At Moat, we are committed to protecting and respecting any personal data you and your family share with us.
At Moat, we are committed to protecting and respecting any personal data you, your family or any visitors to your property share with us. The wording in this document reflects the requirements of the UK General Data Protection Regulations (UKGDPR) and the Data Protection Act, which ensure we, and others, use your information appropriately.
We use the name ‘Moat’ to encompass Moat Homes Limited and all of its subsidiary companies. However, generally, when you share information with Moat, for example via our website, on the telephone or by submitting paper forms or applications, your data is processed by Moat Homes Limited as the data controller. Moat Homes Limited is registered as a data controller with the Information Commissioner’s Office (ICO) under registration number Z7412234.
Moat Foundation is the charitable arm of Moat Homes Limited. Information captured by the Moat Foundation team is processed in accordance with this privacy policy and controlled and stored by Moat Homes Limited.
Moat Housing Group is a registered provider and subsidiary of Moat Homes Limited. Moat Housing Group is registered as a data controller with the ICO with registered number Z8157784 in order to process information relating to historic and ongoing equity loan holders and a small number of properties. Information captured by Moat Housing Group is processed in accordance with this privacy policy and controlled and stored by Moat Homes Limited.
As a charitable organisation, we will process data in line with our objects for the benefit of the communities we serve, for providing and managing social housing and providing assistance to help house people within our communities.
We are responsible for making decisions about the way your information is used and this statement describes what types of data we collect from you, how we use it, how we share it with others, how you can manage the data we hold and how you can contact us.
We will always give you the option not to receive marketing communications from us. We will never send you unsolicited ‘junk’ email or communications, or share your data with anyone else who might. We do not sell your data to third parties, but we do work closely with contractors and partner organisations in order to provide and improve our services and to help us to meet our legal obligations and provide a fair and equitable service for all our customers.
This version of our Privacy Statement comes into effect on 1 July 2024 and is available on our website, moat.co.uk. The contents of this statement may change from time to time, so you may wish to check the statement on our website to ensure you remain informed. When there is a significant change we will contact you directly to notify you.
We collect data about you and members of your household when you submit applications (such as for housing), use Moat’s websites (including MyMoat), have contact with our colleagues across the business and/or interact with our third-party service providers. We also receive some information about you from other agencies, such as local authorities, health professionals, government agencies etc. We only collect data which is necessary, relevant and adequate for us to comply with our obligations under our contract (i.e. tenancy agreement, lease etc.) and/or the purpose(s) for which we are provided it.
When it is in our legitimate interest, we will use data to help us understand how you use our services and engage with us, to enable us to deliver improved services to you and to help us try to meet your individual needs.
We will also share your data in situations where we need to pass it on to manage any request or complaint you have made to us. For example, we may share details of any complaint with the Housing Ombudsman Service, the Regulator of Social Housing, our insurers, the Courts or other third parties.
CCTV footage
Moat operates CCTV at its office locations and at some selected housing sites where we own or manage properties in order to prevent and detect anti-social behaviour / criminal activity. We will place ‘CCTV in operation’ signs to inform you when images of you may be captured. We are also aware that CCTV is in operation at some of our regional offices, such as Stanhope and Maldon, however, this is operated by the building owner.
Legal obligation to provide data
We may be legally required to provide information to third party organisations – for instance, in certain circumstances we may be required to provide information about housing benefits to a local authority, address and tenancy information for the purposes of the collection of taxes, or to provide CCTV footage to the police for the purposes of detecting criminal activity.
When you use our online services we may record:
When you use our website or associated apps, so that we can better understand our users’ needs and to optimise this service and experience, these sites utilise a technology service that enable us to build and maintain services with user feedback. These websites and apps use cookies and other technologies to collect data on users’ behaviour and their devices. This includes a device's IP address (processed during your session and stored in a de-identified format), device screen size, device type (unique device identifiers), browser information, geographic location (country only), communication information, operating systems, and the preferred language used to display the information. This information is contained within a pseudonymised user profile. These services are contractually forbidden to sell any of the data collected on our behalf.
Moat will only process data that is necessary for the purpose(s) for which it has been collected, for example to consider any application for accommodation, or to respond to any query, complaint or request made by you.
