Behind The Agent Limited respects the privacy of our customers, employees, prospective employees, our business partners and all visitors to our Website.

Our privacy policy describes the information that we collect, outlines how we obtain that information and describes how we may use or disclose that information. It also describes the measures we take to protect your information and how you can contact us should you have any concerns about your privacy and our use of your personal data.

We are aware of the sensitive nature of the data that we process on behalf of our Clients and make every effort to ensure that it is processed in a fair and legitimate manner.




Introduction

This privacy policy (Privacy Policy) sets out the ways in which Behind The Agent Limited may use your personal data.

In this Privacy Policy:

  • ‘we’, ‘us’ or ‘our’ ‘Behind The Agent’ ‘the Company’ means Behind The Agent Limited;
  • ‘the site’ means the Behind The Agent website you are visiting or engaging with; and ‘you’ and ‘your’ means you, the person engaging with us, registering for our services or visiting our site.
  • An 'Employee' is someone who is directly employed by Behind The Agent Limited.
  • A 'Client' is someone who has engaged Behind The Agent Limited to provide them with our services.
  • A 'Customer' is someone who is using our services in order to engage with one or more of our Clients.

By subscribing to our services, visiting our site, or otherwise interacting with us, we will process your personal data in accordance with this Privacy Policy.

The Data Controller

Behind The Agent Limited is registered with the Information Commissioners Office (ICO) as a data controller.

To contact us with regards to your privacy, please:

  • Write to us: Managing Director, Behind The Agent Limited, Barclay House, 380 Chester Road, Manchester, M16 9EA
  • Email us: privacy@behindtheagent.com
  • Phone us: 0161 850 1156

Behind The Agent Limited is incorporated in England.

Our company number is: 07860149

Our registered office is: Barclay House, 380 Chester Road, Manchester, M16 9EA

Our ICO Registration Number is: ZA034051




The Information That We Gather And Store

During the course of conducting business operations, Behind The Agent Limited collects, stores and processes specific personal data including:


Employees

What Information We Collect

Personal Information relating to Current, Former and Prospective employees.

We collect the following data:

  • Full Name
  • Email Address
  • Date of Birth
  • Phone Number
  • Address and Postcode
  • CV
  • Marital Status
  • Gender
  • Vehicle Ownership
  • Passport Details
  • Bank Details
  • Next of Kin Name
  • Next of Kin Phone Number

Why We Collect That Information

The reason information is collected is for the purposes of performing human resource administration and recruitment, as well as for maintaining contact with our team and prospective job candidates in accordance with our business operations.

Where We Store That Information

This data is currently stored and backed up in secure cloud file stores hosted in our EU based data centres.

Who Has Access To That Information

Access to this information is restricted by role to key personnel to whom it relates. Please see our Data Retention & Access guide for precise specifications as to which personnel have access to specific data and why.

How Long Do We Hold That Information

We only retain your personal information for as long as is necessary, in accordance with all legal and regulatory requirements. Please see our Data Retention & Access guide for precise specifications as to how long any specific types of data will be retained and why.


Clients

What Information We Collect

Personal information regarding current, former and prospective customers and their representative’s personal data. In addition to being provided with information by you, we may also obtain information about you from your colleagues or third parties, such as our group companies, vendors and service providers.

We collect the following data:

  • Full Name
  • Company Name
  • Title
  • Phone Number
  • Work Email Address
  • Work Phone Number
  • Work Address
  • Computer Usage Details (Operating System/Browser Details/Ip Address)
  • Date of Birth
  • Bank Details

Why We Collect That Information

The main reason information is collected is for the purposes of providing services and support, maintaining customer relationships, business operations and the ongoing development of business activities. Additional reasons for collecting your data are provided below.

You agree that we are entitled to obtain, use and process the information you provide to us to enable us to discharge the Services (as defined in our Letter of Engagement and supporting Schedules) and for other related purposes including:

  • Updating and enhancing client records
  • Analysis for management purposes
  • Carrying out credit checks in relation to you
  • Statutory returns
  • Legal and regulatory compliance
  • Crime & Fraud Protection

We collect information about you when you fill in any of our forms, for example on our website ie sending an enquiry, signing up for an event, filling in a survey, giving feedback ,Formsite Forms, Google Forms, etc. Website usage information is collected using cookies.

We take your privacy seriously and will only use your personal information to provide the Services you have requested from us, detailed in your Letter of Engagement and supporting Schedules and as we have identified above. We will only use this information subject to your instructions, data protection law and our duty of confidentiality.

For Business to Business Clients and Contacts our lawful reason for processing your personal information will be “legitimate interests”. Under “legitimate interests” we can process your personal information if: we have a genuine and legitimate reason and we are not harming any of your rights and interests.

For Business to Consumer Clients and Contacts our lawful reason for processing your personal information will be “A contract with the individual” eg to supply goods and services you have requested, or to fulfil obligations under an employment contract. This also includes steps taken at your request before entering into a contract.

We may receive personal data from you for the purposes of our money laundering checks, such as a copy of your passport. This data will only be processed for the purposes of preventing money laundering and terrorist financing, or as otherwise permitted by law or with your express consent.

Our work for you may require us to pass your information to our third-party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing the Services to you on our behalf. However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the Services and we have contracts in place that requires them to keep your information secure and not to use it for their own direct marketing purposes.

We collect information to process your enquiry, deal with your event registration, to fulfil, give advice based on survey data and improve our services. If you agree, we will also use this information to share updates with you about our services which we believe may be of interest to you. We will not share your information for marketing purposes with companies so that they may offer you their products and services.

