Rent Rewards – Tenant Privacy Policy
Tenant Privacy Policy

Rent Rewards Tenant Privacy Policy

Last updated 1st October 2025 Version 2.0 Contact privacy@rentrewards.io

This Privacy Policy explains how Rent Rewards Ltd collects, uses, and protects your personal data when you use the Rent Rewards platform as a tenant. We keep things simple: minimal data collection, clear purposes, and no surprises.

What we collect
Just the basics
Your name, email, city, and tenancy dates — nothing more unless you choose to share it.
Why we need it
To verify & personalise
We confirm you're a tenant and show you relevant, money-saving offers in your area.
Who sees it
Limited, controlled access
Us, anonymised summary reports to your landlord, and brands only when you click their offers.
Your control
Full GDPR rights
Access, correct, or delete your data at any time. We never sell your data or share with advertisers.

Questions? Email our Data Protection Officer at privacy@rentrewards.io.

1. Who We Are

Rent Rewards Ltd – the data controller for your tenant rewards

Rent Rewards Ltd ("we", "our", "us") operates the Rent Rewards platform — a private rewards site that helps tenants save money on everyday essentials while landlords generate additional income.

Our details

  • Company Name: Rent Rewards Ltd
  • Company Number: 16755649
  • Registered Office: 3rd Floor, 86-90 Paul Street, London, England, EC2A 4NE
  • ICO Registration Number: ZC020714
  • Data Protection Officer: Gillian Malone-Johnstone
  • Email: privacy@rentrewards.io
  • Website: rentrewards.io

Who's responsible for your data?
We are the data controller for your personal information when you use the Rent Rewards platform.

How it works:

  1. Your landlord/agent provides us with your basic contact details to invite you to Rent Rewards
    • They're responsible for ensuring they can lawfully share this information.
    • They remain the controller of the data they initially provided.
  2. We become the controller once you create your account and start using the platform
    • We're responsible for protecting your data in accordance with this Privacy Policy.
    • We handle your data according to UK data protection law (UK GDPR and Data Protection Act 2018).
2. What Data We Collect

We collect only what we need — nothing more

We believe in collecting only what we need to run the platform and help you save money. Here's exactly what information we gather.

Category What we collect Why we need it
Account Information Name, email address, password (encrypted) To create and secure your account.
Location City only (not your full address) To show you relevant local offers without revealing where you live.
Tenancy Information Tenancy start date, tenancy end date To confirm you're an eligible tenant.
Usage Data Offers you view, click, or redeem; time spent on the platform To improve your experience and prevent fraud.
Technical Data IP address, device type, browser information, operating system To keep the platform secure and working smoothly.
Marketing Preferences Email subscription choices, communication settings To send only emails you've agreed to receive.

What we DON'T collect
We've intentionally designed our platform to minimise data collection. We do not collect:

  • Full residential addresses (only your city)
  • Payment card details (all purchases are directly with brand partners)
  • Date of birth or age
  • Gender
  • Ethnicity, religion, or political views
  • Health information
  • Criminal records
  • Financial information (bank accounts, credit scores, etc.)
  • Social media profiles
  • Biometric data
3. How We Use Your Information

Using your data to run and improve Rent Rewards

We use your personal data to provide and improve your Rent Rewards experience.

What we do with your data

  • Provide platform access — create and manage your account.
  • Verify eligibility — confirm you're a tenant (in partnership with your landlord/agent).
  • Show relevant offers — personalise deals based on your city and interests.
  • Track your savings — calculate and display how much you've saved.
  • Send notifications — account updates, security alerts, and deals you've opted into.
  • Improve the platform — analyse anonymous usage data to make the service better.
  • Prevent fraud — detect and prevent abuse or misuse.
  • Comply with the law — meet legal and regulatory requirements.
  • Provide anonymised insights — give your landlord/agent anonymous engagement stats.

What we DON'T do

  • Sell your data — never, to anyone, for any reason.
  • Share with advertisers — we don't allow third-party advertising.
  • Track you across the web — we only see what you do on our platform.
  • Make automated decisions about you — no AI deciding things that affect your rights.
  • Spam you — we only send marketing emails you've opted into.
4. Our Legal Basis for Processing

Our lawful reasons for using your data

Under UK data protection law, we must have a legal reason to use your data. Here's our justification for each activity:

What we do Data we use Legal basis Why
Create and manage account Name, email, password Performance of contract Necessary to provide the service.
Verify tenant eligibility Tenancy dates, city Performance of contract Confirm you qualify for the platform.
Show personalised offers Usage history, city Legitimate interests Improves your experience.
Platform analytics Anonymised usage data Legitimate interests Helps us improve the service.
Security and fraud prevention IP address, login history Legitimate interests Protects users and our platform.
Send marketing emails Email, name Consent You opted in.
Provide landlord insights Aggregated anonymous data Legitimate interests Fulfils landlord agreement without identifying you.
Keep financial records Account history Legal obligation Required for tax/accounting.
Respond to legal requests Various Legal obligation Required by law.
5. Who We Share Your Data With

Limited sharing with clear boundaries

We keep data sharing to an absolute minimum. Here's everyone who might see your information:

5.1 Brand Partners and Affiliate Networks

When you click on or redeem an offer, we share limited information with the relevant brand or their affiliate network.

