Westfield Housing Association is committed to ensuring that your privacy is protected. Any information that you provide will not be disclosed without your prior consent.

The privacy policy covers Westfield Housing Association's requirements under the Data Protection Act DPA (2018) and the General Data Protection Regulation GDPR (2016) and all future legal acts.

Privacy notices

Title Added On File Size
Tenancy Privacy Notice Thu, 02 Jul 2020 2MB
Privacy Notice For Board Applicants Thu, 02 Jul 2020 260KB
Freeholder Privacy Notice Thu, 02 Jul 2020 187KB
Garage Privacy Notice Thu, 02 Jul 2020 188KB

Data protection policy

Subject access request

Westfield Housing Association is committed to be an organisation within which diversity, equality and human rights are valued and will not tolerate discrimination of any kind.

The Data Protection Act 2018 (DPA) and General Data Protection Regulation (GDPR) protect the personal information of individuals.  The GDPR also gives individuals more control over their information.  The rights to access under the GDPR extend only to living individuals.

The Association works to a framework for handling personal information in a confidential and secure manner to meet ethical and quality standards.  This enables the Association to ensure personal information is dealt with legally, securely, effectively and efficiently to deliver the best possible service to our customers, Board, staff and partners.

Data Protection regulations state that individuals have the right to access personal information that we hold about them.  This is called a Subject Access Request.

This procedure applies to all requests for access to personal data held by the Association.


An individual or a third-party representative have the right to request:

  • Access to records, subject to certain safeguards.
  • Copies of records.
  • Have these records explained if they are illegible or unintelligible.
  • To be information of the purpose(s) their information is used for; and
  • The source(s) of that data.

The purpose for this procedure is to ensure that an individual’s rights are followed and that each SAR is treated equally within the law.

Customers can make such requests verbally or in writing, but proof of identity must be obtained and verified.  Customers can also make a request via email at

The GDPR requires that the information we provide to an individual is in a concise, transparent, intelligible and easily accessible form, using clear and plain language.

At its most basic, this means that the additional information we provide in response to a request should be capable of being understood by the average person. However, we are required to ensure that that the information is provided in a form that can be understood by the particular individual making the request.

GDPR states that we should provide the information in a similar response to how it was received i.e. if the request is made electronically, we should provide the information in a commonly used electronic format. 

The regulations state we have one month to respond to the individual and present the data to them accordingly.  If we fail to comply with a SAR, this could expose the Association to significant penalties and reputational damage.

We can extend the time to respond by a further two months if the request is complex or we have received a number of requests from the individual.  We must let the individual know within one month of receiving their request and explain why the extension is necessary.

However, it is unlikely to be reasonable to extend the time limit if:

  • it is manifestly unfounded or excessive;
  • an exemption applies; or
  • we are requesting proof of identity before considering the request.   

Our use of website analytics 

As a Housing Association, we have a legal obligation to ensure we offer value for money to our customers, which includes the money we spend on our website. To do this we use analytics software (provided by our website provider Housing Online) to review how our website is used. Whilst we use cookies and other tracking technologies to help us to do this, we ensure we respect your privacy in the following ways:

a) We anonymise data including removing parts of your ip address so you or your location cannot be identified
b) We support browser 'Do Not Track' settings
c) We do not share your data with third parties (other than our website developer and hosting provider)
d) We do not merge your data with any other data to attempt to identify you
e) You can directly opt out of tracking and view your tracking status at:

Our use of cookies

What is a Cookie?

A cookie is a simple text file that is stored on your computer or mobile device by a website’s server and only that server will be able to retrieve or read the contents of that cookie. Each cookie is unique to your web browser. It will contain some anonymous information such as a unique identifier and the site name and some digits and numbers. It allows a website to remember things like your preferences.

Cookies do lots of different jobs, like letting you navigate between pages efficiently, storing your preferences, and generally improving your experience of a website. Cookies make the interaction between you and the website faster and easier. Most websites you visit will use cookies, either for the duration of your visit (using a ‘session cookie’) or for repeat visits (using a ‘persistent cookie’). Some websites will even use cookies to enable them to target their advertising or marketing messages based for example, on your location and/or browsing habits (we do not use any of these types of cookies!)

Cookies may be set by the website you are visiting (‘first party cookies’) or they may be set by other websites that run content on the page you are viewing (‘third party cookies’).

Cookie settings

If you don’t want to receive certain categories of cookies on this website, you can change your cookie settings via your browser; your browser help function will tell you how. Alternatively, you may wish to visit, which contains comprehensive information on how to do this on a wide variety of desktop browsers.

Note: This website does work without cookies, but you will lose some features and functionality if you choose to disable cookies.

Cookies our website uses

We use the following cookies:

Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website.

  • sessionid - only valid for your current visit and is used to manage our admin login system and to provide other functionality necessary for the site to work
  • AWSELB - only valid for your current visit and is used by our load balancer to ensure your session is kept on the same server during your visit

Performance cookies. These cookies collect information about how visitors use a website, for instance which pages visitors go to most often, and if they get error messages from web pages.

  • _pk_id – 13 months
  • _pk_ref – 6 months
  • _pk_ses, _pk_cvar, _pk_hsr – 30 minutes

See above on how and why we use website analytics, how we respect your privacy, and how you can opt out.

  • matomo_ignore - this is set if you opt out of website analytics so we remember your preferences

If you use the ReadSpeaker text to speech plug in and accessiblity tools the following cookes will be set to remember your settings during use:

  • _rspkrLoadCore - an initiation cookie that determines whether or not to load the scripts on page load. This cookie is a session-only cookie. The cookie is set after the service has been activated, ie when you have interacted with the player. The use of this cookie is so that we know that the user has activated the service on a page. This way we'll automatically load in the ReadSpeaker scripts when the user navigates to a different page, so that the user will get audio quicker.
  • ReadSpeakerSettings - a cookie that is set if you change a setting in the settings menu. The cookie has a lifetime of 360000000ms (ie about 4 days).

Targeting cookies or advertising cookies. These cookies are used to deliver adverts more relevant to you and your interests They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign.

None of these cookies are used by this site

Third party cookies

Some of the content on this website is provided by third party services who also use cookies, these include:

YouTube - Whilst we have used enhanced privacy options, watching YouTube videos will set cookies