Privacy - your rights

Privacy & Access to Information

If you are a user with general public and anonymous access the Metropolitan website does not store or capture personal information, but merely logs the user’s IP address that is automatically recognised by the web server.

We may from time to time use pixels, or transparent GIF files, to help manage certain online advertising. In either or both cases the information that we collect and share is anonymous and not personally identifiable. It does not contain your name, address, telephone number, or email address.

This privacy statement only covers the main Metropolitan website at This statement does not cover sub-domains or any other addresses related to Metropolitan as these may take different approaches to the registration/logging of users. Additionally, this privacy statement does not apply to any of the links within the Metropolitan website to other websites.

Data collected through use of website

Our main website does not collect IP addresses. If implemented these would be used only for the purposes of system administration and to audit the use of our site. We would not link IP addresses to anything personally identifiable, which means that while your user session will be logged, you will remain anonymous to us.

Our customer forum logs IP addresses against user accounts. This is to protect the integrity of the forum, and for us to monitor and remove spam forum users, ensuring that this remains a useful place for customers to visit.


When we provide services, we want to make them easy, useful and reliable. Where services are delivered on the internet, this sometimes involves placing small amounts of information on your device, for example, computer or mobile phone. These include small files known as cookies. They cannot be used to identify you personally.

These pieces of information are used to improve services for you through, for example:

  • enabling a service to recognise your device so you don’t have to give the same information several times during one task
  • recognising that you may already have given a username and password so you don’t need to do it for every web page requested
  • measuring how many people are using services, so they can be made easier to use and there’s enough capacity to ensure they are fast

You can manage these small files yourself and learn more about them through “Internet browser cookies” .

IT Security

Metropolitan is committed to the security of our customers’ personal information and we have security procedures in place to protect against loss, misuse or alteration of personal information under Metropolitan’s control.

Access to Information and your Right to know

Freedom of Information Act 2000, Environmental Information Regulations 2004 and Data Protection Act 1998 are all Acts of Parliament that allow public access to information held by Public Authorities.

Freedom of Information Act 2000 (FOI)

As Housing Associations are not Public Bodies the Freedom of Information Act 2000 doesn’t apply directly to us, however in the spirit of transparency as per our Policies we will try our best to disclose as much as we possibly can.

Please do submit your request in writing to our Data Protection & Information Governance Team at the address shown below and you will receive a response within 20 working days.

Environmental Information Regulations 2004 (EIR)

Similarly, the Environmental Information Regulations do not apply directly to Metropolitan. However, in the spirit of transparency, we shall consider requests for environmental information that is related in any way to the elements (fire, water, air & land).

Please do submit your request in writing to our Data Protection & Information Governance Team at the address shown below and you will receive a response within 20 working days.

Data Protection Act 1998 (DPA)

We process personal data in accordance with the principles of the Data Protection Act 1998 and our Data Protection and Confidentiality Policy. Under the Data Protection Act, you have the right to request to have access personal data that we hold about you.

Your request must be made in writing. Once our preliminary procedures regarding authenticating identity and clearing any fees payable have been completed, you will receive the information (unless an exemption applies) within 40 calendar days.

If you would like to make a request for information this can be done by completing our Information Request Form or by contacting the Data Protection and Information Governance Team at the address shown below.

Please visit our How we use your data page for a more detail guide on Data Handling and access or the ICO Website where there are many information guides available.

Changes to this privacy policy

If this privacy policy changes in any way, we will place an updated version on this page. Regularly reviewing this page ensures that you are always aware of what information we collect, how we use it and under what circumstances, if any, we will share it with other parties.


If you have any questions about this privacy statement or data protection issues generally, you can write to:

Data Protection & Information Governance Lead
The Grange
100 High Street
London, N14 6PW

Or email: