Privacy Policy
Last updated: 25 May 2026
1. Who we are
www.chiefrent.co.uk is a property rent administration platform operated by the account holder (the "data controller") on whose behalf the service is configured. For data protection queries, please use the contact details shown on your demand correspondence or the contact form.
2. What personal data we collect
We collect and process the following categories of personal data:
- Identity data: name, email address, property reference.
- Contact data: postal address, phone number (where provided).
- Financial data: payment history, arrears balances, demand records.
- Account data: login credentials (passwords are hashed; we cannot read them), session tokens.
- Correspondence data: emails, letters, notes and documents uploaded to your account.
- Technical data: IP address, browser type, access timestamps (logged for security and audit).
3. How we use your data
We use personal data for the following purposes:
- To administer your property rent account and generate annual demands.
- To record payments, track arrears, and maintain an accurate financial history.
- To communicate with you about your account, demands, and payment status.
- To provide secure access to the leaseholder portal and freeholder dashboard.
- To comply with legal obligations (e.g. record-keeping, tax, court proceedings).
- To protect against fraud and unauthorised access (security monitoring).
4. Legal basis for processing
Under UK GDPR, we rely on the following legal bases:
- Contract performance: processing necessary to perform the lease obligations and provide the service you signed up for.
- Legal obligation: processing required by law (e.g. financial record-keeping, court proceedings).
- Legitimate interests: fraud prevention, network security, and service improvement, balanced against your rights.
- Consent: where explicitly obtained (e.g. marketing communications, if any).
5. Data retention
We retain personal data only for as long as necessary for the purposes outlined above. Financial and property records are typically retained for 6 years after the end of the relevant accounting period to comply with legal obligations. Account data is deleted when the account is closed and retention periods have expired, unless longer retention is required by law.
6. Your rights
Under UK GDPR, you have the following rights:
- Right to access: request a copy of the personal data we hold about you.
- Right to rectification: request correction of inaccurate or incomplete data.
- Right to erasure: request deletion of your personal data (subject to legal retention requirements).
- Right to restrict processing: request that we limit how we use your data.
- Right to data portability: receive your data in a structured, machine-readable format.
- Right to object: object to processing based on legitimate interests.
- Right to withdraw consent: where processing is based on consent, you may withdraw it at any time.
To exercise any of these rights, please contact the data controller using the details on your account correspondence or the contact form. We will respond within one month.
7. Data sharing
We do not sell your personal data. We share data only with:
- Service providers: our hosting and infrastructure providers (e.g. Cloudflare for security and CDN, Convex for database services) who process data on our behalf under strict contractual safeguards.
- Legal and regulatory bodies: where required by law, court order, or to protect our legal rights.
- Solicitors and managing agents: where you have authorised disclosure or it is necessary for the management of your property interest.
8. Security
We use industry-standard security measures including encrypted connections (TLS/SSL), hashed passwords, signed session cookies, and Cloudflare Turnstile bot protection. Access to the admin dashboard is restricted to authorised users only. Despite these measures, no system is completely secure. Please keep your login credentials confidential.
9. Cookies and tracking
We use only strictly necessary cookies required for the operation of the service:
- Session cookies (
cr_session,ng_portal_session) — maintain your login state. These are deleted when you sign out or when they expire. - Theme preference (
ng-land-theme) — stores your light/dark mode choice in local storage (not a cookie). - Cookie consent record (
cr_cookie_consent_v1) — stores your acceptance or rejection of non-essential cookies in local storage so we do not ask again.
We do not use analytics cookies, advertising cookies, or third-party tracking scripts. We do not build advertising profiles.
10. Cloudflare Turnstile
We use Cloudflare Turnstile on login and registration forms to prevent automated abuse. Turnstile may collect technical data (IP address, browser information) to distinguish humans from bots. This processing is necessary for security (legitimate interest) and is governed by Cloudflare's Privacy Policy.
11. International transfers
Our infrastructure providers (Cloudflare, Convex) may process data in data centres outside the UK and EEA. Where this occurs, appropriate safeguards (such as Standard Contractual Clauses) are in place to ensure an adequate level of data protection.
12. Changes to this policy
We may update this privacy policy from time to time. Any material changes will be communicated via the portal or by email. The "Last updated" date at the top of this page reflects the most recent revision.
13. Complaints
If you believe your data protection rights have been breached, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.