We are now Data Controllers
We take the privacy and security of your personal data very seriously and at all times we will comply with the prevailing laws and regulations governing confidentiality, data protection and security of information. When we say personal data, we mean any information that is about you or which can help identify you.
In this policy the words we, us and our always mean Computershare Investor Services Plc (where we trade as the Deposit Protection Service (DPS), Letting Protection Service Scotland, or Letting Protection Service Northern Ireland).
We are registered with the Information Commissioner’s Office (ICO) in the UK with the registration number Z5325892.
What personal data do we use?
In the context of providing tenancy deposit protection services to you, we will use the following information:
- Personal details such as your full name, current and previous addresses, address of rented properties, telephone numbers and e-mail addresses.
- For Landlords, details of your rented properties including address, rental amount, number of bedrooms.
- Details of tenancies including agreed rental amount, deposit values, tenancy start date and duration.
- Bank account details (account number and sort code).
- Personal data you submit or that is obtained from other parties to deal with disputes related to tenancy deposits.
- Information from law enforcement agencies.
- Details of your use of Computershare IT systems.
Where do we obtain your personal data from?
We will collect your personal data in a number of ways. Much of the personal data we collect will be provided directly by you when you sign up for tenancy deposit protection services or when you contact us by email, letter, phone, or submit personal data online. We also generate payment, transaction and dispute resolution data as a function of providing a service to you. We may also receive your personal data from the following third parties:
- A landlord or tenant that is party to a tenancy;.
- The Land Registry to obtain details of properties and ownership;
- Postal services;
- Law enforcement or government agencies;
If you contact us via social media we may collect available details from your social media account. In addition, we may also collect information about you which can be obtained via open data sources and public records (e.g. the electoral register and information openly available via the internet), although we will only do this where it is necessary for the provision of services to you, where we have a legitimate interest in doing so, or where we have a legal duty in the investigation and prevention of money laundering and financial crime.
How do we use your personal data
We use your personal data in the following ways:
- To validate your identity.
- To identify you when you contact us.
- To provide you services as outlined in the service terms and conditions.
- To deal with requests you send us and respond to your queries.
- To maintain your account.
- To carry out your instructions in relation to your deposits, for instance to initiate a repayment.
- To keep records of your tenancies and any transactions that we facilitate.
- To provide an alternative dispute resolution service.
- To tell you about other related services.
- To provide you updates on changes to our policies or terms and conditions.
- To help us improve our services.
- To analyse how people use our websites.
- For trend analysis including where anonymised datasets are created to analyse rental trends.
- For profiling purposes (landlord, letting agent or tenant) to help us ensure that we provide you with the right information and offer you relevant services.
- If you agree, to contact you about other services and products we think may interest you.
- To comply with our legal and regulatory obligations.
- To deal with any complaints or legal claims.
- To detect, prevent and report fraud and financial crime.
- For security monitoring and investigation purposes.
- To perform audit and assurance activity.
- To manage our business in an efficient and proper manner, including the management of our financial position, our resources, the risks to which we are exposed and the way in which we arrange our internal operations.
What is our legal reason for processing your personal data?
We may only use your personal data where we have a valid legal basis for doing so. The legal bases for us processing your personal data are that:
- It is necessary for us to process your personal data for us to perform our obligations under either a contract you have with us (or to take steps at your request before entering a contract with you) or a contract we have with a Government Agency to provide the service.
- It is necessary for us to comply with a legal obligation to which we are subject.
- You have given consent to processing for one or more specific purposes.
- It is necessary for the purposes of legitimate interests pursued by us or by a third party, and those interests are not overridden by your interests or your fundamental rights and freedoms.
How do we share your personal data?
We share your personal data with other companies in a number of ways. This section provides details of the type of companies with which we may share your personal data and for what purposes.
How we share your personal data to provide you with services
We may share your personal data with other companies to help us deliver services as follows:
- Other Computershare group companies who help us administer our services.
- Non-Computershare companies who help us with administrative services, including mailing services and IT services.
- Non-Computershare companies who help us with marketing activities, where we have a valid legal basis for performing such activities.
- Non-Computershare companies who provide dispute resolution services. Where we share your personal data with other companies to provide services to you, we ensure they have adequate safeguards to protect your personal data.
Other data sharing
We will also share your personal data in the following circumstances:
- Where we need to do so to comply with our legal, regulatory or contractual obligations (which may include sharing information with regulators, auditors, government bodies or law enforcement agencies).
- In an effort to trace you if we lose contact with you.
- Where necessary to protect or defend our legal rights or the legal rights of another company or person.
- If our business, or any part of it, is transferred or sold, we will transfer your personal data to the company taking over our role, which could include a purchaser or the provider replacing us. We will never sell your information to anybody for unsolicited marketing.
How long do we keep your personal data for?
We keep your personal data for as long as we need to for the purposes for which it was collected or (if longer) for any period for which we are required to keep personal data to comply with our legal, regulatory or contractual requirements.
Do we transfer your personal data overseas?
In connection with the services provided, we will not transfer or process your personal data outside of the UK or EU.
Your rights Accessing your information
You may ask for a copy of the personal data we hold about you by contacting us. You can contact us via:
Email - firstname.lastname@example.org
Telephone – 0330 303 0030
Mail - The DPS, The Pavilions, Bridgwater Road, Bristol, BS13 8AE
Correcting your information
We try to ensure all of your personal data is accurate. If you find any inaccuracies or if your details change, please notify us promptly and we will correct them.
Erasing or restricting use of your information
You may ask us to erase or restrict use of your personal data. If you do, we will comply with your request unless there is a legal reason for us not to (for example, if a law says we must retain records of transactions for a fixed period and to do so we must retain your personal data, or if it is necessary for us to retain the personal data for the purpose of performing a contract with a government agency).
Where the legal basis for us processing your personal data is that you have given your consent to that processing, you may withdraw your consent at any time. If you do so we will stop processing your personal data promptly.
Where you have provided consent for us to provide you with marketing information, you can change your preferences in relation to marketing at any time by contacting us at email@example.com.
Please note that where you contact us to exercise your data protection rights we may ask you to provide a form of identity verification before we can process your request.
If you have any complaints about the way we use your personal data please contact our Data Protection Officer who will try to resolve the issue. You also have the right to complain to the data protection supervisory authority in your country. In the UK this is the Information Commissioner’s Office (ico.org.uk). If you need more information about how to contact your local data protection authority please let us know by contacting our Data Protection Officer via the above contact details.