1LET Privacy Notice (reviewed Nov 2024)

 

At 1Let, we are committed to protecting your personal information and your privacy. 1Let Privacy Notice covers what information we collect, who is collecting it, how it is collected, why it is being collected, how it will be used, who it will be shared with, details of transfers to any third country and retention period.

The GDPR legislation replaces the Data Protection Act (1998) and gives more rights to you as an individual and more obligations to organisations holding your personal data.

By providing us with your personal information, you agree to the terms outlined in this notice.

Who We Are:

1Let
Address: 20a Manor Place
Phone: 0131 476 5500
Email: mail@1let.com

What Personal Data We Collect:

We collect and process the following categories of personal data, depending on your relationship with us (landlord, tenant, or prospective tenant):

  • Tenants & Prospective Tenants:
    • Full name
    • Contact information (address, phone number, email)
    • Date of birth
    • Employment details and income verification
    • Bank account information (for rent payments)
    • Previous landlord and reference details
    • Credit history and identification documents (passport, driver’s licence, etc.)
    • Criminal record information
  • Landlords:
    • Full name
    • Contact information (address, phone number, email)
    • Bank account details (for rent payments)
    • Property ownership details
    • Identification documents

How We Collect Your Data:

We collect your personal data in the following ways:

  • Directly from you when you fill out our application forms, contact us by phone or email, or register for our services.
  • From third parties such as referencing agencies, credit checking companies, previous landlords, and public records.

Why We Collect Your Data:

We collect and process your personal data for the following purposes:

  • To verify your identity and suitability as a tenant or landlord.
  • To carry out referencing and background checks.
  • To manage and administer the tenancy agreement, including rent collection and property maintenance.
  • To comply with legal obligations such as right-to-rent checks under the Immigration Act.
  • To protect our legitimate business interests, such as dealing with complaints, disputes, or claims.

Legal Basis for Processing:

We rely on the following lawful grounds to process your personal data:

  • Contractual Obligation: To perform our contract with you as a landlord or tenant (e.g., tenancy agreement, rent payments).
  • Legal Obligation: To comply with laws and regulations, including anti-money laundering laws and the Immigration Act.
  • Legitimate Interests: To manage and administer our business operations effectively and efficiently.
  • Consent: Where we process special categories of personal data (e.g., criminal record information), we will seek your explicit consent unless required by law.

Who We Share Your Data With:

We may share your personal data with:

  • Credit reference agencies and tenant referencing services.
  • Contractors or service providers for property maintenance or repair.
  • Legal advisors and courts in the event of a dispute.
  • Law enforcement agencies, regulatory bodies, or government authorities where required by law.
  • Landlords (if you are a tenant or prospective tenant) to approve tenancy agreements.
  • Utility companies (if applicable) to set up accounts for new tenants.

We ensure that third parties who process your data on our behalf do so in accordance with the UK GDPR and maintain appropriate safeguards to protect your information.

How Long We Keep Your Data:

We will retain your personal data for as long as necessary to fulfill the purposes for which it was collected, or as required by law. For example:

  • Tenant and landlord information will be retained for the duration of the tenancy and for up to 7 years after the end of the tenancy to comply with legal or regulatory requirements.

Your Data Protection Rights:

Under data protection laws, you have the following rights:

  • Right of Access: You have the right to request a copy of the personal data we hold about you.
  • Right to Rectification: You have the right to request corrections to any inaccurate or incomplete personal data.
  • Right to Erasure (Right to be Forgotten): You can request the deletion of your personal data where it is no longer necessary for the purposes for which it was collected.
  • Right to Restriction of Processing: You can request that we restrict the processing of your personal data under certain circumstances.
  • Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
  • Right to Object: You can object to the processing of your personal data for specific purposes, such as direct marketing.
  • Right to Withdraw Consent: If we process your data based on your consent, you can withdraw your consent at any time.

To exercise any of your rights, please contact us using the details provided above.

How We Protect Your Data:

We are committed to ensuring that your information is secure. We use appropriate technical and organizational measures to protect your data from unauthorized access, alteration, or disclosure.

International Transfers:

If your data is transferred outside the UK or EEA, we will ensure it is protected by appropriate safeguards, such as standard contractual clauses approved by the European Commission or other legally approved mechanisms.

Changes to This Privacy Notice:

We may update this Privacy Notice from time to time. Any changes will be posted on our website, and where necessary, we will notify you of significant changes by email.

 

Fair Processing Notice

Our Privacy Promise

We promise:

  • To keep your data safe and private
  • Not to sell your data
  • To give you ways to manage and review your marketing choices at any time.

