Let Leeds has always taken data privacy seriously. In fact, data protection is just 1 of over 150 pieces of legislation that face the lettings industry. Let Leeds is always working hard to stay up to date with changes in the law.
As part of GDPR compliance Let Leeds reviews its use of personal data and provide data privacy training to our teams. Let Leeds has made some changes to the ways in which we collect, store and use your personal data.
We've also updated our GDPR policy to bring it in line with the updated regulations.
We've listed our third party organisations such as referencing agencies, portals and software providers, and identified what they do with the data. Let Leeds has designated a member of the team to be responsible for data protection.
Let Leeds has updated existing contracts and highlight clauses that may be relevant to GDPR as well as reviewing how we sign up new Applicants, Tenants and Landlords, and how we manage consent. Let Leeds has examined the security of its data to identify any vulnerabilities and the security of data on devices such as phones, laptops and cloud storage.
We have audited how our existing contacts came onto our databases and have auto archived applicants on our list after a certain period of time. Let Leeds has a simple process in place for identifying, investigating and reporting data breaches and all employees at Let Leeds undergo ongoing training.
This document outlines our Let Leeds policy in regards to the GDPR Data Protection Legislation 2018.
We store all of our customers' data on a software system called Jupix which Let Leeds currently holds licences to use. Jupix have informed Let Leeds of their GDPR Policy. The data that we collect is owned by Let Leeds and we do not sell your data to any third parties.
In order to provide the best service to our customers, we need to share your personal data with some of our service partners. These include but are not limited to One Utility, our bills management platform to provide your details to utility companies, the local council and internet providers. We also have a requirement to share your data with the DPS who provide our tenant deposit schemes.
Gathering reviews is market research and essential to help us to to continually improve our customer experience and provide the best service to our customers. We use Feefo to gather genuine reviews from our customers using their email address. Note that Feefo are only permitted to contact you for a review on our behalf, no other reason.
As part of the referencing, application and creation of Tenancy paperwork process, Let Leeds are required to share the details of applicants and their guarantors with all other Tenants, permitted occupiers and Guarantors within the property, whether on single or joint agreements.
As part of providing maintenance on managed properties we will share our customer's details with maintenance contractors. To allow notice of entry for our Tenants we may provide your details to other professional business, inventory clerks, surveyors, other letting agents.
We work with other companies that may assist you in your moving process - for example bills management companies, internet providers, solicitors, insurance companies, credit checking companies that we refer to. However we will ask your permission prior to passing your data on to any of these companies.
As part of our compliance regulations we may also need to share our customer's details with HMRC, accountants and the local council. If required for legal reasons we may also share your data with law enforcement agencies, courts/tribunals and government bodies. We would need to do this to comply with our legal obligations, to exercise our legal rights for the protection of our employees and customers and for the prevention, detection, investigation of crime or prosecution of offenders.
All data held by Let Leeds is stored within Jupix which is stored on encrypted servers. The data storage system that we use abides by the GDPR Policy and is password protected by all of our users. In line with GDPR, Jupix provides a full auditing system to record processing of any data. If we need to print your details, for example on a contract or tenancy agreement, all paper copies with any personal data is placed in a locked paper cabinet and shredded off site by McCarthy's shredding services who are GDPR compliant. If we store your personal details, we will always ensure these are kept out of sign and locked away.
The processing of any customers' data is necessary for the legitimate interests of Let Leeds. The legitimate interests are;
We store your data for a reasonable length of time in relation to the type of customer you are. Under Consumer Protection Regulations we must store our Applicant, Tenant, Guarantor and Landlord details for 7 years, or anyone who has conducted a viewing or valuation with us. Applicants who did not conduct a viewing with Let Leeds will be automatically archived by our software after 18 months. Under Anti-Money Laundering obligations we must store identification documents for any person we do business with for five years.
Where we must store customers' data In line with other legal compliance obligations, we keep it encrypted and will only use it as needed to fulfil our legal obligations or to service your needs as a customer.
Let Leeds will use your data to contact you to provide services to you as a customer. We will contact you by the methods that you have opted in for and we may contact you about relevant services based on what type of customer you are to Let Leeds.
If you would prefer not to receive information from Let Leeds you can update your preferences at any time. We will obtain your consent to be contacted and by which methods when you first make contact with us as a potential customer.
Upon your initial contact or application with Let Leeds, we will ask for your contact details and your consent to be contacted. There will be a choice of contact options and consent can be amended or withdrawn at any time.
Your data is important to us. All data will be stored securely, however, if we are alerted to data security breach which has potential to result in a risk to our customers, this breach will be notified to the ICO within 72 hours and all parties effected will be contacted.