Privacy statement

How we use your information

• What data do we collect?

  We collect data about you and members of your household when you submit applications (such as for housing), use Moat’s websites (including MyMoat), have contact with our colleagues across the business and/or interact with our third-party service providers. We also receive some information about you from other agencies, such as local authorities, health professionals, government agencies etc. We only collect data which is necessary, relevant and adequate for us to comply with our obligations under our contract (i.e. tenancy agreement, lease etc.) and/or the purpose(s) for which we are provided it.

  When it is in our legitimate interest, we will use data to help us understand how you use our services and engage with us, to enable us to deliver improved services to you and to help us try to meet your individual needs.

  The data we collect includes some or all of the information shown in this PDF.
  (Please note: Moat reserves the right to update the contents of the Privacy Statement shown in the downloadable PDF from time to time. Should you decide to download or print a copy, it shall be rendered uncontrolled).

  ---

  We will also share your data in situations where we need to pass it on to manage any request or complaint you have made to us. For example, we may share details of any complaint with the Housing Ombudsman Service, the Regulator of Social Housing, our insurers, the Courts or other third parties.

  CCTV footage

  Moat operates CCTV at its office locations and at some selected housing sites where we own or manage properties in order to prevent and detect anti-social behaviour / criminal activity. We will place ‘CCTV in operation’ signs to inform you when images of you may be captured. We are also aware that CCTV is in operation at some of our regional offices, such as Stanhope and Maldon, however, this is operated by the building owner.

  Legal obligation to provide data

  We may be legally required to provide information to third party organisations – for instance, in certain circumstances we may be required to provide information about housing benefits to a local authority, address and tenancy information for the purposes of the collection of taxes, or to provide CCTV footage to the police for the purposes of detecting criminal activity.

  When you use our online services we may record:

  • The date and time you used our services
  • The pages you visited on our website and how long you visited them for
  • ‘Live chat’ records
  • Your IP address
  • The internet browser and devices used to access our sites
  • Cookie information (for more information please see our Cookie Policy below)
  • The website address from which you accessed our website.

  When you use our website or associated apps, so that we can better understand our users’ needs and to optimise this service and experience, these sites utilise a technology service that enable us to build and maintain services with user feedback. These websites and apps use cookies and other technologies to collect data on users’ behaviour and their devices. This includes a device's IP address (processed during your session and stored in a de-identified format), device screen size, device type (unique device identifiers), browser information, geographic location (country only), communication information, operating systems, and the preferred language used to display the information. This information is contained within a pseudonymised user profile. These services are contractually forbidden to sell any of the data collected on our behalf.

• How do we use this data?

  Moat will only process data that is necessary for the purpose(s) for which it has been collected, for example to consider any application for accommodation, or to respond to any query, complaint or request made by you. 

  We process personal data so that we can provide a range of services and to fulfil our obligations as a provider of social housing, including:

  • The provision of social and affordable housing
  • Repairs and maintenance* 
  • Grounds, estates and tree maintenance* 
  • Customer service (including out of hours*)
  • Marketing, sales and re-sales of new and existing shared ownership homes

  *Indicates processing carried out by third-parties.

  Research and Analysis

  You will always have the option not to receive marketing communications from us (and you can withdraw your consent or object at any time by contacting customer@moat.co.uk). We will never send you unsolicited ‘junk’ email or communications, or share your personal data with anyone else who might do so.

  There are various ways in which we may use or process your personal data for research and marketing purposes, including: 

  • To identify and record when you have received, opened or engaged with our website or electronic communications (please see our Cookie Policy below for more information),
  • To analyse, evaluate and improve our services so that they are more useful (we will generally use data amalgamated from many people so that it doesn’t identify you personally),
  • Processing necessary for us to promote our activities and measure the reach and effectiveness of our services and create a better understanding of you as a customer.

  Automated decision making and profiling

  Moat and our authorised third party service providers use data when profiling you for services and to target our resources. 

  Our telephone system uses Artificial Intelligence and machine learning to improve customer interactions, including the use of analytics tools which will analyse voice, chats and email interactions and provide actionable insights.

• Who do we share this data with and how?

