Privacy and Data Protection Policy
My Property Group & My Property Lettings Ltd
1. Introduction
My Property Group and its subsidiary, My Property Letting Ltd, are committed to protecting the privacy and personal data of all individuals we interact with, including tenants, landlords, applicants, employees, contractors, and website users.
For the purposes of this policy, “we”, “our”, or “the organisation” refers to both My Property Group (parent company) and My Property Letting Ltd (operating entity providing property letting and management services).
We process personal data in accordance with applicable data protection laws, including the UK GDPR and the Data Protection Act 2018.
2. Data Controllers
My Property Group and My Property Lettings Ltd act as joint Data Controllers where they jointly determine the purposes and means of processing personal data.
In operational matters (e.g. tenancy management), My Property Lettings Ltd may act as the primary Data Controller.
We are responsible for ensuring that personal data is processed lawfully, fairly, and transparently.
3. Types of Personal Data We Collect
We may collect and process the following categories of personal data:
- Identity data (name, date of birth, identification documents)
- Contact details (address, email, phone number)
- Financial data (bank details, income, rent payments, credit checks)
- Tenancy data (agreements, references, property history)
- Employment and referencing information
- Communication records (emails, calls, messages)
- Website usage data (IP address, cookies, browsing behaviour)
- Special category data (only where required and lawful, e.g. health/disability information for accessibility needs)
4. Lawful Basis for Processing
We process personal data under the following lawful bases:
- Contractual necessity – to perform tenancy agreements, property management services, or employment contracts
- Legal obligation – to comply with legal and regulatory requirements (e.g. Right to Rent checks, anti-money laundering, deposit protection)
- Legitimate interests – for business operations, fraud prevention, and service improvement, where these do not override individual rights
- Consent – where required (e.g. marketing communications or certain sensitive data)
- Vital interests – in rare situations where necessary to protect life
5. How We Use Personal Data
We use personal data to:
- Manage property lettings and tenancies
- Conduct tenant referencing and credit checks
- Communicate with tenants, landlords, and applicants
- Comply with legal and regulatory obligations
- Prevent fraud and ensure security
- Manage payments and financial records
- Improve our services and customer experience
- Send marketing communications (where consent is given)
6. Data Sharing and Disclosure
We may share personal data:
Within the Group
Between My Property Group and My Property Lettings Ltd for operational and administrative purposes.
With Third Parties
- Local authorities and regulators
- Deposit protection schemes
- Referencing and credit agencies
- Contractors (e.g. maintenance providers)
- Legal and financial advisors
- IT and system providers
We ensure all third parties respect data protection laws and process data securely.
Legal Disclosure
We may disclose personal data without consent where required by law or where permitted, including for:
- Legal compliance
- Court proceedings
- Protection of vital interests
- Fraud prevention
7. International Data Transfers
We do not transfer personal data outside the UK or EEA unless adequate safeguards are in place, such as:
- UK adequacy regulations
- Standard Contractual Clauses (SCCs)
8. Data Retention
We retain personal data only for as long as necessary.
Typical retention periods include:
- Tenancy records: 6 years after tenancy ends
- Financial records: 6–7 years (legal requirement)
- Applicant data (unsuccessful): up to 12 months
- Marketing data: until consent is withdrawn
9. Data Security
We implement appropriate technical and organisational measures to protect personal data, including:
- Access controls and user permissions
- Secure IT systems and encryption where appropriate
- Staff training on data protection
- Procedures for handling data breaches
10. Data Subject Rights
Individuals have the following rights:
- Right to access their personal data
- Right to rectification (correct inaccurate data)
- Right to erasure (“right to be forgotten”)
- Right to restrict processing
- Right to data portability
- Right to object to processing
- Rights related to automated decision-making
Requests can be made by contacting us (see Section 13).
11. Cookies and Website Data
We use cookies and similar technologies on our website to:
- Improve user experience
- Analyse website traffic
- Support marketing activities
Users can control cookie preferences through their browser settings.
12. Data Breaches
We have procedures in place to detect, report, and investigate data breaches.
Where required, we will notify affected individuals and the
Information Commissioner’s Office
within the required timeframes.
13. Contact and Complaints
For any data protection queries or to exercise your rights, contact:
Thomas Lloyd
Co-Founder & Data Protection Officer
My Property Group / My Property Lettings Ltd
If you are not satisfied with how your data is handled, you have the right to lodge a complaint with the Information Commissioner’s Office.
14. Accountability and Governance
We ensure that:
- A Data Protection Officer oversees compliance
- Staff are trained in data protection
- Policies and procedures are regularly reviewed
- Audits are conducted to ensure compliance
Non-compliance may result in disciplinary action.
15. Policy Review
This policy is reviewed regularly and updated to reflect:
- Legal changes
- Industry best practices
- Business operations
Glossary of Terms
Data Controller
Organisation determining how and why personal data is processed.
Personal Data
Information identifying a living individual.
Processing
Any operation performed on personal data.
Special Category Data
Sensitive personal data such as health or ethnicity.
If you are not satisfied with our response, you can escalate the matter to the Information Commissioner’s Office (ICO) by calling 0303 123 1113 or visiting https://ico.org.uk/make-a-complaint.
Last updated: 15/07/2026