Privacy notice

mhs homes and Heart of Medway are the ‘controllers’ of the information (‘personal data’) that we collect about you, which means we are responsible for how we collection, store, use, share and delete you data when we no longer need to keep it. This privacy notice explains how we do all of this and also what your rights are.

Other privacy notices

• Our full privacy notice which explains everything in more detail
• Our staff privacy notice
• Our foyer privacy notice

What information do we collect?

We collect a lot of information about you, your home and those who live with you. This includes: 

• Personal identifiers that can include name, address, date of birth, gender, tenancy reference, national insurance number, photographs, marital status;
• Contact information including home address, email address, mobile and home number, next of kin contact details;
• Financial information so we can take payments including bank account information, bank statements, income and benefit details, credit history information;
• Video or audio footage via CCTV and our recorded calls. At times we may also use recording equipment to monitor alleged noise complaints;
• Other information which is not directly about you such as smart home monitoring for boiler usage, property humidity, condensation, hot water usage;
• We also collect some information via our ‘cookies’ on the website. For more information see our cookies page.

When do we have to use special category data?

For example, information about your health, ethnicity or even criminal convictions or offences.

We only do this when collecting the information is essential and we take additional steps to ensure it's protected and only shared when appropriate.

Why do we use and share your personal data?

We use your personal data to:

• Make sure are eligible for social housing
• Investigate tenancy agreement breaches
• Make sure we do all the things we promise to keep your homes safe
• To protect you and those in your household
• To monitor your needs and additional support for your household
• To prevent and detect fraud and resolve disputes
• We also use your data for legal proceedings and when the law says we need to share it

Who might we share and collect information with?

We only share information if we have a legal reason to do so, this could include:

• Contractors completing work on our behalf
• Local authorities
• Other housing providers
• Social care agencies
• Benefits agencies
• Law enforcement agencies

For more details see our full privacy notice.

Withdrawing consent

If we are relying on your consent to process your data, you may withdraw your consent at any time by contacting us in your preferred way.

How we store your data

Your personal data may be held in hard copy and electronic formats, both of which are kept secure and are only accessed by appropriate people.

We try and ensure that all electronic systems store your information on servers in the European Union.

International safeguards

The information you provide us with will not be disclosed by us outside of the United Kingdom or European Economic Area, unless there are appropriate safeguards in place, including contracts and requiring any third party to adhere to those. All of our contracts with suppliers state that they must seek our permission before transferring data outside of the United Kingdom. However, if we do discover that any of our suppliers aren't compliant and they're storing data outside of the UK without our permission, we'll rectify this as soon as we can.

How long do we keep your data?

Some of our retention periods are based on legal requirements, and others are based on practical reasons. Information about how long we hold your data for can be found in our Records Management Policy and Data Retention Schedule, which can be requested from our DPO.

Your rights as a data subject

As a data subject, you have the following rights in relation to your personal data:

• Be informed about how and why your personal data is used
• Be able to ask for copies of the information we hold about you, which is sometimes known as making a Data Subject Access Request
• Ask for any errors or inaccuracies to be corrected
• Ask to have some, or all, of your data erased (also known as the right to be forgotten) and we will erase your data on request where we have no lawful reason for retaining it
• Ask us to restrict our processing of your data, in some circumstances, which means you can ask us to stop using it but not erase it
• Object to how we use you data
• Have personal data that you have provided to us provided back to you in a format which can easily be transferred to another party, where the data is being processed based on your consent or for a contract and is being processed by electronic means
• You also have the right when it comes to fully automated decision-making process (i.e., a system generated decision without any human input), at the moment we don’t have any of these so you don’t need to worry.

If you wish to exercise any of these rights, please contact us in your preferred way, either in writing (including email) or verbally.

For more information about these rights, please contact our Data Protection Officer (DPO) at our main address or by email to data.protection@mhs.org.uk or visit our Data Protection pages for more details.

You can also find information about your rights on the ICO’s website.

How can you help keep your information safe online?

Phishing is the name given to attempts to steal personal details and financial account details from a website user. 'Phishers' use fake or 'spoof' emails to lead users to imitation websites where the user is tricked into entering their personal details, such as credit card numbers, usernames, and passwords.

mhs homes will never send emails asking you for such details and our staff will never ask you for your password.

We would also like to remind you of the importance of not sharing your passwords with others and to remember that if you believe your passwords have been compromised it is important that you ensure you change them. This is particularly important if you separate from someone who may use your passwords with malicious intent or if your email has been compromised in a data breach with another organisation if you use the same passwords.

If you do receive such an email or are asked for your password by anyone claiming to represent mhs homes, please let us know.

Contact the Data Protection Officer (DPO)

If you have any queries about related to data protection, you can contact our DPO. 

• In person or post: Broadside, Leviathan Way, Chatham, ME4 4LL
• Email: data.protection@mhs.org.uk

It is important to remember both mhs homes ltd (Z629086) and Heart of Medway Housing Association (ZA079387) are registered with the ICO.

Complaints

Please let us know if you have any complaints about the way your personal data has been handled, by contacting the DPO.

You also have a right to complain to the Information Commissioner's Office (ICO) about the way in which we process your personal data. You can make a complaint on the ICO’s website.