Privacy Policy
- Home
- Privacy Policy
Blundy’s Property Management Privacy Notice
1. Who We Are
Blundy’s Property Management (“we”, “us”, “our”) acts as the data controller for the personal information we collect and process in connection with our services. This Privacy Notice explains how we use your personal data when you engage with us as a landlord, tenant, prospective tenant, guarantor, contractor, supplier, or website user.
We are notified as a Data Controller with the Office of Information Commissioner (ICO) under registration number ZB557055 and we are the data controller of any personal data that you provide to us.
As a small business, we are not required to appoint a Data Protection Officer. Responsibility for GDPR compliance rests with:
Data Protection Lead: Luke Blundy – Director
Email: support@blundyspropertymanagement.com
Postal Address: Roosters Barn, Bull Lane, Newington, Sittingbourne, Kent ME9 7SJ
Telephone: 01795 500386
2. The Personal Data We Collect
We collect and process different categories of personal data depending on your relationship with us.
Tenants & Prospective Tenants
• Identity data (name, date of birth, ID documents)
• Contact details (address, email, phone number)
• Employment and income information
• Bank details
• Previous landlord references
• Credit history and affordability information
• Right to Rent documentation
• Tenancy history
• Guarantor details (if applicable)
• Next of kin (if provided)
• University/college details (if applicable)
• Friends you are staying with (if applicable)
• Welfare benefit information (if applicable)
Privacy Notice V1.3 Last Updated: July 20262
Guarantors
• Identity and contact details
• Employment and financial information
• Credit history and affordability information
• Relationship to tenant
Landlords
• Identity and contact details
• Bank details for rent payments
• Property ownership information
• Compliance documentation (EPC, gas safety certificates, etc.)
• Tax residency, nationality, sex (where required)
Contractors & Service Providers
• Identity and contact details
• Professional qualifications and insurance details
• Payment information
Website Users
• IP address, device information, and cookies
• Enquiry form submissions
Call Recordings
We record telephone calls for training, monitoring, and compliance purposes.
Special Category Data
We do not routinely collect special category data. If such information is provided (e.g.,
health information relevant to a tenancy), we will only process it where strictly necessary
and with an appropriate lawful basis.
3. How We Collect Your Data
We collect personal data from:
• You directly
• Application forms and tenancy documents
• Landlords, tenants, or guarantors (where relevant)
• Public sources (e.g., Companies House)
• Credit reference agencies such as Creditsafe & NRLA
• Previous landlords or employers (with your consent)
• Contractors providing services to properties
• Phone calls, emails, letters, online enquiries, and property portals (e.g., Zoopla)
4. How We Use Your Personal Data
Tenants & Prospective Tenants
• Assessing tenancy applications
• Conducting credit checks and affordability assessments
• Verifying identity and Right to Rent status
• Managing the tenancy
• Communicating with you
• Handling maintenance requests
• Managing rent payments and arrears
• Complying with legal and regulatory obligations
Guarantors
• Assessing suitability to act as guarantor
• Conducting credit checks
• Managing guarantor obligations
Landlords
• Managing your property
• Communicating about tenancy matters
• Processing payments
• Ensuring legal compliance
Contractors
• Managing contractor relationships
• Scheduling and verifying work
• Processing payments
5. Lawful Bases for Processing
We rely on the following lawful bases under UK GDPR:
• Contract – to take steps at your request before entering into a contract or to perform a contract with you.
• Legal obligation – to comply with laws such as Right to Rent checks, tenancy deposit protection, and financial regulations.
• Consent – where required (e.g., optional information or marketing).
• Legitimate interests – including operating our business, fulfilling contractual obligations, ensuring system and data security, preventing fraud, supporting audit and compliance activities, and protecting TransUnion data. These interests are balanced against the rights and freedoms of individuals, with appropriate safeguards in place.
6. Credit Reference & Affordability Checks
To help us assess applications, prevent fraud, and meet our legal and regulatory obligations, we may obtain information about you from credit reference agencies (CRAs). We obtain this information via Creditsafe & NRLA, which uses its data partner TransUnion to supply consumer credit and identity data.
