Data Protection
The following information relates to Excentum and its obligations regarding the obtaining, management and process of data under the Data Protection Act 1988. We encourage you to take the opportunity to familiarise yourself with our Data Protection Policy, and please do not hesitate to contact us if you have any questions or concerns.
—————————————
- Data Protection – Tenancy Reference Data
- Data Protection – Personal Data
- Data Protection – Subject Access Request
- Data Protection – Credit Score / Credit Rating
- Data Protection – Legitimate Interests
- Data Protection – Personal Opinion
- Data Protection – Right of Amendment and Correction
- Data Protection – Content Removal or Alteration
- Data Protection – Jurisdiction and Governing Laws
- Data Protection – Excentum
—————————————
Data Protection – Tenancy Reference Data
Excentum obtains, manages and processes Tenancy Reference Data provided by Landlords, Letting Agents, Letting Agencies, Property Management Companies and other authorised agents acting on behalf of Landlords (Business Members) in relation to periods of tenancy in their residential properties dating back up to 6 years.
The Tenancy Reference Data we hold may be accessed and used by Business Members, both Landlords and non-landlords, in support of/as part of any decision making process by the Business Member as it may apply to applications they have received from individuals about the:
- Rental or Leasing or residential property,
- applications for Employment,
- applications for Credit or Financial services, and
- any other areas where verification of residence is required in support of applications or where residence related issues could warrant consideration as part of any decision making process.
where such action is not in contravention of the Equality Act 2010 or where such action is not in contravention of any legally enforceable industry regulation.
The Tenancy Reference Data made available by Excentum to Business Members can be used by them, in conjunction with other information provided by applicants and data obtained from other data sources, to make fully informed decisions regarding applicants who have applied for Tenancy, Employment, Credit or Financial Services.
Tenancy Reference Data supplied by Business Members to Excentum does not constitute ‘Personal Data’ about a tenant in accordance with the Data Protection Act, and does not prevent Landlords, Letting Agents, Letting Agencies, Property Management Companies and other authorised agents (Business Members) acting on behalf of Landlords (Business Members) from sharing this Tenancy Data with others where ‘Legitimate Interest’s’ exist.
‘Personal Data’ refers to data which relates to a living individual who can be identified – (a) from those data, or (b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller, in this instance Excentum. Excentum will not be able to identify any individual from any data provided by a Business Member nor will it hold, or have access to, any other data or information which could lead to the identification of the individual.
Tenancy Reference Data provided by Excentum to Business Members could eventually constitute ‘Personal Data‘ , where the Business Member acting as a ‘Data Controller’ in their own right is in possession of Tenancy Reference Data supplied by Excentum and has access to, or seeks to obtain, other data which could lead to the identification of an individual. However, Tenancy Reference Data held by Excentum, and supplied to Business Members, does not itself constitute ‘Personal Data’ in the absence of such secondary data which could lead to the identification of an individual.
—————————————
Data Protection – Personal Data
In accordance with the Data Protection Act 1998, some Data held by Excentum may constitute ‘Personal Data’ and may be subject to the Data Protection Act 1988.
Personal data means data which relate to a living individual who can be identified –
(a) from those data, or
(b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller,
and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual.
Excentum is obliged to abide by the data protection principles embodied in the Data Protection Act 1988. These principles require that personal data shall:
- be processed fairly and lawfully;
- be held only for specified purposes and not used or disclosed in any way incompatible with those purposes;
- be adequate, relevant and not excessive;
- be accurate and kept up-to-date;
- not be kept for longer than necessary for the particular purpose;
- be processed in accordance with a data subject’s rights;
- be kept secure;
- not be transferred outside the European Economic Area unless the recipient country ensures an adequate level of protection.
In keeping with the underlying guiding ‘good practice’ principles of Data Protection, Excentum treats all Tenancy Reference Data it holds as data which is subject to the disclosure and the right of access as applies to ‘Personal Data’ for the purpose of Subject Access Requests (SAR’s).
In addition, Excentum upholds the rights of an individual to seek to correct and amend incorrect, inaccurate or incomplete information as may be held by Excentum, as allowed for by Data Protection legislation.
