Privacy Policy
RentalBux Limited
1. INTRODUCTION
1.1 RentalBux Limited (“we”, “us”, “our”, or “RentalBux”) is committed to protecting your privacy and ensuring you have a positive experience on our website and when using our software platform (the Service). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website RentalBux and use the RentalBux application.
1.2 This Privacy Policy applies to all information we collect about you through any medium, including our website, the RentalBux software application, email communications, and telephone calls. Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use our Service.
1.3 We are the data controller for the personal data we collect. This means we are responsible for how your personal data is used. This Privacy Policy sets out our obligations to you under the Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR).
1.4 If you choose to use our Service, you agree to the collection and use of information in accordance with this Privacy Policy. The personal information that we collect is used for providing and improving the Service. We will not use or share your information with anyone except as described in this Privacy Policy.
3. DATA WE COLLECT
RentalBux collects information in different ways and for different purposes. The data we collect falls into the following categories.
| Section | Purpose | Information we collect |
|---|---|---|
| 3.1 | Account Information | First name, last name, email address, phone number, and password. |
| 3.2 | Financial and Bank information | Details of your bank account including the account holder name, account number, bank name, branch, branch code and ISFC code. We also collect your bank logo, QR codes of your account, and copies of your bank statements. |
| 3.3 | Workspace Information | business name, the industry in which your business operates, and your VAT number. |
| 3.4 | Portfolio information | details of your ownership type, business type, ownership share, and profit-sharing ratio. |
| 3.5 | Property Information | If you are a landlord using our services, we collect comprehensive property details including the property type, number of units and area, market valuation and valuation date, and the address including city, country and postal code. We also collect information about property amnesties, ownership type, title number, date of purchase, contract exchange date, and details of purchase costs and deposits. We collect mortgage information including the mortgage amount, fee, loan amount and mortgage start date. We also collect information about the number of rooms, their amenities, and details of your tenants including their name, address, email address and phone number. We additionally collect information about security deposits and payment due dates, and the end date of the first rent period and first rent receipt date. |
| 3.6 | Invoice and Bank details | business name, contact person phone number and email address. |
| 3.7 | MTD information | National Insurance Number, HMRC login details (which are redirected directly to HMRC), and your MTD business ID. |
| 3.8 | Open Banking/Account Information Services | To provide our automated bookkeeping and tax reporting services, we use Open Banking technology to access your transaction data directly from your financial institutions. This data includes transaction dates, amounts, descriptions, and balances. This access is facilitated through our regulated Open Banking partner (Finexer), acting as our agent. By connecting your bank account, you authorise us to access this information to categorise transactions and prepay your tax returns. |
3.9 If you share information about other people through RentalBux, such as business partner details or employee information, you must ensure you have appropriate authority to do so and that you comply with data protection law in relation to that data.
4. LEGAL BASIS FOR PROCESSING YOUR DATA
RentalBux only processes your personal data where we have a legal basis to do so. Under the UK GDPR, the lawful bases for processing are consent, contract, legal obligation, vital interests, public task, and legitimate interests. We rely on the following bases depending on the type of data and purpose.
4.1 Consent: We ask for your explicit consent before processing financial data for the purposes of tax reporting to HMRC, sending you marketing communications, and processing sensitive personal data such as National Insurance numbers. Specifically, regarding Open Banking, we rely on your explicit consent to access and retrieve your account information data. You can withdraw your consent at any time by disconnecting your bank account within the RentalBux application or by contacting us as set out in section 13. Withdrawal of consent does not affect the lawfulness of processing based on consent before the withdrawal.
4.2 Contract: We process your personal data because it is necessary to perform our contract with you. Your account information and financial data are collected to provide the RentalBux service, your payment information is collected to process your subscription and billing, and your communication data is collected to respond to your queries and provide customer support. Without this data, we cannot provide the service.
4.3 Legal Obligation: We process certain personal data because we are legally required to do so by UK tax and accounting regulations. We retain financial data for six years following the end of the tax year as required by HMRC, we may disclose data to HMRC or other tax authorities as required by law, and we may disclose data to law enforcement or other government agencies if legally obliged.
