Privacy Policy

1. Who We Are and How to Contact Us

Milards ("we", "us", "our") is a residential lettings agency operating in Scotland. We are registered with the Information Commissioner’s Office (ICO) as a data controller.


Company Name

Milards Ltd

Registered Address

11 Ashlands, Ford, Salisbury, England SP4 6DY

ICO Registration No.

ZA283192

Email (Data Queries)

hello@milards.com

Phone

0131 235 2391

Scottish Letting Agent Register No.

LARN 1902094


We are registered on the Scottish Letting Agent Register maintained by the Scottish Government, as required by the Housing (Scotland) Act 2014.

2. What Personal Data We Collect

2.1 Prospective and Current Tenants

  • Full name, date of birth, and national insurance number

  • Contact details: address, email address, and telephone number

  • Employment details, employer name, and salary information

  • Bank account details and payment history

  • Credit check and referencing data (including CCJs, bankruptcies)

  • Guarantor information (if applicable)

  • Photographic identity documents (e.g. passport, driving licence)

  • Right to Rent documentation – note: Scotland does not have mandatory Right to Rent checks, but we may request identity verification for anti-fraud purposes

  • Maintenance requests and communication records

  • Details of any complaints or disputes

  • Emergency contact details


2.2 Landlords and Property Owners

  • Full name and contact details

  • Property address(es) and title details

  • Bank account details for rent payments

  • Tax information (HMRC Non-Resident Landlord Scheme where applicable)

  • Copies of property compliance certificates (e.g. EPC, EICR, Gas Safety)

  • Insurance and mortgage details (where relevant)



2.3 Third Parties

  • Referees and employers (name, contact details, confirmation of employment)

  • Guarantors (name, address, financial information)

  • Contractors (name, contact details, professional credentials)


2.4 Website Visitors

  • IP address and browser type

  • Pages visited and time spent on site

  • Enquiry form submissions

  • Cookie preferences (see our separate Cookie Policy)

3. How and Why We Use Your Personal Data

We only use your personal data where we have a valid lawful basis to do so under UK GDPR. The table below sets out the main purposes for which we process personal data.


Purpose

Types of Data

Lawful Basis

Legitimate Interest (if applicable)

Tenant referencing and vetting

Identity, financial, employment

Legitimate interests / Contract

Protecting landlord property and ensuring tenancy viability

Tenancy agreement and management

Identity, contact, financial

Contract

N/A

Rent collection and arrears management

Financial, contact

Contract / Legitimate interests

Recovering monies legitimately owed

Property maintenance and inspections

Contact, tenancy details

Contract / Legitimate interests

Maintaining property condition and compliance

Legal compliance (AML, HMRC reporting)

Identity, financial

Legal obligation

N/A

Marketing our services (with consent)

Contact, preferences

Consent

N/A – consent only

Complaints and dispute resolution

All relevant data

Legitimate interests / Legal obligation

Resolving disputes fairly and lawfully

Referencing for future tenancies

Tenancy history

Legitimate interests

Providing accurate references to future landlords


Special Category Data

We do not routinely collect special category data (e.g. health, ethnicity, religion). Where such data is provided – for example, a disability-related maintenance request – we will process it only with your explicit consent or where it is necessary to protect your vital interests.

4. Who We Share Your Data With

We may share your personal data with the following categories of recipients, only to the extent necessary:


  • Referencing agencies (e.g. Homelet, Let Alliance, Experian, My Rental CV)

  • Credit reference agencies

  • The landlord of the property you are renting

  • Contractors and tradespeople engaged to carry out repairs or maintenance

  • Solicitors or legal representatives (in the event of a dispute)

  • First-tier Tribunal for Scotland (Housing and Property Chamber) if required

  • Rent Service Scotland / Local authorities (where legally required)

  • HMRC (for Non-Resident Landlord Scheme obligations)

  • Accountants and auditors

  • Our IT systems and cloud service providers (data processors under contract)

  • Debt collection agencies (in cases of persistent rent arrears)


We do not sell your personal data to third parties. Where we engage third-party processors, we ensure appropriate Data Processing Agreements are in place.

