Employees and contractors

Employees and Contractors Privacy Notice

Southern Housing Group (the Group) is a registered Housing Association with the Regulator of Social Housing (the HCA) and is one of Southern England's largest Housing associations providing more than 27,000 homes for over 72,000 people. Whether it's traditional social housing, shared ownership, affordable rent, private market rent, or outright sales, we offer a range of services to communities across the South East of England.

We also work with our customers and in communities to provide activities, information, and advice that improve the neighbourhoods our customers live in and their individual lives.

Southern Housing Group is registered at Fleet House, 59-61 Clerkenwell Road, London EC1M 5LA.

Why do we process your personal data?

During the provision of our services to you, we will collect and process your personal data from time to time for specific purposes (these are called lawful bases). Southern Housing Group does so in order to:

  1. Inform you of upcoming events or conferences. (Lawful Basis: Legitimate Interest)
  2. Produce ID cards to access buildings. (Lawful Basis: Contractual)
  3. Perform organisational restructures. (Lawful Basis: Contractual)
  4. Ensure that we comply with the Transfer of Undertaking (Protection of Employment Regulations. (Lawful Basis: Legal Obligation)
  5. Pay your salary and arranging employment benefits, rewards & recognitions under the contract of employment between us.  (Lawful Basis: Contractual)
  6. Maintain a record of training courses and performance. (Lawful Basis: Contractual)
  7. Assist you in your capabilities, performance, disciplinary and grievance. (Lawful Basis: Contractual)
  8. Conduct DBS and DVLA checks (Lawful Basis: Legal Obligation)
  9. Employee Safety and Security (Lawful Basis: Contractual)
  10. Conduct salary surveys to ensure we pay our employees a fair rate for the work they do. (Lawful Basis: Legal Obligation)
  11. Assist in your application to the credit union (savings and loans cooperative) (Lawful Basis: Contractual)
  12. Provide you with in-house legal advice if required (Lawful Basis: Legal Obligation)
  13. Provide safeguarding to you when lone working (Lawful Basis: Contractual)
  14. Develop communication pieces such as blogs written by employees on the intranet. (Lawful Basis: Consent)

What types of personal data do we process?

We do not intend to hold more personal data than what we need to in order to perform the purposes outlined above. Personal data falls into three categories:

  • Personal data: information that can be used to identify you
  • Special category personal data: information that can be used to identify who you are, in terms of your preferences and history
  • Sensitive data: Information that is particularly sensitive, such as financial details, criminal history or information relating to children.

The categories of personal data we process about you can include:

Personal Data

Special Category Personal Data

Sensitive Data

  • Name
  • Gender
  • Contact details, e.g. phone number, physical address, email address
  • Date of birth
  • Next of Kin
  • Job Role
  • Record of Absence
  • Annual Leave
  • Training Records and Performance Reports
  • Medical history, health information or mental health information.
  • Lifestyle information such as ethnicity, sexual orientation, religion or political views.
  • Passport information or other proof of right to work in the UK as well as immigration status and Nationality.
  • Driving Licence Number
  • Photos, CCTV images or voice recordings.
  • Financial and financial planning information including benefit, salary information debt information, national insurance number and affordability checks.
  • Qualifications
  • Criminal history information CCJs or DBS checks
  • Support needs


From time to time we may use other information which may be reasonably expected in order for us to provide our services.

Who do we share your personal data with?

In order to provide our services, from time to time we may share your data with third parties such as health professionals (e.g. GPs, occupational therapists), Legal Advisors (e.g. Solicitors), Child Support Agency, HMRC, Courts, Home Office, Auditors(e.g. Mazars), Payroll Service (e.g. Sage), Pension Provider(e.g. Scottish Widows), medical and life insurance companies (e.g. Bupa), Recruitment Agencies (e.g. Job train), Department for works and pension, Data Holding companies (e.g. Iron Mountain), Background checks providers (e.g. Backcheck), Claims and Insurance Insurance companies (e.g. Alchemy Zurich), Benefit providers (e.g. Thomson’s, Edenred, Canada Life), Expenses management providers (e.g. Web expenses), resource consulting firm(e.g. Mercers), Charities(e.g. Charities Aid Foundation), Department for Works and Pensions, Workplace healthcare providers (e.g. Medigold) and Care Quality Commission and Financial Advisors.

We retain our HR files for the duration of employment and then for up to six years from termination of employment. After that, we will keep a summary of dates employed and job title indefinitely. These retention periods are based on National Housing Federation guidance, legal requirements and best practice.

We may also use information for other purposes, which we would describe to you at the point when we collect the information.

We do not use automated decision-making and profiling to make decision about you. 

What are your rights in terms of protecting information we hold about you?

Organisation and technical measures to protect your personal data

We take our data protection responsibilities seriously and want to keep you informed about how we use your data. As such:

  • The Group maintains policies and procedures to ensure information is secure when stored and used internally, or when sharing data with a third party, including our information security policy, data breach procedure, and procurement and contracting procedures.
  • Personal data is only shared with other organisations or agencies under appropriate contractual arrangements, or with an individual’s consent, unless there are exceptional circumstances.
  • The Group requires third parties to have adequate organisational and technological security measures in place to ensure data integrity and confidentiality.
  • The Group regularly trains all employees in their responsibilities in relation to data protection and security of data, to ensure high levels of awareness and understanding amongst staff.
  • The Group verifies the identity of all customers and their designated representatives when they contact us.
  • The Group has a clear procedure to follow if a data breach is suspected or occurs, which ensures the appropriate steps to notify the ICO, inform the data subject and work to manage the consequences of any breach take place in a timely way.
  • Wherever possible we use anonymised data (where you can no longer be identified as an individual). In this instance, the data no longer falls within the scope of GDPR, 2016 and the DPA ,2018.

Unless otherwise stated, data is held for a minimum period of time and will be subject to review. We will hold the information in accordance with the Group’s data standard retention schedule.

Individual’s rights:

  • You have the right to access your personal data. You may request a copy of the personal data we hold that relates to you verbally or in writing.
  • If information we hold about you is incorrect or misleading, you may request that the information be corrected.
  • You have the right to be informed about the collection and use of your personal data
  • You may request us to delete personal data relating to you, in certain circumstances where your data does not restrict us from meeting our legal obligations.
  • You may request restriction of processing in certain circumstances.
  • You may object to us processing your data.
  • You have the right to request your personal data transmitted directly from us to another Controller, where technically feasible.

To get in touch about these requests, please contact data.protection@shgroup.org.uk. We endeavor to deal with your request without undue delay, and usually within one month. Please note that we may keep a record of your communications to help us resolve any issues that you raise.

Questions about the way we use your personal data or the way in which we respond to your request to exercise your data protection rights, can be sent to the SHG Data Protection Officer at data.protection@shgroup.org.uk.  You also have the right to lodge a complaint with a supervisory authority, such as the Information Commissioner at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.