  Moat store personal information across our secure premises and secure cloud infrastructure within the United Kingdom (UK) and European Economic Area (EEA). We will only transfer personal data to jurisdictions outside of the UK or EEA if it has a recognised and adequate level of protection for data protection purposes. Such a transfer requires the express approval of Moat’s named Data Protection Officer. 

  We do not sell your data to third parties.  

  When it is in our legitimate interests, we will share your information with our contractors and partner organisations who deliver services for us (like repairs, satisfaction surveys and market research etc).  For more information see Table 1 The data we collect, why and who we share it with. 

  We use a secure email facility, called Mimecast, to enable details to be sent securely via email. In situations where TLS email types cannot be received by the recipient, we endeavour to ensure that emails are anonymised where possible, or personal information details are sent within a password protected attachment. 

  Some of our contractors, such as our day to day repairs partners and other partnering organisations providing services on our behalf, have a limited view into our systems. Generally, this will be to enable for appointments to be made, or complaints and feedback to be responded to appropriately. In addition to this, we have authorised integrations with some partners, such as our telephony service provider, to enable us to provide a better customer experience. When sharing information, we will comply with all aspects of data protection law. 

  We will only transfer personal data to jurisdictions outside of the United Kingdom (UK) or European Economic Area (EEA) if it has a recognised and adequate level of protection for data protection purposes. Such a transfer requires the express approval of Moat’s named Data Protection Officer.   

  The majority of personal information is stored on Moat's own servers in Moat's own secure premises. There are some occasions when your information may leave the UK or EEA in order to get to another organisation, or, if it is stored in a system that uses servers elsewhere. 

  Moat have additional protections on this data, ranging from secure ways of transferring data, undertaking risk assessments on systems being used, to ensuring that we have a robust contract in place with the third party.

• How do we keep your data secure?

  Moat has a robust set of security controls in place to protect the records we hold about you (on paper and electronically). Moat meets the stringent Payment Card Industry Data Security Standards (PCI-DSS) and complies with Cyber Essentials standards.

  Access to your records is only available to those who have a right to see them. Examples of further security include:

  • Encryption, meaning that information is hidden so that it cannot be read without special knowledge (such as a password). This type of technology is applied to a number of our systems.
  • Access Controls, controlling access to systems and networks using multi-factor authentication, validates your identity above only requiring a password. This gives an additional layer of security when accessing our systems and data.
  • Training for our colleagues means that everyone will be aware of how to handle information and how and when to report when something goes wrong.
  • Regular testing of our technology and ways of working including keeping up to date on the latest security updates (patches).
• How long do we keep your data for?

  We will not hold your personal data in an identifiable format for any longer than is necessary. If you are a customer or otherwise have a relationship with us, we will hold personal data about you for a longer period than if we have obtained your details in connection with a prospective relationship.

  If we have a relationship with you (e.g. you are a customer or member of a customer’s household), we hold your personal data for six years from the date our relationship ends. We hold your personal data for this period to establish, bring or defend legal claims.

  Where we have obtained your personal data following an enquiry or application, or a request for information on any of our services, we hold your personal data for one year from the date we collect that data, unless during that period we form a relationship with you.

  The only exceptions to the periods mentioned above are where:

  • The law requires us to hold your personal data for a longer period, or delete it sooner.
  • If there are outstanding balances due to us at the end of our relationship, we will retain your data for a period of six years following the collection of all amounts owed to us.
  • You have raised a complaint or concern regarding our services, in which case we will retain your data for a period of six years following the conclusion date of that complaint.
  • You exercise your right to have the data erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law (see ‘how you can manage the data we hold about you’ for further information).
• How you can manage the data we hold about you

  You have the right as an individual to access your personal data and make corrections if necessary. You also have the right to withdraw any consent you have previously given us and ask us to erase the data we hold about you (for information which we rely on your consent to hold). You can also object to us using your personal data (where we rely on our business interests to process and use your personal data).

