Rent Rewards – Tenant Privacy Policy
Tenant Privacy Policy

Rent Rewards Tenant Privacy Policy

Last updated 02/07/2026 Version 2.0 Contact privacy@rentrewards.io
What we collect
Just your name, email, city, and tenancy dates
Why we need it
To verify you're a tenant and show you relevant money-saving offers
Who sees it
Only us, your landlord (anonymized summary reports), brands and third party providers such as Spendstream when you click their offers
Your control
Full access, correction, and deletion rights at any time
Our promise
We never sell your data or share it with advertisers
Questions?
Email our Data Protection Officer at privacy@rentrewards.io
1. Who We Are

Rent Rewards Ltd

Rent Rewards Ltd ("we", "our", "us") operates the Rent Rewards platform — a private rewards site that helps tenants save money on everyday essentials while landlords generate additional income.

Our Details

Company Name: Rent Rewards Ltd

Company Number: 16755649

Registered Office: 3rd Floor, 86-90 Paul Street, London, England, EC2A 4NE

ICO Registration Number: ZC020714

Data Protection Officer: Gillian Malone-Johnstone

Email: privacy@rentrewards.io

Website: rentrewards.io

Who's Responsible for Your Data?

We are the data controller for your personal information when you use the Rent Rewards platform.

How it works:

  1. Your landlord/agent provides us with your basic contact details to invite you to Rent Rewards
    • They're responsible for ensuring they can lawfully share this information
    • They remain the controller of the data they initially provided
  2. We become the controller once you create your account and start using the platform
    • We're responsible for protecting your data in accordance with this Privacy Policy
    • We handle your data according to UK data protection law
2. What Data We Collect

We believe in collecting only what we need — nothing more

Here's exactly what information we gather:

Category What We Collect Why We Need It
Account Information Name, Email address, Password (encrypted) To create and secure your account
Location City only (not your full address) To show you relevant local offers without revealing where you live
Tenancy Information Tenancy start date, Tenancy end date To confirm you're an eligible tenant
Usage Data Offers you view, Offers you click, Offers you redeem, Time spent on platform To improve your experience and prevent fraud
Technical Data IP address, Device type, Browser information, Operating system To keep the platform secure and working smoothly
Marketing Preferences Email subscription choices, Communication settings To send only emails you've agreed to receive

What We DON'T Collect

We've intentionally designed our platform to minimize data collection. We do NOT collect:

  • Full residential addresses (only your city)
  • Payment card details (all purchases are directly with brand partners)
  • Date of birth or age
  • Gender
  • Ethnicity, religion, or political views
  • Health information
  • Criminal records
  • Financial information (bank accounts, credit scores, etc.)
  • Social media profiles
  • Biometric data
3. How We Use Your Information

We use your personal data to provide and improve your Rent Rewards experience

What We Do With Your Data

  • ✓ Provide platform access — Create and manage your account
  • ✓ Verify eligibility — Confirm you're a tenant (in partnership with your landlord/agent)
  • ✓ Show relevant offers — Personalize deals based on your city and interests
  • ✓ Track your savings — Calculate and display how much you've saved
  • ✓ Send notifications — Account updates, security alerts, and deals you've opted into
  • ✓ Improve the platform — Analyze anonymous usage data to make the service better
  • ✓ Prevent fraud — Detect and prevent abuse or misuse
  • ✓ Comply with the law — Meet legal and regulatory requirements
  • ✓ Provide anonymized insights — Give your landlord/agent anonymous engagement stats

What We DON'T Do

  • ✗ Sell your data — Never, to anyone, for any reason
  • ✗ Share with advertisers — We don't allow third-party advertising
  • ✗ Track you across the web — We only see what you do on our platform
  • ✗ Make automated decisions about you — No AI deciding things that affect your rights
  • ✗ Spam you — We only send marketing emails you've opted into
4. Our Legal Basis for Processing

Our lawful reasons for using your data

Under UK data protection law, we must have a legal reason to use your data. Here's our justification for each activity:

What We Do Data We Use Legal Basis Why
Create and manage account Name, email, password Performance of contract Necessary to provide the service
Verify tenant eligibility Tenancy dates, city Performance of contract Confirm you qualify for platform
Show personalized offers Usage history, city Legitimate interests Improves your experience
Platform analytics Anonymized usage data Legitimate interests Helps us improve service
Security and fraud prevention IP address, login history Legitimate interests Protects users
Send marketing emails Email, name Consent You opted in
Provide landlord insights Aggregated anonymous data Legitimate interests Fulfills landlord agreement
Keep financial records Account history Legal obligation Required for tax/accounting
Respond to legal requests Various Legal obligation Required by law
5. Who We Share Your Data With

We keep data sharing to an absolute minimum

Here's everyone who might see your information:

5.1 Brand Partners and Affiliate Networks

When you click on or redeem an offer, we share limited information with the relevant brand or their affiliate network:

What we share:

  • Anonymized tracking ID (not your name or email)
  • Click or redemption timestamp
  • Offer ID
  • General location (city)

What we DON'T share:

  • ✗ Your name
  • ✗ Your email address
  • ✗ Your full address
  • ✗ Your browsing history on other offers
  • ✗ Any personal identifiers

Cashback and Gift Card Offers Some offers on the platform (such as cashback and gift cards) are facilitated by a third-party provider, Spendstream Ltd. When you click through to one of these offers, you are redirected directly to Spendstream's platform, where the transaction is handled entirely by them. We do not pass your personal data to Spendstream - any data collected during that transaction is subject to Spendstream's privacy policy.

5.2 Your Landlord or Letting Agent

We provide your landlord/agent with aggregated, anonymized insights only:

What they see:

  • ✓ Total number of tenants using the platform
  • ✓ Total clicks and redemptions (overall, not per person)
  • ✓ Aggregate savings (e.g., "Your tenants saved £5,000 this month")
  • ✓ Popular offer categories
  • ✓ Platform engagement metrics

What they DON'T see:

  • ✗ Your individual name with your activity
  • ✗ Which specific offers YOU clicked
  • ✗ Your email address or contact information
  • ✗ How much YOU personally saved
  • ✗ Your browsing patterns

5.3 Service Providers (Sub-Processors)

We work with trusted third-party companies to help run the platform. All are based in the UK or European Economic Area:

Types of providers we use:

  • Cloud Hosting — Store data securely
  • Email Services — Send account and marketing emails
  • Analytics Tools — Google Analytics (Ireland), Microsoft Clarity (Ireland)
  • Customer Support — Help desk and ticketing
  • Payment Processing — Handle landlord commission payments

All service providers:

  • ✓ Are bound by GDPR-compliant Data Processing Agreements
  • ✓ Can only use your data on our instructions
  • ✓ Must implement strong security measures
  • ✓ Cannot use your data for their own purposes
  • ✓ Are regularly audited for compliance

A complete list of Sub-Processors is available by emailing privacy@rentrewards.io

We provide 30 days' notice before adding or changing service providers.

6. Marketing Communications

We'll only send you marketing emails if you want them

Here's how it works:

6.1 Types of Emails

Essential Communications (No Opt-Out):

These keep your account working:

  • Account creation and verification
  • Password resets and security alerts
  • Important service updates
  • Changes to this Privacy Policy

Marketing Communications (Your Choice):

These help you save more, but are optional:

  • Weekly or monthly offer roundups
  • New brand partner announcements
  • Seasonal savings tips
  • Exclusive tenant deals

6.2 Giving Consent

When you create your account, you can choose:

  • ✓ Yes, send me offers and updates — Get the most out of Rent Rewards
  • ✗ No thanks, essential emails only — Just the account stuff

We never pre-tick boxes or assume consent.

6.3 Changing Your Mind

To stop marketing emails:

Option 1: Click "Unsubscribe" at the bottom of any marketing email (easiest!)

Option 2: Log in to your account → Settings → Email Preferences

Option 3: Email privacy@rentrewards.io and say "please unsubscribe me"

We'll process your request within 2 business days. You'll still get essential account emails.

7. International Transfers

We do not transfer your data outside the UK or European Economic Area.

All your personal data is processed and stored within the United Kingdom and European Economic Area (EEA). All our service providers are located in the UK or EEA.

If This Changes

If we ever need to transfer data internationally:

  1. We'll notify you in advance (at least 30 days)
  2. We'll ensure appropriate safeguards (UK adequacy decision or Standard Contractual Clauses)
  3. We'll update this Privacy Policy
  4. You can object or delete your account if concerned
8. Data Retention

We only keep your data as long as we need it

Here's our retention schedule:

8.1 Active Account

While you're using Rent Rewards:

  • Account data (name, email, password): Kept for duration of active use
  • Usage data (offers viewed, clicked): Kept for 12 months, then anonymized
  • Marketing preferences: Until you opt out or close account
  • Login history: 90 days for security purposes

8.2 Inactive Accounts

If you don't log in for 24 months:

  1. We'll email you asking if you want to keep your account
  2. No response? We'll send a reminder 7 days later
  3. Still no response? Account deleted 30 days after first email
  4. You can reactivate anytime by logging in before deletion

8.3 Account Closure

When you close your account or your tenancy ends:

  • Immediate: Account access disabled, marketing emails stopped
  • Within 30 days: All personal data deleted from active systems
  • Within 90 days: Data removed from backup systems, deletion complete

Exceptions (data we keep longer):

  • Anonymized analytics: Kept indefinitely (no way to identify you)
  • Financial records (if applicable): 6 years (HMRC requirement)
  • Legal dispute records: Duration of dispute + 6 years

8.4 Early Deletion

You can request deletion of your data at any time by:

We'll comply within 30 days, subject to legal retention requirements.

