Rent Rewards Tenant Privacy Policy
Rent Rewards Ltd
Rent Rewards Ltd ("we", "our", "us") operates the Rent Rewards platform — a private rewards site that helps tenants save money on everyday essentials while landlords generate additional income.
Our Details
Company Name: Rent Rewards Ltd
Company Number: 16755649
Registered Office: 3rd Floor, 86-90 Paul Street, London, England, EC2A 4NE
ICO Registration Number: ZC020714
Data Protection Officer: Gillian Malone-Johnstone
Email: privacy@rentrewards.io
Website: rentrewards.io
Who's Responsible for Your Data?
We are the data controller for your personal information when you use the Rent Rewards platform.
How it works:
-
Your landlord/agent provides us with your basic contact details to invite you to Rent Rewards
- They're responsible for ensuring they can lawfully share this information
- They remain the controller of the data they initially provided
-
We become the controller once you create your account and start using the platform
- We're responsible for protecting your data in accordance with this Privacy Policy
- We handle your data according to UK data protection law
We believe in collecting only what we need — nothing more
Here's exactly what information we gather:
| Category | What We Collect | Why We Need It |
|---|---|---|
| Account Information | Name, Email address, Password (encrypted) | To create and secure your account |
| Location | City only (not your full address) | To show you relevant local offers without revealing where you live |
| Tenancy Information | Tenancy start date, Tenancy end date | To confirm you're an eligible tenant |
| Usage Data | Offers you view, Offers you click, Offers you redeem, Time spent on platform | To improve your experience and prevent fraud |
| Technical Data | IP address, Device type, Browser information, Operating system | To keep the platform secure and working smoothly |
| Marketing Preferences | Email subscription choices, Communication settings | To send only emails you've agreed to receive |
What We DON'T Collect
We've intentionally designed our platform to minimize data collection. We do NOT collect:
- Full residential addresses (only your city)
- Payment card details (all purchases are directly with brand partners)
- Date of birth or age
- Gender
- Ethnicity, religion, or political views
- Health information
- Criminal records
- Financial information (bank accounts, credit scores, etc.)
- Social media profiles
- Biometric data
We use your personal data to provide and improve your Rent Rewards experience
What We Do With Your Data
- ✓ Provide platform access — Create and manage your account
- ✓ Verify eligibility — Confirm you're a tenant (in partnership with your landlord/agent)
- ✓ Show relevant offers — Personalize deals based on your city and interests
- ✓ Track your savings — Calculate and display how much you've saved
- ✓ Send notifications — Account updates, security alerts, and deals you've opted into
- ✓ Improve the platform — Analyze anonymous usage data to make the service better
- ✓ Prevent fraud — Detect and prevent abuse or misuse
- ✓ Comply with the law — Meet legal and regulatory requirements
- ✓ Provide anonymized insights — Give your landlord/agent anonymous engagement stats
What We DON'T Do
- ✗ Sell your data — Never, to anyone, for any reason
- ✗ Share with advertisers — We don't allow third-party advertising
- ✗ Track you across the web — We only see what you do on our platform
- ✗ Make automated decisions about you — No AI deciding things that affect your rights
- ✗ Spam you — We only send marketing emails you've opted into
Our lawful reasons for using your data
Under UK data protection law, we must have a legal reason to use your data. Here's our justification for each activity:
| What We Do | Data We Use | Legal Basis | Why |
|---|---|---|---|
| Create and manage account | Name, email, password | Performance of contract | Necessary to provide the service |
| Verify tenant eligibility | Tenancy dates, city | Performance of contract | Confirm you qualify for platform |
| Show personalized offers | Usage history, city | Legitimate interests | Improves your experience |
| Platform analytics | Anonymized usage data | Legitimate interests | Helps us improve service |
| Security and fraud prevention | IP address, login history | Legitimate interests | Protects users |
| Send marketing emails | Email, name | Consent | You opted in |
| Provide landlord insights | Aggregated anonymous data | Legitimate interests | Fulfills landlord agreement |
| Keep financial records | Account history | Legal obligation | Required for tax/accounting |
| Respond to legal requests | Various | Legal obligation | Required by law |
We keep data sharing to an absolute minimum
Here's everyone who might see your information:
5.1 Brand Partners and Affiliate Networks
When you click on or redeem an offer, we share limited information with the relevant brand or their affiliate network:
What we share:
- Anonymized tracking ID (not your name or email)
- Click or redemption timestamp
- Offer ID
- General location (city)
What we DON'T share:
- ✗ Your name
- ✗ Your email address
- ✗ Your full address
- ✗ Your browsing history on other offers
- ✗ Any personal identifiers
Cashback and Gift Card Offers Some offers on the platform (such as cashback and gift cards) are facilitated by a third-party provider, Spendstream Ltd. When you click through to one of these offers, you are redirected directly to Spendstream's platform, where the transaction is handled entirely by them. We do not pass your personal data to Spendstream - any data collected during that transaction is subject to Spendstream's privacy policy.
