At Let Alliance, HomeLet, Barbon, Rentshield Direct and Rent4Sure we strive to deliver outstanding products and customer service. We value your business and therefore recognise that privacy is an important issue. As part of our dedication to being transparent we have developed this Privacy Notice to explain what data we collect and how we manage your data.
This Privacy Notice is relevant to anyone who uses our services including tenants and prospective tenants we reference, landlords, referees, agents, policyholders or prospective policyholders.
This Privacy Notice provides details of the personal data we collect from you, what we do with it, how you might access it and who it might be shared with.
Barbon Insurance Group Limited and Rent4Sure Ltd are subsidiaries of PIB Group Limited
Our Data Protection Officer can be contacted directly here:
Data Protection Officer
PIB Group Limited
1 Minster Court
Mincing Lane
London, EC3R 7AA
[email protected]
0330 058 9700
We process your personal data as a data controller only for the purpose for which it is collected. As the data controller we will not collect any information from you that we do not need for the purpose of fulfilling our services. There may be additional data controllers who have access to your data such as credit reference agencies, tenant services providers and your letting agent.
If you use our services or request information, we collect your personal data for use by Barbon Insurance Group Limited, Rent4Sure Ltd and other subsidiary companies of PIB Group Limited. These companies all work together to provide the services. We use this personal data for the provision of information and services or the performance of the contract.
We may use your personal data for other similar purposes, including marketing and communications, but that will only occur if we have your consent or where, as a current or previous user of our services, we rely on a legitimate interest justification for doing so. You have a right at any time to stop us from contacting you for marketing purposes. Please contact us to do so – see above.
We may use your information to help develop our products and improve our services to you as a customer because it is in your interest and our legitimate interest to provide efficient services. This may include asking you for feedback on the service we provide you.
The way referencing and insurance works means that, If you have a contractual or service relationship with us, your information may be shared with, and used by, a number of third parties in the referencing, insurance or risk sector; for example, insurers, reinsurers, agents, brokers, loss adjusters, sub-contractors, specific service providers, claim management companies, credit reference agencies, providers of legal services, recovery agents, payment gateways, finance providers, regulators, law enforcement agencies, fraud and crime prevention and detection agencies and compulsory insurance databases. We will only disclose your personal information in connection with the contract or service that we provide and to the extent required or permitted by law.
Your data will be held securely in the UK and the EEA. Any other data processing outside of these geographical areas will be undertaken only in locations that are covered by UK data protection adequacy regulations or where UK GDPR compliant appropriate safeguards are in place.
It you are taking insurance from us, more detailed information specifically on how the insurance market works and transfers data, is available from the London Insurance Market Core Uses Information Notice available at https://www.pibgroup.co.uk/core-uses
The personal information we have collected from you may be shared with fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance, or employment.
The personal data we collect depends on whether you just visit our website or use our services. If you visit our website, you do not need to provide us with any personal data. However, your browser transmits some data automatically, such as the date and time of your visit, your browser type, your operating system, the last web page you visited and your IP address. Our Cookie policy is on our website.
If you use our services, personal data is required to fulfil the requirements of a contractual or service relationship, which may exist between you and our organisation. We will also grant access to relevant personal data to our staff for example to provide training and staff development. This is on the basis that this is in both our mutual legitimate interests to improve our services and your customer experience. However, we will ensure this is in a secure environment.
In addition, special categories of personal data such as data about your health and criminal convictions may be collected and processed on a consent or public interest basis if this is necessary for referencing or insurance purposes.
If you provide us with personal data about other people, for example; family members you wish to add to a policy or contract, we expect you to ensure that they know you are doing so, and they are content with their information being provided to us.
If you use the chat function on any of our websites, your discussion will be captured by our third-party web chat provider, and retained by them for a short period of time and by us, as necessary.
We may record or monitor calls for training purposes, to improve the quality of our service and to prevent and detect fraud. We may also use CCTV recording equipment in and around our premises.
The type of data we collect and specific use of this data is outlined below dependent on the services we are providing to you. This is not an exhaustive list:
Tenant Referencing
If we are carrying out a reference for you the personal data we will collect will include your name, current, previous and prospective addresses, date of birth, contact details including telephone number and email address, employment details and information relating to your financial circumstances including your credit file and banking transactions.
With your consent, to verify your identity, we use secure identity service partners to capture your personal data from identification documents and from a selfie. Our identity partners will use this data to verify your identity and to prevent fraud. Your biometric data, captured by this process, will be deleted within seven days.
Your credit file includes details of your financial history, any judgments or insolvency-related events registered against you, whether you are on the electoral register, your address history, your financial associates, and details of other organisations which have searched your credit file. We use this information to complete an affordability assessment as part of our tenant referencing process. A tenant assessment including your data and any results from linked verification checks will be provided to the letting agent and prospective landlord and may be used by us when we provide your landlord or agent, insurance for their property or rental.
Please be aware that any references we request are given in confidence. There is an exemption in the Data Protection Act 2018 that means that we are unable to disclose information which identifies another individual and especially where such information is given in confidence. Thus, when providing referee information, you understand that without the referee’s consent, we are unable to disclose the contents of the reference to you.
When requesting access to your consumer credit report we are using Article 15 “Right of Access” rather than consent to share this data. We are using an Article 15 request (as clarified by Section 13 of the DPA2018) as the consumer’s credit report is not being provided by the consumer, it is data which is already processed by the credit reference agency to which the consumer is seeking access.