We process personal data so that we can provide a range of services and to fulfil our obligations as a provider of social housing, including:
*Indicates processing carried out by third-parties.
Research and Analysis
You will always have the option not to receive marketing communications from us (and you can withdraw your consent or object at any time by contacting [email protected]). We will never send you unsolicited ‘junk’ email or communications, or share your personal data with anyone else who might do so.
There are various ways in which we may use or process your personal data for research and marketing purposes, including:
Automated decision making and profiling
Moat and our authorised third party service providers use data when profiling you for services and to target our resources.
Our telephone system uses Artificial Intelligence and machine learning to improve customer interactions, including the use of analytics tools which will analyse voice, chats and email interactions and provide actionable insights.
We do not sell your data to third parties.
When it is in our legitimate interests, we will share your information with our contractors and partner organisations who deliver services for us (like repairs, satisfaction surveys and market research etc). For more information see Table 1 The data we collect, why and who we share it with.
We use a secure email facility, called Mimecast, to enable details to be sent securely via email. In situations where TLS email types cannot be received by the recipient, we endeavour to ensure that emails are anonymised where possible, or personal information details are sent within a password protected attachment.
Some of our contractors, such as our day to day repairs partners and other partnering organisations providing services on our behalf, have a limited view into our systems. Generally, this will be to enable for appointments to be made, or complaints and feedback to be responded to appropriately. In addition to this, we have authorised integrations with some partners, such as our telephony service provider, to enable us to provide a better customer experience. When sharing information, we will comply with all aspects of data protection law.
We will only transfer personal data to jurisdictions outside of the United Kingdom (UK) or European Economic Area (EEA) if it has a recognised and adequate level of protection for data protection purposes. Such a transfer requires the express approval of Moat’s named Data Protection Officer.
The majority of personal information is stored on Moat's own servers in Moat's own secure premises. There are some occasions when your information may leave the UK or EEA in order to get to another organisation, or, if it is stored in a system that uses servers elsewhere.
Moat have additional protections on this data, ranging from secure ways of transferring data, undertaking risk assessments on systems being used, to ensuring that we have a robust contract in place with the third party.
Moat has a robust set of security controls in place to protect the records we hold about you (on paper and electronically). Moat meets the stringent Payment Card Industry Data Security Standards (PCI-DSS) and complies with Cyber Essentials standards.
Access to your records is only available to those who have a right to see them. Examples of further security include:
We will not hold your personal data in an identifiable format for any longer than is necessary. If you are a customer or otherwise have a relationship with us, we will hold personal data about you for a longer period than if we have obtained your details in connection with a prospective relationship.
If we have a relationship with you (e.g. you are a customer or member of a customer’s household), we hold your personal data for six years from the date our relationship ends. We hold your personal data for this period to establish, bring or defend legal claims.
Where we have obtained your personal data following an enquiry or application, or a request for information on any of our services, we hold your personal data for one year from the date we collect that data, unless during that period we form a relationship with you.
The only exceptions to the periods mentioned above are where:
You have the right as an individual to access your personal data and make corrections if necessary. You also have the right to withdraw any consent you have previously given us and ask us to erase the data we hold about you (for information which we rely on your consent to hold). You can also object to us using your personal data (where we rely on our business interests to process and use your personal data).
You have a number of rights in relation to your personal data under data protection law. In relation to most rights, we will ask you for data to confirm your identity and, where applicable, to help us search for your personal data. The time limit for responding to your request will be paused until we receive all requested information. We will respond to your request within one month from the date we receive it. If for any reason, we are unable to fulfil your request within this timescale, we will contact you to let you know within the calendar month. We may refuse to comply with your request if an exemption or restriction applies, or if your request is manifestly unfounded or excessive. In most cases, there is no charge when making your request, however, in some circumstances, the ICO allows us to make a reasonable charge to respond to your request.
You have the right to:
You can exercise the above rights and/or manage your data by contacting our Data Protection Officer by emailing [email protected] or writing to:
Data Protection Officer, Moat, Mariner House, Galleon Boulevard, Crossways, Dartford, Kent DA2 6QE.
If you are unhappy, you have the right to lodge a complaint with our data protection officer or the Information Commissioner’s Office, the data protection regulator in the UK. Write to them at:
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.