What we share:

  • Anonymised tracking ID (not your name or email).
  • Click or redemption timestamp.
  • Offer ID.
  • General location (city).

What we DON'T share:

  • Your name.
  • Your email address.
  • Your full address.
  • Your browsing history on other offers.
  • Any personal identifiers.

5.2 Your Landlord or Letting Agent

We provide your landlord/agent with aggregated, anonymised insights only.

What they see:

  • Total number of tenants using the platform.
  • Total clicks and redemptions (overall, not per person).
  • Aggregate savings (e.g., "Your tenants saved £5,000 this month").
  • Popular offer categories.
  • Platform engagement metrics.

What they DON'T see:

  • Your individual name with your activity.
  • Which specific offers you clicked.
  • Your email address or contact information.
  • How much you personally saved.
  • Your detailed browsing patterns.

5.3 Service Providers (Sub-Processors)

We work with trusted third-party companies to help run the platform. All are based in the UK or European Economic Area.

Types of providers we use:

  • Cloud Hosting — store data securely.
  • Email Services — send account and marketing emails.
  • Analytics Tools — e.g. Google Analytics (Ireland), Microsoft Clarity (Ireland).
  • Customer Support — help desk and ticketing.
  • Payment Processing — handle landlord commission payments.

All service providers:

  • Are bound by GDPR-compliant Data Processing Agreements.
  • Can only use your data on our instructions.
  • Must implement strong security measures.
  • Cannot use your data for their own purposes.
  • Are regularly audited for compliance.

A complete list of Sub-Processors is available by emailing privacy@rentrewards.io. We provide 30 days' notice before adding or changing service providers.

6. Marketing Communications

When and how we contact you

We'll only send you marketing emails if you want them. Here's how it works:

6.1 Types of Emails

Essential communications (no opt-out)
These keep your account working:

  • Account creation and verification.
  • Password resets and security alerts.
  • Important service updates.
  • Changes to this Privacy Policy.

Marketing communications (your choice)
These help you save more, but are optional:

  • Weekly or monthly offer roundups.
  • New brand partner announcements.
  • Seasonal savings tips.
  • Exclusive tenant deals.

6.2 Giving Consent

When you create your account, you can choose:

  • Yes, send me offers and updates — get the most out of Rent Rewards.
  • No thanks, essential emails only — just the account stuff.

We never pre-tick boxes or assume consent.

6.3 Changing Your Mind

To stop marketing emails:

  • Option 1: Click "Unsubscribe" at the bottom of any marketing email (easiest).
  • Option 2: Log in to your account → Settings → Email Preferences.
  • Option 3: Email privacy@rentrewards.io and say "please unsubscribe me".

We'll process your request within 2 business days. You'll still get essential account emails.

7. International Transfers

Where your data is stored and processed

We do not transfer your data outside the UK or European Economic Area. All your personal data is processed and stored within the United Kingdom and European Economic Area (EEA). All our service providers are located in the UK or EEA.

If this changes:

If we ever need to transfer data internationally:

  1. We'll notify you in advance (at least 30 days).
  2. We'll ensure appropriate safeguards (UK adequacy decision or Standard Contractual Clauses).
  3. We'll update this Privacy Policy.
  4. You can object or delete your account if concerned.
8. Data Retention

How long we keep your data

We only keep your data as long as we need it. Here's our retention schedule:

8.1 Active Account

While you're using Rent Rewards:

  • Account data (name, email, password): kept for duration of active use.
  • Usage data (offers viewed, clicked): kept for 12 months, then anonymised.
  • Marketing preferences: until you opt out or close your account.
  • Login history: 90 days for security purposes.

8.2 Inactive Accounts

If you don't log in for 24 months:

  1. We'll email you asking if you want to keep your account.
  2. No response? We'll send a reminder 7 days later.
  3. Still no response? Account deleted 30 days after first email.
  4. You can reactivate anytime by logging in before deletion.

8.3 Account Closure

When you close your account or your tenancy ends:

  • Immediate: account access disabled, marketing emails stopped.
  • Within 30 days: all personal data deleted from active systems.
  • Within 90 days: data removed from backup systems, deletion complete.

Exceptions (data we keep longer):

  • Anonymised analytics: kept indefinitely (no way to identify you).
  • Financial records (if applicable): 6 years (HMRC requirement).
  • Legal dispute records: duration of dispute + 6 years.