4.4 Legitimate Interests: We process some data based on our legitimate interests in improving and developing the RentalBux service, preventing fraud and protecting the security of our systems, conducting analytics to understand user behaviour and improve user experience, enforcing our terms and conditions and other agreements, resolving disputes and complaints, and maintaining comprehensive audit trails for compliance and security purposes. When we rely on legitimate interests, we balance our interests against your rights and interests. You have the right to object to processing based on legitimate interests. Please see section 10 for details of your rights.
5. COOKIES AND SIMILAR TECHNOLOGIES
RentalBux uses cookies and similar tracking technologies to collect and use personal information about you. Cookies are small files that are stored on your device and allow us to recognise you when you visit our website or use our service.
Additionally, we may collect non-personal or technical data (such as unique device identifiers, browsing behaviour, or IP addresses) which, on its own, does not identify you. However, if we combine this non-personal data with other information we hold about you (such as your customer account details or email address), we will treat the combined information as Personal Data.
All such combined data will be processed, stored, and protected in accordance with this Privacy Policy and applicable data protection laws.
For detailed information about the types of cookies we use, the purposes for which we use them, and how you can control and manage cookies on your device, please refer to our Cookies Policy.
6. HOW WE USE YOUR DATA
RentalBux uses your personal data for the following purposes.
6.1 Providing the Service: We use your data to create and maintain your RentalBux account, allowing you to record income and expense information. We generate tax reports and calculations from this information and enable you to export data and generate documents for submission to HMRC. We back up and secure your data to protect it, provide customer support to respond to your queries, and send you transactional emails related to your account or subscription.
6.2 Processing Payments: We process your subscription payments, handle billing and invoicing, and detect and prevent fraud. We also manage failed payment attempts and process refunds where necessary.
6.3 Tax Compliance and HMRC Submission: We prepare your financial information for submission to HMRC as part of MTD requirements and transmit your tax return information to HMRC's systems. We comply with HMRC record retention requirements and respond to HMRC enquiries or requests as they arise.
6.4 Service Improvement: We analyse how users interact with RentalBux to identify areas for improvement and develop new features. We conduct user testing and surveys, fix bugs and technical issues, monitor system performance and security, and create anonymised, aggregated reports about service usage.
6.5 Security and Fraud Prevention: We detect and prevent unauthorised access to accounts, prevent fraud and money laundering, maintain audit trails and security logs, and respond to security incidents. We also comply with relevant legal and regulatory requirements.
6.6 Communications: We send you important account information and security alerts, respond to your enquiries and complaints, send newsletters and marketing materials if you have opted in, conduct surveys to gather feedback, and notify you of changes to our service or privacy policy.
6.7 Legal and Regulatory Compliance: We comply with legal obligations imposed by HMRC, tax authorities and other government agencies, defend legal claims and disputes, enforce our terms and conditions, and cooperate with law enforcement as required.
We will not use your data for purposes other than those set out in this Privacy Policy without notifying you and obtaining your consent where required by law.
7. WHO WE SHARE YOUR DATA WITH
RentalBux does not sell or rent your personal data to third parties. However, we do share your data with other organisations in certain circumstances as set out below.
7.1 HMRC and Tax Authorities: When you submit your tax return through RentalBux, we transmit your financial summary data to HMRC's systems. HMRC may request specific information about you or access to your data held by us, and we are legally obliged to provide this. We may also share data with other tax authorities in other jurisdictions if you have tax obligations there. We share anonymised and aggregated compliance data with HMRC for statistical and policy purposes.
7.2 Service Providers: We use third party service providers to provide aspects of the RentalBux service. These include payment processors to handle subscription payments, cloud infrastructure providers to host our systems, email service providers to send you communications, customer support software providers, analytics providers to understand how users interact with our service, backup and disaster recovery providers, and security providers for threat detection and prevention.
All service providers are required by contract to process data only for the purposes we specify, maintain appropriate security measures, comply with UK GDPR and data protection law, not disclose data to other parties without our authorisation, and assist us in responding to your data subject rights requests. We have Data Processing Agreements in place with all service providers and maintain a list of all sub-processors, which is available upon request.
7.3 Professional Advisers: We may disclose data to our professional advisers, including accountants and auditors for annual accounts and compliance purposes, solicitors for legal advice and dispute resolution, and insurance brokers for insurance purposes. These advisers are bound by confidentiality obligations.
