GDPR & Data Rights

Your rights under the UK General Data Protection Regulation (UK GDPR) and how Rental Trust processes and protects your personal data.

Last updated: April 16, 2026

1. Who We Are

Rental Trust ("we", "us", "our") is the data controller responsible for your personal data. We are registered in England and Wales and operate the Rental Trust platform at rentaltrust.co.uk.

Our Data Protection Officer (DPO) can be contacted at: [email protected]

2. What Personal Data We Collect

We collect personal data in the following categories, depending on how you use our platform:

CategoryExamplesWho It Applies To
Identity dataFull name, date of birth, nationalityTenants, Landlords, Agents
Contact dataEmail address, phone numberAll users
Identity documentsPassport, BRP, driving licence (for Right to Rent checks)Tenants
Financial dataSubscription payment records (via Stripe — we do not store card details)Landlords, Agents
Employment dataEmployer name, employment status, income rangeTenants (optional)
Tenancy historyPrevious addresses, landlord referencesTenants (optional)
Technical dataIP address, browser type, device identifiers, cookiesAll users
Usage dataPages visited, features used, session durationAll users
CommunicationsSupport messages, feedback, dispute recordsAll users

3. Legal Basis for Processing

Under UK GDPR Article 6, we rely on the following lawful bases:

  • Contract performanceProcessing necessary to provide the services you have signed up for (e.g. creating a Tenant Passport, processing a subscription).
  • Legal obligationProcessing required to comply with UK law, including Right to Rent checks under the Immigration Act 2014.
  • Legitimate interestsFraud prevention, platform security, analytics to improve our service, and communicating service updates.
  • ConsentMarketing communications and optional profile data (e.g. employment details). You may withdraw consent at any time.

Where we process special category data (e.g. nationality or immigration status for Right to Rent purposes), we rely on Article 9(2)(b) — processing necessary for employment and social security law obligations.

4. How We Use Your Data

We use your personal data to:

  • Create and manage your account and Tenant Passport
  • Facilitate Right to Rent verification checks between tenants and landlords
  • Process payments and manage subscriptions via Stripe
  • Send transactional emails (account confirmations, password resets, verification updates)
  • Provide customer support and resolve disputes
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with our legal and regulatory obligations
  • Improve and develop our platform through aggregated, anonymised analytics
  • Send marketing communications where you have given consent (opt-out available at any time)

5. Who We Share Your Data With

We do not sell your personal data. We share it only in the following circumstances:

  • Landlords & AgentsWhen a landlord or agent unlocks a Tenant Passport, they receive the profile data you have chosen to share. You control which sections are visible.
  • Payment processorsStripe processes all payments. Stripe is PCI-DSS compliant. We do not store card numbers or CVV codes.
  • Cloud infrastructureOur hosting and storage providers (operating under data processing agreements) store your data securely within the UK/EEA.
  • Legal authoritiesWhere required by law, court order, or to protect the rights and safety of our users.

6. Data Retention

We retain personal data only for as long as necessary for the purposes it was collected:

Data TypeRetention Period
Active account dataFor the duration of your account, plus 30 days after deletion request
Right to Rent check recordsMinimum 12 months after tenancy end (as required by law)
Payment records7 years (UK tax and accounting obligations)
Support communications3 years from last contact
Technical/log data90 days
Marketing consent recordsUntil consent is withdrawn, plus 3 years

7. Your Rights Under UK GDPR

You have the following rights regarding your personal data. To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

Right of Access (Article 15)

Request a copy of all personal data we hold about you (Subject Access Request).

Right to Rectification (Article 16)

Ask us to correct inaccurate or incomplete personal data.

Right to Erasure (Article 17)

Request deletion of your data where there is no compelling reason for us to continue processing it ('right to be forgotten').

Right to Restrict Processing (Article 18)

Ask us to pause processing your data in certain circumstances (e.g. while accuracy is disputed).

Right to Data Portability (Article 20)

Receive your data in a structured, machine-readable format and transfer it to another service.

Right to Object (Article 21)

Object to processing based on legitimate interests or for direct marketing purposes.

Rights re: Automated Decisions (Article 22)

Not be subject to solely automated decisions that significantly affect you without human review.

Right to Withdraw Consent

Withdraw consent at any time where processing is based on consent, without affecting prior processing.

8. Cookies

We use cookies and similar tracking technologies to operate the platform and improve your experience. You can manage your cookie preferences via the cookie banner displayed on your first visit.

Cookie TypePurposeRequired
EssentialSession management, authentication, securityYes
FunctionalRemembering preferences (language, theme)No
AnalyticsAnonymised usage statistics to improve the platformNo
MarketingPersonalised content and advertising (only with consent)No

9. International Data Transfers

We store and process your data primarily within the United Kingdom and the European Economic Area (EEA). Where data is transferred outside the UK/EEA (for example, to cloud service providers with global infrastructure), we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the ICO or reliance on adequacy decisions.

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These include TLS encryption in transit, encrypted storage at rest, access controls, regular security reviews, and staff training. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and affected individuals without undue delay.

11. How to Complain

If you believe we have not handled your personal data in accordance with UK GDPR, please contact us first so we can try to resolve the matter:

[email protected]

We aim to respond to all data rights requests within 30 days.

You also have the right to lodge a complaint with the UK's supervisory authority, the Information Commissioner's Office (ICO):

  • Website: ico.org.uk
  • Helpline: 0303 123 1113
  • Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

12. Changes to This Notice

We may update this GDPR notice from time to time to reflect changes in law or our data practices. We will notify you of material changes by email or via a prominent notice on the platform. The "Last updated" date at the top of this page indicates when the most recent changes were made.

Rental Trust

www.rentaltrust.co.uk

Clearer tenant profiles, better rental decisions. Rental Trust is a technology platform that presents self-reported tenant information in a structured format. All information is provided by tenants and is not independently verified by Rental Trust.

Product

Legal

  • Contact Legal

Platform Disclaimer: Rental Trust is a technology platform only. All tenant profile information is self-reported by tenants and is not independently verified, authenticated, or guaranteed by Rental Trust Ltd. Landlords and agents remain solely responsible for conducting their own affordability checks, reference checks, and Right to Rent checks in accordance with the Immigration Act 2014. The affordability indicator (where shown) is based on tenant-supplied information and does not constitute financial advice or a credit assessment. Rental Trust does not act as a letting agent, landlord, or credit reference agency.

© 2026 Rental Trust Ltd. All rights reserved.

www.rentaltrust.co.uk

Registered in England & Wales · Company No. [PENDING REGISTRATION] · ICO Registration No. [PENDING ICO]

Cookie Consent

We use cookies to enhance your experience, analyse site traffic, and serve personalised content. You can accept all, reject all, or customise your preferences below.