In this Privacy Notice, “we,” “us” and “our” refer to Mears Group PLC, 1390 Montpellier Court, Gloucester Business Park, Brockworth, Gloucester, GL3 4AH and its subsidiaries.
For the purpose of UK data protection laws, Mears Group PLC is a data controller and processor.
Mears Group and its subsidiaries deliver housing repairs, housing management, care, and other services on behalf of clients across the United Kingdom. The information we collect and process about you will depend on the services we provide to you.
This Privacy Notice applies to:
• Our Corporate website(s)
• Employees including prospective employees, temporary employees and people employed or consulted by Mears in the delivery of our services
• General enquiries received by us, whether by post, phone, email, online, social media or other online activity
• Services provided by Mears Group and its subsidiaries not covered by their own privacy policies
• Applicants and employees (including ex employees)
• Visits to or use of any of our offices
• Use of or corporate systems and applications
• All personal information obtained in the delivery of our services
We collect, process and store information about you to provide our services. The data we collect may include:
• Your name, address, date of birth and contact details (including your telephone number, email address) and emergency contacts (i.e. name, relationship and home and telephone numbers)
• Contact data, such as your email address or phone number(s)
• Document data, such as copies of utility bills, passports, benefit statements etc
• Financial data, such as your bank details, payment card details and transactional information
• Qualification details from education or other training, prior to or as part of employment with Mears
• Family information, such as your next of kin and their contact details
• Photographic information, such as internal and external pictures of properties
• CCTV footage
• Technical data, such as your IP address, browser information, operating system and other information relating to the device you use to access our websites and other online services
• Preference data, such as your preferences for receiving non-essential communication and marketing materials from us
• Social Media data, such as when you “like” or comment on our services on any of our social media accounts and have made that information publicly available or available to us
• Your allergies and any medical, physical, or mental conditions and in particular your care needs
• Your likes, dislikes, and lifestyle preferences (including your religious beliefs or other beliefs of a similar nature, racial or ethnic origin, politics, genetics, health, sex life, marital status and sexuality trade union membership or biometrics (as far as they relate to providing you with suitable care)
• Your feedback and contributions to questionnaires and surveys about the service we offer
• Any accidents and incidents or near misses you may have been involved in
• Your feedback and contributions to questionnaires and surveys about the services we offer and deliver to enable us to continuously improve
• Your complaints, compliments, or concerns about the service we provide
• Other information required to effectively deliver services to clients and customers
• Payment information (if you pay for some or all our services using one of these methods)
• Benefit payments you are in receipt of
• Geospatial data where GPS is required as part of you driving for the business
• Any other information produced in the course of your employment or contact with Mears
• Information about your property (e.g. property age, level of insulation, type of heating) of this information may, in some cases, be considered as not being personal data, e.g. information purely about your property, such as property type or energy saving measures.
• Your allergies and any medical, physical, or mental conditions, test results and in particular your care and support needs, from any appropriate external social or health care professionals (including GP’s)
• Needs assessments and financial assessments from any appropriate external social or health care professionals (including any relevant public body regardless of whether care is publicly funded)
• Your likes, dislikes and lifestyle preferences (including your religious beliefs or other beliefs of a similar nature, racial or ethnic origin, politics, genetics, health, sex life, marital status and sexuality trade union membership or biometrics (so far as they relate to providing you with suitable care)) from your family, friends and any other person you have nominated as your representative
• Your religious beliefs or other beliefs of a similar nature, racial or ethnic origin, politics, genetics, health, sex life, marital status and sexuality, trade union membership or biometrics (as far as they relate to providing you with a suitable service) from your family, friends, and any other person you have nominated as your representative
• Health information, for instance to assess and provide our services
Where you have agreed to cookie consent, we may install 1st party cookies in your web browser for the purposes of targeting and tracking, re-marketing, web analytics and reporting. We may also share data inputted into the forms across our websites with third party marketing and advertising companies to measure the effectiveness of our paid advertising as well as for re-marketing purposes.
