electronically, we should provide the information in a commonly used electronic format.
The regulations state we have one month to respond to the individual and present the data to them accordingly. If we fail to comply with a SAR, this could expose the Association to significant penalties and reputational damage.
We can extend the time to respond by a further two months if the request is complex or we have received a number of requests from the individual. We must let the individual know within one month of receiving their request and explain why the extension is necessary.
However, it is unlikely to be reasonable to extend the time limit if:
- it is manifestly unfounded or excessive;
- an exemption applies; or
- we are requesting proof of identity before considering the request.
Our use of website analytics
a) We anonymise data including removing parts of your ip address so you or your location cannot be identified
b) We support browser 'Do Not Track' settings
c) We do not share your data with third parties (other than our website developer and hosting provider)
d) We do not merge your data with any other data to attempt to identify you
e) You can directly opt out of tracking and view your tracking status at: https://www.westfieldha.org.uk/matomo.opt-out?module=CoreAdminHome&action=optOut&language=en
What is a Cookie?
A cookie is a simple text file that is stored on your computer or mobile device by a website’s server and only that server will be able to retrieve or read the contents of that cookie. Each cookie is unique to your web browser. It will contain some anonymous information such as a unique identifier and the site name and some digits and numbers. It allows a website to remember things like your preferences.
Cookies may be set by the website you are visiting (‘first party cookies’) or they may be set by other websites that run content on the page you are viewing (‘third party cookies’).
If you don’t want to receive certain categories of cookies on this website, you can change your cookie settings via your browser; your browser help function will tell you how. Alternatively, you may wish to visit www.aboutcookies.org, which contains comprehensive information on how to do this on a wide variety of desktop browsers.
Note: This website does work without cookies, but you will lose some features and functionality if you choose to disable cookies.
Cookies our website uses
We use the following cookies:
Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website.
- sessionid - only valid for your current visit and is used to manage our admin login system and to provide other functionality necessary for the site to work
- AWSELB - only valid for your current visit and is used by our load balancer to ensure your session is kept on the same server during your visit
Performance cookies. These cookies collect information about how visitors use a website, for instance which pages visitors go to most often, and if they get error messages from web pages.
- _pk_id – 13 months
- _pk_ref – 6 months
- _pk_ses, _pk_cvar, _pk_hsr – 30 minutes
See above on how and why we use website analytics, how we respect your privacy, and how you can opt out.
- matomo_ignore - this is set if you opt out of website analytics so we remember your preferences
If you use the ReadSpeaker text to speech plug in and accessiblity tools the following cookes will be set to remember your settings during use:
- _rspkrLoadCore - an initiation cookie that determines whether or not to load the scripts on page load. This cookie is a session-only cookie. The cookie is set after the service has been activated, ie when you have interacted with the player. The use of this cookie is so that we know that the user has activated the service on a page. This way we'll automatically load in the ReadSpeaker scripts when the user navigates to a different page, so that the user will get audio quicker.
- ReadSpeakerSettings - a cookie that is set if you change a setting in the settings menu. The cookie has a lifetime of 360000000ms (ie about 4 days).
Targeting cookies or advertising cookies. These cookies are used to deliver adverts more relevant to you and your interests They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign.
None of these cookies are used by this site
Third party cookies
YouTube - Whilst we have used enhanced privacy options, watching YouTube videos will set cookies