8.4 Early Deletion

You can request deletion of your data at any time by:

We'll comply within 30 days, subject to legal retention requirements.

9. Your Data Protection Rights

Your rights under UK data protection law

UK law gives you strong rights over your personal data. Here's what you can do:

9.1 Your Rights Explained

  • Right of Access — get a copy of your data.
  • Right to Rectification — fix incorrect or incomplete data.
  • Right to Erasure ("Right to be Forgotten") — delete your data in certain circumstances.
  • Right to Restriction — limit how we use your data while we investigate a concern.
  • Right to Data Portability — move your data elsewhere in a portable format.
  • Right to Object — stop certain types of processing (e.g. based on legitimate interests or for direct marketing).
  • Right to Withdraw Consent — if we rely on consent, you can withdraw it at any time.

9.2 How to Exercise Your Rights

Making a request:

  1. Email privacy@rentrewards.io with:
    • Your full name and email address.
    • Which right you want to exercise.
    • Details of your request.
  2. We verify your identity (to protect your privacy).
  3. We respond within 1 month
    • Complex requests may take up to 3 months (we'll let you know).
    • No fee (unless clearly unfounded or excessive).
    • Provided electronically unless you request otherwise.

9.3 Fees

Usually free — we don't charge for reasonable requests. We may charge if the request is clearly unfounded or excessive.

9.4 Right to Complain

Not happy with our response? You can complain to the UK data protection authority:

Information Commissioner's Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Telephone: 0303 123 1113
Website: www.ico.org.uk
Make a complaint: www.ico.org.uk/make-a-complaint

We'd appreciate the chance to resolve your concern first, but you have the right to complain directly to the ICO at any time.

10. Cookies and Tracking

How we use cookies on the platform

Cookies are small text files stored on your device when you visit our platform. Here's how we use them:

10.1 Essential Cookies (Always On)

These are necessary for the platform to work:

  • session_id — keeps you logged in (deleted when you close your browser).
  • csrf_token — prevents security attacks (session).
  • cookie_consent — remembers your cookie preferences (12 months).

Essential cookies don't require consent because they're necessary for the service.

10.2 Analytics Cookies (Your Choice)

These help us understand how people use the platform:

  • _ga (Google Analytics) — counts visitors anonymously (2 years).
  • _gid (Google Analytics) — distinguishes users (24 hours).
  • _clck (Microsoft Clarity) — anonymous session ID (1 year).

All analytics data is anonymised and aggregated.

10.3 Managing Cookies

Through our cookie banner:

When you first visit, you'll see options to:

  • Accept All — enable all cookies.
  • Cookie Preferences — choose which types to allow.
  • Essential Only — disable all optional cookies.

Through your browser:

You can control cookies through your browser settings:

  • Chrome: Settings → Privacy and Security → Cookies.
  • Firefox: Settings → Privacy & Security → Cookies and Site Data.
  • Safari: Preferences → Privacy → Manage Website Data.
  • Edge: Settings → Cookies and site permissions.

Through analytics opt-outs:

11. Security Measures

How we protect your information

We take your security seriously. Here's how we protect your data:

11.1 Technical Security

Encryption:

  • All data transmitted uses TLS 1.3 encryption.
  • Data stored on servers uses AES-256 encryption.
  • Passwords are hashed with bcrypt (never stored in plain text).

Access controls:

  • Multi-factor authentication (2FA) available for your account.
  • Role-based access for staff (only those who need data can access it).
  • Automated session timeouts after 30 minutes.

Infrastructure security:

  • Enterprise-grade UK/EEA cloud hosting.
  • Firewall protection and intrusion detection.
  • Regular security updates (patches applied within 24 hours).
  • Penetration testing and annual external security audits.

11.2 Organisational Security

Staff security:

  • All staff sign confidentiality agreements.
  • Background checks for anyone with data access.
  • Regular data protection training (at least annually).
  • Limited access (only those who need it).

Monitoring & testing:

  • 24/7 automated security monitoring.
  • Access logs of all data access.
  • Regular security audits and compliance reviews.

11.3 Data Breach Response

If we discover a data breach:

  • We contain and investigate within 1 hour.
  • Notify ICO within 72 hours (if required by law).
  • Notify you directly without delay if there's high risk.
  • Explain what happened and steps to protect yourself.

What you should do:

  • Change your password immediately.
  • Enable 2FA if not already done.
  • Watch for suspicious activity.
  • Report concerns to privacy@rentrewards.io.

11.4 Your Role in Security

You can help protect your account:

  • Use a strong, unique password (at least 12 characters).
  • Enable two-factor authentication (2FA).
  • Keep your email secure.
  • Don't share your login credentials.
  • Log out on shared devices.
  • Report suspicious activity immediately.