  You have a number of rights in relation to your personal data under data protection law. In relation to most rights, we will ask you for data to confirm your identity and, where applicable, to help us search for your personal data. The time limit for responding to your request will be paused until we receive all requested information. We will respond to your request within one month from the date we receive it. If for any reason, we are unable to fulfil your request within this timescale, we will contact you to let you know within the calendar month. We may refuse to comply with your request if an exemption or restriction applies, or if your request is manifestly unfounded or excessive. In most cases, there is no charge when making your request, however, in some circumstances, the ICO allows us to make a reasonable charge to respond to your request.

  You have the right to:

  • Be informed about what data we hold about you and how we use it. This Privacy Statement is designed to tell you all you need to know.
  • Ask for a copy of the data that we hold about you (known as a Data Subject Access Request)
  • Correct and update your data (in certain circumstances, we may request evidence of the change) (known as right to rectification)
  • Withdraw your consent (where we rely on it). You can do this by contacting us at customer@moat.co.uk. In relation to any marketing messages you receive, you can unsubscribe at any time by using the unsubscribe option included in those messages. This is also known as the right to object to processing, but is not the same as when we use your data for the performance of our tenancy or lease obligations or any other legitimate interest.
  • Object to our use of your data (where we rely on the public interest or our legitimate interests to use your personal data) provided we do not have any continuing lawful reason to continue to use and process the data (this is also known as right to object). When we do rely on our legitimate interests to use your personal data for direct marketing, we will always comply with your right to object. 
  • Erase your data (or restrict the use of it), when we do not have any continuing lawful reason to continue to use and process that data (also known as the right to erasure).
  • Receive copies of the data you have provided to us in a structured data file (in a commonly used and machine readable format) to transfer to another provider, where we rely on your consent to use and process your personal data or need to process it in connection with your contract. This is also known as data portability. 
  • We aim to keep your records accurate and up to date and may ask you to confirm your details when we communicate with you. You can keep all your personal details up to date using MyMoat, our customer portal by visiting www.moat.co.uk/mymoat 

  You can exercise the above rights and/or manage your data by contacting our Data Protection Officer by emailing customer@moat.co.uk or writing to:
  
  Data Protection Officer, Moat, Mariner House, Galleon Boulevard, Crossways, Dartford, Kent DA2 6QE.

  If you are unhappy, you have the right to lodge a complaint with our data protection officer or the Information Commissioner’s Office, the data protection regulator in the UK. Write to them at:
  
  Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.
  
  You can call them on 0303 123 1113 or email at casework@ico.org.uk.

Cookies

We need to use essential cookies and Hypertext Transfer Protocol (HTTP) headers to collect some information whilst you use our website(s). This data resides in your local storage, it is pseudonymised and has no value on its own. We only use non-essential third-party cookies for analytical purposes, such as Google Analytics and Hotjar, to help us structure our website(s) to provide you with a better customer experience. 

(Last updated 16 June 2025)

• How you give us your consent

  When you visit our website(s) (moat.co.uk and MyMoat), you'll be asked to "Accept additional cookies" (Opt-in), or to "Reject additional cookies" (Opt-out) We will prompt you to accept or reject additional cookies every 30 days.  

  If you choose to reject non-essential cookies (opt-out), we will continue to use essential cookies that are required to provide a functional website.  

  If you choose to accept non-essential cookies (opt-in) we will collect analytical information that describes how you use our website(s).  

  Your consent is device specific. If you choose to accept non-essential cookies on a device, this is independent of your decision about cookies on another device. If using a shared device, it is advisable to clear local data before and after use.

• How to withdraw consent at any time

  If you chose to accept additional cookies, you have the right to withdraw the consent at any time (opt out). There are various ways to opt out:  

  • After 30 days from the date of acceptance, your consent will be automatically withdrawn, and we will prompt you to accept or reject non-essential cookies again. 

  • If you want to withdraw your consent within the 30-day period, you can do so by deleting cookies from your browser, after which, you will be prompted to accept or reject non-essential cookies when you next visit our website(s). 

  Be aware that disabling the use of all cookies in your browser is likely to disable the essential cookies we need to provide a functional website. 

• Renewal of consent

  We will prompt you to accept or reject non-essential cookies every 30 days (subject to changes that will be reflected in this policy), or when you access our website(s) using a different device.