You can request removal of consumer credit report data at any time, but where we have used it to provide a report to landlord or agent, we may have to retain it for some time as outlined in our retention policies.
Insurance Services
The provision of your personal data is necessary for us to provide quotations and administer your insurance policy and will form the basis of the insurance contract. To give you access to more products and services, insurance quotes and contracts may be provided by other subsidiary companies of PIB Group Limited. The personal information we will collect includes name, address and contact details including telephone number, email address and date of birth. We may need to collect some sensitive data from you such as criminal convictions and credit history in order for the insurers to assess the risk, provide accurate cover and premiums and to meet the obligations set out in the contract of insurance.
Letting Agent Services
If you hold an agency with Let Alliance, Barbon, HomeLet, Rentshield Direct or Rent4Sure and access any of our products and services, we may collect information relating to your business and employees including names, addresses, business telephone numbers and business email addresses.
Tenant Services
The tenant services we offer you will include, but may not be limited to, media services (broadband, TV and phone), removals and utility providers. If we provide Tenant Services to you, by way of referring you to a supplier we will collect your information on the basis of your consent. If we provide Tenant Services to you, by way of completing a sales process with you, we will collect your information on the basis of contractual relationships. The personal data we collect will include name, address, date of birth, telephone number and email address. We’ll never collect special category data about you without your explicit consent. We will monitor the tenant services providers we refer you to, to understand take-up of services and suitability.
Information we collect from third parties
We may also collect information about you from third parties that are lawfully entitled to share your data with us. This may include your letting agent and any credit referencing agencies where you have provided us with your consent to complete a reference on you.
Overview of personal data we may collect
In addition to the above and as an overview, we have grouped together the personal data that we may collect, use, store, and transfer as follows:
If you fail to provide personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you or, in the case of tenants, our contract with the agent or private landlord and you fail to provide that data when requested, we may not be able to perform the services or contract we have or are trying to enter into with you. For example, if a tenant or guarantor fails to provide the information required to carry out the reference, we will not be able to produce a reference report, which is likely to mean that you cannot rent the property.
Please note that if you are a referee, you are under no obligation to provide a reference if you do not wish to do so, but please note that if you refuse, this may be noted on the final reference report.
Before we provide services, goods or financing to you, we undertake checks for the purposes of preventing fraud and money laundering, and to verify your identity. These checks require us to process personal data about you.
The personal data you have provided, we have collected from you, or we have received from third parties will be used to prevent fraud and money laundering, and to verify your identity.
Details of the personal information that will be processed include, for example: name, address, date of birth, contact details, financial information, employment details, device identifiers including IP address and vehicle details.
We and fraud prevention agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.
In order to combat widespread fraud in the tenancy market, we mutually share data, including tenants’ and applicants’ data, with registered and vetted third party fraud, risk and recovery agencies and regulated tenant reference companies.
We process your personal data on the basis that we have a legitimate interest in preventing fraud and money laundering, and to verify identity, in order to protect our business and to comply with laws that apply to us. Such processing is also a contractual requirement of the services or financing you have requested.
Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.
Rental Exchange by Experian
We work with Experian as members of their Rental Exchange scheme.
Your track record as a tenant will enable Experian to use the information supplied to them to fast track you in future and assist other landlords and organisations to:
If you would like to see more information on this, and to understand how the credit reference agencies each use and share rental data as bureau data (including the legitimate interests each pursues) this information is provided in this link: www.experian.co.uk/crain (Credit Reference Agency Information Notice (CRAIN).
We will continue to exchange information about you with Experian while you have a relationship with us. We will also inform Experian when your tenancy has ended and if you have outstanding rental arrears Experian will record this outstanding debt.
Consequences of Processing
If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services or financing you have requested, or to employ you, or we may stop providing existing services to you. A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please don’t hesitate to contact us (see above).
Data Transfers
Whenever fraud prevention agencies transfer your personal data outside of the European Economic Area, they impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the European Economic Area. They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing.
We only collect personal data that is required for the purposes of providing our service, as described above. We restrict, secure and control all of the data we hold, against unauthorised access, damage, loss or destruction; whether physical or electronic. We retain personal data only for as long as is necessary to perform the functions above and to respond to your requests, or longer if required by law, or if we need to retain the data to perform a contract. In practice this means that we retain data for 6 years after the end of a service. This allows us to retain accurate records of transactions and allows these records to be used in any potential legal claims or complaints from any party in the contract.
If we retain your personal data for historical or statistical purposes, we will ensure that the personal data is anonymised and cannot be used for any other purpose. Whilst in our possession, together with your assistance, we try to maintain the accuracy of your personal data.
You have the right to request access to any of your personal data we may hold. If any of that information is incorrect, you can request that we change it. If we are not using your information correctly, you can request that we stop using it or that we delete it completely.
Some of our platforms may provide automatic quotes and decisions. In these cases, you always have the ability to contact our customer services team or Data Protection Officer (details above) to request a review of a decision.
If you would like to make a request to see what personal data of yours we hold, you may make a request to our Data Protection Officer using the details above.
Where we have asked for your consent to use your personal data, you have the right to withdraw that consent at any time. If you withdraw your consent, we will stop using your personal data where legally possible. Any processing undertaken before your withdrawal remains valid and lawful.
We keep our privacy notice under regular review, and we will place any updates on our web site. This privacy notice is version 1.09
You have the right to lodge a complaint with the Information Commissioner’s Office (ICO), contact details below:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Tel: 0303 123 1113
Web: https://ico.org.uk/
Last updated: 07/08/24