Website Terms of Use

Last updated: 04/06/26

Visitors to our website are required to accept the following terms and conditions in return for the information given to them on this website.

The information on the pages of this website has been prepared with reasonable care and is believed by us to be legal, honest, decent and truthful as of the date of its preparation.
You agree that the material downloaded or otherwise accessed through the use of the web pages on our website is obtained entirely at your own risk and that you will be entirely responsible for any resulting damage to software or computer systems and/or any resulting loss of data even if we have been advised of the possibility of any such damage.
We do not accept any liability in connection with any third party websites which may be linked or accessible through our own website and we do not endorse or approve the contents of any such site.
In relation to a dispute arising out of this website you the user and Tenant Direct agree to submit exclusively to the jurisdiction of the courts of England and Wales.
Except where expressly stated to the contrary the text and graphics in the information contained in this website is the copyright of Tenant Direct. You may download or print out individual selections of the web pages on our website only if explicitly used for your own personal information and not to be publicly reproduced. Permanent copying or storage of whole or part of this website or the information contained in it or reproduction or incorporation of any part of it in any other work or publication whether on paper or electronic media or any other form is expressly prohibited.
The entire contents of this website remains our property and is copyright with all rights reserved.

Credit Reference and Affordability Checks

To help us assess applications, prevent fraud, and meet our legal and regulatory obligations, we may obtain information about you from credit reference agencies (CRAs).

We obtain this information via Creditsafe, which uses its data partner TransUnion to supply consumer credit and identity data.

Creditsafe Business Solutions Limited is authorised and regulated by the Financial Conduct Authority FCA Firm Reference Number: 742313
TransUnion International UK Limited is authorised and regulated by the Financial Conduct Authority FCA Firm Reference Number: 805757

The information we receive may include data relating to your identity, credit commitments, payment history, and public record information. This data is used solely for legitimate business purposes, including creditworthiness assessment, identity verification, and fraud prevention, in accordance with applicable data protection laws. Further information about how Creditsafe and TransUnion process your personal data can be found in their respective privacy notices:

Creditsafe Privacy / Transparency Notice:
Transparency Notice | Customers & Suppliers
TransUnion CRAIN (Credit Reference Agency Information Notice):
https://www.transunion.co.uk/legal/privacy-centre/pc-credit-reference
TransUnion Bureau Privacy Notice:
https://www.transunion.co.uk/legal/privacy-centre/pc-bureau

Contact details of the data controller

Legal name: Tenant Direct Ltd
Registered Office: 191 Shirley Road, Southampton, SO15 3FG
General email: info@tenantdirect.co.uk
Company number: 05855612
ICO reg number: Z2251714

Contact details of the Data Protection Officer (DPO)

Tim Smith info@tenantdirect.co.uk

Purpose of Processing Personal Data

Our organisation processes personal data only where necessary and for defined, lawful purposes. These purposes include:

Delivering and supporting contracted services, including services that involve or support TransUnion data or systems.
Managing customer, supplier, and business relationships
Complying with applicable legal, regulatory, and contractual obligations
Supporting fraud prevention, identity verification, and risk management activities where applicable
Protecting the confidentiality, integrity, and availability of personal data through appropriate technical and organisational security measures
Managing system access, authentication, logging, monitoring, and audit activities
Detecting, preventing, and responding to security incidents, unauthorised access, or data breaches
Maintaining records required for governance, compliance, and accountability purposes.

Legal Basis for Processing Personal Data

Personal data is processed in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Depending on the activity, we rely on the following lawful bases:

Performance of a contract – where processing is necessary to deliver services or meet contractual obligations, including obligations involving TransUnion.
Legal obligation – where processing is required to comply with applicable laws, regulatory requirements, or statutory obligations.
Legitimate interests – where processing is necessary for legitimate business purposes such as system security, fraud prevention, risk management, audit, and compliance, and where such interests do not override the rights and freedoms of individuals.
Consent – where required by law, and where individuals have been provided with a clear choice and the ability to withdraw consent at any time.