This privacy notice tells you what to expect when 1LET collects personal information. It applies to information we collect about:

  • visitors to our website
  • information collected via our website forms:
    • tenants
    • landlords
    • guarantors
  • newsletter subscribers
  • repairs and maintenance issues reported through our website
  • job applicants, current employees, former employees
  • complainants

Visitors to 1Let website

When someone visits https://www.1let.co.uk we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make and do not allow Google to make, any attempt to find out the identities of those visiting our website.

Legal basis for processing: Legitimate Interest and/or Consent

Our website is hosted on Hostgator’s servers in their CyrusOne datacentre based in the U.S.A and operates under the EU-US Privacy Shield. Our website is also https secure https://www.1let.co.uk

Information collected when booking a viewing:

When someone books a viewing via 1Let: Properties to let in Edinburgh , we use third-party service Inspect Real Estate (IRE) to manage viewing enquiries and bookings.

Data provided: Name, contact details (email and telephone), address of the property you wish to view, household income, preferred move-in date, preferences, and viewing availability.

Purpose: management of viewing enquiries and bookings

Legal basis for processing: Legitimate Interest

Link to Privacy Policy: go.reapit.com/reapit-terms-and-conditions-01-01-2024.pdf

 

Information collected via website forms


When someone completes a form on www.1let.co.uk we use a third-party service, Formstack, to collect information in order to provide the services we offer. Formstack is based in the U.S.A and operates under the EU-US Privacy Shield. For more information please see below. Link to Privacy Policy: https://www.formstack.com/privacy

 

  • Formstack - Tenants
    Personal Data Collected for tenants: Name, contact details (email and telephone), age, national insurance number, marital status, address, residential status, previous addresses, employment status, financial status, income details, financial references, proof of ID, credit checks, names and ages of any children to occupy the property, bank details. This personal data is collected via our Tenant Application Form. Legal basis for processing: Contractual Obligation and/or Legal Obligation.  Link to Privacy Policy: https://www.formstack.com/privacy

 

Personal data of any tenant(s) renting a property through 1LET may be shared with the following third-party data processors:

1. Amiqus ID

Data provided: Name, DOB, Present home address, email address.

Purpose: to run basic credit checks on prospective tenants in line with our application process requirements.

Legal basis for processing: Legitimate Interest. 

Link to privacy policy: https://amiqus.co/policies/privacy

 

 

2. SME Professional

Data provided: Name, contact details (email and telephone), age, address, residential status, bank details.

Purpose: property management software used for all tenant, landlord, contractor and guarantor communication. Facilitates the day-to-day running of our property/tenancy management services. Legal basis for processing: Legitimate Interest.

Link to privacy policy: https://www.smeprofessional.co.uk/privacy-statement/

 

3. Pinstripe
Data provided: Name, contact details (email and telephone), and address.

Purpose: To carry out check-in, inventories and risk assessments.

Legal basis for processing: Legitimate Interest.

Link to privacy policy: https://www.pinstripe.services/privacy-policy

 

4. Signable

Data provided: Name, email address, telephone number, address of tenants and address of guarantors.

Purpose: to send electronic tenancy agreements for signature.

Legal basis for processing: Legitimate Interest.

Link to privacy policy: https://www.signable.co.uk/privacy-policy/

 

5. Deposit Provider (Safe Deposit Scotland)

Data provided: Name, contact details (email and telephone), address rent and deposit amount, tenancy start date.

Purpose: Transferring of tenant’s deposit for the duration of the tenancy. 1LET currently use Safe Deposit Scotland.

Legal basis for processing: Legal Obligation

Link to Privacy Policy: http://www.safedepositsscotland.com/privacy-policy

 

6. Just Move In

Data provided: Name, contact details (email and telephone), and address.  In the course of the provision of the services we may also process move-to and move-from addresses, moving dates, tenancy details, council tax status, and other data required for the provision of those services (including data relating to other occupants or household members).'

Purpose: Home Setup Services: Administration of transferring council tax, utilities, and media services to and from tenant(s) and landlord(s).

Legal basis for processing: Legitimate Interest

Just Move In (full company name Ethical Introductions Ltd) provides a privacy notice describing their use of data, available here:

Link to Privacy Policy: https://justmovein.com/privacy-policy

 

7. Approved Tradesmen

Data provided: Name, contact details (email and telephone), address of rental property

Purpose: to arrange repairs and maintenance.
Legal basis for processing: Legitimate Interest. 1LET only instruct pre-approved tradesmen. We require all tradesmen to provide: relevant professional qualifications, relevant professional memberships, public liability insurance certificate, professional liability insurance certificate, signed service standards agreement and agreement with our Data Protection Policy.

