Property Services Privacy Notice
Landlords, Tenants, Guarantors and Contractors
Controller
Norale Property Solutions Ltd (Company No. 15046928)
Registered office: 3rd Floor, 86–90 Paul Street, London EC2A 4NE
Data protection contact: [email protected]
For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, Norale Property Solutions Ltd is the data controller for the processing described in this notice.
Purpose of this notice
This Privacy Notice explains how we collect, use, store and share personal data when providing property-related services, including lettings, move-in support, rent collection, property management and compliance renewal services.
It applies to:
landlords and prospective landlords
tenants, prospective tenants and occupiers (aged 18+)
guarantors
authorised representatives
contractors and suppliers
What data we collect
Identity and contact data
Name, date of birth, addresses, email address, telephone number, nationality, photographic identification.
Tenancy and occupation data
Application status, household composition (adults/children), move-in and move-out details, tenancy terms, rent, deposit details, arrears status, notices served.
Referencing and affordability data
Employment details, income information, bank details you provide for rent collection or disbursement, credit and fraud-prevention results (via referencing agencies), previous landlord or agent references.
Right to Rent data
Copies of immigration status documents and records of checks carried out for adult occupiers, where required by law.
AML, PEP and sanctions data
Identity verification, beneficial ownership information (for landlords and companies), politically exposed person (PEP) indicators and financial sanctions screening outcomes, where legally required.
Compliance and property records
Safety certificates (EPC, EICR, Gas Safety), inspection notes and photographs, maintenance records, contractor quotes, invoices, warranties, and property licensing information (e.g. HMO or selective licensing).
Utilities and council tax data
Meter readings, supplier details, and move-in/move-out notifications.
Communications
Emails, messages and limited call notes or recordings where applicable.
Special category and criminal-offence data
Only where necessary and lawful:
health information voluntarily provided for reasonable adjustments
criminal-offence data obtained via accredited agencies for fraud prevention or where required by law
We do not routinely process children’s personal data. Where household details include under-18s (for occupancy purposes only), we record minimal information provided by the adult applicant.
Where data comes from
You (forms, contracts, emails, telephone calls and checks)
Joint applicants, guarantors or authorised representatives
Referencing and credit agencies
AML, PEP and sanctions screening providers
Deposit protection schemes
Previous landlords or agents
Utility providers and local authorities
Banks and payment processors
Professional advisers
Public sources such as the Land Registry or Companies House, where relevant
How and why we use your data (lawful bases)
Purpose | Examples | Lawful basis |
|---|---|---|
Providing property services | Referencing, agreements, deposit protection, rent collection, maintenance, inspections | Contract (Article 6(1)(b)) |
Legal and regulatory compliance | Right to Rent, AML, sanctions, tax, client money protection, accounting | Legal obligation (Article 6(1)(c)) |
Fraud prevention and safeguarding | Arrears recovery, complaints handling, audit trails | Legitimate interests (Article 6(1)(f)) |
Service updates to existing clients | Relevant service communications | Legitimate interests / soft opt-in |
Special category data (rare) | Reasonable adjustments | Explicit consent or legal basis |
Criminal-offence data (rare) | Fraud prevention checks | Authorised by law with safeguards |
If you do not provide data required by law or to perform a contract, we may be unable to proceed with services.
Who we share data with
We may share personal data with:
Service providers and processors under contract, including referencing agencies, AML/PEP/sanctions providers, e-signature platforms, CRMs, document storage providers, payment processors, deposit protection schemes, contractors, IT and security providers
Third parties where necessary, such as utilities, councils, insurers, professional advisers, courts, tribunals, law enforcement, HMRC and other regulators
Client money protection providers, redress schemes and relevant regulatory bodies, where required to evidence compliance, protect client funds, investigate complaints or meet statutory or membership obligations
We only share personal data where it is necessary, lawful and proportionate.
A list of key processors is available on request.
International transfers
Some service providers may process data outside the UK or EEA. Where this occurs, we use appropriate safeguards such as UK International Data Transfer Agreements (IDTAs) or EU Standard Contractual Clauses with the UK Addendum, alongside technical and organisational measures.
Where required, we carry out transfer risk assessments and implement additional safeguards to ensure an equivalent level of protection.
How long we keep data
Tenancy and management records: generally 6 years after services end
Right to Rent records: duration of tenancy plus at least 1 year
AML and customer due-diligence records: 5 years from end of relationship
Financial records: 6 years for tax purposes
Utilities and council notifications: typically 2 years after move-out
Call recordings (if used): typically 6–12 months, unless required longer
Security
We apply proportionate administrative, technical and physical safeguards, including role-based access, encryption where supported, multi-factor authentication for admin access, staff training and supplier due diligence.
No system is completely secure; we act promptly on suspected data incidents.
Your rights
You have rights to access, rectify, erase (where applicable), restrict or object to processing, and to data portability where relevant. You may withdraw consent at any time where consent is relied upon.
To exercise your rights, contact: [email protected]
You also have the right to complain to the Information Commissioner’s Office (ICO):
https://ico.org.uk/
AML, sanctions and “tipping off”
We may be legally required to conduct AML and sanctions checks. Where a report is required, we must not disclose this to the subject (“tipping off”), and this may limit what we can discuss with you.
Automated decision-making
We do not make decisions solely by automated means that produce legal or similarly significant effects. Referencing agencies may use automated scoring; human review can be requested.
Changes to this notice
We may update this notice to reflect legal or operational changes. The latest version will be available on our website or on request.
Service-specific notes
Let Only / Move-In Support: applicant and guarantor checks, Right to Rent, referencing, deposit protection, compliance packs and utility notifications
Rent Collection: rent receipts, arrears management, statements and payments
Property Management: maintenance, inspections, contractor coordination, licensing and compliance administration
Compliance Renewal: monitoring and renewal of EPC, EICR and Gas Safety certificates, and related remedial works where approved
Last updated: 28/12/2025