You can call them on 0303 123 1113 or email at [email protected].
For the purpose of supplying the services of the website for yourself and future visitors we need to collect some information from you. This is done via cookies (as you traverse the site) and http headers (when you login) where the data resides in your local storage.
The ‘cookie’ consent banner on this website is your affirmative action in accessing subsequent pages where data is transmitted. Consent is based on the computer/browser/device being used. If using a shared computer it is advisable to clear local data before and after use. More information on cookies, headers and local storage is available from Wikipedia.
Search https://en.wikipedia.org/ for 'HTTP cookies', 'HTTP headers' and 'Web_storage' respectively.
You have the right withdraw the consent at any time (opt out). There are various ways to do so:
As a customer of Moat you can access your information via the Call Centre or via post.
Consent will be sought each session/device or when the term have changed. If you subsequently give consent it will override any withdrawal of consent.
Please see our privacy policy for more information on the controller and processors of data.
Cookies
Cookie example name | EXAMPLE Value |
auth0.vXA3GFDGREMNIKT45SDX. is.authenticated |
true |
ARRAffinitySameSite | 754389574389543F.3.3.3 |
ARRAffinity | 754389574389543F.3.3.3 |
Local Storage
Key example name | EXAMPLE Value |
Access_token | -5amWvrxeasdsgOLrjqlvRve4-ia-6oN |
expires_at | 1525431609184 |
id_token | eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ik5VSkVNek01TlRFNVFUTTRPVFiYjkwMDUyNDZlMGYwYTEl4TWtFd1JFWkdSVEF3UTBaR01qZEVNakkzT0RFM05qSTNRZyJ9.eyJodHRwczovL21vYXQuY28udWsvY29udGFjdElkIjoiNTFmM2JjMmUtY2Y5Mi1lNTExLTgwY2YtMDA1MDU2YTUyNmI3IiwiaHR0cHM6Ly9tb2F0LmNvLnVrL3JvbGVzIjpbIm15bW9hdC11c2VyIl0sImlzcyI6Imh0dHBzOi8vbW9hdC5ldS5hdXRoMC5jb20vIiwic3ViIjoiYXV0aDB8NWQxZjE0MTQ1IiwiYXVkIjoiazN1WTNTYk1RdFFZc0F2NVdXTGE4OVYwdmFxMXdUODEiLCJpYXQiOjE1MjU0MjQ0MDUsImV4cCI6MTUyNTQ2MDQwNSwiYXRfaGFzaCI6IlR0aWwtOXNNaTBNSzVFbVktWVRtYWciLCJub25jZSI6Ik5hNlBsQ1hkQkY4aUtESEVQNTQuWDlTNmFqUDdPMDB1In0.aA3GgApmgV6FWPPdhGIfEBjGmZX-cF_aIhr-BteLIk4XKVwawXKV13JlNzf8SjIRpnVG5Hh_bhfYQm1Z4Q0EEQvsn9A9Jn4lzOzS2nkxCZRrOIL9pee9EZ0WyUO5BAAmG9q_aiUuz7F9-kullf9-neVfoDgsP0vjFusJcpXAc7FwkLKhR80IeGzYrbdeAbuDBCPPpOzBbyUI_OQ8hkNtovwO4gVbWMumt7_JdwTryDwk6HL8iZLsdVbyj40jULZpAnDI3NLctEYV3Dq9xbv4_DsF_fxtp96Dr8xr_bTJlwdFfvh8XVzZEmlAlr7YzsNyHCNs7YRvq2Ic4JNVVQ |
moat | {"cookies":"approved"} |
com.auth0.auth. tMg~1DIFbHQ1 Gu8x8d2goSpblu 84lnZi |
{"nonce":"plh1oqlxHKjrMg1Zm-oep4YuIwpJO06.","state":"tMg~1DIFbHQ1Gu8x8d2goSpblu84lnZi"} |
The information contained in the data transmitted to Moat is required for the provision of services now and in the future. It is pseudonymised and has no value on its own. We only use third party cookies for analytical purposes, such as Google Analytics, to help improve the usage of our site and for Twitter feeds. You can opt out of being tracked by Google Analytics across all websites.