Privacy policy

We ask that you read this privacy notice carefully as it contains important information on who we are, how and why we collect, store, use or share personal information, your rights in relation to your personal information and how to contact us and the supervisory authority in the event that you have a complaint. This Privacy Notice tells you what to expect when we process your personal information. It applies to information about applicants, residents, tenants, leaseholders and other service users.

Who we are

We are a registered charitable Community Benefit Society that provides social housing and support. WDH are a controller of personal information and collect, use and are responsible for certain personal information about you. When we do so, we are regulated under the General Data Protection Regulation (GDPR) which applies across the European Union (including in the United Kingdom) and the Data Protection Act 2018. Our contact details for data protection purposes are as follows.

Information Governance Team
Merefield House
Whistler Drive
WF10 5HX


The individual responsible for data protection compliance is our Data Protection Officer, who is contactable using the above details.

We also have a wholly owned subsidiary, WDH Solutions, which carries out independent work.

What information we collect

We may collect the following information.

How we use your information

In the course of our activities as a registered provider of social housing, we need to collect, store and use personal information about you to enable us to deliver efficient and effective services to you including in the following areas.

The type of information we collect about you will depend on our relationship with you and the services you use. When you apply for housing with us, on our housing application form we ask for information about you to assess your need and eligibility for housing, to enable us to enter into a contract with you. We also collect information from you during your tenancy in order to provide social housing and accommodation services to you and to perform our contract with you.

We collect most of this information directly from you in person by phone or email and/or through our website. However, we may also collect information from third parties such as the local authority regarding your housing and any benefits you may be entitled to, your previous landlords, health and social welfare agencies, the police and enquiries that are received from councillors, MPs or someone acting on your behalf.

We operate CCTV at our offices and premises, and these store and capture images. On occasions we may use CCTV to evidence any breaches of tenancy, alleged antisocial behaviour or criminal activity.

Special categories of personal data

We hold, collect and use special categories of personal information which can include

We use this information which is more sensitive, to better understand your needs and provide a better service, such as when we obtain information on disabilities to assess the suitability of accommodation or the need for any adaptations, when you engage with support services that we offer such as Wellbeing Caseworkers. We also use special category data to monitor equality, diversity and inclusion to ensure services are delivered appropriately, in order to comply with our legal and statutory duties under equality legislation and to meet our regulatory requirements.

We are committed to keeping your personal details up to date, and we encourage you to inform us about any changes needed to make sure your details are accurate.

Legal basis for processing your information

We collect and use your personal information because it is necessary for:

We may also rely on your consent as a legal basis for processing your information. You have the right to withdraw consent. If we rely on consent and this is the only legal basis for processing, we will no longer process the data after consent is withdrawn.

Periods for which we will store your personal information

We will keep your personal data for no longer than necessary for the purposes that we have obtained it. We have a Records Retention Schedule which sets out how long we will keep different types of information. Once it is no longer necessary to continue processing your personal data, we will delete it or anonymise it.

Promotional communications

We may use your personal information to send you updates (by email, text message, phone or post) about our products and/or services and of selected third parties.

We have a legitimate interest in processing your personal information for promotional purposes to promote our business to existing and former customers. This means we do not usually need your consent to send you promotional communications. However, where consent is needed, we will ask for this separately and clearly.

We will always treat your personal information with the utmost respect and never sell it to other organisations outside WDH for marketing purposes.

You have the right to opt out of receiving promotional communications at any time by emailing or using the ‘unsubscribe’ link in emails or the ‘STOP’ number in texts.

We may ask you to confirm or update your marketing preferences if you instruct us to provide further products and/or services in the future, or if there are changes in the law, regulation, or the structure of our business.

Sharing your personal information

We are committed to making sure that your privacy is protected. Any information you provide will be held securely and in line with the GDPR and the Data Protection Act 2018. We will routinely share information across the organisation to ensure that that you receive all the services that you have requested.

We will share personal information where required with:

We only allow our service providers to handle your personal information if we are satisfied they take appropriate measures to protect your personal information. We also impose contractual obligations on service providers to ensure they can only use your personal information to provide services to us and to you. We may also share personal information with external auditors, for example in relation to ISO (International Organisation for Standards) or Investors in People accreditation and the audit of our accounts.

We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.

Privacy notice for all social housing tenants of CORE data provider

Your rights

Under the GDPR and Data Protection Act 2018 you have a number of important rights free of charge, unless excessive or repetitive in nature. In summary, those include the following rights

Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, in response to your request.

Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms, or that the processing is necessary for the establishment, exercise or defence of legal claims. You also have the right to object where we are processing your personal data for direct marketing purposes.

Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format (i.e. useable on a computer). Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

Withdraw consent at any time where we are relying on consent to process your personal data.

However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent. Also, we may still be allowed to process your data following the withdrawal of consent if another lawful justification for such processing exists.

If you would like to exercise any of those rights, please:

We will respond to all legitimate requests within one month. If it’s going to take us longer than a month because the request is complex, or you have a number of requests we will notify you and keep you updated.

Transferring your personal information out of the European Economic Area (EEA)

To deliver services to you, it may be necessary for us to share your personal information outside the EEA, for example if we were to use a cloud service provider based outside the EEA. These transfers are subject to special rules under European and UK data protection law. In such a situation, we will make sure that we have adequate safeguards and security measures in place as required by the GDPR.

Change of purpose

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated or new purpose, we will notify you and we will explain the legal basis which allows us to do so.

Keeping your personal information secure

We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

How to complain

We hope that we can resolve any query or concern you raise about our use of your information.

The GDPR and Data Protection Act 2018 also gives you the right to complain to a supervisory authority, in particular in the European Union (or EEA) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who can be contacted at Information Commissioner, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF or by phone on 0303 123 1113.

Visitors to our website

We take a proactive approach to user privacy and ensure that appropriate steps are taken to protect the privacy of users of our website.

For further details please see our cookie policy

Changes to this privacy notice

We may change this privacy notice from time to time, when we do we will inform you by an update on our website at

How to contact us

Please contact us if you have any questions about this privacy notice or the information we hold about you.

If you wish to contact us, please email or write to our Records Management Team, WDH, Merefield House, Whistler Drive, Castleford, WF10 5HX or email or call us on 0345 8 507 507.

Do you need extra help?

We are committed to giving everyone equal access to information. If you would like this information in another format please phone us on 0345 8 507 507.


What are cookies?

Cookies are small text files that are placed on your computer by websites that you visit. They can then be read back by the website when required. Each cookie is unique and will contain anonymous information such as a unique id, the site name and some characters and numbers.

Cookies are used to remember that you have logged in when you move to a different page, store your preferences, and improve the efficiency and experience of using the website. Often cookies are deleted automatically after you have left the website. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from using all the functions of the website.

Visit ico cookies for information on how to make your browser decline cookies.