Privacy Notice

Midland Heart Ltd makes records from our contact with you, including personal information that is subject to the General Data Protection Regulations (GDPR). We also collect information about you from third parties.

We will always protect the privacy of any personal information we hold about you. We will comply with current data protection legislation.

This Privacy Notice describes the categories of personal data we process and the reasons why we do this. We are committed to collecting and using data in accordance with GDPR.

If you wish to know more about our approach to Data Protection please read the Privacy Notice below.

For an easy-read version of the policy, please click the button below.

Easy-read version

  • We take your privacy seriously and you can find out more here about your privacy rights and how we collect, use, share and secure your personal data. This includes the personal data we already hold and the further personal data we might collect in the future, either from you or from a third party.
  • We obtain your personal data in order to conduct our normal business operations as a registered social housing and care provider. How we use your personal identifiable information depends on the products and services we provide to you.
  • Midland Heart’s Data Protection Officer (DPO) provides help and guidance to make sure we correctly apply the law to the processing and protection of your personal data. If you have any questions about how we use your personal data, our DPO can be reached by email at or by post to The Data Protection team, Midland Heart, 20 Bath Row, Birmingham, B15 1LZ.
  • This Privacy Notice updates any previous information about how we use your personal data. We may change this Notice from time to time in accordance with the changes at the Midland Heart Ltd or to reflect changes to regulation or legislation. Please check this page regularly to ensure that you’re happy with any changes
Who we are
  • Midland Heart Limited is a society registered under the Cooperative and Community Benefit Societies Act 2014, number 30069R. Our registered office is at 20 Bath Row, Birmingham, B15 1LZ, United Kingdom.
  • Midland Heart Limited is registered as a ‘Data Controller’ on the Public Register of Data Controllers maintained by the Information Commissioner’s Office under number Z9424056.
Your rights to the personal data we hold about you
  • Personal Data is data that relates to an individual or data that can identify an individual. It is data specifically about a person. For a full definition, you can see the GDPR Article 4.
  • That means at Midland Heart, a vast amount of the data we hold is really not personal data. The data we hold is usually about your property, how you use your property, your tenancy, repairs to your home or discussions with services to manage your tenancy, but it is usually not personal data about you.
  • Note; Just because something might have your name against it, does not always make it your personal data. For example; Mr. Smith might request a repair to his front door. Although we need to confirm Mr Smith’s name and address to make a repair, the subject of the data is about the door, not Mr Smith personally. It is not his personal data.
  • Where we do hold personal data about you, you have rights to access that data. you have the right to be informed who is obtaining and using your personal data, how this data will be retained, shared and secured and what lawful grounds will be used to obtain and use your personal data. You have the right to object to how we use your personal data in certain circumstances. You also have the right to obtain a copy of the personal data we hold about you.
  • In addition, you can ask us to correct inaccuracies, delete or restrict the use of some of your personal data or to ask for some of your personal data to be provided to someone else. You can make a complaint if you feel that we are using your personal data unlawfully and/or holding inaccurate, inadequate or irrelevant personal data which may have a detrimental impact on you or your rights.
  • These rights are not absolute. That means sometimes we don’t have to grant these rights, but usually we should give you a reason.
  • If you would like to see what data we collect, use, share and secure about you, it would help us to identify what you would like to see. For example, you might want to;
    • see your payments for the last 2 years, or
    • records of emails between you and your housing officer concerning repair last year, or
    • request copies of telephone recordings you make to our Hub team; or
    • tell us we have the wrong data and we need to put it right.

We will try to answer any enquiries you make, but the more detail and help you can give us, the more quickly we can help you.

  • If you do want to see your personal data, or to ask us to correct, delete or stop processing your data, please contact us at
  • If you are dissatisfied with our response, please let us know so that we can address any concerns.
  • To make enquires for further information about exercising any of your rights in this Privacy Notice, please contact Midland Heart’s Data Protection Officer, whose contact details are above.
  • We always ask that you contact us first if you have any complaints about the way we are processing your personal data. We will do everything we can, that the law allows, to respect your request.
  • If you have contacted us and you are still unhappy about the way we are processing your data, you can submit a complaint the UK Information Commissioner’s Office at

For further information about your rights, please visit the ICO’s website via the link

What types of personal data we process

We use a variety of personal data depending on the services we deliver to you. For all services, we need to use some or all of the following information about you and any occupants of your home:

Personal data

Some examples of the type of personal data we collect and the reasons why we process it include;