Where legitimate interests are relied upon, appropriate assessments are conducted to ensure that the rights and freedoms of data subjects are protected.

The legitimate interests pursued by the controller (if processing is based on legitimate interests).

Our legitimate interests include operating our business, fulfilling contractual obligations, ensuring system and data security, preventing fraud, supporting audit and compliance activities, and protecting TransUnion data. These interests are balanced against the rights and freedoms of individuals, with appropriate safeguards in place.

The categories of personal data being processed.

We may collect and process the following categories of personal data, as necessary to provide our services and meet our legal, contractual, and security obligations:

Identity data – including name, date of birth, title, username, or other identifiers.
Contact data – including postal address, email address, telephone number.
Account data
Professional or employment data – including job title, employer name, and business contact details.
Financial and transactional data – including payment details, billing information, and transaction records (where applicable)
Technical and usage data – including IP address, device information, browser type, operating system, access logs, and usage activity.
Security and audit data – including system logs, monitoring records, access records, and incident related information - related
Communications data – including correspondence, emails, and records of interactions with us.
Compliance and risk data – including records required for regulatory, audit, or due diligence purposes.

The source of personal data

We may collect personal data about you from:

you directly
employers/clients when you apply for a role or are considered for an opportunity.
referees (where relevant and permitted)
publicly available sources (for example professional networking sites, business websites, and public records)
credit reference agencies (CRAs) where required for consumer credit, identity, or affordability checks.
third party service providers used to support recruitment, screening, and compliance processes.

The recipients or categories of recipients of the personal data (e.g., CRAs, partners, processors).

We may share personal data with customers or business partners, third- party service providers, regulators, or law enforcement bodies where required, and professional advisers. Where data is shared outside the UK, appropriate safeguards will apply.

Details of any international data transfers outside the UK/EU and the safeguards in place.

We may transfer personal data to recipients or service providers located outside the UK and/or European Economic Area (EEA).

Where such transfers take place, we ensure appropriate safeguards are in place to protect personal data in accordance with applicable data protection laws. These safeguards may include the use of approved standard contractual clauses, international data transfer agreements, or transfers to countries that have been recognised as providing an adequate level of data protection.

The data retention period (how long data will be kept).

We keep personal data only for as long as necessary for its purpose and to meet legal or regulatory obligations. Data used for credit reference or affordability checks is retained only for as long as required and then securely deleted.

The rights of data subjects, including:

a. Right of access
b. Right to rectification
c. Right to erasure (“right to be forgotten”)
d. Right to restrict processing.
e. Right to data portability
f. Right to object

Under UK data protection law, you have the following rights in relation to your personal data:

Right of access – You have the right to request a copy of the personal data we hold about you and information about how it is used.
Right to rectification – You have the right to request that inaccurate or incomplete personal data is corrected.
Right to erasure (“right to be forgotten”) – You have the right to request that we delete your personal data where there is no lawful reason for us to continue processing it.
Right to restrict processing – You have the right to request that we limit how we use your personal data in certain circumstances.
Right to data portability – You have the right to receive your personal data in a structured, commonly used, and machine readable format, and to request that we transfer it to another organisation where technically feasible, readable format, and to request that we transfer it to another organisation where technically feasible.
Right to object – You have the right to object to the processing of your personal data where we rely on legitimate interests or where data is used for direct marketing.

The right to lodge a complaint with the Information Commissioner’s Office (ICO) or another supervisory authority.

You have the right to complain to the UK Information Commissioner’s Office (ICO) or another relevant data protection authority if you are dissatisfied with how we manage your personal data.

Provision of Personal Data

The provision of certain personal data is primarily contractual and, in some circumstances, required to meet legal and regulatory obligations.

Personal data is required to:

enter into and perform contracts with customers, suppliers, or business partners.
process orders, manage accounts, and deliver goods and services.
verify identity and prevent fraud; and
comply with applicable legal, regulatory, accounting, and tax obligations.

What are the consequences of not providing personal data?