5.2 Your Landlord or Letting Agent
We provide your landlord/agent with aggregated, anonymized insights only:
What they see:
- ✓ Total number of tenants using the platform
- ✓ Total clicks and redemptions (overall, not per person)
- ✓ Aggregate savings (e.g., "Your tenants saved £5,000 this month")
- ✓ Popular offer categories
- ✓ Platform engagement metrics
What they DON'T see:
- ✗ Your individual name with your activity
- ✗ Which specific offers YOU clicked
- ✗ Your email address or contact information
- ✗ How much YOU personally saved
- ✗ Your browsing patterns
5.3 Service Providers (Sub-Processors)
We work with trusted third-party companies to help run the platform. All are based in the UK or European Economic Area:
Types of providers we use:
- Cloud Hosting — Store data securely
- Email Services — Send account and marketing emails
- Analytics Tools — Google Analytics (Ireland), Microsoft Clarity (Ireland)
- Customer Support — Help desk and ticketing
- Payment Processing — Handle landlord commission payments
All service providers:
- ✓ Are bound by GDPR-compliant Data Processing Agreements
- ✓ Can only use your data on our instructions
- ✓ Must implement strong security measures
- ✓ Cannot use your data for their own purposes
- ✓ Are regularly audited for compliance
A complete list of Sub-Processors is available by emailing privacy@rentrewards.io
We provide 30 days' notice before adding or changing service providers.
We'll only send you marketing emails if you want them
Here's how it works:
6.1 Types of Emails
Essential Communications (No Opt-Out):
These keep your account working:
- Account creation and verification
- Password resets and security alerts
- Important service updates
- Changes to this Privacy Policy
Marketing Communications (Your Choice):
These help you save more, but are optional:
- Weekly or monthly offer roundups
- New brand partner announcements
- Seasonal savings tips
- Exclusive tenant deals
6.2 Giving Consent
When you create your account, you can choose:
- ✓ Yes, send me offers and updates — Get the most out of Rent Rewards
- ✗ No thanks, essential emails only — Just the account stuff
We never pre-tick boxes or assume consent.
6.3 Changing Your Mind
To stop marketing emails:
Option 1: Click "Unsubscribe" at the bottom of any marketing email (easiest!)
Option 2: Log in to your account → Settings → Email Preferences
Option 3: Email privacy@rentrewards.io and say "please unsubscribe me"
We'll process your request within 2 business days. You'll still get essential account emails.
We do not transfer your data outside the UK or European Economic Area.
All your personal data is processed and stored within the United Kingdom and European Economic Area (EEA). All our service providers are located in the UK or EEA.
If This Changes
If we ever need to transfer data internationally:
- We'll notify you in advance (at least 30 days)
- We'll ensure appropriate safeguards (UK adequacy decision or Standard Contractual Clauses)
- We'll update this Privacy Policy
- You can object or delete your account if concerned
We only keep your data as long as we need it
Here's our retention schedule:
8.1 Active Account
While you're using Rent Rewards:
- Account data (name, email, password): Kept for duration of active use
- Usage data (offers viewed, clicked): Kept for 12 months, then anonymized
- Marketing preferences: Until you opt out or close account
- Login history: 90 days for security purposes
8.2 Inactive Accounts
If you don't log in for 24 months:
- We'll email you asking if you want to keep your account
- No response? We'll send a reminder 7 days later
- Still no response? Account deleted 30 days after first email
- You can reactivate anytime by logging in before deletion
8.3 Account Closure
When you close your account or your tenancy ends:
- Immediate: Account access disabled, marketing emails stopped
- Within 30 days: All personal data deleted from active systems
- Within 90 days: Data removed from backup systems, deletion complete
Exceptions (data we keep longer):
- Anonymized analytics: Kept indefinitely (no way to identify you)
- Financial records (if applicable): 6 years (HMRC requirement)
- Legal dispute records: Duration of dispute + 6 years
8.4 Early Deletion
You can request deletion of your data at any time by:
- Closing your account in settings
- Emailing privacy@rentrewards.io
We'll comply within 30 days, subject to legal retention requirements.
