- Data Protection -
DepositPass Website Privacy Notice
Effective Date: 01 11 2022
Thank you for using DepositPass!
At DepositPass, (referred to as “we” “our” and “us”) we take data protection and privacy seriously, and we ensure we have policies and procedures in place that allows us to continue our mission of respecting and securing your personal data. We have created this privacy notice to help explain what personal data we collect from you, or that you provide to us, how we process it and what we do to keep it safe and as such we look to work in accordance with data protection legislation.
Data protection legislation means the UK GDPR and other laws mandating data protection including (but not limited to) the EU General Data Protection Regulation (“GDPR”) 2016 and the Privacy Electronic Communication Regulation (PECR) 2011. This also includes any replacement legislation which may come into effect from time to time.
DepositPass is a data controller as we have determined the purposes of why personal data should be collected and processed.
Who We Are and What We Do?
DepositPass is a product owned and managed by Pledge Asset Solutions Limited and are based in the UK. Pledge Asset Solutions Limited has created DepositPass as we believe that rental deposits shouldn’t be confusing, which is why our website is designed to improve tenants’ experience and financial wellbeing.
Our details are as follows:
- Companies House and our company number:13668352
- ICO registration number: ZB398250.
- Postal address: 26, The Haven, Brighton Road, West Sussex, BN15 8EU, England.
- Email Address: email@example.com
- Phone Number: +44 (0)7377 234 316
We have also appointed an external data protection officer (DPO) and their details are as follows:
- Evalian Limited
- West Lodge
- Leylands Business Park
- Colden Common
- SO21 1TH
- United Kingdom
- Email: firstname.lastname@example.org
- Phone: +44 (0)333 050 0111
- Website: www.evalian.com
Lawful Bases for Data Processing
Under data protection legislation we are required to identify an appropriate lawful bases to process personal data. The lawful bases we rely on as a data controller are detailed below with brief examples for when they may apply:
- Consent For opting into marketing communications and newsletters
- Contractual Obligation To take steps into entering and concluding contracts
- Legal Obligation Where needed for tax reasons such as HMRC purposes
- Legitimate Interests To help answer any questions or concerns that may be sent to us from individuals who we may have no prior existing relationship with
There may be instances of where we may need to process certain categories of data referred to as Special Category Personal Data. These may include personal data related to health, race, and ethnicity as examples, but were identified and needed, we will ensure the relevant special conditions are applied and documented where needed.
Data Subjects Whose Data We Process
We collect personal data of the following types of data subjects (“individuals”) to allow us to undertake our business:
- You, users, or prospective users of Depositpass (Tenants and individual Landlords) who we interact with to provide our rental deposit solution.
- B2B organisations, such as real estate agents, commercial landlords, insurance companies and their intermediaries and banks.
- Our own employees, technology partners and shareholders.
We collect information about you to carry out our core business and ancillary products related to property and to our business, like home insurance and life insurance.
Personal Data Collected
Due to the nature of our business and data processing activities we would collect and process various categories of personal data. The below list gives examples of different categories of personal data collected and processed:
- Contact and address details
- Dates of birth
- Financial details
- Recruitment data (e.g. CVs and cover letters)
- IP address
- Property and rent information: Including Head of terms and tenancy agreements
- Life Insurance policy information
How We Collect Personal Data
We collect personal data through several means. Examples can include:
- When you complete any online forms
- Give us feedback (e.g., complaint or compliments)
- Job applications and references
- When you electronically sign documents and contracts
- When you pay through our provided payment gateways. (We never store any credit card or bank account information)
How We Use Personal Data
We may use personal data for various activities which can include (and is not limited to) the following:
- To notify you about changes to our service
- To allow us to generate rental deposit solutions for our users
- To make sure the best and most accurate rental deposit advice is given to you
- To measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you
- To make suggestions and recommendations to you and other users of our website about goods or services that may interest you or them
- To process job applications
- Action any data subject right requests
- Sending marketing communications
- Administer competitions, promotions, or surveys
- To draft legal documents and contracts to make our rental deposit solutions legally binding
- To process payments and invoices
- To validate property and rent information
- To validate Life Insurance policy information
Our services are not specifically designed for children and for those under the age of 18. If we do become aware of anyone using our services who may be under 18 we will take all reasonable steps to ensure we do not process their data any further and will communicate this to them directly.