If you choose not to provide the personal data, we request:

we may be unable to enter into a contract with you.
we may be unable to fulfil orders, supply goods, or provide services.
we may be unable to conduct necessary verification, compliance, or fraud prevention checks; and
as a result, our services may be delayed, restricted, or declined.

Where personal data is requested for optional purposes, such as marketing communications, providing this data is not mandatory, and you may withdraw your consent at any time without affecting your ability to receive goods or services from us.

We may use automated systems and tools to support certain business processes, such as risk assessment, fraud prevention, affordability checks, identity verification, or record management.

These tools may analyse personal data using predefined criteria or rules to generate indicators, scores, or recommendations. However, we do not make decisions that have a legal or similarly significant effect on individuals based solely on automated processing. Any such decisions are subject to meaningful human review.

The use of these tools may influence the speed or level of review applied to an application or request, but individuals will not be subject to automatic rejection or adverse decisions without human involvement.

Automated Decision Making and Profiling

In some circumstances, we may conduct automated decision making or profiling using personal data. This involves the use of automated systems to evaluate certain information about an individual, such as risk factors, affordability indicators, or fraud signals, based on predefined rules or algorithms. Making or profiling using personal data. This involves the use of automated systems to evaluate certain information about an individual, such as risk factors, affordability indicators, or fraud signals, based on predefined rules or algorithms. Making or profiling using personal data. This involves the use of automated systems to evaluate certain information about an individual, such as risk factors, affordability indicators, or fraud signals, based on predefined rules or algorithms.

Where automated decision making is used, it may result in decisions such as the approval, restriction, or rejection of an application or service.

Individuals have the right to request human intervention, to express their point of view, and to challenge decisions made solely by automated means. Further information about automated decision making and how to exercise these rights can be obtained by contacting us using the details provided in this Privacy Policy.

Privacy Policy

Information Collection and Use

Tenant Direct is the sole owner of the information collected on this site. We will not sell, share, or rent this information to others. Tenant Direct collects information from our users at several different points on our website.

Cookies

A cookie is a small block of data created by a web server and placed on your device while browsing a website or mobile app. Cookies are used to recognise repeat users, facilitate ongoing access to the website or mobile app and track usage behaviour to provide data and insights. With most Internet browsers, users can erase cookies from their computer's hard drive, block all cookies, or receive a warning before a cookie is stored. Further information on deleting or controlling cookies is available at www.aboutcookies.org.

We use Google Analytics (GA4) and Google signals to collect data about the traffic that our website receives to better understand where our traffic is coming from and how the website is being used. This allows us to ensure that we are providing a positive browsing experience for all our users. The information gathered and available to us is anonymised and never shared with third-party vendors.

Information collected by Google may include end user location, search history, YouTube history and data from sites that partner with Google. The data that you choose to share with Google whilst logged in to your account can be accessed and/or deleted via this link: Manage My Activity.

Log Files

We use IP addresses to analyse trends, administer the site, track user's movement, and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.

Security

This website takes every precaution to protect our users' information. When users submit sensitive information via the website, your information is protected both online and off-line.

We do not ask for sensitive information such as credit card numbers online.

We do everything in our power to protect user-information off-line. All of our users' information, not just the sensitive information mentioned above, is restricted in our offices. Only employees who need the information to perform a specific job (for example, billing or customer services) are granted access to personally identifiable information.

Supplementation of Information

Tenant Direct does not share any information we receive from this website will any 3rd party sources.

Site and Service Updates

We may send the user site and service announcement updates. Customers are not able to un-subscribe from service announcements, which contain important information about the service. We communicate with the user to provide requested services and in regards to issues relating to their account via email or phone.

Notification of Changes

If we decide to change our privacy policy, we will post those changes on this page so our users are always aware of what information we collect, how we use it, and under circumstances, if any, we disclose it. If at any point we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will notify users by way of an email. Users will have a choice as to whether or not we use their information in this different manner. We will use information in accordance with the privacy policy under which the information was collected.