11.5 Certifications & Insurance

  • ICO Registration: ZC020714 (active and compliant).
  • UK GDPR Compliant: ongoing compliance program.
  • Cyber Security Insurance: covers data breaches.
  • Professional Indemnity: covers errors and omissions.
12. Automated Decision-Making and Profiling

No automated decisions that impact your rights

We do not make automated decisions that significantly affect you without human involvement.

We don't use automated systems to:

  • Approve or deny your account.
  • Limit your access to offers.
  • Make decisions about your eligibility.
  • Profile you for purposes beyond personalisation.

12.1 What About Personalisation?

We do use simple automated systems to improve your experience:

  • Show relevant offers based on your city and previous interests.
  • Order offers on your homepage by relevance.
  • Send timely notifications about expiring deals.

This is simple personalisation, not decision-making that affects your rights.

12.2 Your Control

  • You can ignore personalised suggestions.
  • You can browse all offers regardless of recommendations.
  • You're never denied access to any offer.
  • You can opt out of personalised emails.
13. Age Restrictions and Children's Privacy

Our service is for tenants aged 18+

The Rent Rewards platform is intended for tenants aged 18 and over.

We do not knowingly collect personal data from anyone under 18.

13.1 Why 18+?

  • Standard tenancy agreements in the UK require tenants to be 18+.
  • Our platform is designed for adult tenants.
  • This simplifies compliance with children's privacy regulations.

13.2 If You're Under 18

If you're under 18 and somehow created an account:

  • Please email privacy@rentrewards.io immediately.
  • We'll delete your account and data within 24 hours.
  • You can rejoin when you turn 18 (if you're a tenant then).

13.3 If You're a Parent

If you believe your child under 18 has created an account:

  • Contact us at privacy@rentrewards.io.
  • Provide proof of your parental relationship.
  • We'll immediately delete the account and all data.
14. Changes to This Privacy Policy

How we'll tell you about policy changes

We may update this Privacy Policy from time to time.

14.1 How We Notify You

Material changes (significantly affecting your rights):

  • Email notification at least 30 days before changes take effect.
  • Prominent notice when you log in.
  • Summary of key changes in simple language.

Minor changes (clarifications, formatting, examples):

  • Update "last updated" date at the top.
  • Publish the updated policy on our website.

14.2 Your Options

If you don't agree with material changes, you can:

  • Contact us with concerns at privacy@rentrewards.io.
  • Object to specific changes.
  • Close your account before changes take effect.
  • Request deletion of your data.
15. Additional Information

Links, social media, and other details

15.1 Links to Other Websites

When you click on offers, you'll visit brand partner websites. This Privacy Policy doesn't apply to those sites.

Before purchasing:

  • Check the brand's privacy policy.
  • Understand how they'll use your data.
  • You're providing data directly to them, not to us.

15.2 Social Media

We may have social media profiles (e.g. Facebook, Instagram, X (Twitter), LinkedIn). When you interact with us on social media:

  • The social media platform's privacy policy applies.
  • They control how they process your data.
  • We only see what you publicly share or send us.
16. Contact Us

How to reach us about your data

Got questions? Concerns? Want to exercise your rights? We're here to help.

16.1 Data Protection Queries

Data Protection Officer: Gillian Malone-Johnstone
Email: privacy@rentrewards.io
Response time: within 1 business day for urgent matters.

Use this email for:

  • Data subject access requests (getting a copy of your data).
  • Deletion requests.
  • Corrections to your data.
  • Privacy questions.
  • Data breach concerns.
  • Opt-out requests.
  • Complaints about data handling.

16.2 Our Details

  • Full Legal Name: Rent Rewards Ltd
  • Company Number: 16755649
  • ICO Registration: ZC020714
  • Registered Office: 3rd Floor, 86-90 Paul Street, London EC2A 4NE, England
  • Website: rentrewards.io

16.3 Complaints Authority

Not happy with our response? You can complain to:

Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Telephone: 0303 123 1113
Website: www.ico.org.uk
Make a complaint: www.ico.org.uk/make-a-complaint
Email: casework@ico.org.uk

We'd appreciate the chance to resolve your concern first, but you have the right to complain to the ICO at any time.

Making Every Tenancy a Little Richer — Safely and Securely

Thank you for taking the time to read our Privacy Policy. We're committed to:

  • Protecting your privacy — minimal data collection, strong security.
  • Being transparent — clear explanations, no hidden surprises.
  • Giving you control — easy access, correction, and deletion.
  • Respecting your choices — opt-in marketing, no spam.
  • Staying compliant — full UK GDPR compliance, ICO registered.

Questions? Email privacy@rentrewards.io — we're happy to help.

Version: 2.0 Last Updated: 1st October 2025 © 2025 Rent Rewards Ltd. All rights reserved. Company Number: 16755649 | ICO Registration: ZC020714