We would like to send you marketing news and updates regarding our company, products and services should you like to receive them. In order to send you these communications we would require your consent, and you can always change your preferences (i.e. opt out) by clicking on the relevant unsubscribe link at the bottom of the email. You also have the ability to opt out by contacting us over phone or email should you chose to do so.
Automated Decision-Making and Profiling
We do not undertake automated decision making or profiling. We do use our computer systems to search and identify personal data in accordance with parameters set by a person. A person will always be involved in the decision-making process.
International Data Transfers
There may be instances where we may need to transfer your data outside the UK. We may need to share your data with companies who are in the European Economic Area (The EU member states, Norway, Iceland, and Liechtenstein), in an adequate listed country or in other third countries who may not have similar data protection laws to the UK. If we need to transfer your information outside the UK, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this notice.
Data Sharing and Third-Party Support Providers
There are certain third parties we work with to help us to delivery to you the best service we can. In order to achieve this, we will share your personal information with:
- Signable, electronic signature software. See https://www.signable.co.uk/privacy-policy/
- Make, an integration platform between our website and Signable. See https://www.make.com/en/privacy-notice
- Google Analytics and Google Search Console search engine providers. See https://policies.google.com/privacy?hl=en-US#europeanrequirements
- Google Drive, an online storage cloud where we store files and documents. See https://policies.google.com/privacy?hl=en-US
- Godaddy, where our website is hosted and supported. See https://www.godaddy.com/en-uk/agreements/privacy
- Paypal, payment gateway to process payments. See https://www.paypal.com/uk/webapps/mpp/paypal-and-your-data
We will disclose your personal information to third parties:
- If we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets.
- If DepositPass, Pledge Asset Solutions Limited or substantially all its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
Where We Store Personal Data?
Data will be held in servers in France, however, may be accessed by remote staff working outside the UK (e.g. for IT technical help and support purposes). We will ensure our staff are given appropriate data protection and security training and only access to personal data as far as it is necessary to perform their roles. If you have any questions or concerns or would like to know more about our data storage practices you can contact us using our details above.
As a data controller, we will retain your personal data for as long as is necessary to provide you with our services and for a reasonable period thereafter to enable us to meet our contractual and legal obligations and to deal with complaints and claims.
At the end of the retention period, your personal data will be securely deleted or anonymised.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
If we become aware of any loss, misuse, alteration of personal data we will work closely with our IT team, DPO and other parties as necessary to investigate the incident at hand. We have put into place the relevant procedure and policies in place to investigate, mitigate and report (when needed to relevant parties) such instances.
Data Protection Rights
If you are based in the UK/EEA, you have several Rights to how an organisation processes your personal data. The Rights are as follows:
- Right to be informed
- Right to access data
- Right to rectification
- Right to erasure
- Right to restrict processing
- Right to objection
- Right to portability
- Right not to subject to automated decision making and profiling
If you would like to exercise any of the above Rights, you can do so by sending us a written request to our email address mentioned above.
Changes to Our Privacy Notice
Any changes we make to our privacy notice in the future will be posted on this page. Please check back frequently to see any updates or changes to our privacy notice.
Concerns and Complaints
We understand you may have concerns and complaints to this notice and any aspects to how we process personal data. If you would like to contact us directly to talk to us about a concern or to raise a complaint, you can do so by using our contact details above.
You can also submit a complaint directly to the Information Commissioners Office (the ICO), the UK supervisory authority for data protection in the UK, via this link https://ico.org.uk/make-a-complaint/.