9. Your Data Protection Rights

UK law gives you strong rights over your personal data

Here's what you can do:

9.1 Your Rights Explained

Right of Access — Get a copy of your data

Request all the personal data we hold about you.

Right to Rectification — Fix incorrect data

Ask us to correct inaccurate or incomplete information.

Right to Erasure ("Right to be Forgotten") — Delete your data

Request we delete your personal data in certain circumstances.

Right to Restriction — Limit how we use your data

Ask us to stop using your data temporarily while we investigate a concern.

Right to Data Portability — Move your data elsewhere

Receive your data in a portable format to transfer to another service.

Right to Object — Stop certain types of processing

Object to processing based on legitimate interests or for direct marketing.

Right to Withdraw Consent — Change your mind

If we process your data based on consent, you can withdraw it anytime.

9.2 How to Exercise Your Rights

Making a request:

Step 1: Email privacy@rentrewards.io with:

  • Your full name and email address
  • Which right you want to exercise
  • Details of your request

Step 2: We verify your identity (to protect your privacy)

Step 3: We respond within 1 month

  • Complex requests may take up to 3 months (we'll let you know)
  • No fee (unless clearly unfounded or excessive)
  • Provided electronically unless you request otherwise

9.3 Fees

Usually free! We don't charge for reasonable requests.

We may charge if the request is clearly unfounded or excessive.

9.4 Right to Complain

Not happy with our response? You can complain to the UK data protection authority:

Information Commissioner's Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Telephone: 0303 123 1113
Website: www.ico.org.uk
Make a complaint: www.ico.org.uk/make-a-complaint

We'd appreciate the chance to resolve your concern first, but you have the right to complain directly to the ICO at any time.

10. Cookies and Tracking

How we use cookies on the platform

Cookies are small text files stored on your device when you visit our platform. Here's how we use them:

10.1 Essential Cookies (Always On)

These are necessary for the platform to work:

  • session_id — Keep you logged in (deleted when you close browser)
  • csrf_token — Prevent security attacks (session)
  • cookie_consent — Remember your cookie preferences (12 months)

Essential cookies don't require consent because they're necessary for the service.

10.2 Analytics Cookies (Your Choice)

Help us understand how people use the platform:

  • _ga (Google Analytics) — Count visitors anonymously (2 years)
  • _gid (Google Analytics) — Distinguish users (24 hours)
  • _clck (Microsoft Clarity) — Anonymous session ID (1 year)

All analytics data is anonymized and aggregated.

10.3 Managing Cookies

Through Our Cookie Banner:

When you first visit, you'll see options to:

  • Accept All — Enable all cookies
  • Cookie Preferences — Choose which types to allow
  • Essential Only — Disable all optional cookies

Through Your Browser:

You can control cookies through your browser settings:

  • Chrome: Settings → Privacy and Security → Cookies
  • Firefox: Settings → Privacy & Security → Cookies and Site Data
  • Safari: Preferences → Privacy → Manage Website Data
  • Edge: Settings → Cookies and site permissions

Through Analytics Opt-Outs:

11. Security Measures

We take your security seriously

Here's how we protect your data:

11.1 Technical Security

Encryption:

  • All data transmitted uses TLS 1.3 encryption
  • Data stored on servers uses AES-256 encryption
  • Passwords are hashed with bcrypt (never stored in plain text)

Access Controls:

  • Multi-factor authentication (2FA) available for your account
  • Role-based access for staff (only those who need data can access it)
  • Automated session timeouts after 30 minutes

Infrastructure Security:

  • Enterprise-grade UK/EEA cloud hosting
  • Firewall protection and intrusion detection
  • Regular security updates (patches applied within 24 hours)
  • Penetration testing (annual external security audits)

11.2 Organizational Security

Staff Security:

  • All staff sign confidentiality agreements
  • Background checks for anyone with data access
  • Regular data protection training (at least annually)
  • Limited access (only those who need it)

Monitoring & Testing:

  • 24/7 automated security monitoring
  • Access logs of all data access
  • Regular security audits and compliance reviews

11.3 Data Breach Response

If we discover a data breach:

  • Contain and investigate within 1 hour
  • Notify ICO within 72 hours (if required by law)
  • Notify you directly without delay if there's high risk
  • Explain what happened and steps to protect yourself

What you should do:

  • Change your password immediately
  • Enable 2FA if not already done
  • Watch for suspicious activity
  • Report concerns to privacy@rentrewards.io

11.4 Your Role in Security

You can help protect your account:

  • ✓ Use a strong, unique password (at least 12 characters)
  • ✓ Enable two-factor authentication (2FA)
  • ✓ Keep your email secure
  • ✓ Don't share your login credentials
  • ✓ Log out on shared devices
  • ✓ Report suspicious activity immediately

11.5 Certifications & Insurance

  • ICO Registration: ZC020714 (active and compliant)
  • UK GDPR Compliant: Ongoing compliance program
  • Cyber Security Insurance: Covers data breaches
  • Professional Indemnity: Covers errors and omissions
12. Automated Decision-Making and Profiling

We do NOT make automated decisions that significantly affect you without human involvement.