Insurance Provider

Data provided: Name, contact details (email and telephone), address of rental property
In situations where a tenant requests a quotation for insurance, we will pass your details to Howden Group.

Purpose: to provide a quotation for tenant contents insurance.

Legal basis for processing: Consent

Link to Privacy Policy: Privacy Centre (howdengroup.com)

 

8. Payprop

Data provided: Name, contact details (email and telephone), and address, rent amount, rent due date, rent arrears, overpayments.

Purpose: We use Payprop as a platform to manage rental payments.

Legal basis for processing: Legitimate Interest

Link to Privacy Policy: Data Protection and Privacy Policy | PayProp

 

9. Propcall – emergency out-of-hours call centre

Data provided: Name, contact details (email and telephone), and address, nature of the emergency call out.

Purpose: Out-of-hours call answering for property management

Legal basis for processing: Legitimate Interest

Link to Privacy Policy: PropCall • Out-of-hours call answering for property managers • Privacy Policy

 

10. Inventory Hive

Data provided: Name, contact details (email and telephone), and address.

Purpose: mid tenancy property visits, end of tenancy inspections and move in inventories.

Legal basis for processing: Legitimate Interest

Link to Privacy Policy: https://www.inventoryhive.co.uk/privacy-policy

 

11. Nat West

Personal data provided: Name, bank details

Purpose: payroll; to pay employees/shareholders/directors; to receive payments from and make payments to tenants; to receive payments from and make payments to landlords; to pay invoices for third-party contractor services.

Legal basis for processing: legitimate interest

Link to privacy policy: Privacy & Cookies | NatWest

 

Personal data of tenants will be held by 1LET for the length of the tenancy plus up to 7 years in line with HMRC requirements.

 

  • Formstack - Landlords
    Data collected: Name, contact details (email and telephone), address, rental property address, age, proof of ID, proof of address, proof of ownership, national insurance. This personal data is collected via our Landlord Form. Legal basis for processing: Contractual obligation. Link to Privacy Policy: https://www.formstack.com/privacy


The personal data of landlords will be shared with the following third-party data processors:

1. Amiqus ID

Data provided: Name, contact details (email and telephone), address.

Purpose: to run basic identity and proof of ownership checks on prospective and current landlords. Legal basis for processing: Legitimate Interest.

Link to privacy policy: https://amiqus.co/policies/privacy

 

2. SME Professional

Data provided: Name, contact details (email and telephone), address, bank details.

Purpose: We use SME to hold all data relating to our property management services including tenants, guarantors, landlords and contractors.

Legal basis for processing: Legitimate Interest.

Link to privacy policy: https://www.smeprofessional.co.uk/privacy-statement/

 

3. Signable

Data provided: Name, title.

Purpose: to send electronic tenancy agreements for signature.

Legal basis for processing: Legitimate Interest.

Link to privacy policy: https://www.signable.co.uk/privacy-policy/

 

4. Justmovein

Data provided: Name, contact details (email and telephone), address

Purpose: Transferring of council tax and utilities into any tenant(s) name(s).

Legal basis for processing: Legitimate Interest.

Link to Privacy Policy: https://justmovein.com/privacy-policy

 

5. Nat West

Personal data provided: Name, bank details

Purpose: payroll; to pay employees/shareholders/directors; to receive payments from and make payments to tenants; to receive payments from and make payments to landlords; to pay invoices for third-party contractor services.

Legal basis for processing: legitimate interest

Link to privacy policy: Privacy & Cookies | NatWest

 

6. Approved Tradesmen

Data provided: Name, contact details (email and telephone), address of rental property
In situations where a landlord may want to be contacted by one of our tradesmen we will pass on contact details so they can be contacted.

Purpose: to arrange repairs and maintenance.

Legal basis for processing: Legitimate Interest.

1LET only instruct pre-approved tradesmen. We require all tradesmen to provide: relevant professional qualifications, relevant professional memberships, public liability insurance certificate, professional liability insurance certificate, signed service standards agreement and agreement with our Data Protection Policy.

 

7. Insurance Provider

Data provided: Name, contact details (email and telephone), address of rental property
In situations where a landlord requests a quotation for insurance, we will pass your details to Howden Group.

Purpose: to provide a quotation for landlord contents and/or buildings insurance.

Legal basis for processing: Legitimate Interest and/or consent

Link to Privacy Policy: Privacy Centre (howdengroup.com)

 

8. HMRC

Data provided: Name, contact details (email and telephone), address, bank details, rental income

Purpose: We are required to provide necessary tax and income information to HMRC.

