Data Protection Notice
Uses and sharing of personal information
The Ministry for Housing, Communities and Local Government (“MHCLG”) is the data controller of the personal data you provide to The Deposit Protection Service (DPS). Your personal information will be used solely for the purpose of providing The DPS, including alternative dispute resolution services (which may be provided by a service provider nominated by The DPS) save that MHCLG may disclose details of your personal data to regulators, industry bodies and other organisations for the purposes of fraud prevention, money laundering prevention and where there are concerns over your activities. These other organisations are required to protect your personal information on behalf of MHCLG and cannot use your personal information for purposes unconnected with The DPS.
The DPS may also provide information that relates to a tenancy of premises, including personal or business address data of Landlords or Agents, to Local Housing Authorities in England in accordance with section 212A of the Housing Act 2004. Local Authorities may combine this information with other information obtained by them and they may pass this information to an organisation who provides services to the authority in relation to their duties under parts 1-4 of the Housing Act 2004. The DPS will process all personal information on behalf of MHCLG in accordance with the General Data Protection Regulation (GDPR). If you access The Deposit Protection Service from a website outside the European Economic Area your personal data may have to be transferred outside the European Economic Area to enable you to access it.
Personal information collected
The DPS collects the information you are asked to provide during your registration with The DPS or which you supply during the period that any Deposit is protected for you. The DPS’s website and emails use common internet tools such as cookies (see further below). MHCLG may instruct The DPS to collect information about you from other sources, such as Tenants, land registry data, postal services data or other sources necessary to confirm your identity or the instructions you provide to The DPS.
A cookie is very small text file which a website transfers to your computer’s hard drive. This allows the website to recognise that you have visited on a previous occasion, and to automatically restore any preferences that you may have already set. Only the website that originally posted the cookie can retrieve it. This type of cookie is semi-permanent, typically having a lifespan of around 3 months. After this time, the cookie expires and is automatically removed from your computer.
Under the GDPR you have the right to request a copy of the personal information The DPS holds about you by writing to us at the address below or by email at firstname.lastname@example.org. This is known as a Subject Access Request.. The DPS tries to ensure that all information which we hold for you is accurate. If you find any inaccuracies please notify us and we will correct them promptly. Communication with you may be impeded if the information we hold is inadequate or inaccurate.
We use Google Analytics with a view to improving user experience. The Google website contains further information about analytics.
The DPS employs appropriate technical security measures to protect your personal data and to ensure that it is not accessed by unauthorised persons. Information is held on secure servers and is encrypted wherever this is possible. This is the same encryption used to transmit credit card details over the Internet when buying merchandise online. Our security procedures also provide that, in addition to any password which you may require to gain access to The Deposit Protection Service, you may have to provide proof of identification before we will release personal data to you. Multiple incorrect attempts or invalidation will result in a lockout from the information. We undergo independent periodic reviews of our security policies and procedures to ensure that our systems are secure and protected. You should never divulge your identification numbers, username, or password to anyone else. You should also never write your password down or store it on your computer. In the event that data is requested from a local authority, this data will be transferred via a secure fileshare account through an Online Web Portal.