Who we are
SoHostel is a subsidiary of One Housing Group Limited (OHGL), and is owned and managed by OHGL, a not-for-profit housing association that houses and cares for thousands of people across London and the South East.
OHGL is the data controller of personal information for the purposes of the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. Our head office is located at 100 Chalk Farm Road, London, NW1 8EH.
Under the GDPR, One Housing Group Limited has a legal duty to protect any information we collect from you, or have about you from other sources.
The GDPR has a set of rules and guidelines we must follow when handling your personal information. These are referred to as Data Protection Principles.
All personal data we store is held securely and we have security measures in place to protect it.
OHGL is registered with the Information Commissioners Office as a Data Controller. Our registration number is Z687766X.
If you would like to find out more about how we use your personal information, you can contact the Group Data Protection Officer at email@example.com.
How we use and store your personal information
This privacy notice tells you what to expect when we collect and store your personal information.
It also tells you the purposes for which we will process your personal information and the legal basis for the processing (‘processing’ includes us keeping your personal information).
If applies to information we collect about:
+ Members of the public
We may collect and process personal information about you. We do this so we can:
When you book accommodation at SoHostel, we will collect your name, mobile telephone number, email address, card details, billing address, and nationality. Separately, when you contact us through our online contact form, we will collect your name and email address.
You can also book accommodation at SoHostel through online travel agents such as Booking.com, Hostelworld, Expedia, Dorms, Agoda and GTA Travel. When you book through one of these online travel agents, your details (as described above) are collected by the agent, and passed onto us.
When you arrive at SoHostel, we will take a copy of your photographic identification, for example your passport or driving licence. We also record CCTV footage in SoHostel communal areas. If you don’t provide us with this information, we may not be able to process your booking.
Personal information is stored on our computer systems. This information is held securely and we have security measures in place to protect it.
+ Contractors, suppliers, partners or agents
We will collect relevant information from you in accordance with our contracts or information sharing agreements.
This may include names and qualification information relating to your staff. The purpose is to enable you to provide services to our residents on behalf of OHGL.
Information is held centrally by our Procurement Team, and by the relevant department, in line with our retention periods. Personal data is held securely and we have security measures in place to protect it.
Legal basis for processing
We have two main legal bases for processing personal data of members of the public, contractors, suppliers, partners or agents.
- Where it is necessary for the performance of a contract (provision of services set out in the tenancy agreement);
- Where it is necessary for the purposes of the legitimate interests pursued by OHGL or by a third party to process your information. We can do that as long as we do not interfere with your fundamental rights or freedoms.
How we manage your personal information
We process your personal information in accordance with the principles of GDPR.
We will treat your personal information fairly and lawfully and we will ensure that information is:
- processed for limited purpose;
- kept up-to-date, accurate, relevant and not excessive;
- not kept longer than is necessary;
- kept secure.
Access to personal information is restricted to authorised individuals on a strictly need to know basis.
We are committed to keeping your personal details up to date, and we encourage you to inform us about any changes needed to ensure your details are accurate. We will not discuss your personal information with anyone other than you, unless you have given us prior authorisation to do so.
Who might we share your personal information with?
Normally, only OHGL staff will be able to see and process your personal information. However, there will be occasions when we will need to share personal information with third parties for the purposes as outlined or where we are legally required to do so.
When sharing personal information we will comply with all aspects of the GDPR. Special categories of personal data about health, sexual life, race, religion and criminal activity for example is subject to particularly stringent security and confidentiality measures.
We also share information:
- to allow us to tailor our services to you
- to securely process online payments
We will also disclose your personal details, if required to do so, by law or any Government body. OHGL will never sell personal information to a third party.
International transfers of personal data
Our website is hosted within the UK. Our other systems are generally located on our premises, or elsewhere within Europe, but some services used processing payments securely for example are located outside of Europe.
Where data is transferred outside Europe, we will make sure that transfers will only be made to countries in which the European Commission has made an ‘adequacy decision’, or where appropriate safeguards are in place.
How long do we keep information?
We have a retention schedule, which sets out how long we keep different types of information for. We follow legal requirements and best practice. Please contact us if you’d like a copy of the schedule.
Your rights under GDPR
Access to personal information
Under the GDPR, you have the right to ask us what personal information we hold about you, and to request a copy of it. This is known as a ‘subject access request’ (SAR).
We’ve a Subject Access Request form which provides further information to help you submit your request. We will also request photo identification. To make a subject access request, please complete the online form. Alternatively you can email us at firstname.lastname@example.org, or let us known by contacting customer services at 0300 123 9966. We will respond to your request with all the information we’re legally required to provide within 30 days.
If you need to correct any mistakes contained in the information we hold about you, you can let us know by contacting customer services at 0300 123 9966.
Erasure (‘right to be forgotten’)
You have the right to ask us to delete personal information we hold about you.
Restriction on processing
You have the right to require us to stop processing your personal information. When processing is restricted, we are allowed to store the information, but not do anything with it.
Objection to processing
You have the right to object to processing where we say it is in our legitimate business interests.
Withdrawal of consent If the basis on which we are using your personal information is your consent. We will seek your consent to contact you for non-essential services.
How to contact us
If you want to find out more about this you can.
Email the Group Data Protection Officer at email@example.com or write to Data Protection Officer, 100 Chalk Farm Road, London, NW1 8EH. Alternatively, you can find here other ways to contact us.
OHGL aims to meet the highest standards when collecting and using personal information. You can raise a complaint with us if you think that our collection or use of information was unfair, misleading, inaccurate or inappropriate.
If you are still not happy with our response you have the right to appeal directly to the regulator -
Information Commissioners Office
Telephone: 0303 123 1113