Privacy Policy

1. Who we are

[YOUR AGENCY NAME] ("we", "us", "our") is a data controller registered under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We are registered with the Information Commissioner's Office (ICO) under registration number [ICO REGISTRATION NUMBER].

Our registered address is:

[Agency Name]

[Address Line 1]

[Address Line 2]

[Town/City, Postcode]

Email: [contact@youragency.co.uk]

Tel: [01234 567890]

If you have any questions about how we handle your personal data, please contact our Data Protection Lead at the address above or by emailing [dpo@youragency.co.uk].

2. What this policy covers

This privacy policy explains how we collect, use, store, share and protect your personal data when you:

•        visit or interact with our website at [www.youragency.co.uk]

•        contact us by phone, email, or in person regarding buying, selling, letting or renting a property

•        register with us as a buyer, seller, landlord or tenant

•        attend a property viewing or valuation

•        enter into a tenancy agreement or sale agreement with or through us

•        apply to rent a property we manage

Please read this policy carefully. By using our services you confirm you have read and understood it.

3. What personal data we collect

We collect and process the following categories of personal data, depending on your relationship with us:

3.1 From buyers and sellers

•        Full name, date of birth, and contact details (address, phone, email)

•        Property details and ownership information

•        Financial information including proof of funds, mortgage agreements in principle, and bank details for deposits and completions

•        Identity documents (passport, driving licence) for anti-money laundering (AML) compliance

•        Correspondence and communications with us

3.2 From landlords

•        Full name, date of birth, and contact details

•        Property ownership details and mortgage provider information (where required)

•        Bank details for rental income payments

•        Identity documents for AML compliance

•        Tax information where required

3.3 From tenants and prospective tenants

•        Full name, date of birth, and contact details

•        Current and previous addresses (typically three years)

•        Employment details and employer contact information

•        Income information and payslips or accounts

•        Bank statements and financial history

•        Credit check information (obtained via our referencing provider)

•        Guarantor details where applicable

•        Right to rent documentation (proof of immigration status)

•        Emergency contact details

•        Details of any county court judgements (CCJs) or insolvency history

•        Correspondence throughout the tenancy

3.4 From website visitors

•        IP address and device information

•        Browser type and version

•        Pages visited and time spent on site

•        Search terms used on our website

•        Cookie data (see Section 10)

•        Information submitted via contact or valuation request forms

3.5 Special category data

In limited circumstances we may collect special category data, for example where a tenant discloses a disability that requires reasonable adjustments to a property or viewing process. We will only process such data with your explicit consent or where we are legally required to do so.

4. How we collect your personal data

We collect your personal data in the following ways:

•        Directly from you via enquiry forms, phone calls, emails, in-person meetings, tenancy application forms, and viewings

•        Automatically via cookies and analytics tools when you visit our website

•        From third parties including referencing agencies (e.g. Rightmove Landlord & Tenant, Homelet, Let Alliance), credit reference agencies, identity verification providers, solicitors, mortgage brokers, and HMRC

•        From property portals including Rightmove, Zoopla, OnTheMarket, and similar platforms

5. Our legal basis for processing your data

Under UK GDPR, we must have a lawful basis for processing your personal data. We rely on the following bases:

5.1 Performance of a contract (Article 6(1)(b))

Where processing is necessary to take steps at your request prior to entering into a contract, or to perform a contract to which you are a party. This includes processing your data to arrange viewings, prepare tenancy agreements, process rental payments, and manage a tenancy.

5.2 Legal obligation (Article 6(1)(c))

Where we are required by law to process your data. This includes:

•        Anti-Money Laundering (AML) checks under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017

•        Right to Rent checks under the Immigration Act 2014

•        Compliance with HMRC obligations regarding rental income

•        Compliance with the Tenant Fees Act 2019 and related legislation

5.3 Legitimate interests (Article 6(1)(f))

Where processing is necessary for our legitimate business interests and does not override your fundamental rights and freedoms. This includes sending you property alerts and updates that are closely related to your enquiry, improving our website and services, and preventing fraud.

5.4 Consent (Article 6(1)(a))

Where you have given us clear and unambiguous consent to process your data for a specific purpose, such as sending you marketing communications or newsletters. You may withdraw your consent at any time by contacting us at the details in Section 1.

6. How we use your personal data

We use your personal data for the following purposes:

•        Responding to your enquiries and arranging property viewings and valuations

•        Preparing and managing tenancy agreements, sales memoranda and related documentation

•        Conducting tenant referencing and credit checks

•        Carrying out identity verification and AML compliance checks

•        Conducting Right to Rent checks

•        Processing rental payments and managing maintenance and repair requests

•        Communicating with you about properties that may meet your requirements

•        Sending you property alerts, newsletters and marketing communications (where you have consented or we have a legitimate interest to do so)

•        Complying with our legal and regulatory obligations

•        Improving our website and service offering

•        Preventing and detecting fraud and financial crime

•        Resolving disputes and enforcing our legal rights

7. Who we share your personal data with

We may share your personal data with the following categories of third parties:

7.1 Service providers

•        Tenant referencing and credit check agencies

•        Identity verification and AML compliance providers

•        Property management and CRM software providers

•        Email marketing platforms (where you have subscribed to our communications)

•        Website hosting and analytics providers

•        Accountants and bookkeepers

7.2 Professional advisers and counterparties

•        Solicitors and conveyancers (in connection with property sales or leases)

•        Mortgage brokers and lenders (with your consent)

•        Surveyors and valuers

•        Contractors and maintenance providers (limited to what is necessary for them to carry out their work)

7.3 Property portals and marketing platforms

Where you have consented to your property being marketed, we will share relevant details (property address, photographs, floorplans) with portals such as Rightmove, Zoopla, and OnTheMarket. These portals operate their own privacy policies.

