Privacy Policy

Nook Lettings Ltd (“we”, “our”, “us”) is committed to protecting and respecting your privacy.

This policy explains how we collect, use, store, and share your personal data in connection with our letting and property management services, including data received directly from you, from landlords, or from other sources.

1. Information We Collect

We may collect and process the following categories of personal data:
- Identity data: name, title, date of birth, gender, photograph.
- Contact data: address, email, telephone number.
- Tenancy data: tenancy agreements, notices, rent and deposit records, inspection notes, repair/maintenance reports, contractor quotes and invoices.
- Financial data: bank details (where provided), deposit protection scheme references, rent payment history.
- Correspondence data: emails, letters, WhatsApp or SMS messages, call notes, complaint handling records.
- Special category data: where disclosed (e.g. health/disability information relevant to property suitability or complaint handling).
- Technical data: IP addresses, browser type, analytics cookies.

2. How We Collect Data

We collect data in the following ways:
- Directly from you (via forms, emails, WhatsApp, phone calls, viewings, tenancy sign-up).
- From landlords when properties are handed over for management.
- From referencing agencies, deposit protection schemes, and third-party contractors.
- From public authorities (e.g. council, PRS, Trading Standards) in the course of compliance or complaint resolution.

3. How We Use Your Data

We use your data for:
- Providing property management and letting services.
- Fulfilling tenancy and contractual obligations.
- Protecting deposits and administering rent.
- Arranging repairs and maintenance.
- Managing tenant and landlord communications.
- Handling complaints, compliance investigations, or legal claims.
- Meeting regulatory obligations (AML, Right to Rent, tenancy deposit scheme).
- Improving our services and website performance.
- Limited marketing, where you have consented.

4. Lawful Basis for Processing

We rely on the following lawful bases:
- Contract – where processing is necessary to enter into or perform a tenancy or management agreement.
- Legal obligation – to comply with tenancy deposit scheme, housing legislation, AML requirements, or regulatory duties.
- Legitimate interests – for property management, complaint handling, business operations, and defending legal claims.
- Consent – where we send you marketing communications.
- Special category data – processed only where you provide explicit consent or where necessary for legal claims or compliance with housing regulations.

5. Sharing Your Data

We may share your data with:
- Your landlord (as data controller for certain records).
- Co-tenants, guarantors, or permitted occupiers (where relevant to tenancy).
- Contractors and maintenance providers.
- Referencing agencies, deposit protection schemes, and insurers.
- The Property Redress Scheme, Trading Standards, the local council, and other regulatory bodies.
- Professional advisors (legal, accountancy, compliance).

We do not routinely transfer data outside the UK. If an international transfer is required, we ensure appropriate safeguards are in place.

6. Retention

We only keep data for as long as necessary:
- Tenancy agreements, deposit certificates, compliance docs – 6 years after tenancy ends.
- Complaint and PRS correspondence – 6 years after case closure.
- Financial records – 6 years (HMRC requirement).
- ID documents used for verification – deleted immediately after verification (note of check retained).
- SAR disclosure packs and logs – 3 years (ICO defence).
- Nil return/excluded materials – retained for 3 years for audit.

7. Subject Access Requests (SARs) & Your Rights

Under UK GDPR, you have the right to:
- Request access to your data (SAR).
- Request correction or erasure of data.
- Request restriction or object to processing.
- Request data portability.
- Complain to the ICO if you are dissatisfied.

We will respond within one month of verifying your identity. Data will be provided in an intelligible format (usually Word/PDF). We may not supply raw/native files unless necessary for comprehension.

Third-party personal data (e.g. other tenants, landlords, staff) will be redacted where required by law.

8. Audit Logs

Our systems (Outlook, WhatsApp, CRM) do not generate detailed user access/audit logs of individual data access. Accordingly, these cannot be disclosed in SARs and are treated as nil returns.

9. How We Protect Your Data

- Secure email and document storage systems.
- Access restricted to authorised staff.
- Password-protected files for SAR delivery.
- Regular training and compliance monitoring.

10. Contact Us

For all enquiries, including exercising your rights:
Data Protection Officer
Nook Lettings Ltd
Nicholas Brake
Email: hello@nooklettings.com
Tel: 01173704778