—————————————
Data Protection – Subject Access Request
Excentum can process two types of Subject Access Requests:
- – Tenancy Reference Data Subject Access Requests
- – Non-Tenancy Reference Data Subject Access Requests
Individuals have the right to obtain from Excentum a copy of any information that is held about them, or as may be relatable to them. Making a request for this information is known as a ‘Subject Access Request’ (SAR).
This right of subject access means that a person can make a request under the Data Protection Act to Excentum to supply them with copies of any records or information Excentum possesses on or about them, or which may be relatable to them.
Excentum will make a standard charge £10 to process a Subject Access Request, this is the maximum allowed by the Data Protection Act. Excentum is not a credit reference agency, and as such, the £2 maximum applicable to credit reference agencies does not apply.
This standard charge of £10 is non-refundable and applies to all Subject Access Requests, even where no data, information or records about the person, or relatable to the person, are held by Excentum. Application of such change in these circumstances is provided for under the Data Protection Act.
– Tenancy Reference Data Subject Access Requests
Please see Tenants – Subject Access Request and also Tenants – Frequently Asked Questions for more information about Subject Access Requests and access to data.
You are not required to provide any proof of Identity and Residence to make a Tenancy Reference Data Subject Access Request.
– Non-Tenancy Reference Data Subject Access Requests
If you are seeking a copy of any information that is held about you, or as may be relatable to you, where it does not relate to Tenancy Reference Data (see above) you can make a Standard Subject Access Request, by post, using this form. We have up to 40 days to respond to your request. However, we do try to process this as quickly as possible, and once we have everything we need, a typical request can be processed within 10 – 14 days.
– Non-Tenancy Reference Data – Identification Required
You will also be required to provide documentary proof of identity and residence in support of your application. Scanned images, or photos, of suitable documents, will be accepted as proof of Identity and Residence, but we reserve the right to request original documentation.
1: Proof of Identity – Documents Accepted (including scanned images/photos)
- Current UK/ Irish (Eire) or EEA Passport, or
- UK photocard driving licence (full or provisional), or
- Irish (Eire) photocard driving licence (full or provisional), or
- Firearms licence/shotgun certificate UK or Eire, or
- National Identity Card (non-UK nationals), or
- Identity Card issued by the Electoral office for Northern Ireland, or
- Current non-UK/Eire/EEA passport with a valid endorsement evidencing leave to reside in the UK.
2: Proof of Residence – Documents Accepted (including scanned images/photos)
Items marked with an * must be less than 3 months old, and must confirm your current address:
- Full UK paper driving licence (pre-photocard version), or
- UK State Benefits / Irish (Eire) Social Welfare Entitlement document *, or
- UK or Irish (Eire) State Pension Entitlement document *
- HMRC Tax Credit document / Revenue (Eire) Tax document *, or
- Local Authority Benefit document *, or
- Disabled Drivers Pass, or
- Financial statement issued by bank, building society or credit card company *, or
- Judiciary document such as Notice of Hearing, Summons or Court Order *, or
- Utility bill for the supply of gas, electric, water or telephone landline *, or
- Most recent mortgage statement, or
- Most recent Council Tax bill/demand or statement, or
- Current council rent card, or
- Current council tenancy agreement, or
- Building Society Passbook which shows a transaction in the last 3 months and your address.
—————————————
Data Protection – Credit Score / Credit Rating
Excentum is not a Credit Reference agency and does not seek, obtain, manage or process;
- credit scoring records;
- credit histories;
- copies of County Court Judgements (CCJs);
- electoral roll information;
- details of PPI policies or payments.
Excentum not seek, obtain, manage or process Sensitive Personal Data such as;
- names;
- date of birth
- telephone numbers;
- e-mail address;
- Social Insurance Numbers;
- or any other personally identifiable information.
For more information on this, please visit our FAQ’s for Tenants page.
—————————————
Data Protection – Legitimate Interests
Article 7 of the Data Protection Directive (95/46/EC) sets out legal grounds for processing personal data based on reasons other than the unambiguous consent of the data subject. The Directive states the following are legitimate conditions for processing personal data:
(f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by the third party or parties to whom the data are disclosed, except where such interests are overridden by the interests for fundamental rights and freedoms of the data subject which require protection under Article 1 (1).