We may collect your information directly by:
• Being provided with information because of a query, complaint, service or other work request or any other matter raised with us by post, email, phone or other format
• Engagement and interaction with you regarding our services
• The use of one of our websites or mobile apps to raise a request for service or other work item for us
• You apply for a vacancy advertised on our website
• Being provided with information because of a visit to one of our websites
• Your participation in an event or activity organised by us or one of our partners
• Receiving from you a business card, marketing enquiry or other request to contact you
• Your visit to one of our locations and/or use of our systems (for instance, our guest Wi-Fi network)
• GDPR compliant B2B marketing data
• Publicly available datasets
• Other correspondence with you by phone, letter, email or otherwise
We may also be provided with information about or relating to you by a third party, including:
• Organisations for whom we are contracted to provide housing, housing management or care services (for instance housing associations, local authorities, Defence Infrastructure Organisation, Ministry of Justice, Home Office and NHS clinical commissioning groups)
• Organisations who act on behalf of organisations noted above (for instance, care brokerage services or tenant support services)
• Next of kin, persons to whom you have delegated power of attorney and other persons acting in your interests
• Professional advisors, insurance companies, solicitors and other legal providers who may be acting on behalf of you, us, our clients or other third parties
• Official bodies and other public authorities to whom we do not provide services, including but not limited to law enforcement agencies, the Health and Safety Executive, HM Land Registry
• Social media organisations where you have permitted the organisation to share with us information you have provided to the service or made public in connection with that service
• GPs, hospital trusts and other medical professionals
• Organisations who act on behalf of organisations noted above (for instance, specialist skilled repairs contractors)
• Recruitment companies
We use the information provided to us to fulfil various duties and obligations as set out below:
We will only use your information for the purpose(s) it was collected for, unless we consider that we need to use it for another reason and that reason is compatible with the original purpose or where there is a legal requirement for us to use that information. We may process your information without your knowledge or consent only where this is required or permitted by law.
To deliver our services and fulfil our legal obligations, we may share your information with:
Other companies or subsidiaries within the Mears Group.
• Housing Associations
• Local Authorities
• Central Government Departments
• NHS Clinical Commissioning Groups (CCGs)
• Organisations who act on behalf of organisations we are contracted to deliver services for (e.g. Arms-Length Management Organisations (ALMOs), Joint Venture organisations)
Individuals whom you have agreed we should share information about you with or who are acting in your interest, such as your next of kin or power of attorney
Third parties instructed by us to provide services on our behalf, such as –
• Subcontractors
• Temporary accommodation providers and hotel companies
• Providers of IT services and IT hosting environments
• Organisations who conduct customer satisfaction and feedback services
• Our professional advisors (including legal services providers, banks, auditors)
• Insurance companies and claims handling organisations
• Data archiving providers
• Debt collection and management agencies
• Recruitment and HR service providers
• Disclosure and Barring Service, Disclosure Scotland, and other vetting services
• Marketing and event management companies
• Courts of Law
• Communications and PR management companies
• Analytics, search engine analytics and other agencies who assist us in the improvement of our websites
• Our quality assurance assessors
• To deliver our services, we rely on third parties to provide specialist support to us. To provide this support they will have access to or have a duty of care over your personal information.
Third parties instructed by us to provide services during employment on our behalf, such as
• Her Majesty’s Revenue and Customs (HMRC)
• Pensions providers
• Disclosure Scotland and DIO for DBS, BPSS and Security Clearance.
• HR system providers.
• Driving licence checks.
• Employment reference agencies.
• Fleet/Lease organisations.
• Occupational Health providers.
• Third parties to whom we may choose to sell, transfer or merge parts of our business or assets with.
• Third parties where we must share information for statistical purposes such as for equality and diversity e.g. The Equality and Human Rights Commission / Equality Commission for Northern Ireland.
Third parties with whom we are working to provide services or who we are a member body of or are connected to, including but not limited to -
• Chartered Institute of Housing (CIH)
• Construction Industry Training Board (CITB)
• Tenant rights organisations
• Apprenticeship organisations
• Official bodies such as HM Land Registry and Companies House
• Health and Safety Executive
• Information Commissioners Office
• Law enforcement and other authorities who require reporting of processing activities in certain circumstances
Third parties to whom we may choose to sell, transfer or merge parts of our business or assets with
Third parties who are involved in providing healthcare and social care services and support to you, such as –
• Your GP
• Your pharmacist
• Your Social Worker
We share your medical information with appropriate external social or health care professionals (including your GP and pharmacist) and any individuals you have nominated as your representative as and when required. This data sharing enables us to establish the type of care and support you need. It also allows us to design the right care package to suit your individual circumstances, including if (in future) you decide to receive care from an alternative provider.
