- Overview & Purpose
- Who we are
- Collection, Processing and Retention of Personal Data
- Legal basis for processing
- Your Data Protection Rights
- Data Protection Queries and Complaints
This Privacy Statement aims to provide an overview of how the Approved Housing Bodies Regulatory Authority (“AHBRA”) will collect, use and store personal data, and the rights you have in relation to the protection of your personal data.
The AHBRA was established on 1 February 2021. Please note, the powers and functions of the AHBRA will be commenced on a phased basis and therefore, the extent of processing of personal data by the AHBRA is currently limited. The Privacy Statement will be updated periodically, as functions and powers of the Housing (Regulation of Approved Housing Bodies) Act 2019 (“the Act”) are commenced throughout 2021 and 2022.
The AHBRA will have responsibility for overseeing the effective governance, financial management and performance of all voluntary and co-operative housing bodies, in accordance with the legal framework set out in the Act.
- For general queries contact email@example.com
- For Data Protection queries, please contact firstname.lastname@example.org
The AHBRA is the data controller of personal data we collect relating to our statutory functions which derive from the Act and include the following:
- establish and maintain a register of AHBs
- register persons as AHBs
- prepare draft standards for approval by the Minister and publish
- monitor and assess compliance by AHBs
- carry out investigations under Part 5 (of the Act)
- under Part 6 (of the Act) protect tenants and AHBs and cancel the registration of AHBs
- encourage and facilitate the better governance, administration and management including corporate governance and financial management, of AHBs
- promote awareness and understanding of the Act
- collect such information concerning AHBs as the Regulator considers necessary and appropriate for the purposes of the performance of the Regulator’s functions,
- publish such information (including statistical information) concerning AHBs as the Regulator considers appropriate.
All data processed by the AHBRA is processed in accordance with applicable Irish data protection and privacy laws and the General Data Protection Regulation (‘GDPR’) and the Law Enforcement Directive (‘LED’) (where applicable) to ensure we properly protect your personal data.
The key focus area for the AHBRA in 2021 is building and implementing a new regulatory platform. A number of key steps will be executed throughout 2021 in order to meet the ambitious target of having the AHBRA operational in early 2022.
The AHBRA will embark upon a series of communications throughout 2021 for its key stakeholders, providing a transparent and informative approach to the AHBRA. Personal data is collected directly from data subjects for this purpose. Please contact email@example.com in order to subscribe to the AHBRA mailing list. The AHBRA may also collect personal data (name, contact information, job title, role or place of work) from publicly available information (e.g. Companies Registration Office) in the course of carrying out our functions under Part 9 of the Act. The personal data collected for this purpose is not shared with anyone outside the organisation, unless there is a legal obligation to do so.
In due course, the AHBRA will process personal data for further purposes, which arise from its statutory powers. The Privacy Statement will be updated, as functions and powers of the Act are commenced throughout 2021 and 2022.
Any personal information we collect will not be kept for any longer than it is necessary to provide the specific service. The length of the retention period depends on how long we need to process your data. In certain circumstances, we are legally obliged to retain personal information for longer, such as accounting or regulatory purposes.
The legal basis for the processing of personal data depends on the purpose for which the processing is being carried out. The main legal bases under the GDPR upon which the AHBRA relies for the purposes of processing personal data are Article 6 (1) (c) and/or 6 (1) (e): i.e.
- Article 6 (1) (c): processing is necessary for compliance with a legal obligation to which the controller is subject.
- Article 6 (1) (e): processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
The majority of processing by the AHBRA is set out in legislation which provides the AHBRA with the authority, and the obligation, to carry out the functions set out above. The main legislation is the Housing (Regulation of Approved Housing Bodies) Act 2019.
In addition, the following Articles of the GDPR may be relevant to some processing:
- Article 6 (1) (a): where the data subject has given consent to the processing of his or her personal data for one or more specific purposes. Where the lawful basis for the processing of Personal Data is based on the consent or, where necessary, the explicit consent of the Data Subject, that consent can be withdrawn at any time. Where consent is withdrawn, it will not affect the lawful basis for processing up until that time.
- Article 6 (1) (b): processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of a data subject prior to entering into a contract.
Under data protection law, data subjects have certain rights. Subject to certain restrictions, which are set out in Article 23 of the GDPR and Sections 59, 60 and 61 of the Data Protection Act 2018, you can exercise these rights in relation to your personal data that is processed by the AHBRA.
The data subject rights are:
- The right to be informed about the processing of your personal data;
- The right to access your personal data;
- The right to rectification of your personal data;
- The right to erasure of your personal data;
- The right to data portability;
- The right to object to processing of your personal data;
- The right to restrict processing of your personal data;
- Rights in relation to automated decision making, including profiling.
If you wish to exercise one of your data subject rights outlined above, enquire about any of the information contained in this privacy notice or request further information, please do not hesitate to contact the DPO at the contact information provided below. The DPO will respond to you as soon as possible and will aim to fulfill any exercise of your rights within one calendar month.
If you are unhappy with the way we handle your personal data and wish to complain, or if you simply require further information about the processing of personal data by the AHBRA, please contact the Data Protection Officer using the details outlined below:
- Email: firstname.lastname@example.org
- Post: Data Protection Officer, The Approved Housing Bodies Regulatory Authority, 52 Mount Street Upper, Dublin 2, D02 KT73
Please note, you have the right to lodge a complaint with the Data Protection Commission in relation to the processing of your personal data. Further information on how to raise a concern with the commission can be found here.