Legal
Privacy Policy
Last updated: 14 May 2026
1. Who we are
My Landlord Certificate (“we”, “us”, “our”) is the data controller responsible for the personal data collected through this website and our booking service. We are registered with the Information Commissioner's Office (ICO) in the United Kingdom.
Contact: privacy@mylandlordcertificate.co.uk
Website: mylandlordcertificate.co.uk
This policy applies to personal data processed in connection with our website, booking platform, email communications and service delivery. It should be read alongside our Terms of Service.
2. What personal data we collect
We collect personal data in the following categories depending on how you interact with us:
2.1 Booking and account data
- Full name
- Email address
- Telephone number
- Property address (the address where the inspection takes place)
- Property type and size (used to determine pricing)
- Preferred appointment date and time
- Booking reference and payment confirmation
2.2 Payment data
Payment card details are processed directly by our third-party payment processor. We do not store full card numbers, CVV codes or bank account details on our systems. We receive only a payment confirmation token and the last four digits of the card used.
2.3 Communications data
- Messages sent via our contact form or email
- Records of telephone calls (where recorded for training purposes)
- WhatsApp messages sent to our business number
2.4 Technical and usage data
- IP address
- Browser type and version
- Pages visited and time spent on site
- Referring website
- Cookie identifiers (see Section 8)
3. Lawful basis for processing
Under the UK General Data Protection Regulation (UK GDPR), we rely on the following lawful bases:
| Purpose | Lawful basis |
|---|---|
| Fulfilling a booked service (inspection, certificate delivery) | Performance of a contract (Art. 6(1)(b)) |
| Processing payment | Performance of a contract (Art. 6(1)(b)) |
| Sending booking confirmations and appointment reminders | Performance of a contract (Art. 6(1)(b)) |
| Maintaining financial and tax records | Legal obligation (Art. 6(1)(c)) |
| Preventing fraud and ensuring website security | Legitimate interests (Art. 6(1)(f)) |
| Improving our website and service quality | Legitimate interests (Art. 6(1)(f)) |
| Sending marketing emails about our services | Consent (Art. 6(1)(a)) — you may opt out at any time |
4. How we use your personal data
- To process and manage your booking and dispatch an accredited engineer to your property.
- To deliver your certificate by email on the day of the inspection.
- To send booking confirmations, appointment reminders and post-inspection follow-up emails.
- To respond to enquiries submitted via our contact form, email, phone or WhatsApp.
- To process and reconcile payments and issue VAT invoices.
- To maintain records required by law, including financial and tax records.
- To detect and prevent fraud, unauthorised access and other illegal activity.
- To analyse website usage and improve our service (using aggregated, anonymised data where possible).
- To send you marketing communications about our services, if you have opted in.
We will not use your personal data for purposes incompatible with those listed above without giving you prior notice and, where required, obtaining your consent.
5. Who we share your data with
We share personal data only where necessary to deliver the service or comply with legal obligations. We do not sell your personal data to third parties.
- Accredited engineers: We share your name, property address and appointment details with the engineer dispatched to carry out the inspection. Engineers are bound by confidentiality obligations and use your data only to perform the service.
- Payment processor: Your payment details are processed by a PCI-DSS compliant payment processor. We share only what is necessary to complete the transaction.
- Email service provider: We use a third-party email platform to send booking confirmations, certificates and communications. Your email address and name are shared for this purpose.
- Analytics providers: We may use third-party analytics tools to understand website usage. Where possible, data is anonymised before transmission.
- Legal and regulatory authorities: We will disclose personal data to the police, courts, the ICO or other authorities where we are legally required or permitted to do so.
6. International transfers
We aim to process and store personal data within the United Kingdom or the European Economic Area. Where any third-party service provider processes data outside these territories, we ensure appropriate safeguards are in place — such as Standard Contractual Clauses (SCCs) approved by the ICO or an adequacy decision — before any transfer takes place.
7. How long we keep your data
| Data category | Retention period |
|---|---|
| Booking records and invoices | 6 years from the date of service (HMRC requirement) |
| Certificates issued | 6 years from date of issue |
| Communications (email, contact form) | 2 years from last contact |
| Marketing consent records | Until consent is withdrawn, then 1 year |
| Website analytics data | 26 months (aggregated) |
| Cookies | See Section 8 |
After the applicable retention period, personal data is securely deleted or anonymised so that it can no longer be attributed to you.
8. Cookies
We use cookies and similar tracking technologies on our website. Cookies are small text files stored on your device.
| Type | Purpose | Duration |
|---|---|---|
| Strictly necessary | Session management, security, booking flow | Session |
| Functional | Remembering preferences (e.g. property type) | 1 year |
| Analytics | Understanding how visitors use the site (aggregated) | 26 months |
| Marketing | Measuring ad performance (only with consent) | 90 days |
You can control cookies through your browser settings. Disabling strictly necessary cookies may affect the functionality of the booking system.
9. Your rights under UK GDPR
You have the following rights in relation to the personal data we hold about you:
- Right of access: You can request a copy of the personal data we hold about you (a Subject Access Request).
- Right to rectification: You can ask us to correct inaccurate or incomplete personal data.
- Right to erasure: You can ask us to delete your personal data where there is no compelling reason for us to continue processing it, subject to our legal obligations (e.g. financial record-keeping).
- Right to restrict processing: You can ask us to limit how we use your data in certain circumstances.
- Right to data portability: You can ask us to provide your data in a structured, machine-readable format where processing is based on consent or contract.
- Right to object: You can object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we can demonstrate compelling legitimate grounds.
- Rights related to automated decisions: We do not make decisions about you solely by automated means that produce legal or similarly significant effects.
To exercise any of these rights, email privacy@mylandlordcertificate.co.uk. We will respond within one month. We may need to verify your identity before processing the request.
10. Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction or alteration. These include encryption of data in transit (TLS/HTTPS), access controls limiting data access to authorised personnel, and regular security reviews.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and, where required, notify you directly without undue delay.
11. Complaints
If you are unhappy with how we handle your personal data, please contact us first at privacy@mylandlordcertificate.co.uk so we can try to resolve the matter. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):
- Website: ico.org.uk
- Helpline: 0303 123 1113
- Post: ICO, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
12. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology or legal requirements. The “Last updated” date at the top of this page will always show when the policy was last revised. Where changes are material, we will notify you by email or by a prominent notice on our website.