As part of the services offered to you through us, the information which you give to us may be transferred to countries outside the European Union (“EU”). For example, some of our third-party providers may be located outside of the EU. Where this is the case we will take steps to make sure the right security measures are taken so that your privacy rights continue to be protected as outlined in this policy. By submitting your personal data, you’re agreeing to this transfer, storing or processing. Where our third-party supplies are in the US we have ensured that their services fall under the “Privacy Shield” whereby participating companies are deemed to have adequate protection and therefore facilitate the transfer of information from the EU to the US. If, in providing you with our services, it becomes necessary to transfer your data outside the EU we will request your consent before the transfer occurs.

If you use our services while you are outside the EU, your information may be transferred outside the EU to give you those services.

Where We Store That Information

This data is currently stored and backed up in secure cloud file stores hosted in our EU based data centres.

Who Has Access To That Information

Access to this information is restricted by role to key personnel to whom it relates, such as your Account Manager. Please see our Data Retention & Access guide for precise specifications as to which personnel have access to specific data and why.

How Long Do We Hold That Information

We only retain your personal information for as long as is necessary, in accordance with all legal and regulatory requirements. Please see our Data Retention & Access guide for precise specifications as to how long any specific types of data will be retained and why.


Customers

What Information We Collect

Personal information relating to third parties, including Vendors, Tenants, Guarantors, partners and service providers, and their personnel.

We collect the following data:

  • Name, email and telephone numbers
  • Personal/background information including occupation/status as provided through our Application Forms
  • Bank Details (if required)
  • Verification & Credit Status
  • Right To Rent ID such as copies of Passports, Driving Licenses and Residency Permits
  • Deposit (if any) and return on tenancy termination
  • Tenancy Details including Renewals, Joint Tenants, Other Residents and Guarantors
  • Immigrations/Right To Rent Checks (England Only)
  • Complaints (if any)
  • Communications between you and ourselves
  • Website Access Details

Why We Collect That Information

This is done in order to process your information on behalf of one of our clients in order to ensure that we meet our contractual obligations with them and to ensure that all work carried out on their behalf is in compliance with Government requirements. Reasons we would would process your data are include but are not limited to:

  • Processing an application to rent a property managed by one of our Clients
  • Managing Rental Arrears
  • Preparation of Court Documents
  • Serving Statutory Notices (such as a Section 21 Notice, Section 8 Notice or Section 41 Notice)
  • Arranging Repairs
  • Crime & Fraud Protection

All data processed will be held the utmost confidence and will only be accessed when there is a specific business requirement. We do not store your personal data when we are not activly processing it for a legitimate reason. Any information we collect will be processed in a timely fashion before being passed on to our Client, on whos behalf we are carrying out the processing in accordance to our Service Agreement with said client. Once we have completed processing your information it is removed from our systems in accordance with the requirements set out by the GDPR and the ICO.

Full details of how we process your information can be found below (Data Uses & Sharing) and information relating to what information we store after completion of our initial processing can be found in our Data Retention & Access guidance notes.

Where We Store That Information

This data is currently stored and backed up in secure CRM databases and cloud storage hosted in our EU based data centres.

Who Has Access To That Information

Access to this information is restricted by role to key personnel to whom it relates, such as your Account Manager. Please see our Data Retention & Access guide for precise specifications as to which personnel have access to specific data and why.

How Long Do We Hold That Information

We only retain your personal information for as long as is necessary, in accordance with all legal and regulatory requirements. Please see our Data Retention & Access guide for precise specifications as to how long any specific types of data will be retained and why.




How We Collect & Use Your Data

We process your data on behalf of our Clients in order to provide them with Paperwork and Bookeeping services that we have agreed with them in our Service Level Agreement(s). We only ever process your data in a manner that you have consented to, although not consenting to some of the uses for your data may mean that our Client may not be able to provide you with the services you require (such as if you were to not consent to a timely credit check, you would not be able to pass referencing to be a tenant or stand as a guarantor). If you were to not consent in this manner, we would contact you in order to make you aware of the effect that not consenting will have on the work we are processing for our Client, and attempt to gain consent in order to complete our work.

We use Formsite as our secure online form provider when we send out application forms to our Employees, Clients and Customers. Via this form you can also choose to upload any documents that we may require when performing work on your behalf, this is then automatically uploaded to our secure cloud based file storage whilst we process your data. After we have completed processing your data for its intended purpose it is then held in accordance with our Record Retention policy (which can be found below) and when we have no further legitimate interest in your data we securely delete it from our systems in compliance with the GDPR.

Employees

Data Collected Means of Collection Reason for Processing
Full Name Application Form Identifying Employee
Email Address Application Form Communicating With Employee
Date of Birth Application Form Identifying Employee
NI Number Application Form Identifying Employee/Payroll Functions
Phone Number Application Form Communicating With Employee
Address & Postcode Application Form Identifying Employee/Communicating With Employee
CV & Covering Letter Email & Via Our Recruitment Partners Assessing an employee's suitability for a given role
Vehicle Ownership Application Form Assessing an employess suitability for a role
Passport Details Copy of Passport (if available) Identification of Employee and proving their 'Right to Work' in the UK according to UK Home Office regulations
Other 'Right To Work' Documentation Direct from Employee Identification of Employee and proving their 'Right to Work' in the UK according to UK Home Office regulations
Bank Details Direct from Employee Enables Employee to paid wages via direct bank transfer
Next Of Kin Name Application Form Allows for a point of contact in the event of an emergency
Next Of Kin Phone Number Application Form Allows for a point of contact in the event of an emergency
Application Forms Secure Online Form Provider Assessing the suitability of a Candidate for an particular role within the company
Payroll Records Generated during Payroll run Details the payments made to a given Employee
Contract of Employment Direct from Employee Signed Contract of Employment
Confidentiality Letter Direct from Employee Forms part of an Employees agreements with the company when taken on