7.4 Legal and Regulatory Disclosure: We may disclose data to police and law enforcement agencies investigating criminal activity, courts and judicial authorities in response to court orders or legal obligations, government agencies and regulatory bodies, the Information Commissioner's Office and other data protection authorities, and other authorities where required by law.
7.5 Business Transfers: If RentalBux Limited is acquired, merges with another company, or sells substantially all its assets, your data will be transferred as part of that transaction. We will notify you of any such change and explain any choices you may have regarding your data.
7.6 Consent Based Sharing: We will share your data with other third parties only where you have given us explicit consent to do so.
8. DATA RETENTION
8.1 We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, unless a longer retention period is required by law.
8.2 Account information (such as your name, contact details, and business information) is retained for the duration of your subscription and for a reasonable period after termination to handle any outstanding matters, billing disputes, or legal claims. We typically retain this for six (6) years following the end of your relationship with us.
8.3 Your financial information (income, expenses, tax calculations, and supporting documents), including data retrieved via Open Banking/Account Information services, is retained for six (6) years following the end of the tax year to which it relates. This retention period is required by HMRC under tax law to ensure you can defend any future tax enquiries. After six (6) years, we will securely delete your financial data unless we are obliged to retain it for other legal reasons.
8.4 When the retention period has expired, we delete your data securely using industry standard methods. If secure deletion is not possible (for example, archived backups), we anonymise the data so it cannot identify you.
8.5 You have the right to request deletion of your data subject to certain legal constraints. See section 10 for information about your data subject rights.
9. SECURITY OF YOUR DATA
RentalBux takes the security of your personal data very seriously. We are committed to protecting your information and maintaining the highest standards of data security by implementing appropriate technical and organisational measures to protect your data against unauthorised access, alteration, disclosure or destruction.
9.1 Our Security Measures: Our technical security measures include bank-level encryption of all data transmitted between your device and our servers using 256-bit SSL/TLS encryption, the same standard used by major UK banks. Stored data is encrypted at rest using AES 256-bit encryption, always ensuring maximum protection.
RentalBux is hosted on ISO 27001 certified cloud infrastructure providers offering redundant storage, automated failover, 24/7 monitoring, and built in physical and digital security controls. We use secure authentication including passwords stored using industry standard hashing algorithms such as crypt or equivalent, provide multi-factor authentication options for account access, implement time-limited secure login tokens, and maintain automatic suspicious login detection systems. Permissions are strictly controlled through role-based access control to ensure agents, accountants and users only access the information they are authorised to view.
We conduct regular security testing and vulnerability assessments, maintain firewalls and intrusion detection systems, implement regular software patching and updates, segregate systems and data, and monitor networks for threats.
We also implement organisational measures including limiting access to personal data to authorised personnel only, requiring employees and contractors to sign confidentiality agreements, and providing data protection training to all staff. We conduct background checks on employees with access to sensitive data, carry out regular security audits, maintain comprehensive audit trails, have incident response and breach notification procedures in place, and maintain business continuity and disaster recovery plans.
9.2 Limitations of Security: We must be transparent about the limitations of security. No method of transmission over the internet or electronic storage is completely secure. Data transmission over the internet carries inherent risks, and we cannot guarantee absolute security of your data. You use RentalBux and transmit data to us at your own risk, although we will take reasonable steps to protect your information.
9.3 Your Responsibilities: You should keep your password confidential and not share it with others, log out of your account when you have finished using RentalBux, notify us immediately if you believe your account has been compromised, and use a secure internet connection when accessing RentalBux.
9.4 Data Breach Notification: If we experience a personal data breach that poses a risk to your rights and freedoms, we will notify you without undue delay in accordance with UK GDPR requirements. We will also notify the Information Commissioner's Office where legally required.
10. YOUR DATA PROTECTION RIGHTS
Under UK GDPR and the Data Protection Act 2018, you have the following rights concerning your personal data.
10.1 Right of Access: You have the right to request a copy of the personal data we hold about you. We will provide this information within 30 days of your request. If your request is complex or you make multiple requests, we may extend this to 90 days and will inform you if an extension applies.
10.2 Right to Rectification: If you believe that personal data, we hold about you is inaccurate or incomplete, you have the right to request that we correct or complete it. We will make the correction within 30 days where practicable.