Legal basis for processing: Legal Obligation.

 

9. Payprop

Data provided: Name, contact details (email and telephone), and address, rent amount, rent due date, rent arrears, overpayments.

Purpose: We use Payprop as a platform to manage rental payments.

Legal basis for processing: Legitimate Interest

Link to Privacy Policy: Data Protection and Privacy Policy | PayProp

 

10. Propcall – emergency out-of-hours call centre

Data provided: Name, contact details (email and telephone), and address, nature of the emergency call out.

Purpose: Out-of-hours call answering for property management

Legal basis for processing: Legitimate Interest

Link to Privacy Policy: PropCall • Out-of-hours call answering for property managers • Privacy Policy

 

11. Inventory Hive

Data provided: Name, contact details (email and telephone), and address.

Purpose: mid tenancy property visits, end of tenancy inspections and move in inventories.

Legal basis for processing: Legitimate Interest

Link to Privacy Policy: https://www.inventoryhive.co.uk/privacy-policy

 

12. Inspect Real Estate (IRE)

Data provided: Name, contact details (email and telephone), address of the rental property

Purpose: management of viewing enquiries and bookings

Legal basis for processing: Legitimate Interest

Link to Privacy Policy: go.reapit.com/reapit-terms-and-conditions-01-01-2024.pdf

 

 

Personal data of landlords will be held by 1LET while in contract to provide services to the landlord plus up to 7 years in line with HMRC requirements.

 

  • Formstack – Guarantors

Personal Data Collected for Guarantors: Name, contact details (email and telephone), age, national insurance number, marital status, address, residential status, previous addresses, employment status, financial status, income details, financial references, proof of ID, credit checks.

This personal data is collected via our Guarantor Application Form. Legal basis for processing: Contractual Obligation. Link to Privacy Policy: https://www.formstack.com/privacy

 

Personal data of guarantors of tenants who secure a tenancy will be shared with the following third-party data processors:

 

1. SME Professional

Data provided: Name, contact details (email and telephone), address, residential status, and bank details.

Purpose: property management software used for all tenant, landlord, contractor and guarantor communication. Facilitates the day-to-day running of our property/tenancy management services. Legal basis for processing: Legitimate Interest.

Link to privacy policy: https://www.smeprofessional.co.uk/privacy-statement/

 

2. Amiqus ID
Purpose: to run basic credit checks on prospective guarantors in line with our application process requirements.

Data provided: Name, DOB, Marital Status, Frequency paid, Income (salary), Residential Status, Present home address

Legal basis for processing: Legitimate Interest. 

Link to privacy policy: https://amiqus.co/policies/privacy

 

3. Signable

Data provided: Name, email address, telephone number, home address.

Purpose: to send electronic tenancy agreements for signature.

Legal basis for processing: Legitimate Interest.

Link to privacy policy: https://www.signable.co.uk/privacy-policy/

 

Personal data of guarantors will be held by 1LET while in contract to provide services to the landlord plus up to 7 years in line with HMRC requirements.

 

Neighbours
Data collected: Name, contact details (email and telephone), address, address. This personal data may be collected via correspondence with neighbours regarding any issues related to properties we manage.

Personal data of neighbours will be held securely in outlookk365 where correspondence is via email or may be held in our property management software named below where notes are required to be kept:

1. SME Professional

Data provided: Name, contact details (email and telephone), address, and bank details where required for payments for communal repairs.

Purpose: We use SME to hold all data relating to our property management services including tenants, guarantors, landlords and contractors and neighbours.

Legal basis for processing: Legitimate Interest. This means the processing is necessary for 1LET’s legitimate interests

 

Other forms

Personal Data collected via other forms including Landlord Pack Download, Viewing Request, Rental Valuation Requests and other contact requests.

Legal basis for processing: Legitimate Interest. This means the processing is necessary for 1LET’s legitimate interests by way of providing information as requested or enabling us to provide services before a contractual relationship has been established. Data provided: Name, contact details (email and telephone), address.

 

Repairs and maintenance issues reported through our website
When a tenant reports a maintenance and repair issues using via http://www.1let.co.uk/repairs/ we use a third-party service called Fixflo. This company is a data processor for 1LET and only processes personal information in line with our instructions.

Legal basis for processing: Legitimate Interest.

Data collected: Name, contact details (email and telephone), address.

Link to Privacy policy: Privacy Policy | Fixflo

 

Newsletter subscribers
We use a third-party provider, Mailchimp, to deliver our monthly e-newsletters and property alerts. We gather statistics around email opening and clicks using industry standard technologies including clear gifs to help us monitor and improve our e-newsletter. For more information, please see Mailchimp’s Privacy Notice.