Clients

Data Collected Means of Collection Reason for Processing
Full Name Direct From Client Identification of client
Company Name Direct From Client Identification of client
Title Direct From Client Identification of client
Date of Birth Direct From Client Identification of client
Work Office Adderss Direct From Client Identification of/Communication with client. Allows for written communication to be sent
Work Email Address Direct From Client Identification of/Communication with client. Allows for electronic communication to be sent
Phone Number(s) Direct From Client Identification of/Communication with client. Allows for telephone communication to be sent
Client Contract/Service Level Agreement Direct From Client Signed on taking up service, this document allows both parties to know the terms of the business agreements that they have entered into

Customers

Data Collected Means of Collection Reason for Processing
Full Name Application Form Required as part of confirmation of identity and in order to be able to draft contracts on behalf of our Clients
Date Of Birth Application Form Required as part of confirmation of identity and in order to ascertain whether you are of legal age to enter a contract
National Insurance Number Application Form Required as part of confirmation of identity and in order to obtain an employment reference.
Citizenship Status Application Form Required as part of confirmation of Right to Rent, and to acertain if any additional documents may be required
Telephone Number(s) Application Form Required in order to allow contact with yourselves
Email Address Application Form Required in order to allow contact with yourselves and the issuance of an electronic contract
Current Residential Status Application Form Required in order to assess whether a Previous Landlord's reference will be required
Current Employment Status Application Form Required in order to assess whether an employment reference will be required
Whether or not you smoke Application Form Required in order to assess suitability for a given property
Whether or not you own pets Application Form Required in order to assess suitability for a given property
Details of children who will be living with you Application Form Required in order to assess suitability for a given property. It is important to note that the information we require is limited to the number of children that will be living with you and their ages, to ensure that the property being offered is a suitable environment for children of a given age
Credit history Application Form Required in order to assess affordability and suitability for a given property
Next of Kin Details Application Form Required as a point of contact in case of emergancies/unforseen circumstances during the application process or any resulting tenancy
Employment Details Application Form Required in order to assess affordability for a given property
Self Employment Details Application Form Required in order to assess affordability for a given property
Payroll Number Application Form Required in order to gain an employment reference from your employer. Whilst this is not always required, larger companies often ask for your payroll number in order to issue us with a reference as they may have multiple members of staff with the same or similar name
Gross Salary/Earnings Application Form Required in order to assess affordability for a given property
Details of Study Application Form Required in order to prove student status if letting a property as a student
Details of Pension Application Form Required in order to assess affordability if you are a retired individual
3 Years of Address History Application Form Required in order to compile an accurate credit report, ensuring that the subject of the report is indeed the person we are searching for
Photo ID Direct Upload To Secure Cloud Storage or Email Required as part of the UK Home Office's 'Right to Rent' legistlation.
Proof of Address Direct Upload To Secure Cloud Storage or Email Required as part of the UK Home Office's 'Right to Rent' legistlation
Additional Right to Rent Documents (if Required) Direct Upload To Secure Cloud Storage or Email Required as part of the UK Home Office's 'Right to Rent' legistlation
Consent To Reference Form Direct Upload To Secure Cloud Storage or Email Required in order to gain Employment and Previous Landlord references, enabling your employer/previous landlord to release the required information to us
Employment Reference Direct From Your Employer, via Email or Post Required in order to assess affordability for a given property
Self Employment Accountants Reference Direct From Your Accountant, via Email or Post Required in order to assess affordability for a given property
Pension Statment Direct From Your Pension Provider, via Email or Post Required in order to assess affordability for a given property
Previous Landlords Reference Direct From Your Previous Landlord, via Email or Post Required in order to assess affordability and suitability for a given property
Credit Report Direct From Credit Reference Agency (Barbon Insurance Limited) Required in order to assess affordability and suitability for a given property
Bank Details Direct From You, via Email or Phone This information is not collected by ourselves by default, however should a payment need to be made to yourself for any reason, we may request this information from you so that we can make said payment.

Once we have processed your data collected on behalf of our Client, we will then pass the collected data to our Client (your Lettings Agent) in order for them to make their final decision as to whether or not you are suitable for, or to stand as guarantor for, a particular tenancy. Once your data has been transferred to our client, in the manner descibed below, we securely delete and/or destroy and data that we no longer require for a legal purpose (please see Data Retention for more details).




How & Why We Share Customer Data With Our Clients

If you are using our services in order to take up an offer of a property from one of our Clients, we will share the information that we collect about you with our Client so that they can lawfully execute the contract that you are entering into with them.

We share this information with them for a number of reasons, which are detailed below, but we at Behind The Agent ensure that the data is passed on to them in an accurate and impartial fashion to allow our Client the opportunity to review and approve all applications.