10.3 Right to Erasure: You have the right to request deletion of your personal data in certain circumstances. These include where the data is no longer necessary for the purposes for which it was collected, you withdraw your consent and there is no other legal basis for processing, you object to processing based on legitimate interests and there is no overriding reason to continue processing, the data has been processed unlawfully, or deletion is required by law. However, we may not be able to delete data if we are required to retain it by law such as HMRC record retention requirements, the data is necessary to fulfil our contract with you, we need to retain it to defend legal claims, or you have an outstanding billing issue.
10.4 Right to Restrict Processing: You have the right to request that we restrict processing of your data in certain circumstances. These include where you dispute the accuracy of the data pending verification, you object to processing based on legitimate interests, processing is unlawful and you request restriction instead of deletion, or we no longer need the data, but you require it for legal claims. When we restrict processing, we will only process the data for the purposes you agree to unless you consent to further processing.
10.5 Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, machine readable format such as CSV and to transmit that data to another organisation. This right applies to data you have provided to us and where we process it based on your consent or a contract with you.
10.6 Right to Object: You have the right to object to processing of your personal data in certain circumstances. If we process your data based on legitimate interests, you can object to this processing, and we must cease processing unless we can demonstrate compelling legitimate reasons to continue or we need to process for legal claims. If we process your data for marketing purposes, you can object at any time, and we will cease marketing communications. If we use automated decision-making, you can object and request human review.
10.7 Right to Withdraw Consent: If we process your data based on your consent (such as for marketing or Open Banking access), you have the right to withdraw that consent at any time. For Open Banking, you may withdraw consent by removing the bank feed connection within your account settings. Withdrawal of consent will result in the cessation of further data retrieval from your bank; however, it does not affect the lawfulness of processing carried out before the withdrawal, nor does it automatically result in the deletion of data we are legally required to retain for tax compliance (see Section 8.3).
10.8 How to Exercise Your Rights: To exercise any of your data protection rights, please contact us using the details in section 13. Please clearly state which right you are exercising and provide sufficient information for us to identify you. We may ask for proof of identity to verify your request. We will not charge you for exercising your rights unless your request is clearly unfounded or excessive, in which case we may charge a reasonable fee or refuse to comply. We will inform you of any fee before processing your request.
11. INTERNATIONAL DATA TRANSFERS
11.1 RentalBux processes and stores data primarily within the UK and European Economic Area (EEA). The UK has adequacy decisions recognising that data protection laws provide adequate protection.
11.2 However, some of our service providers (such as cloud infrastructure providers and payment processors) may be located outside the UK and EEA. Where we transfer data internationally, we ensure appropriate safeguards are in place.
12. CHILDREN’S PRIVACY
12.1 RentalBux is not intended for use by children under the age of 18. We do not knowingly collect personal data from children under 18.
12.2 If we become aware that we have collected data from a child under 18, we will delete that data without undue delay.
12.3 If you are a parent or guardian and believe your child has provided personal data to us, please contact us immediately using the details in section 13.
13. CONTACT US
13.1 If you have any questions or concerns about our use of your personal information, please contact us using contact details provided above.
Email: info@rentalbux.com
Website: www.rentalbux.com
14. CHANGES TO THIS PRIVACY POLICY
14.1 We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Any changes will be effective immediately upon posting the revised Privacy Policy to our website, unless we notify you otherwise.
14.2 If we make material changes to this Privacy Policy that significantly increase the use or disclosure of your personal data, we will notify you by email or through the Service and obtain your consent where required by law.
14.3 Your continued use of RentalBux following notification of changes constitutes your acceptance of the revised Privacy Policy.
14.4 We encourage you to review this Privacy Policy regularly to stay informed about how we protect your data.
15. LINKS TO OTHER SITES
15.1 RentalBux may contain links to third party websites and resources, including government websites such as HMRC, external accounting tools, professional resources, and other useful websites. These links are provided for your convenience and information only.
15.2 These external websites are not operated by us and are not under our control. We are not responsible for the content, accuracy, privacy policies, or practices of any third-party websites or resources. We do not endorse, approve of, or make any representations about external websites.
15.3 We strongly advise you to review the Privacy Policy and terms of use of any third-party website before providing any personal information or using their services. Your use of third-party websites is entirely at your own risk and subject to their own terms and conditions, not these terms.
15.4 We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. We will not be liable for any losses or damages arising from your use of linked third party resources.
The data controller of your personal information is RentalBux Limited.