UK law gives you strong rights over your personal data
Here's what you can do:
9.1 Your Rights Explained
Right of Access — Get a copy of your data
Request all the personal data we hold about you.
Right to Rectification — Fix incorrect data
Ask us to correct inaccurate or incomplete information.
Right to Erasure ("Right to be Forgotten") — Delete your data
Request we delete your personal data in certain circumstances.
Right to Restriction — Limit how we use your data
Ask us to stop using your data temporarily while we investigate a concern.
Right to Data Portability — Move your data elsewhere
Receive your data in a portable format to transfer to another service.
Right to Object — Stop certain types of processing
Object to processing based on legitimate interests or for direct marketing.
Right to Withdraw Consent — Change your mind
If we process your data based on consent, you can withdraw it anytime.
9.2 How to Exercise Your Rights
Making a request:
Step 1: Email privacy@rentrewards.io with:
- Your full name and email address
- Which right you want to exercise
- Details of your request
Step 2: We verify your identity (to protect your privacy)
Step 3: We respond within 1 month
- Complex requests may take up to 3 months (we'll let you know)
- No fee (unless clearly unfounded or excessive)
- Provided electronically unless you request otherwise
9.3 Fees
Usually free! We don't charge for reasonable requests.
We may charge if the request is clearly unfounded or excessive.
9.4 Right to Complain
Not happy with our response? You can complain to the UK data protection authority:
Information Commissioner's Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Telephone: 0303 123 1113
Website: www.ico.org.uk
Make a complaint: www.ico.org.uk/make-a-complaint
We'd appreciate the chance to resolve your concern first, but you have the right to complain directly to the ICO at any time.
How we use cookies on the platform
Cookies are small text files stored on your device when you visit our platform. Here's how we use them:
10.1 Essential Cookies (Always On)
These are necessary for the platform to work:
- session_id — Keep you logged in (deleted when you close browser)
- csrf_token — Prevent security attacks (session)
- cookie_consent — Remember your cookie preferences (12 months)
Essential cookies don't require consent because they're necessary for the service.
10.2 Analytics Cookies (Your Choice)
Help us understand how people use the platform:
- _ga (Google Analytics) — Count visitors anonymously (2 years)
- _gid (Google Analytics) — Distinguish users (24 hours)
- _clck (Microsoft Clarity) — Anonymous session ID (1 year)
All analytics data is anonymized and aggregated.
10.3 Managing Cookies
Through Our Cookie Banner:
When you first visit, you'll see options to:
- Accept All — Enable all cookies
- Cookie Preferences — Choose which types to allow
- Essential Only — Disable all optional cookies
Through Your Browser:
You can control cookies through your browser settings:
- Chrome: Settings → Privacy and Security → Cookies
- Firefox: Settings → Privacy & Security → Cookies and Site Data
- Safari: Preferences → Privacy → Manage Website Data
- Edge: Settings → Cookies and site permissions
Through Analytics Opt-Outs:
- Google Analytics: https://tools.google.com/dlpage/gaoptout
- Microsoft Clarity: Enable "Do Not Track" in browser
We take your security seriously
Here's how we protect your data:
11.1 Technical Security
Encryption:
- All data transmitted uses TLS 1.3 encryption
- Data stored on servers uses AES-256 encryption
- Passwords are hashed with bcrypt (never stored in plain text)
Access Controls:
- Multi-factor authentication (2FA) available for your account
- Role-based access for staff (only those who need data can access it)
- Automated session timeouts after 30 minutes
Infrastructure Security:
- Enterprise-grade UK/EEA cloud hosting
- Firewall protection and intrusion detection
- Regular security updates (patches applied within 24 hours)
- Penetration testing (annual external security audits)
11.2 Organizational Security
Staff Security:
- All staff sign confidentiality agreements
- Background checks for anyone with data access
- Regular data protection training (at least annually)
- Limited access (only those who need it)
Monitoring & Testing:
- 24/7 automated security monitoring
- Access logs of all data access
- Regular security audits and compliance reviews
11.3 Data Breach Response
If we discover a data breach:
- Contain and investigate within 1 hour
- Notify ICO within 72 hours (if required by law)
- Notify you directly without delay if there's high risk
- Explain what happened and steps to protect yourself
What you should do:
- Change your password immediately
- Enable 2FA if not already done
- Watch for suspicious activity
- Report concerns to privacy@rentrewards.io
11.4 Your Role in Security
You can help protect your account:
- ✓ Use a strong, unique password (at least 12 characters)
- ✓ Enable two-factor authentication (2FA)
- ✓ Keep your email secure
- ✓ Don't share your login credentials
- ✓ Log out on shared devices
- ✓ Report suspicious activity immediately
11.5 Certifications & Insurance
- ICO Registration: ZC020714 (active and compliant)
- UK GDPR Compliant: Ongoing compliance program
- Cyber Security Insurance: Covers data breaches
- Professional Indemnity: Covers errors and omissions
We do NOT make automated decisions that significantly affect you without human involvement.
