Privacy policy and *cookies

Open Communities do not use cookies to collect personal data and identifiable information about you when visiting our website.

We are committed to protecting your privacy

Open Communities (“We”) is committed to protecting and respecting your privacy. At all times we aim to respect any personal information you share with us, or that we receive from other organisations, and keep it safe. This Privacy Notice sets out our data processing practices when you interact with us and your rights and options regarding the ways in which your personal information is used.

How We Use Your Personal Information

We will collect personal data in different ways – sometimes directly from data subjects, and sometimes via a third-party like a local authority, housing provider or government organisation. Where we collect information directly from the data subjects, we will be the Data Controller, and where we process information collected by somebody else, we are a Data Processor. In both roles, Open Communities will strive to observe the law in all aspects of handling data and will only use data for legitimate purposes. We will maintain due care in processing data and will make sure it is timely, accurate, and secure, and subscribe to the principles of confidentiality, integrity and availability of information.

We will process your personal information for the purposes of providing our services to you or if we need to comply with a legal obligation. You may withdraw your consent for Open Communities to process your data at any time. Please note if the relevant information is not provided we may not be able to provide our services. We will use your non-sensitive personal data to perform our operations and provide our services. We analyse data from survey questionnaires and feed back information to our clients who are typically local authorities or Housing Associations. Your information will only be visible to and accessible by Open Communities staff and directors.

We will operate – at all times – under one (or several) of the legal bases set out in current data protection law. Where we enter into contracts with social housing providers, we may collect information from tenants as part of that contract. Where processing is necessary for the purposes of our legitimate interests and where such interests do not override the interests or fundamental rights and freedoms of the data subject, we act under the legal basis of our “legitimate interests”. Open Communities may also process information to comply with a legal obligation (e.g. for the prevention of crime, or at the request of a law enforcement agency). Processing may also be undertaken where it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in our organisation.

Where we share your data with a third-party, a contract or data- sharing agreement exists for the protection of the information shared. We require all of the third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. They are only allowed to process your personal data on our instructions. Any of the data that we collect and process will not be transferred to any country outside the European Union (EU) or the European Economic Area (EEA) and will not be subject to automated decision-making or profiling of any kind.

Data Security

Your information will be stored securely by our employees at our premises or remotely and we have put in place security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We also limit access to your personal data to those employees and third parties who need to access the information. They will only process your personal data on our instructions and are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breaches and will notify you and any applicable regulator where we are legally required to do so.

Data Retention

We will only keep your personal data for as long as is necessary to fulfil the purposes for which we collected it. We may retain your data to satisfy any legal, accounting, or reporting requirements – for example, where we need to keep certain information about you for 6 years after you cease to be a client for tax purposes. We may anonymise your personal data (so that you can no longer be identified from it) for statistical purposes in which case we may use this information indefinitely without further notice to you.

Your Rights

You are able to exercise certain rights in relation to your personal data that we process. These are as follows:

  • The Right to be Informed – subjects should understand the data they are submitting and how it will be process
  • The Right of Access – subjects should have access to their data that is held by the Data Controller, if they request it
  • The Right to Rectification – subjects can request that incorrect personal data be rectified
  • The Right to Erasure (a.k.a. The “Right to be Forgotten”) – subjects can request the erasure of their personal data if there are no legitimate grounds for the Controller to retain it
  • The Right to Portability – the Data Controller should move the subject’s data to another Controller for further use
  • The Right to Object – subjects can object to the processing of their data if they suspect the grounds for doing so are not legitimate

You may request that we inform you of the data we hold about you and how we process it. We will not charge a fee for responding to this request unless we can fairly deem the request to be vexatious or excessive, in which case we may charge a reasonable fee or decline to respond.

If you would like to make a Data Subject Access Request or exercise any of your rights (above) as a data subject, please email – for the attention of the Data Protection Officer (DPO) – and include the details of your request.


We are committed to protecting your personal data but if for some reason you are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (

We should be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you.