7.4 Regulatory and legal bodies

•        HMRC (including under the Non-Resident Landlord Scheme)

•        The police or other law enforcement agencies where we are legally required or permitted to do so

•        The Information Commissioner's Office

•        The Property Ombudsman or other redress scheme bodies

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your data for their own purposes.

8. International transfers of personal data

We aim to keep all personal data within the UK and European Economic Area (EEA). Where we use service providers based outside the UK, we ensure appropriate safeguards are in place, such as the UK International Data Transfer Agreement (IDTA), standard contractual clauses, or reliance on adequacy decisions made by the UK Government. Please contact us if you would like details of the specific safeguards applicable to any particular transfer.

9. How long we keep your personal data

We will only retain your personal data for as long as necessary to fulfil the purpose for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

9.1 Retention periods

•        Tenancy records (including tenancy agreements, check-in and check-out reports, correspondence): 6 years from the end of the tenancy

•        AML identity verification records: 5 years from the end of the business relationship, in accordance with the Money Laundering Regulations 2017

•        Right to Rent records: 12 months after the tenancy ends

•        Sales transaction records: 6 years from completion

•        Unsuccessful tenancy applications: 6 months from the date of the application decision

•        Website enquiries and contact form submissions (where no further relationship arises): 12 months

•        Marketing consent records: Until you withdraw consent, plus 2 years thereafter

After the relevant retention period, we will securely delete or anonymise your personal data.

10. Cookies

Our website uses cookies to distinguish you from other users and to improve your browsing experience. Cookies are small text files placed on your device by websites you visit.

10.1 Types of cookies we use

•        Strictly necessary cookies essential for the website to function and cannot be switched off

•        Performance/analytics cookies help us understand how visitors interact with our website (e.g. Google Analytics)

•        Functional cookies allow the website to remember choices you make

•        Marketing cookies used to deliver relevant advertisements and track campaign effectiveness (where applicable)

You can control and/or delete cookies as you wish by adjusting your browser settings. Please note that removing all cookies may affect your experience of our website. For more information about managing cookies, visit www.aboutcookies.org.

11. Your data protection rights

Under UK GDPR, you have the following rights in relation to your personal data:

11.1 Right of access

You have the right to request a copy of the personal data we hold about you (a Subject Access Request or SAR). We will respond within one month of receipt of a valid request. There is no fee for this in most circumstances.

11.2 Right to rectification

You have the right to ask us to correct inaccurate or incomplete personal data we hold about you.

11.3 Right to erasure

You have the right to ask us to delete your personal data in certain circumstances, for example where the data is no longer necessary for the purpose for which it was collected. This right does not apply where we are required to retain data by law.

11.4 Right to restriction of processing

You have the right to ask us to restrict the processing of your personal data in certain circumstances, for example if you contest the accuracy of the data while we verify it.

11.5 Right to data portability

Where we process your data on the basis of consent or contract, you have the right to receive your personal data in a structured, commonly used and machine-readable format and to have it transferred to another data controller.

11.6 Right to object

You have the right to object to our processing of your personal data where we rely on legitimate interests as our legal basis. You also have an absolute right to object to processing for direct marketing purposes at any time.

11.7 Rights related to automated decision-making

Where we use automated processes to make decisions about you (for example, automated credit referencing scoring), you have the right to request human review of that decision, to express your point of view, and to contest the outcome.

11.8 How to exercise your rights

To exercise any of the above rights, please contact us in writing at the address in Section 1 or by email at [dpo@youragency.co.uk]. We may need to verify your identity before responding to your request.

12. How we keep your data secure

We take the security of your personal data seriously and have put in place appropriate technical and organisational measures to prevent unauthorised access, disclosure, alteration or destruction. These measures include:

•        Secure, encrypted storage of digital records

•        Strict access controls and password policies for our systems

•        Staff training on data protection and information security

•        Physical security of our office premises

•        Regular review of our data protection practices

Where we share data with third-party providers, we require them to maintain equivalent security standards. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and you directly where required.

13. Marketing communications

We may send you property alerts, market updates, and other marketing communications where you have given us your consent to do so, or where we have a legitimate interest (for example, where you have recently enquired about a specific type of property and we believe you would welcome similar alerts).

You can opt out of marketing communications at any time by:

•        Clicking the "unsubscribe" link in any marketing email

•        Emailing us at [contact@youragency.co.uk]

•        Calling us at [01234 567890]

Opting out of marketing will not affect our ability to send you service-related communications about an active tenancy or transaction.

14. Third-party websites

Our website may contain links to third-party websites including property portals, mortgage calculators, and other services. These third parties have their own privacy policies and we have no responsibility or liability for their content or activities. We encourage you to read their privacy policies before providing them with any personal data.

15. Children's personal data

Our services are not directed at children under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected personal data relating to a child, please contact us immediately using the details in Section 1 and we will take steps to delete it.

16. How to complain

If you have a concern about how we have handled your personal data, we ask that you contact us in the first instance so we can try to resolve the matter.

If you remain unhappy after contacting us, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office

Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Helpline: 0303 123 1113

Website: www.ico.org.uk

17. Changes to this privacy policy

We may update this privacy policy from time to time to reflect changes in our practices, technology, or applicable law. We will notify you of any significant changes by posting a notice on our website or, where appropriate, contacting you directly. The date of the most recent revision is shown at the top of this policy.

We encourage you to review this policy periodically to stay informed about how we protect your data.

This policy should be reviewed by a qualified solicitor before publication. It is provided as a template and does not constitute legal advice. Placeholder text in brackets must be completed before use.

We use cookies to give you the best possible experience on our site.

For more information click here.