Regulatory Information
Creditsafe Business Solutions Limited is authorised and regulated by the Financial Conduct Authority – FCA Firm Reference Number: 742313
TransUnion International UK Limited is authorised and regulated by the Financial Conduct Authority – FCA Firm Reference Number: 805757
Information we receive may include data relating to:
• Identity data
• Credit commitments
• Payment history
• Public record information (e.g., CCJs, insolvency data)
This data is used solely for legitimate business purposes, including:
• Creditworthiness assessment
• Identity verification
• Affordability checks
• Fraud prevention
In accordance with Data Protection laws.
Further information on how Creditsafe , NRLA and TransUnion process your personal data can be found in their respective privacy notices:
Creditsafe Privacy / Transparency Notice:
https://www.creditsafe.com/gb/en/legal/transparency-notice-customer-supplier.html
TransUnion CRAIN (Credit Reference Agency Information Notice):
https://www.transunion.co.uk/legal/privacy-centre/pc-credit-reference
TransUnion Bureau Privacy Notice:
https://www.transunion.co.uk/legal/privacy-centre/pc-bureau
National Residential Landlords Association (NRLA)
https://www.nrla.org.uk/about-us/privacy-notice-member5
7. Who We Share Your Data With
We may share your personal data with:
• Landlords (where you are a tenant or applicant)
• Tenants (where you are a landlord or guarantor, only where necessary)
• Credit reference agencies (Creditsafe, NRLA and TransUnion)
• Utility providers and local authorities
• Deposit protection schemes (TDS, MyDeposits & DPS)
• Maintenance contractors and service providers
• Software providers (Fixflo, InventoryHive, Adobe)
• Debt recovery agencies
• Insurers and legal advisers
• Law enforcement or regulatory bodies where required
• Blundy Holdings Limited (& Subsidiaries)
We do not sell your personal data.
8. International Transfers
If we transfer your data outside the UK, we ensure appropriate safeguards such as adequacy regulations or standard contractual clauses.
9. How Long We Keep Your Data
We retain personal data only for as long as necessary, including:
• Tenancy records: 6 years after the tenancy ends
• Financial records: 6 years for accounting purposes
• Right to Rent documentation: 1 year after the tenancy ends
• Application forms (unsuccessful applicants): up to 12 months
Additional retention periods are detailed in our internal Data Retention Policy.
10. Your Rights Under UK GDPR
You have the following rights:
• Right to be informed – You have the right to receive clear and transparent information about how we collect, use, store, and share your personal data.
• Right of access – You can request a copy of the personal data we hold about you, along with details of how and why it is being processed.
• Right to rectification – You can ask us to correct or update any personal data that is inaccurate, incomplete, or out of date.
• Right to erasure – You can request that we delete your personal data where there is no lawful reason for us to continue processing it.6
• Right to restrict processing – You can ask us to limit how we use your personal data in certain circumstances, such as while a dispute about accuracy is being resolved.
• Right to data portability – You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to request that we transfer it to another organisation where technically feasible.
• Right to object – You can object to the processing of your personal data where we rely on legitimate interests, or where your data is being used for direct marketing.
• Rights related to automated decision-making and profiling – You have the right to request human involvement in decisions made solely by automated systems, and to challenge decisions that significantly affect you.
To exercise any of these rights, contact us using the details above. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO).
11. Provision of Personal Data
The provision of certain personal data is primarily contractual and, in some circumstances, required to meet legal and regulatory obligations. Personal data is required to:
• Enter and perform contracts
• Process applications
• Verify identity
• Prevent fraud
• Comply with legal, regulatory, accounting, and tax obligations
If you do not provide required data:
• We may be unable to enter into a contract
• We may be unable to process your application
• Services may be delayed, restricted, or declined
Optional data (e.g., marketing preferences) is not mandatory, and consent can be withdrawn at any time without affecting your ability to receive services from us.
12. How We Protect Your Data
We use appropriate technical and organisational measures to protect your personal data from loss, misuse, unauthorised access, alteration, or disclosure. We also maintain a formal Data Breach Procedure, including containment, risk assessment, and notification where required.
13. Updates to This Privacy Notice
We may update this notice from time to time. The latest version will always be available on our website or upon request.