Data Shared Transfer Mechanism Purpose
Application Forms Direct Transfer To Secure Client Cloud Storage Allows the Client to prove due dilligance has been performed before the commencement of a let. This document will be passed to your agent as part of the approval process for your let.
Photo ID Direct Transfer To Secure Client Cloud Storage Allows the Client to store a copy of Photo ID as part of their Right to Rent checks, as required by the UK Home Office. This document will be passed to your agent as part of the approval process for your let.
Proof Of Address Documents Direct Transfer To Secure Client Cloud Storage Allows the Client to store a copy of Photo ID as part of their Right to Rent checks, as required by the UK Home Office. This document will be passed to your agent as part of the approval process for your let.
Additional Right To Rent Documents (If Applicable) Direct Transfer To Secure Client Cloud Storage In some cases, normally if you are a foreign national, further documents are required to prove your Right to Rent in the UK. If this is the case we will pass these documents to your Agent in the same manner as your Photo ID and Proof of Address Documents. Having these documents on file is a requirement laid out by the UK Home Office. This document will be passed to your agent as part of the approval process for your let.
Student Documents (If Applicable) Direct Transfer To Secure Client Cloud Storage If you are a student we will collect a copy of your confirmation of study letter and Student ID and Council Tax Exemption form that your insitution has issued you at the beginning of your course. This will be passed to your agent as part of the approval process for your let. This allows the Agent to show due dilligance has been completed before your let, and it means that you will not require a employment reference to be approved to let a property.
Benefits Documentation (If Applicable) Direct Transfer To Secure Client Cloud Storage If you are in reciept of Benefits from the goverment, these will affect the amount of money you recieve above and beyond any earnings each month. As such if you are in reciept of benefits the proof of this will be sent to your Agent (our Client) in order to allow them to properly assess your affordability, and later show that due dilligance has been performed before commencement of your let.
Employment Reference (If Applicable) Direct Transfer To Secure Client Cloud Storage In most cases we will have collected an Employment Reference from your employer in order to complete the Affordability Assessment that we compile for your Agent (our Client) before commencement of your tenancy. This will be provided to your Agent as part of the approval process for your let.
Accountants Reference (If Applicable) Direct Transfer To Secure Client Cloud Storage If you are self-employed, we will not be able to complete a standard Emplyment Reference. Instead we will seek a statement from your personal accountant that shows your average income for the past two years to base our Affordability Assesment on. In these instances, this will be provided to your Agent (our Client) in the same way we would normally send an Employment Reference.
Previous Landlord Reference (If Applicable) Direct Transfer To Secure Client Cloud Storage If you have previously let a property, we will endevour to collect a reference from your previous Landlord. This helps to show your suitability for a property and is sent to your Agent (our Client) and forms part of their due dilligance before commencement of a let.
Proof of Property Ownership (If Applicable) Direct Transfer To Secure Client Cloud Storage In some cases we will check to see if you are a property owner, either if you are applying to let a property or more frequently if you are applying to stand as a guarantor in order to prove that you have the assets to cover the cost of any outstanding rent in the event of something unforseen occuring during the tenancy. This information is collected from the UK Land Registry and an official copy of the register will be sent to your Agent (our Client) before they approve any tenancy that might require such a check be completed.
Our Compiled Credit and Affordability Assesment Direct Transfer To Secure Client Cloud Storage Allows the Client to prove due dilligance has been performed before the commencement of a let. This is sent to your Agent before your let has been confirmed to afford them a chance to review your application and have the relevant information base their final decision for your suitability for a particular let.
Summary of Personal Information Directly Entered Into Client's Secure CRM We enter a summary of your personal information (Name, date of birth, next of kin, contact information) into our Client's CRM when your application is approved as part of creating your Tenancy.
Emails (Containing Personal Information) Direct Transfer To Secure Client Cloud Storage Once a let has been confirmed we will export any emails that contain relevant information (such as requests for additional contract clauses etc) that we have recieved directly from our email system and securely store them within your Agent's (our Client's) cloud storage system so that they can be reviewed at a later date. Once we have done this your information will be securely deleted from our email system as it has become surplus to our requirements.
Additional Emails (Non-Personal Information) Forwarded via Email System In some cases, we recieve emails from current and prospective tenants that do not contain sensitive personal information, but rather contain enquirys regarding the property they are applying for/have accepted that should be handled by your Agent (our Client) rather than ourselves. In these instances, to ensure a timely service, we will endevour to forward these to the relevant Agent (Client). In some cases, these may be returned to yourself as we have have already removed your information from our system and not be able to tell which Agent you are attempting to contact. In these instances you will be copied into the forwarded email, or recieve a respose directly requesting you contact your Agent.
Written Evidence Scanned and Directly Transferred to Secure Client Cloud Storage In rare cases some of the items that we request as part of the referencing service we offer to our Clients are submitted to us physically by postal mail. This usually takes the form of an employment reference from certain larger companies and branches of government. In these instances we scan the original document to digitise it, and once done we then treat the document the same way we would have treated an electronic submission. The original document is then securely shredded to protect your personal information from being lost or stolen.
Deposit Information Directly Transferred Into Secure Client Cloud Storage and Email System to You When you pay your deposit to your Agent, we register that deposit on their behalf with the relevant Deposit Protection Scheme on their behalf. Once we have done so we recieve from the Deposit Protection Scheme an email with two different documents that contain all the relevant information regarding your deposit. This is referred to as the Deposit Certificate and the Proscribed Information, with the certificate being required by your Agent (our Client) in order to prove that they have protected your deposit.

We never share your personal data without a legitimate reason, and if you send us too many pieces of documentary evidence when we are processing your application we will choose the most suitable documents to keep and securely delete the rest from our system immediately. In this way we ensure we only hold enough of your personal data to complete the work we are undertaking, and that the information we do hold is as accurate and up to date as possible.




Data Retention

This section of our Privacy Policy sets out the obligations of Behind The Agent Limited regarding retention of personal data collected, held, and processed by the Company in accordance with EU Regulation 2016/679 General Data Protection Regulation (“GDPR”).

The GDPR defines “personal data” as any information relating to an identified or identifiable natural person (a “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

The Company only ever retains records and information for legitimate or legal business reasons and always complies fully with EU data protection laws, guidance and best practice.

In this section you will find our policy as to type(s) of personal data held by the Company, the period(s) for which that personal data is to be retained, the criteria for establishing and reviewing such period(s), and when and how it is to be deleted or otherwise disposed of.

We do this because The GDPR impose obligations on the Company, as a Data Controller, to process personal data in a fair manner which notifies data subjects of the purposes of data processing and to retain the data for no longer than is necessary to achieve those purposes.

The Company’s objectives and principles in relation to Data Retention are to:

  • Set out limits for the retention of personal data and ensure they are complied with
  • Ensure the Company complies fully with its obligation and rights of data subjects under the GDPR
  • Ensure the safe and secure disposal of confidential data and information assets
  • Ensure that records and documents are retained for the legal, contractual and regulatory period stated in accordance with each bodies rules or terms.
  • Mitigate against risks or breaches in relation to confidential information

This policy applies to all persons within the Company (meaning permanent, fixed term, temporary staff and sub-contractors engaged with the Company). Adherence to this policy is mandatory and non-compliance could lead to disciplinary or contractual action.

