Privacy Policy


  1. Introduction

Muir Group are the ‘controllers’ of the information (‘personal data’) that we collect about you - our ‘data subjects’, this means that we are responsible for how your data is processed. Processing refers to what we do with your personal data including how we store and handle that information and how we keep it safe.

This Privacy Policy also explains why we process your personal data and the rights you have as a data subject including, the right to access your data known as a Subject Access Request.


  1. What is the Muir Group?

The Muir Group sometimes referred to as ‘the Group’ is made up of two related businesses:

  • Muir Group Housing Association
  • Muir Property Solutions (MPS)

For simplicity throughout this Policy, ‘we’ and ‘us’ means both Muir Housing Association and Muir Property Solutions (MPS).


  1. What is personal data?

Personal data’ is any information that relates to a living, identifiable person. This will usually include your name, address, contact details, and other information we collect as part of our relationship with you.

It can also include ‘special categories’ of data, which is the official term for information about a person’s race or ethnic origin, religious, political or other beliefs, physical or mental health, trade union membership, genetic or biometric data, sex life or sexual orientation.

The use of this type of data, and of information about criminal convictions and offences, is subject to strict legal controls.

We only process data if we need to for a specific purpose, as explained below. Most often, we collect your personal data directly from you.


  1. Why, what and how we process your personal data

The main reason we need to process data is so that we can offer you the best possible service.

We use your contact details, financial information and other personal information in order to provide you with your tenancy, which sometimes requires us to share personal data with trusted partners and contractors.

We take the safety of your personal data very seriously. We have controls in place to protect your data from breaches, controls in place to ensure your data is accurate and we will never keep your data longer than necessary.

The law on data protection sets out a number of reasons for which a company can legitimately collect and process your personal data including:


In specific situations, we can collect and process your information with your consent.

For example:

  • During your application, we may need to collect financial eligibility information;
  • We may need to share information with an authorised person acting on your behalf – we would do this only with your consent.

Contractual Obligations

In certain circumstances, we need your personal data to comply with our contractual obligations to you, we may need to share your information to ensure your contractual obligations to us.

For example:

  • We need to process your data to provide you with a tenancy agreement;
  • We may need to share your information with a third party in order to collect rent arrears.

Legal Compliance

If the law requires us to, we may need to collect and process your data for legal compliance.

For example,

  • We may be legally obliged to pass on details of criminal activity conducted during a tenancy and on our properties to law enforcement
  • We may share rent information with local authorities for the purpose of them administering benefits

Legitimate interests

In specific situations, we require your data to pursue our legitimate interests in a way that may be reasonably expected as part of running the Group and which does not materially impact your rights, freedom or interests.

For example:

  • We share some personal data with external contractors who provide housing related services such as property maintenance and repairs.
  • We may process data from CCTV for the purposes of protecting our premises and tenants.
  • Phone calls to our main number are recorded so that we can monitor the quality and content of calls.


  1. How we store your data

Your personal data is held in both hard copy and electronic formats.

Electronic data, including emails, is stored on Muir Group servers and on our software suppliers’ servers, which are located within the European Union.


  1. How long we keep your data

Information about how long we hold your data for can be found in our Data Retention Schedule.

Our Data Retention Schedule is based on that of the National Housing Federation which includes legal and recommend retention periods.

It can be viewed here: Data Retention Schedule

Unless legally required, once we have reached the retention period for a set of data, we will securely dispose of the relevant data by deleting from our electronic systems or for hard copies by disposing of via our confidential waste disposal procedure.


  1. Cookies

What are cookies?

“Cookies” are small text files that store basic information that a web site can use to store information such as number of visits to a website, remembering your preferences and statistics to improve our website. Cookies do not attach to your system or damage your files.

Does anyone else use cookies on the site? / Third party cookies

We may also use or allow third parties to serve cookies. For example, like many companies, we use Google Analytics to help us monitor site traffic. If we include content from other sites (like Facebook, Twitter), you may be sent cookies from these sites. We don’t control them, and you might want to check these third-party sites for more information about their cookies and how to manage them.

How can you manage cookies?

If you do not want information collected through the use of cookies, there is a simple procedure in most browsers that allows you to deny or accept the cookies feature. Please note, however, that “personalised” services may be affected if the cookies option is disabled. If you wish to disable the setting of cookies in your browser, please visit for the most up to date instructions.


  1. Your rights as a data subject including Subject Access Requests

As a data subject, the General Data Protection Regulation (GDPR) provides individuals with the following rights:

  • The right to be informed (about how your data is processed)
  • The right of access (to your personal data)
  • The right to rectification (to have errors or inaccuracies in your data changed);
  • The right to erasure (to have your data erased, in limited circumstances);
  • The right to restrict processing (in limited circumstances);
  • The right to object (the right to remove consent for processing for marketing and other processing activities);
  • Rights in relation to automated decision making and profiling.


Subject Access Requests

The General Data Protection Regulations (GDPR) 2018 provides you, the data subject, with a right to receive a copy of the data we hold about you or for you to authorise someone else to receive information on your behalf. Please read and complete the Subject Access Request Form below:

Subject Access Request Form

If you wish to exercise any of your other rights, please contact us in writing:

The Data Protection Officer
80 Lightfoot Street

For more information about these rights, please see the ICO’s website or contact our Data Protection Officer (DPO)

This Privacy Policy was last updated on 18th May 2018 in line with the General Data Protection Regulation (GDPR) requirements. It may be updated in the future and we'll post the new version here on our website.