Last updated: January 15, 2024
RedBrick Property Software Ltd is committed to protecting your personal data and respecting your privacy rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page explains how we comply with data protection laws and what rights you have regarding your personal data.
Our Commitment to Data Protection
As a UK-based property management software provider, we understand the importance of data protection for both our customers and their tenants. We have implemented comprehensive measures to ensure full compliance with UK GDPR requirements.
🛡️ Data Protection Principles
We process personal data in accordance with the following principles:
- Lawfully, fairly, and transparently
- For specified, explicit, and legitimate purposes
- Data minimisation - only what is necessary
- Accuracy and keeping data up to date
- Storage limitation - not longer than necessary
- Security, integrity, and confidentiality
- Accountability and governance
Your Data Protection Rights
Under UK GDPR, you have the following rights regarding your personal data:
🔍 Right to Access
Request a copy of the personal data we hold about you, including details about how we process it.
✏️ Right to Rectification
Request correction of inaccurate or incomplete personal data we hold about you.
🗑️ Right to Erasure
Request deletion of your personal data in certain circumstances, such as when it's no longer needed.
⏸️ Right to Restrict Processing
Request that we limit the processing of your personal data in specific situations.
📦 Right to Data Portability
Receive your personal data in a structured, commonly used format and transfer it to another service.
🚫 Right to Object
Object to the processing of your personal data for direct marketing or other legitimate interests.
Types of Data We Process
Data Categories and Processing Purposes
Account and Profile Data
Legal basis: Contract performance and legitimate interests
- Name, email address, phone number
- Job title, company information
- Account settings and preferences
- Profile picture (optional)
Property Management Data
Legal basis: Contract performance and legal obligations
- Property addresses and details
- Tenant information (as data controller)
- Lease agreements and terms
- Maintenance records and documents
- Financial transactions and records
Usage and Analytics Data
Legal basis: Legitimate interests and consent
- Platform usage patterns and features used
- Log files and access times
- Device and browser information
- IP addresses (anonymised after 12 months)
Communication Data
Legal basis: Contract performance and legitimate interests
- Support tickets and chat conversations
- Email communications
- Feedback and survey responses
- Marketing preferences
Data Processing and Storage
Where Your Data is Stored
All personal data is stored within the UK and European Economic Area (EEA) on secure servers. We use reputable cloud service providers who comply with UK GDPR requirements:
🇬🇧 UK Data Centres
Primary storage in certified UK facilities
🔒 End-to-End Encryption
AES-256 encryption at rest and in transit
🛡️ Access Controls
Multi-factor authentication and role-based access
📋 Regular Audits
Annual security assessments and compliance reviews
Data Retention Periods
We retain personal data for the following periods:
Account Data
Retained while your account is active plus 2 years after closure for legal and contractual obligations.
Financial Records
Retained for 7 years after the end of the tax year as required by UK tax and accounting laws.
Property Data
Retained as long as legally required for property management and compliance purposes.
Marketing Data
Retained until consent is withdrawn or for 3 years of inactivity, whichever is sooner.
International Data Transfers
We primarily process data within the UK and EEA. When we do transfer data internationally, we ensure adequate protection through:
- Adequacy decisions: Transfers only to countries with adequate data protection
- Standard Contractual Clauses: EU-approved contracts with service providers
- Binding Corporate Rules: Internal data protection policies for multinational providers
- Certification schemes: Providers certified under recognised data protection frameworks
Data Security Measures
We implement comprehensive technical and organisational measures to protect personal data:
Technical Safeguards
- 256-bit SSL/TLS encryption for all data transmission
- AES-256 encryption for data at rest
- Regular security vulnerability assessments
- Automated backup systems with encryption
- Network firewalls and intrusion detection systems
- Multi-factor authentication for all user accounts
Organisational Measures
- Data Protection Impact Assessments (DPIAs) for new processing activities
- Regular staff training on data protection and privacy
- Documented data processing procedures and policies
- Incident response and breach notification procedures
- Third-party vendor due diligence and contracts
- Regular compliance audits and reviews
Data Breach Procedures
In the event of a data breach, we follow established procedures:
- Detection and Assessment: Immediate identification and impact assessment
- Containment: Steps to prevent further unauthorised access
- Notification: ICO notification within 72 hours if high risk
- User Communication: Direct notification to affected individuals when required
- Investigation: Full investigation into cause and scope
- Remediation: Measures to prevent similar incidents
Third-Party Processors
We work with carefully selected third-party processors who meet our data protection standards:
- Cloud Infrastructure: AWS (UK regions) for secure hosting
- Payment Processing: Stripe for secure payment handling
- Email Services: SendGrid for transactional emails
- Analytics: Google Analytics 4 (with data anonymisation)
- Support: Intercom for customer service (EU hosting)
All processors are bound by Data Processing Agreements (DPAs) that ensure GDPR compliance.
Exercising Your Rights
To exercise any of your data protection rights, please contact us using the methods below. We aim to respond within one month of receiving your request.
Contact Our Data Protection Team
📧 Data Protection Officer
dpo@redbrick-lettings.co.uk
📮 Postal Address
Data Protection Team
RedBrick Property Software Ltd
123 Tech Street
Manchester M1 2AB
United Kingdom
🌐 Online Portal
Submit requests through your account settings or our privacy portal
📞 Phone Support
+44 (0) 161 123 4567
Monday-Friday, 9am-5pm GMT
Complaints and Regulatory Authority
If you're not satisfied with how we handle your personal data or respond to your requests, you have the right to complain to the UK's supervisory authority:
Website: ico.org.uk
Phone: 0303 123 1113
Online: ICO website complaint form
Updates to This Policy
We regularly review and update our GDPR compliance measures. Significant changes to this information will be communicated through:
- Email notifications to all registered users
- Prominent notices in our platform
- Updates to this webpage with clear version history
Privacy by Design
We implement privacy by design principles in all our systems and processes:
- Proactive: Privacy protection built into system design from the start
- Default: Maximum privacy protection without user action required
- Embedded: Privacy considerations integrated into all business processes
- Positive-sum: Privacy protection that doesn't compromise functionality
- End-to-end: Security throughout the entire data lifecycle
- Visible: Transparent privacy practices and controls
- Respect: User privacy interests always prioritised
For more detailed information about our data processing activities, please refer to our Privacy Policy.