We don't use automated systems to:
- ✗ Approve or deny your account
- ✗ Limit your access to offers
- ✗ Make decisions about your eligibility
- ✗ Profile you for purposes beyond personalization
12.1 What About Personalization?
We DO use simple automated systems to improve your experience:
- Show relevant offers based on your city and previous interests
- Order offers on your homepage by relevance
- Send timely notifications about expiring deals
This is simple personalization, NOT decision-making that affects your rights.
12.2 Your Control
You always have control:
- You can ignore personalized suggestions
- You can browse all offers regardless of recommendations
- You're never denied access to any offer
- You can opt out of personalized emails
The Rent Rewards platform is intended for tenants aged 18 and over.
We do not knowingly collect personal data from anyone under 18.
13.1 Why 18+?
- Standard tenancy agreements in the UK require tenants to be 18+
- Our platform is designed for adult tenants
- Simplified compliance with children's privacy regulations
13.2 If You're Under 18
If you're under 18 and somehow created an account:
- Please email privacy@rentrewards.io immediately
- We'll delete your account and data within 24 hours
- You can rejoin when you turn 18 (if you're a tenant then)
13.3 If You're a Parent
If you believe your child under 18 has created an account:
- Contact us at privacy@rentrewards.io
- Provide proof of your parental relationship
- We'll immediately delete the account and all data
We may update this Privacy Policy from time to time
14.1 How We Notify You
Material Changes (significantly affecting your rights):
- Email notification at least 30 days before changes take effect
- Prominent notice when you log in
- Summary of key changes in simple language
Minor Changes (clarifications, formatting, examples):
- Update "last updated" date at top
- Publish updated policy on our website
14.2 Your Options
If you don't agree with material changes:
- Contact us with concerns: privacy@rentrewards.io
- Object to specific changes
- Close your account before changes take effect
- Request deletion of your data
15.1 Links to Other Websites
When you click on offers, you'll visit brand partner websites. This Privacy Policy doesn't apply to those sites.
Before purchasing:
- Check the brand's privacy policy
- Understand how they'll use your data
- You're providing data directly to them, not to us. This includes cashback and gift card providers such as Spendstream, who operate independently and are governed by their own privacy policies.
15.2 Social Media
We may have social media profiles (Facebook, Instagram, Twitter, LinkedIn). When you interact with us on social media:
- Social media platform's privacy policy applies
- They control how they process your data
- We only see what you publicly share or send us
Got questions? Concerns? Want to exercise your rights? We're here to help.
16.1 Data Protection Queries
Data Protection Officer: Gillian Malone-Johnstone
Email: privacy@rentrewards.io
Response time: Within 1 business day for urgent matters
Use this email for:
- Data subject access requests (getting a copy of your data)
- Deletion requests
- Corrections to your data
- Privacy questions
- Data breach concerns
- Opt-out requests
- Complaints about data handling
16.2 Our Details
Full Legal Name: Rent Rewards Ltd
Company Number: 16755649
ICO Registration: ZC020714
Registered Office: 3rd Floor, 86-90 Paul Street, London EC2A 4NE, England
Website: rentrewards.io
16.3 Complaints Authority
Not happy with our response? You can complain to:
Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113
Website: www.ico.org.uk
Make a complaint: www.ico.org.uk/make-a-complaint
Email: casework@ico.org.uk
We'd appreciate the chance to resolve your concern first, but you have the right to complain to the ICO at any time.