Legal basis for processing: Consent.

Link to privacy policy: https://mailchimp.com/legal/privacy/

People who call our office

When you call 1LET we may collect your name, email and telephone contact solely for the purposes of your call. We only keep this information for as long as necessary and will store this information on our calendar and/or email provided by third-party email provider Outlook365.

Legal basis for processing: Legitimate Interest. This means the processing is necessary in order to provide information as requested by you or enable 1LET to provide services requested by you before a contractual relationship has been established.

 

Emergency out-of-hours call centre

When you call 1Let out of hours line, the call is answered by Propcall, an out-of-hours emergency call handling service.

Data provided: Name, contact details (email and telephone), and address, nature of the emergency call out.

Purpose: Out-of-hours call answering for property management

Legal basis for processing: Legitimate Interest

Link to Privacy Policy: PropCall • Out-of-hours call answering for property managers • Privacy Policy

People who email us

Any emails received containing personal data will be held within Outlook365. These emails will only be held for as long as is required – for example, if you are an existing tenant we will hold this until at least the end of your tenancy and potentially longer - where required by law. If you are a prospective tenant and do not proceed with a tenancy your personal information will be deleted and removed from our system. We check for and remove such information on a monthly basis.

We monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.

Legal basis for processing: Legitimate Interest. The processing is necessary for 1LET’s legitimate interests by way of providing information to you as requested by you or enabling us to provide services before a contractual relationship has been established
 

Job applicants

Data collected: Name, contact details (email and telephone), address, CV.
Legal basis for processing: Legitimate interest.
Personal data of prospective employees will be held for no longer than one month of being informed of an unsuccessful application or within one month of the related vacancy being filled. We do not hold speculative CV’s or enquiries on our system.

 

Current employees

All employees are asked to read and sign our employee privacy notice detailing how we process employee personal data and to read and sign our Data Protection Policy detailing how we process customer data safely and securely.

 

All personal data of employees will be held securely on our server and HR cloud-based software for as long as they are employed and for at least seven years thereafter, for legal, regulatory and accounting purposes.

 

Former employees

We use a third-party provider, to hold all employee information. Information may also be held securely on our office server and in emails held on Outlook365.

Personal data held: Name, contact details (email and telephone), age, national insurance number, marital status, address, salary details, proof of ID and bank details.

Sensitive Personal data held: physical or mental health condition,

All personal data of employees will be held securely on our server and HR cloud-based software for as long as they are employed and for at least seven years thereafter, for legal, regulatory and accounting purposes.

Complainants

When we receive a complaint from a person we make up a file containing the details of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint.

We will only use the personal information we collect to process the complaint and to check on the level of service we provide.

 

We usually have to disclose the complainant’s identity to whoever the complaint is about. This is inevitable where, for example, the accuracy of a person’s record is in dispute. If a complainant doesn’t want information identifying him or her to be disclosed, we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis.

 

We will keep personal information contained in complaint files in line with our retention policy. This means that information relating to a complaint will be retained for two years from closure. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.

 

Similarly, where enquiries are submitted to us we will only use the information supplied to us to deal with the enquiry and any subsequent issues and to check on the level of service we provide.

Retention Period

Personal data of landlords and tenants will be held for the length of the tenancy and for at least seven years thereafter, for legal, regulatory and accounting purposes.

 

Personal data of prospective tenants who do not proceed with a tenancy will be removed and deleted from our system within 1 month of any tenancy starting at the related property and any hard copy information shredded.

 

All personal data of employees will be held on PeopleHR or securely on our server for as long as they are employed and for at least seven years thereafter, for legal, regulatory and accounting purposes.

 

Personal data of prospective employees will be held for no longer than one month after being informed of an unsuccessful application or within one month of the related vacancy being filled. We do not hold speculative CV’s or enquiries on our system.

 

Personal data for previous and current tenants, guarantors and landlords will be held during the use of our services (or whilst we providing services connected) and for at least seven years thereafter, for legal, regulatory and accounting purposes.

 

If we need to hold on to your personal data for longer, we take into consideration the potential risks in continuing to store your data against why we might need to keep it.

 

Subject’s Rights

1LET shall take appropriate measures to provide any information relating to processing to the data subject in a concise, transparent, intelligible and easily accessible form, using clear and plain language.

Contact Us:

If you have any questions or concerns about this Privacy Notice or how we handle your personal data, please contact us at:

Ken Bell, ken@1let.com

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at www.ico.org.uk