GDPR Compliance
Last updated: 5 April 2025
At ZenRent, we are committed to protecting the privacy and rights of our users in accordance with the General Data Protection Regulation (GDPR). This page explains how we comply with GDPR requirements and outlines your rights under this regulation. Our approach to data protection goes beyond mere compliance – we believe in transparency, security, and empowering our users with control over their personal data.
Contents
What is GDPR
The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. It applies to all organizations operating within the EU and those that offer goods or services to individuals in the EU, regardless of the organization's location.
GDPR strengthens the rights of individuals regarding their personal data and aims to unify data protection regulations across the EU. It introduces strict requirements for how organizations must handle personal data, with significant penalties for non-compliance.
Our Role Under GDPR
Under GDPR, ZenRent acts as both a data controller and a data processor:
Data Controller
We act as a data controller when we determine the purposes and means of processing personal data, such as when we collect information about our users for account creation, billing, and service improvement.
Data Processor
We act as a data processor when we process personal data on behalf of our property manager and landlord users, who are the data controllers for their tenant information.
In both roles, we maintain strict data protection standards and ensure that all processing activities comply with GDPR principles.
Legal Basis for Processing
Under GDPR, every use of personal data must have a valid legal basis. At ZenRent, we process personal data based on the following legal grounds:
Contractual Necessity
Processing is necessary for the performance of our contract with you. This includes providing our property management services, processing payments, and managing user accounts.
Legitimate Interests
Processing is necessary for our legitimate interests, such as improving our services, ensuring security, preventing fraud, and marketing our services to existing customers.
Consent
We process certain data based on your explicit consent, such as for marketing communications to prospective customers or for processing special categories of data.
Legal Obligation
Processing is necessary for compliance with our legal obligations, such as tax laws, anti-money laundering regulations, and responding to valid legal requests from law enforcement.
Your GDPR Rights
GDPR provides individuals with enhanced rights regarding their personal data. As a ZenRent user, you have the following rights:
| Right | Description |
|---|---|
| Right to Access | You have the right to request a copy of the personal data we hold about you and information about how we process it. |
| Right to Rectification | You have the right to request that we correct any inaccurate personal data we hold about you, or complete any incomplete data. |
| Right to Erasure | Also known as the 'right to be forgotten', you have the right to request that we delete your personal data in certain circumstances. |
| Right to Restriction | You have the right to request that we restrict the processing of your personal data in certain circumstances. |
| Right to Data Portability | You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit this data to another controller. |
| Right to Object | You have the right to object to the processing of your personal data in certain circumstances, including for direct marketing purposes. |
| Rights Related to Automated Decision-Making | You have the right not to be subject to a decision based solely on automated processing that produces legal effects or significantly affects you. |
| Right to Withdraw Consent | When we process data based on your consent, you have the right to withdraw that consent at any time. |
How to Exercise Your Rights
You can exercise your GDPR rights in several ways:
- •Account Settings: Many of your rights can be exercised directly through your ZenRent account settings, where you can view, update, and delete certain personal information.
- •Contact Form: You can submit a request via our contact form, selecting "Data Protection Request" as the subject.
- •Email: Send your request directly to our Data Protection Officer at dpo@zenrent.co.uk.
- •Postal Mail: Write to us at: Data Protection Officer, ZenRent Ltd, 123 Property Lane, London, EC1A 1AA, United Kingdom.
Response Timeframe
We will respond to your request within one month of receipt. If your request is complex or we have received numerous requests from you, we may extend this period by up to two additional months. If this is the case, we will inform you of the extension within the first month and explain why it is necessary.
Data Security Measures
We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk to personal data, including:
Technical Measures
- • End-to-end encryption of sensitive data
- • Multi-factor authentication
- • Regular security assessments and penetration testing
- • Robust firewall and intrusion detection systems
- • Automated vulnerability scanning
- • Regular backups with encryption
Organizational Measures
- • Staff training on data protection
- • Role-based access controls
- • Data protection impact assessments
- • Documented security policies and procedures
- • Regular compliance audits
- • Vendor security assessment process
International Data Transfers
ZenRent operates primarily within the European Economic Area (EEA) and the United Kingdom. However, some of our service providers may be located outside these regions. When transferring personal data outside the EEA or UK, we ensure that:
- •The recipient country has received an adequacy decision from the European Commission or UK authorities
- •Appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or Binding Corporate Rules
- •The transfer is subject to specific derogations for particular situations
We implement additional technical measures to ensure the security of international data transfers, and we regularly review our data transfer mechanisms to ensure continued compliance with evolving regulations.
Data Protection Officer
We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions regarding this policy and our data protection practices. Our DPO can be contacted directly:
Email: dpo@zenrent.co.uk
Address: Data Protection Officer, ZenRent Ltd, 123 Property Lane, London, EC1A 1AA, United Kingdom
Phone: +44 (0) 123 456 7890
Data Breach Procedures
We have implemented a comprehensive data breach response plan. In the event of a personal data breach that poses a risk to individual rights and freedoms, we will:
- •Notify the relevant supervisory authority within 72 hours of becoming aware of the breach
- •Notify affected individuals without undue delay when the breach is likely to result in a high risk to their rights and freedoms
- •Document all breaches, including the facts, effects, and remedial actions taken
If you believe you have discovered a security vulnerability or have been affected by a data breach, please contact our Data Protection Officer immediately at dpo@zenrent.co.uk.
Contact Us
If you have any questions about our GDPR compliance or data protection practices, please contact us at:
Email: privacy@zenrent.co.uk
Address: ZenRent Ltd, 123 Property Lane, London, EC1A 1AA, United Kingdom
Phone: +44 (0) 123 456 7890
Supervisory Authority
You have the right to lodge a complaint with a supervisory authority if you believe that our processing of your personal data infringes GDPR. In the UK, the supervisory authority is the Information Commissioner's Office (ICO), which can be contacted at https://ico.org.uk/make-a-complaint/.