  • Contact details - name, address (current and previous), email, home and mobile telephone numbers, e-mail address;
  • Date of birth, marital status, gender and other identification information - to allow us to check your identity;
  • Nationality – information and support in the UK;
  • Credit information – to ensure that customers can afford the properties we offer to them or to identify the need for added management to help customers sustain their tenancies;
  • Photograph or film images – to record and verify your identity;
  • Images from CCTV, for personal security and the prevention or detection of crime.
  • Online computer identification (IP address) – information recorded when you engage with us by email;
  • National Insurance numbers – to allow us to carry out universal credit, to check your eligibility for housing and/or supporting people contracts and for the detection and prevention of housing and benefits fraud;
  • Your education, skills and qualifications – to allow us to assist you with tenancy management and money advice when necessary or requested by you;
  • Welfare and financial information – to enable us to assist you with and to process welfare payments and to detect and prevent welfare benefit fraud
  • Next of kin’s name, date of birth, gender, contact details – to contact them in an emergency or when we have been unable to contact you through other methods and need to address any concerns we have about the conduct of your tenancy and / or risks to our property.
  • Conditions of the property – to record and understand how conditions (mostly environmental) are affecting your property to help with our repairs and how we engage with you. Addition – if your property is on a monitoring programme.
  • This list is not exhaustive. The list above attempts to capture the majority of the types of personal data we collect, but there will occasionally be other types, as and when the need arises.

Special categories of personal data

  • Health, medical conditions – often optional, to support and vulnerability needs - to support our housing and care functions in respect of vulnerable customers;
  • Race – optional, based on your consent, and solely to support our equality and diversity monitoring;
  • Ethnic origin – optional, based on your consent, and solely to support our equality and diversity monitoring;
  • Religion – optional, based on your consent, and solely to support our equality and diversity monitoring;
  • Sexual life or sexual orientation – optional, based on your consent, and solely to support our equality and diversity monitoring;
  • Convictions – to enable us to carry out risk assessments of new customers for the purposes of allocation; for tenancy management purposes and where we need to ensure that the action we take in relation to the tenancy is adequate and proportionate; to aid the detection and prevention of housing fraud.
  • We pay particular attention to how we process the personal data of children.

In the majority of cases we will not be able to provide some or all of our housing or support services to you without having access to your personal data. For example, we need certain personal data in order to deliver our obligations under your tenancy agreement, your support or care plan, or to process your housing application, or simply to comply with the law, to meet our legal or regulatory duties for processing housing applications, equality monitoring and government or housing regulator reports.

How we gather your personal data

We obtain personal data by various means; this can be by face-to-face contact, email, telephone, written correspondence or receiving this information from others, for example: a local MP who represents you, the Police, health or social care agencies, benefit agencies. We can also receive information about you from other people who know you or are linked to you, for example: relatives, persons nominated to act on your behalf or your legal representative.

Some further examples of how we may gather your personal data are set out below:

  • Directly from you, for example: when you fill out an application, transfer or mutual exchange form or as part of your right to buy application;
  • By observing how you use our housing, support, products and services, for example: from the transactions and operation of your accounts and on-line services;
  • From other organisations such as former housing and support providers, health and social care agencies, law enforcement agencies, debt collectors, energy or utility companies, benefit agencies and/or credit reference and fraud prevention agencies;
  • From other people who know you including joint tenants and people you are linked to or live in the same community as you, for example with regard to reports of anti-social behaviour;
  • From monitoring or recording calls as part of quality and complaints monitoring. We record these calls for training and to ensure the safety of our staff. We will not record any payment card details as part of our accounts and payments operations;
  • From our CCTV systems for the prevention and detection of crime or to detect damage/vandalism to our properties and to ensure the safety and security of our staff and customers;
  • From monitoring conditions in the property using sensors and software that may be provided by a third party. For example, measuring thermal comfort levels over time. – need to have the data sharing agreements.

From matching and updating mobile telephone numbers with Reid Group, which allows us to contact customers with rent arrears in order to prevent escalation to legal action.

The lawful basis which allows us to process your personal data

We only collect and process personal data about you where we have the lawful basis to do so. The majority of personal data we hold and processes for you is based on:

  • The operation of your Tenancy Agreement or (where applicable) your Support Plan. For example, we share some of your personal data with maintenance contractors or support agencies; or
  • A legal obligation, that we need to comply with. For example, we share information with the Police or the Department of Welfare and Pensions or the Regulator of Social Housing; or
  • In pursuance of our “legitimate interests”, provided that such processing does not outweigh your rights and freedoms. For example, we collect and process your National Insurance number for the purposes of housing fraud detection and prevention. We also pass on certain personal details to Experian in order to track former customers who owe us rent or service charges and we have not been able to contact them.
  • Based on your consent, which is in a limited number of occasions. In such cases we expressly ask you to give us your consent in writing. Where you have given your consent, you have the right to withdraw it later. We will let you know how to do this at the time we gather your consent.