Responsibilities

Heads of departments and information asset owners have overall responsibility for the management of records and data generated by their departments' activities, namely to ensure that the records created, received and controlled within the purview of their department, and the systems (electronic or otherwise) and procedures they adopt, are managed in a way which meets the aims of this policy.

Where a Data Protection Officer (DPO) has been designated, they must be involved in any data retention processes and records or all archiving and destructions must be retained. Individual employees must ensure that the records for which they are responsible are complete and accurate records of their activities, and that they are maintained and disposed of in accordance with the Company's protocols.

General Data Protection Regulation (GDPR)

The Company needs to collect personal information about job applicants, the people we employ, work with or have a business relationship with to effectively and compliantly carry out our everyday business functions and activities, and to provide the services defined by our business type. This information can include but is not limited to, name, address, email address, date of birth, identification number, private and confidential information, sensitive information and bank details.

In addition, we may occasionally be required to collect and use certain types of personal information to comply with the requirements of the law and/or regulations, however we are committed to collecting, processing, storing and destroying all information in accordance with the General Data Protection Regulation, EU data protection law and any other associated legal or regulatory body rules or codes of conduct that apply to our business and/or the information we process and store.

Guidelines & Procedures

The Company retains data records efficiently and systematically, in a manner consistent with the GDPR requirements.

Records will be retained to provide information about, and evidence of the Company’s transactions, customers, employment and activities.

Retention schedules will govern the period that records will be retained and can be found in the Record Retention Periods table at the end of this document.

Rentention Period Protocols

All company and employee information is retained, stored and destroyed in line with legislative and regulatory guidelines.

For all data and records obtained, used and stored within the Company, we:

  • Carry out periodical reviews of the data retained, checking purpose, continued validity, accuracy and requirement to retain
  • Establish periodical reviews of data retained
  • Establish and verify retention periods for the data, with special consideration given in the below areas:
    • the requirements of the Company
    • the type of personal data
    • the purpose of processing
    • lawful basis for processing of the categories of data subjects
  • Where it is not possible to define a statutory or legal retention period, as per the GDPR requirement, the Company will identify the criteria by which the period can be determined and provide this to the data subject on request and as part of our standard information disclosures and privacy notices
  • Have processes in place to ensure that records pending audit, litigation or investigation are not destroyed or altered

Suspension of Record Disposal for Litigation or Claims

If the Company is served with any legal request for records or information, any employee becomes the subject of an audit or investigation or we are notified of the commencement of any litigation against our Company, we will suspend the disposal of any scheduled records until we are able to determine the requirement for any such records as part of a legal requirement.

Storage & Access of Records and Data

Documents are always retained in a secure location, with authorised personnel being the only ones to have access. Once the retention period has elapsed, the documents are reviewed, archived or confidentially destroyed dependant on their purpose.

The method in which you have submitted documents to ourselves directly affects the manner in which they are stored. Any documents we recieve via postal mail (in a physical form, such as printed contracts or hand filled in application forms etc.) are scanned and saved to our secure cloud storage whilst we process your data, whilst the original document submitted to us is stored in a securely locked filing cabinet. If documents are submitted to ourselves in a solely electronic format, these will be saved to our secure cloud storage whilst we process them without the need to produce/store physical copies.

Expiration of Retention Period

Once a record or data has reached its designated retention period date, we will then proceed to destroy the data as long as there is no current legal reason to keep the information.

Destruction and Disposal of Records & Data

All information of a confidential or sensitive nature on paper or electronic media must be securely destroyed when it is no longer required. This ensures compliance with the Data Protection laws and the duty of confidentiality we owe to our employees, clients and customers. Staff are trained and advised accordingly on the procedures and controls in place.

Paper Records

Due to the nature of our business, the Company retains paper based personal information and as such, has a duty to ensure that it is disposed of in a secure, confidential and compliant manner. Employee shredding machines are made available in all offices.

Electronic & IT Records and Systems

The Company uses numerous systems, computers and technology equipment in the running of our business. From time to time, such assets must be disposed of and due to the information held on these whilst they are active, this disposal is handled in an ethical and secure manner. The deletion of electronic records must be organised in conjunction with the IT Department who will ensure the removal of all data from the medium so that it cannot be reconstructed.

Internal Correspondence and General Memoranda

Unless otherwise stated in this policy or the retention periods register, correspondence and internal memoranda should be retained for the same period as the document to which they pertain or support (i.e. where a memo pertains to a contract or personal file, the relevant retention period and filing should be observed). Where correspondence or memoranda that do not pertain to any documents having already be assigned a retention period, they should be deleted or shredded once the purpose and usefulness of the content ceases.

Erasure

In specific circumstances, data subjects’ have the right to request that their personal data is erased, however the Company recognise that this is not an absolute ‘right to be forgotten’. Data subjects only have a right to have personal data erased and to prevent processing if one of the below conditions applies:

  • Where the personal data is no longer necessary in relation to the purpose for which it was originally collected/processed
  • When the individual withdraws consent
  • When the individual objects to the processing and there is no overriding legitimate interest for continuing the processing
  • The personal data was unlawfully processed
  • The personal data must be erased in order to comply with a legal obligation

Special Category Data

In accordance with GDPR requirements, organisations are required to have and maintain appropriate policy documents and safeguarding measures for the retention and erasure of special categories of personal data and criminal convictions etc. Our methods and measures for destroying and erasing data are noted in this policy and apply to all forms of records and personal data.

Compliance & Monitoring

The Company are committed to ensuring the continued compliance with this policy and any associated legislation and undertake regular audits and monitoring of our records, their management, archiving and retention.

Retention Periods

As stated above, and as required by law, the Company shall not retain any personal data for any longer than is necessary in light of the purpose(s) for which that data is collected, held, and processed.




