Privacy Policy

1. Controller Information

For the purposes of UK data protection law, Property Passport UK is the data controller in respect of personal data processed through the platform.

Data Protection Officer

2. Regulatory Framework

This Privacy Notice is issued in accordance with:

• UK General Data Protection Regulation (UK GDPR)
• Data Protection Act 2018
• ICO guidance on digital platforms, records, and access control

Property Passport UK is registered with the Information Commissioner's Office (ICO) and maintains internal governance, security, and audit processes consistent with its obligations as a data controller.

3. Scope of This Notice

This Privacy Notice applies when you:

• Visit the Property Passport UK website
• Create, claim, or interact with a Property Passport record
• Access the platform as an individual (e.g. owner, buyer, tenant)
• Access the platform as a professional (e.g. conveyancer, lender, surveyor, agent)
• Communicate with us in connection with the service

This notice does not override or replace privacy notices issued by third-party data sources whose data may be displayed within the platform.

4. Foundational Privacy Position

Property Passport UK is designed on the following principles:

• The property record is primary
• Personal data access is secondary and permission-based
• Users control access, not the platform
• Public and authoritative property data remains persistent
• Personal data is minimised, auditable, and removable

The platform is not a social network, marketing database, or advertising system. It exists to support lawful property transactions, stewardship, and verification.

5. Categories of Personal Data Processed

5.1 Identity and Contact Data

• Name
• Email address
• Role designation (e.g. owner, buyer, tenant, professional user)

5.2 Account and Access Data

• User identifiers
• Authentication credentials
• Role-based access permissions
• Audit and access logs

5.3 Professional Relationship Data

• Appointment or authorisation of professionals
• Access grants and revocations

5.4 Technical and Security Data

• IP address
• Device and browser metadata
• Security logs and access timestamps

Property Passport UK does not collect unnecessary demographic, profiling, or behavioural data.

6. Property Data vs Personal Data (Critical Distinction)

6.1 Property Data

Property data includes information such as:

• Address and Unique Property Reference Number (UPRN)
• Energy Performance Certificate data
• Title and tenure indicators
• Planning and building control references
• Flood risk, listing status, and similar attributes

Much of this data is:

• Publicly available
• Derived from authoritative third-party sources (e.g. HM Land Registry, local authorities, government registers)
• Lawfully reusable under applicable regulations

6.2 User-Provided and Personal Content

Documents and data uploaded by users (for example certificates, guarantees, reports, correspondence):

• Are private by default
• Are accessible only to the user and those they explicitly authorise
• Are not accessed, reviewed, or shared by Property Passport UK except where technically necessary or legally required

7. How Personal Data Is Collected

Personal data is collected through:

• Direct user registration and interaction
• Permission-based professional access
• System security and audit processes
• Communications with Property Passport UK

Property Passport UK does not purchase personal data lists or scrape personal data for marketing purposes.

8. Lawful Bases for Processing

Personal data is processed on the following lawful bases:

Consent is used sparingly and only where required by law.

9. Data Sharing

Personal data is shared only:

• At the explicit direction of the user
• With authorised professionals acting for that user
• Where required by law, court order, or regulator

All access is logged, role-based, and auditable.

Property Passport UK does not sell personal data and does not permit third-party advertising or profiling.

10. Data Retention and Deletion

10.1 Personal Data Deletion

Users may request deletion of their personal data at any time, subject to:

• Legal or regulatory retention obligations
• Ongoing disputes or investigations

Where deletion is lawful and appropriate, personal data will be erased or anonymised.

10.2 Property Records Are Not Automatically Deleted

This reflects the property-centric nature of the platform and aligns with public-interest record-keeping principles.

11. Security Measures

Property Passport UK employs appropriate technical and organisational measures, including:

• Encryption at rest and in transit
• Role-based access control
• Secure hosting environments
• Continuous monitoring and audit logging
• Access limitation to authorised personnel

Security is treated as a core system function, not an add-on.

12. Third-Party Data Sources

Where data is displayed from third-party or public systems:

• Those organisations remain the original data controllers
• Their privacy notices and ICO registrations apply
• Property Passport UK acts as an aggregation and access layer only

13. Your Rights

Under UK data protection law, you have the right to:

• Access your personal data
• Rectify inaccurate data
• Request erasure of personal data (where applicable)
• Restrict or object to processing
• Request data portability
• Lodge a complaint with the ICO

Requests may be made to: privacy@propertypassport.uk

14. Complaints

If you are dissatisfied with how we handle your data, you may contact:

15. Changes to This Notice

This Privacy Notice may be updated to reflect legal, regulatory, or operational changes. The latest version will always be available on our website.