In such instance, the ‘Legitimate Interest’s’ condition provides grounds for Excentum to process data supplied by Business Members in a situation where an individual, business or organisation needs to do so for the purpose of its own legitimate interests or the legitimate interests of the third party that the information is disclosed to.
In such instance, Excentum is satisfied the processing of the data submitted by Business Members, identified as Tenancy Reference Data, complies with this definition and does not prejudice the rights and freedoms or legitimate interests of the individual whose data is being processed.
However, in keeping with the underlying guiding ‘good practice’ principles of Data Protection, Excentum treats all Tenancy Reference Data it holds as data which is subject to the disclosure and the right of access as applies to ‘Personal Data’ for the purpose of Subject Access Requests (SAR’s).
In addition Excentum upholds the rights of an individual to seek to correct and amend incorrect, inaccurate or incomplete information as may be held by Excentum, as allowed for by Data Protection legislation.
See What is the “legitimate interests” condition? on the website of the Information Commissioners Office for more information.
—————————————
Data Protection – Personal Opinion
Some of the data contained in Tenancy Reference Data may constitute the ‘Personal Opinion’ of Business Members, and such opinion, where included in Tenancy Reference Data may not be inaccurate if it faithfully represents the Business Members opinion about an individual Tenancy period in their property, or property they manage for a third party.
In circumstances where a person, having obtained a copy of Tenancy Reference Data from Excentum by means of a Subject Access Request, disagrees with the expressed ‘Personal Opinion’ of the Business Member, that data would not need to be “corrected”. However, Excentum, as the data controller, may have to add a note to the Data stating that the person disagrees with the Personal Opinion of the Business Member as expressed in the Tenancy Reference Data.
See What are the other key definitions in the Data Protection Act?
—————————————
Data Protection – Right of Amendment and Correction
Under the Data Protection Act 1988, an individual has the right seek to dispute any factual errors or inaccuracies contained in data held by Excentum about them, or relatable to them.
Persons can seek to exercise a ‘Right of Amendment and Correction’ to alter, amend, correct or update any data held by Excentum, only where such request is compatible with rights of an individual as conferred under Data Protection Legislation.
A person always retains the right to contest any Tenancy Reference Data held, or made available to Business Members, by Excentum as part of its Tenancy Reference Data Matching Service with the ICO (Information Commissioners Office) who will provide ultimate adjudication on the matter.
For more information on this, please visit our FAQ’s for Tenants page.
—————————————
Data Protection – Content Removal or Alteration
Excentum reserves the right to remove any such information or material that in its sole opinion violates, or may violate, any applicable law, the letter or spirit of Excentum’s operational policies or practices, or upon the request of any third party where deemed appropriate by Excentum.
—————————————
Data Protection – Jurisdiction and Governing Laws
This Data Protection policy will be governed by and construed in accordance with the laws of the United Kingdom, where this website is hosted, in accordance with applicable Data Protection legislation. If any provision of this policy is found to be invalid or unenforceable by a court of law, such invalidity or unenforceability will not affect the remainder of this policy, which will continue in full force and effect. All rights not expressly granted herein are reserved.
If any court having the appropriate authority finds that any part of this policy is not valid, this will not affect the validity of any of the other part of this policy. If Excentum fails to take advantage of any right it has under this policy or any other terms, it does not mean Excentum is giving up that right.
This policy will be governed by, and interpreted in line with, English law and Data Protection legislation in force in the United Kingdom. Users of this website and any services provided by Excentum agree that the English courts will have full authority to settle any dispute that may arise out of or in connection with this policy.
—————————————
Data Protection – Excentum
Excentum is registered as a Data Controller with the Information Commissioners Office for data protection purposes.
Data Protection Registration Number: ZA191118
Data Controller Contact: datacontroller@excentum.co.uk
—————————————
For more information on Data Protection and Subject Access Requests please visit the website of the Information Commissioners Office (ICO.org.uk)