Employees

Data Type Retention Period Reason for Collection Who Has Access Security GDPR Reason Final Disposition
Full Name 2 Years After Leaving Employment To uniquely identify an employee Employee (Data Subject), Line Manager, Recruiting Manager, HR Department Locked Filing Cabinet & UK/EU Hosted Secure Cloud Storage Legal Confidential shredding and/or secure deletion
Email Address 2 Years After Leaving Employment To uniquely identify an employee and allow communication by email Employee (Data Subject), Line Manager, Recruiting Manager, HR Department Locked Filing Cabinet & UK/EU Hosted Secure Cloud Storage Legal Confidential shredding and/or secure deletion
Date of Birth 2 Years After Leaving Employment To uniquely identify an employee Employee (Data Subject), Line Manager, Recruiting Manager, HR Department Locked Filing Cabinet & UK/EU Hosted Secure Cloud Storage Legal Confidential shredding and/or secure deletion
NI Number 2 Years After Leaving Employment To uniquely identify an employee Employee (Data Subject), Line Manager, Recruiting Manager, HR Department Locked Filing Cabinet & UK/EU Hosted Secure Cloud Storage Legal Confidential shredding and/or secure deletion
Phone Number 2 Years After Leaving Employment To uniquely identify an employee and allow communication by phone Employee (Data Subject), Line Manager, Recruiting Manager, HR Department Locked Filing Cabinet & UK/EU Hosted Secure Cloud Storage Legal Confidential shredding and/or secure deletion
Address & Postcode 2 Years After Leaving Employment To uniquely identify an employee and allow communication by post Employee (Data Subject), Line Manager, Recruiting Manager, HR Department Locked Filing Cabinet & UK/EU Hosted Secure Cloud Storage Legal Confidential shredding and/or secure deletion
CV & Covering Letter 2 Years After Leaving Employment/2 Years after unsuccessful application To uniquely identify an employee Employee (Data Subject), Recruiting Manager, HR Department Locked Filing Cabinet & UK/EU Hosted Secure Cloud Storage Legal Confidential shredding and/or secure deletion
Vehicle Ownership 2 Years After Leaving Employment To uniquely identify an employees vehicle if they are required to drive as part of their role Employee (Data Subject), Recruiting Manager, HR Department Locked Filing Cabinet & UK/EU Hosted Secure Cloud Storage Legal Confidential shredding and/or secure deletion
Passport Details/Copy of Passport 2 Years After Leaving Employment/2 Years after unsuccessful application To establish an employees 'Right to Work' in the UK Employee (Data Subject), Recruiting Manager, HR Department Locked Filing Cabinet & UK/EU Hosted Secure Cloud Storage Legal Confidential shredding and/or secure deletion
Other 'Right to Work' Documentation 2 Years After Leaving Employment/2 Years after unsuccessful application To establish an employees 'Right to Work' in the UK Employee (Data Subject), Recruiting Manager, HR Department Locked Filing Cabinet & UK/EU Hosted Secure Cloud Storage Legal Confidential shredding and/or secure deletion
Bank Details 2 Years After Leaving Employment To enable payment of wages, etc. to employee Employee (Data Subject), HR Department Locked Filing Cabinet/UK/EU Hosted Secure Cloud Storage Legal Confidential shredding and/or secure deletion
Next Of Kin Name 2 Years After Leaving Employment Emergency Contact Details Employee (Data Subject), Line Manager, HR Department Locked Filing Cabinet & UK/EU Hosted Secure Cloud Storage Consent Confidential shredding and/or secure deletion
Next Of Kin Phone Number 2 Years After Leaving Employment Emergency Contact Details Employee (Data Subject), Line Manager, HR Department Locked Filing Cabinet & UK/EU Hosted Secure Cloud Storage Consent Confidential shredding and/or secure deletion
Application Materials (Forms, references etc. that have been submitted to apply for a position within the company) 2 Years After Leaving Employment Assess suitability for a given role within the company Employee (Data Subject), Recruiting Manager, HR Department Locked Filing Cabinet & UK/EU Hosted Secure Cloud Storage Consent Confidential shredding and/or secure deletion
Interview Questions & Notes 2 Years After Leaving Employment Assess suitability for a given role within the company Employee (Data Subject), Recruiting Manager, HR Department Locked Filing Cabinet & UK/EU Hosted Secure Cloud Storage Consent Confidential shredding and/or secure deletion
Recruitment Consent Form 2 Years After Leaving Employment Assess suitability for a given role within the company Employee (Data Subject), Recruiting Manager, HR Department Locked Filing Cabinet & UK/EU Hosted Secure Cloud Storage Consent Confidential shredding and/or secure deletion
Payroll Records 7 Years After Leaving Employment Allow payments to be processed and made Employee (Data Subject), HR Department Locked Filing Cabinet & UK/EU Hosted Secure Cloud Storage Legal Confidential shredding and/or secure deletion
Redundancy Details, Calculations of Payments & Refunds 7 Years After Date of Redundancy Allow processing and recording of redundancy Employee (Data Subject), HR Department Locked Filing Cabinet & UK/EU Hosted Secure Cloud Storage Legal Confidential shredding and/or secure deletion
Sickness Certificates (Doctor & Self-Certify) 6 Years Allow processing and recording of sick leave Employee (Data Subject), HR Department Locked Filing Cabinet & UK/EU Hosted Secure Cloud Storage Legal Confidential shredding and/or secure deletion
Employee Contract(s) Of Employment 6 Years Allow processing and recording of sick leave Employee (Data Subject), HR Department Locked Filing Cabinet & UK/EU Hosted Secure Cloud Storage Legal Confidential shredding and/or secure deletion
Confidentiality Letters For the duration of the confidentiality covenant after leaving and 6 months thereafter (in case there is a later found breach) Recording any data confidentiality contractual terms Employee (Data Subject), HR Department Locked Filing Cabinet & UK/EU Hosted Secure Cloud Storage Legal Confidential shredding and/or secure deletion
Employee Disciplinary Warnings & Investigations 9 months after expiry of warning, no less than 12 months after completion of investigation To record any disciplinary warnings issued and to make a record of any investigations that have been carried out. Employee (Data Subject), HR Department Locked Filing Cabinet & UK/EU Hosted Secure Cloud Storage Legal Confidential shredding and/or secure deletion
Employee Grievances 7 years after an upheld grievance, no less than 12 months after completion of investigation To make a record of any grievances or grievance investigations that have been carried out and a record of any agreed outcomes Employee (Data Subject), HR Department Locked Filing Cabinet & UK/EU Hosted Secure Cloud Storage Legal Confidential shredding and/or secure deletion
Employee Absence Data 12 months after leaving To record number of days absence policy monitoring Employee (Data Subject), Line Manager, HR Department Locked Filing Cabinet & UK/EU Hosted Secure Cloud Storage Legal Confidential shredding and/or secure deletion



