We take your privacy seriously and you can find out more here about your privacy rights and how we collect, use, share and secure your personal data. This includes the personal data we already hold and the further personal data we might collect in the future, either from you or from a third party.

We obtain your personal data in order to conduct our normal business operations as a registered social housing provider. How we use your personal identifiable information depends on the products and services we provide to you.

Midland Heart’s Data Protection Officer (DPO) provides help and guidance to make sure we correctly apply the law to the processing and protection of your personal data. If you have any questions about how we use your personal data, our DPO can be reached by email at dataprotection@midlandheart.org.uk or by post to The Data Protection team, Midland Heart, 20 Bath Row, Birmingham, B15 1LZ.

We may change this Notice from time to time in accordance with the changes at Midland Heart Ltd or to reflect changes to regulation or legislation. Please check this page regularly to ensure that you’re happy with any changes

• Midland Heart Limited is a society registered under the Cooperative and Community Benefit Societies Act 2014, number 30069R. Our registered office is at 20 Bath Row, Birmingham, B15 1LZ, United Kingdom.
• Midland Heart Limited is registered as a ‘Data Controller’ on the Public Register of Data Controllers maintained by the Information Commissioner’s Office under number Z9424056.

Personal Data is data that relates to an individual or data that can identify an individual. It is data specifically about a person. For a full definition, you can see the UK GDPR Article 4.

Representatives of Midland Heart may take photographic images when inside your home for the following purposes:

• upon undertaking or completing a repair
• welfare, safeguarding or health & safety concerns
• to evaluate the condition of our property
• to prevent and detect crime
• collect evidence for investigations
• to support transparency and accountability

Photographic images inside your home will not be taken without your prior notification.

For the purposes of carrying out routine repairs, where there is no safeguarding nor health and safety concern, repair operatives will not take images of you or your personal information. They may take photographs of repairs and will notify you of this before capturing images.

There may be times when Midland Heart staff such as Tenancy Services Officers and repair operatives capture photographic images of the condition of your home, including your personal belongings. These images will be taken for the purposes of welfare, safeguarding or health and safety.

You will be notified when we need to capture images for these purposes.

Footage may be shared internally or externally for the purposes listed above.

Midland Heart uses CCTV for:

• the safety of tenants, staff and the public
• prevent and detect crime or antisocial behaviour
• collect evidence for legal investigations
• support transparency and accountability

CCTV footage may be shared internally or externally for the purposes listed above.

CCTV installations may be permanent or temporary. Where required, we will consult with you about new installations that may capture you and members of your household.

Please note that the installation of domestic monitoring equipment such as doorbell cameras and other forms of domestic surveillance and audio equipment must be requested via a ‘home improvement’ request before being installed. Please see Midland Heart’s website for information.

We may contact you retrospectively regarding any unauthorised installations.

Disputes regarding domestic monitoring equipment will be a civil matter, and whilst Midland Heart will attempt to intervene in disputes, ultimately, the data controller for the footage is the owner of the equipment.

Commencing on 1^st August 2025, Midland Heart will be piloting the use of Body Worn Video (BWV) for staff. The pilot will be in place until 31^st October 2025.

BWV footage will capture video and audio.

We intend to use BWV:

• as a deterrent to violent and aggressive situations
• to reduce violent and aggressive situations
• for the safety of tenants and staff
• collect evidence for investigations
• support transparency and accountability

Footage may be shared internally or externally for the purposes listed above.

The pilot will include up to 15 cameras. Cameras will be used by Midland Heart’s Tenancy Services Officers, Estate Officers, Rangers Operatives and In-House Maintenance team.

Where we intend to use BWV during tenant visits, each tenant will be notified in writing before the visit commences, and we will ask for your consent upon arrival at your home.

If you do not consent to the use of BWV within your home, the camera will be switched off. The camera will be switched on without your consent for the purpose of health & safety should a situation begin to become violent or aggressive.

This privacy notice will be updated should the BWV pilot become permanent business as usual.

Where we do hold personal data about you, you have rights to access that data. you have the right to be informed who is obtaining and using your personal data, how this data will be retained, shared and secured and what lawful grounds will be used to obtain and use your personal data. You have the right to object to how we use your personal data in certain circumstances. You also have the right to obtain a copy of the personal data we hold about you.

In addition, you can ask us to correct inaccuracies, delete or restrict the use of some of your personal data or to ask for some of your personal data to be provided to someone else. You can make a complaint if you feel that we are using your personal data unlawfully and/or holding inaccurate, inadequate or irrelevant personal data which may have a detrimental impact on you or your rights.

These rights are not absolute. That means sometimes we don’t have to grant these rights, but usually we should give you a reason.

If you would like to see what personal data we collect, use, share and secure about you, it would help us to identify what you would like to see.

