Policy Statement and definitions

2.1 MTVH’s policy is to ensure that everyone who has dealings with MTVH has a right to privacy and to expect that all personal information about them will be handled sensitively and with due regard to its confidentiality.

2.2 This policy covers, but is not limited to, personal data and special categories of personal data as defined by GDPR.

2.3 Personal data is defined as any information relating to an identified or identifiable living person (‘data subject’); an identifiable living person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identify of that living person.

2.4 Special categories of personal data is separately defined within the GDPR and covers racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a person’s sex life or sexual orientation.

2.5 MTVH will:

2.5.1 comply with the law regarding the protection and disclosure of information, treat all personal and sensitive organisational information as confidential.
2.5.2 not disclose personal information without the prior express consent of the individual concerned, except in the circumstances outlined below in the section on disclosure.

2.5.3 Not gain or attempt to gain access to unauthorised information.

2.6 All staff have a duty to respect confidentiality of personal information held by MTVH. In meeting this duty staff are expected to exercise judgment and common sense.

2.7 MTVH has nominated a member of staff to act as MTVH Data Protection Officer (DPO). The DPO for the MTVH Group is the Head of Governance & Compliance. All enquiries regarding data protection must be passed to the DPO.

2.8 The GDPR is enforced by the Information Commissioners Office which has extensive powers under the GDPR to take action against organisations which breach data protection law. This includes substantial fines as well as other regulatory action such as enforcement notices.

2.9 MTVH is also regulated by the Homes and Communities Agency (HCA) which as part of the Governance and Financial Viability Standard of the Regulatory Framework, requires all registered providers of social housing to adhere to all relevant law. This includes the GDPR.