Clients

Data Type Retention Period Reason for Collection Who Has Access Security GDPR Reason Final Disposition
Full Name 2 Years After Termination Of Contract To uniquely identify a client Account Manager, Sales Department, Support Department Locked Filing Cabinet & UK/EU Hosted Secure Cloud Storage Legal Confidential shredding and/or secure deletion
Date of Birth 2 Years After Termination Of Contract To uniquely identify a client Account Manager, Sales Department, Support Department Locked Filing Cabinet & UK/EU Hosted Secure Cloud Storage Legal Confidential shredding and/or secure deletion
Title 2 Years After Termination Of Contract To uniquely identify a client Account Manager, Sales Department, Support Department Locked Filing Cabinet & UK/EU Hosted Secure Cloud Storage Legal Confidential shredding and/or secure deletion
Company Name 2 Years After Termination Of Contract To uniquely identify a client Account Manager, Sales Department, Support Department Locked Filing Cabinet & UK/EU Hosted Secure Cloud Storage Legal Confidential shredding and/or secure deletion
Bank Details 2 Years After Termination Of Contract To allow payments to be made to a given client Account Manager, Sales Department, Support Department Locked Filing Cabinet & UK/EU Hosted Secure Cloud Storage Legal Confidential shredding and/or secure deletion
Phone Number(s) 2 Years After Termination Of Contract To allow comminicaion with a client Account Manager, Sales Department, Support Department Locked Filing Cabinet & UK/EU Hosted Secure Cloud Storage Legal Confidential shredding and/or secure deletion
Work Email Address 2 Years After Termination Of Contract To allow comminicaion with a client Account Manager, Sales Department, Support Department Locked Filing Cabinet & UK/EU Hosted Secure Cloud Storage Legal Confidential shredding and/or secure deletion
Work Office Address 2 Years After Termination Of Contract To allow comminicaion with a client Account Manager, Sales Department, Support Department Locked Filing Cabinet & UK/EU Hosted Secure Cloud Storage Legal Confidential shredding and/or secure deletion
Client Contract & Associated Data 7 Years After Termination Of Contract To allow review of contract terms and ensure they are met during the contract period, and to settle disputes that may arise regarding individual terms both during and after the contract period Account Manager, Sales Department, Support Department Locked Filing Cabinet & UK/EU Hosted Secure Cloud Storage Legal Confidential shredding and/or secure deletion