For example:

• let us know what the matter was regarding
• provide a date range, or
• tell us know who was involved

We will try to answer any enquiries you make, but the more detail and help you can give us, the more quickly we can help you.

If you do want to see copies of your personal data, or to ask us to correct, delete or stop processing your personal data, please contact us at dataprotection@midlandheart.org.uk.

If you are dissatisfied with our response, please let us know so that we can address any concerns.

To make enquires for further information about exercising any of your rights in this Privacy Notice, please contact Midland Heart’s Data Protection Officer, whose contact details are above.

We always ask that you contact us first if you have any complaints about the way we are processing your personal data. We will do everything we can, that the law allows, to respect your request.

If you have contacted us and you are still unhappy about the way we are processing your data, you can submit a complaint the UK Information Commissioner’s Office at ico.org.uk.

For further information about your rights, please visit the ICO’s website via the link ico.org.uk.

• Health, medical conditions
• Race
• Ethnic origin
• Religious beliefs
• Political affiliation
• Sexual preference
• We pay particular attention to how we process the personal data of children

We only collect and process personal data about you where we have the lawful basis to do so. The majority of photographic, CCTV footage and BWV we hold and processes for you is based on:

• Your consent, which is in a limited number of occasions. In such cases we explicitly ask you to give us your consent in writing. Where you have given your consent, you have the right to withdraw it later. We will let you know how to do this at the time we gather your consent; or
• In pursuance of our “legitimate interests”, provided that such processing does not outweigh your rights and freedoms.

Special protection is given to certain kinds of personal data which is particularly sensitive.

We will only use this kind of personal information where:

• We have a legal obligation to do so
• It is necessary for us to do so to protect your vital interests
• It is in the substantial public interest
• It is necessary for the prevention or detection of crime
• It is necessary for medical assessment or for medical treatment
• You have specifically given us ‘explicit’ consent to use the information

We use a number of data processors who act on our behalf to process personal data. All of these organisations are subject to the same legal rules and conditions for keeping personal confidential data secure. We ensure that our partner agencies have contracts / information sharing agreements which outline that your information is processed under strict conditions and in line with the law. Who we share your personal data with depends on the services we provide to you and the purposes for which we use your personal data.

We need to do this in order to:

• Provide you with services pursuant to your Contract or support plan or other services you have requested from us
• Allow you to access our services
• Assist in the allocation of housing
• Assist in the allocation of care, support and safeguarding
• Develop our services

We also share information about you with third parties or when required by law for the following reasons:

• To assist with the detection and prevention of crime or fraud
• To assist in the allocation of care, support and safeguarding
• To enforce our agreements with you
• To investigate and defend ourselves against any third-party claims or allegations
• Evidence you provide to support a complaint or for legal proceedings

Categories of third parties who we share your personal data with

Our Suppliers, such as:

• Care services or providers
• Protection or Rights agencies
• Legal advisors and representatives

Authorities and Agencies:

• Police
• Local Authorities and elected representatives
• Social Services
• The courts
• GPs and hospitals
• Schools
• Probation services
• Drug & alcohol services
• Emergency services

If you would like to have more specific information about who we share your data with, please contact our data protection team – the contact details are above.

We do not transfer photographic images, CCTV footage or BWV information outside the European Union.

Photographic images, CCTV footage and BWV footage will be held in line with our retention polices.

This means that the length of time that imagery is held will depend on the reasons for capture. For example, if we need to retain images/footage for a legal claim, the images/footage could be held until that legal claim is closed or until your tenancy with us ends.

Permanent live CCTV footage is initially retained for a period of one month. This may be longer if footage is downloaded and is required to be held for legal purposes. Where CCTV footage is shared with third party organisations, please refer to said organisation’s own retention policies.

BWV footage and audio will be retained for a period of 6 months if there has been no incident.

BWV footage and audio will be retained for a period of 12 months if an incident is captured.

All BWV footage and audio will be audited by the Head of Safety and Facilities in liaison with the CCTV Manager.

BWV and audio will have an operational buffer time before activation. This buffer time will be 3 minutes prior to activation. The buffer time will record audio and video.

We are committed to ensuring that your information is secure. All of our staff have contractual obligations of confidentiality, enforceable through disciplinary procedures. All staff receive appropriate training about data protection, cyber security and confidentiality of information.

Policies and procedures are in place so that Midland Heart staff and organisations acting on behalf of Midland Heart have a framework for consistent, compliant, and safe operation.

We take relevant organisational and technical measures to ensure that the information we hold is secure, such as holding information in secure locations and restricting the access of information to authorised personnel. We protect personal and confidential information held on equipment such as laptops and hand-held devices with encryption. However, the transmission of information via the internet is not completely secure and so we cannot guarantee the security of data sent to us electronically.