Third parties who have a statutory duty or perform tasks in the public interest as set out in law, including but not limited to –
• Care Quality Commission, Care Inspectorate, Care Inspectorate Wales and other health and social care regulatory authorities
• Official bodies such as HM Land Registry and Companies House
• Health and Safety Executive
• Information Commissioners Office
• Law enforcement and other authorities who require reporting of processing activities in certain circumstances
• The Property Ombudsman, Propertymark, International Organisation for Standardisation (ISO) and other regulatory authorities
We will share personal information with law enforcement or other authorities if legally required to do so. This includes information required by public bodies to evidence our compliance with the applicable regulatory framework. We are also required to share personal information with external social or health care professionals, including public bodies and local safeguarding groups (in some circumstances) to ensure your safety.
Information will always be shared via the most appropriate communication channels and will consist of email, secure email, secure file transfer, in writing, phone or verbally including face to face.
Mears Group PLC is a UK based business with operational bases in the UK only, however some of the data we collect from you may be transferred to third parties who will store data outside of the UK, European Union (EU) and European Economic Area (EEA). Examples of where this may occur include where we use a cloud IT service to manage and deliver operational and business processes (for example Microsoft and Workday). We endeavour to only instruct suppliers that can provide the same level of data security that we have here in the UK and where it is necessary to transfer your personal information to a country outside of the EEA which has not been approved by the European Commission, we will ensure that appropriate safeguards are in place. This will ordinarily be through the use of approved standard contractual clauses or an approved framework, which are designed to help safeguard your privacy rights and give you remedies in the event of your information being misused.
We will keep your information for as long as is necessary to provide services to you, to fulfil our legitimate business interests or to meet our legal obligations. To meet our legal obligations, it may be that we need to keep your information even when you are no longer actively receiving services from us.
To determine the appropriate retention period for personal information, we consider the number of records, nature and sensitivity of the information, the purposes for which we were originally processing it, the potential risk of harm from its unauthorised disclosure or loss and any legitimate interests or legal obligations its retention may be required to meet.
You have various legal rights in relation to the personal information that we collect and process:
• A right to access the information that we process about you, together with information about why and how we are using it, who we have shared it with and other information
• A right to ask us to rectify any information we hold about you that is inaccurate or incomplete
• A right to ask us to erase information if we no longer have a legal basis for processing or storing it (please note that this right can only be exercised in certain circumstances and, if you ask us to erase your information and we are unable to do so, we will explain why not)
• A right to ask us to restrict processing your information in certain circumstances
• A right to ask us to transmit (‘port’) information about you in a structured, commonly used, and machine-readable format
• A right to object to us using particular information, or using it in a particular way
• A right to object to us using and storing your information for direct marketing purposes
If you would like to exercise any of the above rights, you can do so by contacting our Data Protection Officer via the contact details at the end of this Privacy Notice. We require you to provide proof of identity, proof of address and clear parameters to undertake a search.
Where we are unable to fully action your request, we will explain why and outline any next steps.
We do not use automated decision-making processes within the scope of this Privacy Notice.
For more information on your privacy rights under current data protection law, including the circumstances under which they apply, we recommend you visit the Information Commissioner’s Office website at: www.ico.org.uk
We will keep your personal information secure and have appropriate organisational and technical measures in place to prevent information being accidently lost, stolen, accessed, or disclosed in an unauthorised way.
We limit access to your information to those with a genuine business need to see it so those processing your information will do so in an authorised manner and subject to a duty of confidentiality.
We maintain various industry standard security technologies and tools to prevent and detect unauthorised access and amendments to our systems, including firewalls and other perimeter devices, anti-virus and threat protection systems and email and internet security software.
We maintain policies and procedures to help ensure a consistent approach to security best practices and behaviours across our company, including keeping paper records safe, physically securing buildings, the safe transfer and handling of data and the secure use of our systems.
Unfortunately, the transmission of information via the internet is not completely secure and while we do our best to protect information you transmit to us via our websites and email, we cannot guarantee its security and transmission is at your own risk.
Get Safe Online (www.getsafeonline.org) provide more detailed information on how to protect your information and devices against fraud, identify theft, viruses and other online treats and is supported by HM government and leading businesses.
If you are concerned about any aspect of how we handle your personal information or your rights as outlined above, you can contact our Data Protection Officer on the details below. Alternatively, you can log a complaint directly with the UK’s supervisory authority, the Information Commissioner. The address for the Information Commissioner’s Office is:
The Information Commissioners Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. The ICO website is available at: www.ico.org.uk
Our Data Protection Officer can be contacted by email at Data.Protection@mearsgroup.co.uk or via post by writing to The Data Protection Officer, 1390 Montpellier Court, Gloucester Business Park, Brockworth, Gloucester, GL3 4AH.
This Privacy Notice was last updated on 29 November 2023. We may change this Notice from time to time and future changes will be published on our website.