Customers

Data Type Retention Period Reason for Retention Who Has Access Security GDPR Reason Final Disposition
Application Form 2 years from end of tenancy or the date of notification for an unsuccessful application To allow for initial processing, then storage in the event of a complaint from either our Client or the Customer Referencing Department Team Members, Line Manager, Compliance Department Locked Filing Cabinet & UK/EU Hosted Secure Cloud Storage Legal Confidential shredding and/or secure deletion
Photo ID Documents 2 years from end of tenancy or the date of notification for an unsuccessful application To allow for initial processing, then storage in the event of a complaint from either our Client or the Customer Referencing Department Team Members, Line Manager, Compliance Department Locked Filing Cabinet & UK/EU Hosted Secure Cloud Storage Legal Confidential shredding and/or secure deletion
Proof of Address Documents 2 years from end of tenancy or the date of notification for an unsuccessful application To allow for initial processing, then storage in the event of a complaint from either our Client or the Customer Referencing Department Team Members, Line Manager, Compliance Department Locked Filing Cabinet & UK/EU Hosted Secure Cloud Storage Legal Confidential shredding and/or secure deletion
Right To Rent Documents 2 years from end of tenancy or the date of notification for an unsuccessful application To allow for initial processing, then storage in the event of a complaint from either our Client or the Customer Referencing Department Team Members, Line Manager, Compliance Department Locked Filing Cabinet & UK/EU Hosted Secure Cloud Storage Legal Confidential shredding and/or secure deletion
Consent To Reference Form 2 years from end of tenancy or the date of notification for an unsuccessful application To allow for initial processing, then storage in the event of a complaint from either our Client or the Customer Referencing Department Team Members, Line Manager, Compliance Department Locked Filing Cabinet & UK/EU Hosted Secure Cloud Storage Legal Confidential shredding and/or secure deletion
Employment Reference 2 years from end of tenancy or the date of notification for an unsuccessful application To allow for initial processing, then storage in the event of a complaint from either our Client or the Customer Referencing Department Team Members, Line Manager, Compliance Department Locked Filing Cabinet & UK/EU Hosted Secure Cloud Storage Legal Confidential shredding and/or secure deletion
Self Employment/Accountants Reference 2 years from end of tenancy or the date of notification for an unsuccessful application To allow for initial processing, then storage in the event of a complaint from either our Client or the Customer Referencing Department Team Members, Line Manager, Compliance Department Locked Filing Cabinet & UK/EU Hosted Secure Cloud Storage Legal Confidential shredding and/or secure deletion
Pension Statement 2 years from end of tenancy or the date of notification for an unsuccessful application To allow for initial processing, then storage in the event of a complaint from either our Client or the Customer Referencing Department Team Members, Line Manager, Compliance Department Locked Filing Cabinet & UK/EU Hosted Secure Cloud Storage Legal Confidential shredding and/or secure deletion
Previous Landlords Reference 2 years from end of tenancy or the date of notification for an unsuccessful application To allow for initial processing, then storage in the event of a complaint from either our Client or the Customer Referencing Department Team Members, Line Manager, Compliance Department Locked Filing Cabinet & UK/EU Hosted Secure Cloud Storage Legal Confidential shredding and/or secure deletion
Credit Report 2 years from end of tenancy or the date of notification for an unsuccessful application To allow for initial processing, then storage in the event of a complaint from either our Client or the Customer Referencing Department Team Members, Line Manager, Compliance Department Locked Filing Cabinet & UK/EU Hosted Secure Cloud Storage Legal Confidential shredding and/or secure deletion
Bank Details Until the end of tenancy or 1 month after the date of notification for an unsuccessful application To allow for initial processing, then storage in the event of a complaint from either our Client or the Customer requiring a payment to be made. If a payment requires making after this point, we will require the customers payment details to be resubmitted so the payment can be processed. Referencing Department Team Members, Line Manager, Compliance Department Locked Filing Cabinet & UK/EU Hosted Secure Cloud Storage Legal Confidential shredding and/or secure deletion
Complaints 6 years from the date recieved To allow for initial processing, then storage in the event of a further complaint from either our Client or the Customer Referencing Department Team Members, Line Manager, Compliance Department Locked Filing Cabinet & UK/EU Hosted Secure Cloud Storage Legal Confidential shredding and/or secure deletion
Non-sensitive Emails 6 years from end of tenancy or the date of notification for an unsuccessful application To allow for initial processing, then storage in the event of a complaint from either our Client or the Customer Referencing Department Team Members, Line Manager, Compliance Department Locked Filing Cabinet & UK/EU Hosted Secure Cloud Storage Legal Confidential shredding and/or secure deletion
Emails Containing Personal Information 2 years from end of tenancy or the date of notification for an unsuccessful application To allow for initial processing, then storage in the event of a complaint from either our Client or the Customer Referencing Department Team Members, Line Manager, Compliance Department Locked Filing Cabinet & UK/EU Hosted Secure Cloud Storage Legal Confidential shredding and/or secure deletion
Deposit Certificates/Proscribed Information 2 years from end of tenancy or the date of notification for an unsuccessful application To allow for initial processing, then storage in the event of a complaint from either our Client or the Customer Referencing Department Team Members, Line Manager, Compliance Department Locked Filing Cabinet & UK/EU Hosted Secure Cloud Storage Legal Confidential shredding and/or secure deletion
Tenancy Details 2 years from end of tenancy or the date of notification for an unsuccessful application To allow for initial processing, then storage in the event of a complaint from either our Client or the Customer Referencing Department Team Members, Line Manager, Compliance Department Locked Filing Cabinet & UK/EU Hosted Secure Cloud Storage Legal Confidential shredding and/or secure deletion
Website Access Details 6 years from date of access To allow for initial processing, then storage in the event of a complaint from either our Client or the Customer. IT Department uses this data to optimise website access and schedule maintenance to minimise any negative impact on Customers Referencing Department Team Members, Line Manager, Compliance Department, IT Department Locked Filing Cabinet/UK/EU Hosted Secure Cloud Storage Legal Confidential shredding and/or secure deletion
Failed Tenancy/Guarantor Applications 2 years from the date of notification for an unsuccessful application To allow for initial processing, then storage in the event of a complaint from either our Client or the Customer Referencing Department Team Members, Line Manager, Compliance Department Locked Filing Cabinet & UK/EU Hosted Secure Cloud Storage Legal Confidential shredding and/or secure deletion

Your Rights

You have the following rights:

The Right to Access: You can ask us to confirm what information that we hold about you at any time. You can then exercise your other rights to ensure that is either updated or deleted.

The Right to Erasure: You have the right to ask us to delete all of the information that we hold about you. Our ability to carry your wishes out will depend on the circumstances and any obligations that we have.

The Right to Restrict Processing: In some circumstances, you can ask us to stop using your personal details for the purposes noted. We will continue to store your data, but we will no longer use it.

The Right to Data Portability: You have the ability to request that we transfer your personal data to another data controller. We will provide you with your data in an acceptable machine-readable format.

The Right to Object: You have the right to object to us using your personal data in certain circumstances. We will respond appropriately to your request based on your circumstances.

Rights Related To Automated Decision Making and Profiling: We generally don’t profile or use automated decision-making processes, but if we do, we are happy to revisit any decision manually. At any point, should you feel that we are not responding to your rights requests in an appropriate manner, you can lodge a complaint with your local supervisory authority, which in the UK is the Information Commissioners Office (ICO).

Children: We do not knowingly collect personal data relating to children under the age of 16. If you feel that we hold information about a child under your care as a parent or guardian, then please contact us using our details below and request that we delete that data.

Links: We may link to websites that are not owned or controlled by Behind The Agent Limited. As such, this privacy policy does not apply to information collected on any third-party sites that may link to or be accessible from our website. We encourage you to read the privacy statements of each and every website that collects personally identifiable information about you.

Changes To This Privacy Policy: Data privacy is maturing and continually changing. Behind The Agent Limited regularly reviews our privacy policy and we reserve the right to update or change this privacy policy at any time. If this Privacy Policy changes in any way, we will place an updated version on this page. Regularly reviewing this page ensures you are always aware of what information we collect, how we use it and under what circumstances, if any, we will share it with other parties.