Privacy Policy

This Privacy Policy explains how LHA Housing Group Limited (“we”, “us”, “our”) collects, uses, stores, and protects personal information processed through our systems, including the staff CRM, tenant portal and contractor portal (together, “the system”).

We are committed to safeguarding personal data in accordance with the UK GDPR and the Data Protection Act 2018.

1. Data Controller

The Data Controller responsible for your personal information is:

LHA Housing Group Limited
80 Holloway Head, Birmingham B1 1QP
Company No: 13694292
Email: admin@lhahousinggroup.co.uk
Phone: 01384 226441
Website: www.lhahousinggroup.co.uk

2. Personal Data We Collect

2.1 Tenant Information

• Name, email address and phone number
• Date of birth and National Insurance Number
• Property, room and tenancy details
• Move-in / move-out dates and rent information
• Signed forms, welcome pack documents and other uploads
• Portal account information (passwords are securely hashed)
• Ticket history, communications and activity logs

2.2 Contractor Information

• Name, email address and phone number
• Company details and role
• Digital signatures and contractor agreements
• Compliance documents, insurance and qualifications
• Job reports, updates and media uploads

2.3 Staff and System User Data

• Name, email and role
• System permissions and access levels
• Login history and security logs
• Activity logs for auditing and safeguarding

2.4 Property & Operational Data

• Property and room details
• Compliance certificates and expiry dates
• Inspection records and images
• Void / vacant property tracking
• Maintenance jobs, tickets and updates

2.5 Technical Data

• IP address and basic device / browser information
• Session identifiers and security-related logs

3. How We Use Personal Data

We use personal data to:

• Provide and manage housing and tenancy services
• Allocate and manage rooms and properties
• Manage repairs, maintenance jobs and contractor work
• Maintain property and tenant compliance records
• Run inspections and log findings
• Operate the tenant and contractor portals
• Maintain audit trails for safeguarding and compliance
• Send essential notifications, reminders and updates
• Meet legal, regulatory and insurance obligations

4. Legal Basis for Processing

We rely on the following legal bases under UK GDPR:

• Contractual necessity – where processing is required to provide housing or contractor services.
• Legal obligations – for safety, compliance, record-keeping and safeguarding.
• Legitimate interests – for system security, fraud prevention and internal administration.
• Consent – for specific actions such as certain digital signatures or optional communications.

5. How We Protect Your Data

5.1 System & Application Security

• Passwords stored using modern hashing algorithms
• Role-based access control (Administrator, Manager, Staff, Contractor, Tenant)
• Two-factor authentication for staff access (where enabled)
• Extensive use of prepared statements to protect against SQL injection
• Session-based authentication with timeouts and access checks
• Audit logs on key tenant, contractor, ticket and compliance actions
• Time-limited tokens for contractor invitations and portal onboarding

5.2 Hosting & Infrastructure

The system is hosted with a reputable provider (Hostinger) which implements industry-standard security measures including server hardening, firewalls, backups and SSL/TLS encryption.

5.3 File & Document Storage

Files such as IDs, certificates and reports are stored in structured upload folders, logically separated by property, tenant or contractor. Access is restricted by role and only used for operational and compliance purposes.

6. Sharing Your Data

We may share data with:

• Authorised internal staff with appropriate access rights
• Contractors assigned to specific properties or jobs, where necessary
• Our hosting and email providers, as data processors
• Regulators, law enforcement or insurers where we are legally required to do so

We ensure that any third-party processors are bound by appropriate data protection agreements.

7. Data Retention

We keep personal data only for as long as necessary for the purposes described in this policy and to meet legal and regulatory requirements. Typical retention periods include:

• Tenant records – usually up to 6 years after tenancy ends
• Contractor agreements – contract duration plus up to 6 years
• Compliance certificates and inspection records – as required by law or guidance
• Tickets and communication logs – at least 2 years
• Security and access logs – typically 90 to 365 days

8. Your Rights

Under UK GDPR you have the right to:

• Access your personal data
• Request correction of inaccurate data
• Request deletion of your data (where applicable)
• Restrict or object to certain types of processing
• Request a copy of your data in a portable format
• Withdraw consent where processing is based on consent

To exercise any of these rights, please contact us at admin@lhahousinggroup.co.uk.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

9. Cookies

The portals and CRM primarily use essential cookies to maintain secure sessions after you log in. We do not use marketing or advertising cookies.

10. Data Breach Procedure

In the event of a personal data breach, we will:

• Investigate and contain the incident
• Assess the risk to individuals
• Notify the ICO where legally required (normally within 72 hours)
• Inform affected individuals without undue delay where there is a high risk to their rights and freedoms

11. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will always be available in the portal and will include the date of the most recent update.

12. Contact

For any questions about this Privacy Policy or how we handle your data, please contact:

LHA Housing Group Limited
80 Holloway Head, Birmingham B1 1QP
Email: admin@lhahousinggroup.co.uk
Phone: 01384 226441