Special protection is given to certain kinds of personal data which is particularly sensitive. This is information about your health status, racial or ethnic origin, political views, religious or similar beliefs, sex life or sexual orientation, genetic or biometric identifiers, trade union membership or criminal convictions or allegations.

We will only use this kind of personal information where:

  • We have a legal obligation to do so (for example to protect vulnerable people);
  • It is necessary for us to do so to protect your vital interests (for example if you have a severe and immediate medical need whilst on our premises);
  • It is in the substantial public interest;
  • It is necessary for the prevention or detection of crime;
  • It is necessary for insurance purposes; or

You have specifically given us ‘affirmative’ consent to use the information.

Automated decision-making

In a limited number of cases we use your personal identifiable information in automated processes to make decisions about you. These are:

  • Our Midland Heart Homes website uses automation in order to search, decide and provide our potential customers with information on suitable homes based on the information you provide.
  • A third party device within your home may make contact with you or make an adjustment to an appliance within your home for your benefit. For example, your fire alarm may tell you that the property’s humidity levels are too high.

We carry out credit checks for new customers – to ensure that customers can afford the properties we offer to them or to identify the need for added management to help customers sustain their tenancies.

Sharing your personal data with or getting your personal data from others

We use a number of data processors who act on our behalf to process personal data. All of these organisations are subject to the same legal rules and conditions for keeping personal confidential data secure. We ensure that our partner agencies have contracts / information sharing agreements which outline that your information is processed under strict conditions and in line with the law. Who we share your personal data with depends on the services we provide to you and the purposes for which we use your personal data. For most services we will share your personal data with our service providers such as our maintenance contractors or IT suppliers, with credit reference agencies and fraud prevention agencies.

We need to do this in order to:

  • Provide you with services pursuant to your tenancy agreement or support plan or other services you have requested from us;
  • Allow you to access our services
  • Assist in the allocation of housing
  • Assist in the allocation of care, support and safeguarding
  • Develop our services and conduct research

We also share information about you with third parties or when required by law for the following reasons:

  • Where we are legally required to disclose your information to assist government enforcement agencies
  • To assist with the detection and prevention of fraud
  • To assist in the allocation of housing
  • To assist with the allocation of benefit payments
  • To assist in the allocation of care, support and safeguarding
  • To enforce our agreements with you
  • To investigate and defend ourselves against any third party claims or allegations
  • As part of any corporate reorganisation such as merger

Categories of third parties who we share your personal data with

Our Suppliers, such as:

  • Maintenance contractors
  • Gas contractors
  • Suppliers of IT products and services used by Midland Heart to support its IT infrastructure

Authorities and Agencies:

  • Police
  • HMRC
  • Local Authorities and elected representatives
  • Ombudsman
  • Social Services
  • Debt collection agencies
  • Benefit agencies
  • GPs and hospitals
  • Utility companies
  • Schools
  • Probation services
  • Tracing agencies
  • Auditors/Commissions/quality assessment agencies
  • Department of Works and Pensions
  • Drug & alcohol services
  • Emergency services

If you would like to have more specific information about who we share your data with, please contact our data protection team – the contact details are above.

Transfers outside the UK

We do not transfer your information outside the European Union.

How long we keep your personal data for

How long we keep your personal data for depends on the services we deliver to you. We will never retain your personal data for any longer than is necessary for the purposes for which we need to use it and/or as is required by law.

Keeping you up to date

We will communicate with you about products and services we are delivering by using contact details that you have provided to us - for example by post, email and/or text message.

Where you have given consent to receive marketing, you can withdraw and update your marketing preferences by contacting our data protection team. Their contact details are in the Introduction section above.

Your online activities

We use cookies to track your use of our websites and

Find out more about cookies here.


We are committed to ensuring that your information is secure. All of our staff have contractual obligations of confidentiality, enforceable through disciplinary procedures. All staff receive appropriate training about confidentiality of information.

We take relevant organisational and technical measures to ensure that the information we hold is secure, such as holding information in secure locations and restricting the access of information to authorised personnel. We protect personal and confidential information held on equipment such as laptops and hand-held devices with encryption. However, the transmission of information via the internet is not completely secure and so we cannot guarantee the security of data sent to us electronically.

This policy was last updated in June 2022.