We don't use automated systems to:

  • ✗ Approve or deny your account
  • ✗ Limit your access to offers
  • ✗ Make decisions about your eligibility
  • ✗ Profile you for purposes beyond personalization

12.1 What About Personalization?

We DO use simple automated systems to improve your experience:

  • Show relevant offers based on your city and previous interests
  • Order offers on your homepage by relevance
  • Send timely notifications about expiring deals

This is simple personalization, NOT decision-making that affects your rights.

12.2 Your Control

You always have control:

  • You can ignore personalized suggestions
  • You can browse all offers regardless of recommendations
  • You're never denied access to any offer
  • You can opt out of personalized emails
13. Age Restrictions and Children's Privacy

The Rent Rewards platform is intended for tenants aged 18 and over.

We do not knowingly collect personal data from anyone under 18.

13.1 Why 18+?

  • Standard tenancy agreements in the UK require tenants to be 18+
  • Our platform is designed for adult tenants
  • Simplified compliance with children's privacy regulations

13.2 If You're Under 18

If you're under 18 and somehow created an account:

  • Please email privacy@rentrewards.io immediately
  • We'll delete your account and data within 24 hours
  • You can rejoin when you turn 18 (if you're a tenant then)

13.3 If You're a Parent

If you believe your child under 18 has created an account:

  • Contact us at privacy@rentrewards.io
  • Provide proof of your parental relationship
  • We'll immediately delete the account and all data
14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time

14.1 How We Notify You

Material Changes (significantly affecting your rights):

  • Email notification at least 30 days before changes take effect
  • Prominent notice when you log in
  • Summary of key changes in simple language

Minor Changes (clarifications, formatting, examples):

  • Update "last updated" date at top
  • Publish updated policy on our website

14.2 Your Options

If you don't agree with material changes:

  • Contact us with concerns: privacy@rentrewards.io
  • Object to specific changes
  • Close your account before changes take effect
  • Request deletion of your data
15. Additional Information

15.1 Links to Other Websites

When you click on offers, you'll visit brand partner websites. This Privacy Policy doesn't apply to those sites.

Before purchasing:

  • Check the brand's privacy policy
  • Understand how they'll use your data
  • You're providing data directly to them, not to us. This includes cashback and gift card providers such as Spendstream, who operate independently and are governed by their own privacy policies.

15.2 Social Media

We may have social media profiles (Facebook, Instagram, Twitter, LinkedIn). When you interact with us on social media:

  • Social media platform's privacy policy applies
  • They control how they process your data
  • We only see what you publicly share or send us
16. Contact Us

Got questions? Concerns? Want to exercise your rights? We're here to help.

16.1 Data Protection Queries

Data Protection Officer: Gillian Malone-Johnstone
Email: privacy@rentrewards.io
Response time: Within 1 business day for urgent matters

Use this email for:

  • Data subject access requests (getting a copy of your data)
  • Deletion requests
  • Corrections to your data
  • Privacy questions
  • Data breach concerns
  • Opt-out requests
  • Complaints about data handling

16.2 Our Details

Full Legal Name: Rent Rewards Ltd

Company Number: 16755649

ICO Registration: ZC020714

Registered Office: 3rd Floor, 86-90 Paul Street, London EC2A 4NE, England

Website: rentrewards.io

16.3 Complaints Authority

Not happy with our response? You can complain to:

Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Telephone: 0303 123 1113
Website: www.ico.org.uk
Make a complaint: www.ico.org.uk/make-a-complaint
Email: casework@ico.org.uk

We'd appreciate the chance to resolve your concern first, but you have the right to complain to the ICO at any time.

Making Every Tenancy a Little Richer — Safely and Securely

Thank you for taking the time to read our Privacy Policy. We're committed to:

  • ✓ Protecting your privacy — Minimal data collection, strong security
  • ✓ Being transparent — Clear explanations, no hidden surprises
  • ✓ Giving you control — Easy access, correction, and deletion
  • ✓ Respecting your choices — Opt-in marketing, no spam
  • ✓ Staying compliant — Full UK GDPR compliance, ICO registered

Questions? Email privacy@rentrewards.io — we're happy to help!

Version: 2.0 Last Updated: 1st October 2025 © 2025 Rent Rewards Ltd. All rights reserved. Company Number: 16755649 | ICO Registration: ZC020714