We do not transfer your personal data outside the UK or EEA. Where any processor is located outside the UK, we ensure an adequacy decision or appropriate safeguards (e.g. Standard Contractual Clauses) are in place.

5. How Long We Keep Your Data

We retain personal data only for as long as necessary for the purposes for which it was collected, and in accordance with legal obligations. Our standard retention periods are:


Category of Data

Retention Period

Tenancy records (active)

5 years after end of tenancy

Former tenant records

5 years after end of tenancy

Financial records (invoices, rent)

6 years 

Tenant application (unsuccessful)

6 months from application

Referencing data

6 years from tenancy end

Tenancy agreement

10 years

Landlord records

5 years from end of management agreement

Correspondence about a Landlord’s or Tenant’s complaint

5 years

Marketing consent records

Until consent withdrawn + 1 year


After the applicable retention period, data will be securely deleted or anonymised.

6. Your Rights Under UK GDPR

As a data subject, you have the following rights. You may exercise any of these rights by contacting us using the details in Section 1.


Right

What This Means

Right of Access

You can request a copy of the personal data we hold about you (Subject Access Request). We will respond within one calendar month.

Right to Rectification

You can ask us to correct inaccurate or incomplete personal data.

Right to Erasure

You can ask us to delete your personal data where there is no longer a lawful reason to retain it, subject to legal obligations.

Right to Restriction

You can ask us to restrict processing of your data in certain circumstances, e.g. while accuracy is contested.

Right to Portability

Where processing is based on consent or contract and carried out by automated means, you may request your data in a structured, machine-readable format.

Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes.

Rights re: Automated Decisions

You have the right not to be subject to solely automated decisions that produce significant effects on you. We do not make such decisions.

Right to Withdraw Consent

Where processing is based on consent, you may withdraw it at any time. This does not affect the lawfulness of prior processing.


There is no charge for exercising your rights. We may ask you to verify your identity before processing a request. We aim to respond within one month; complex or numerous requests may take up to three months, with notice given.

7. Marketing

We will only send you marketing communications where you have given us your explicit consent to do so. You may withdraw consent at any time by:

  • Clicking ‘unsubscribe’ in any marketing email

  • Emailing us at hello@milards.com

  • Calling us on 0131 235 2391


We do not share your data with third parties for their own marketing purposes.

8. Automated Decision-Making and Profiling

We use third-party referencing agencies who may use automated credit scoring as part of the tenant referencing process. Where a decision significantly affects you, you have the right to request human review of any automated decision. Please contact us if you wish to exercise this right.

We do not engage in any other automated decision-making or profiling activities that produce significant legal or similarly significant effects.

9. Cookies

Our website uses cookies to improve your browsing experience and to analyse site traffic. You will be presented with a cookie consent banner when you first visit our website. You can manage your cookie preferences at any time via the cookie settings link in our website footer.

Full details of the cookies we use are set out in our separate Cookie Policy available on our website.

10. Data Security

We take the security of your personal data seriously and have implemented appropriate technical and organisational measures, including:

  • Encryption of data at rest and in transit (TLS/SSL)

  • Role-based access controls limiting who can access personal data

  • Regular staff training on data protection

  • Physical security measures at our premises

  • Secure disposal of physical documents

  • Regular review of our data protection practices


In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and, where required, inform affected individuals without undue delay.

11. Scottish Letting Agent Obligations

As a registered letting agent under the Housing (Scotland) Act 2014, we are required to comply with the Letting Agent Code of Practice (Scotland) Regulations 2016. Some data processing activities – including maintaining tenancy records and providing statements of account – are required by law and we cannot fulfil our regulatory obligations without them.

For information about the Scottish Letting Agent Register, visit: www.gov.scot/lettingagentregistration

12. Complaints

If you have a concern about how we handle your personal data, we encourage you to contact us in the first instance so we can address it:


If you remain dissatisfied, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):


ICO Website

www.ico.org.uk

ICO Helpline

0303 123 1113

ICO Address

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF


You also have the right to raise concerns with the Scottish Information Commissioner in relation to freedom of information matters, though your primary route for data protection complaints is the ICO.

13. Changes to This Privacy Notice

We review this Privacy Notice at least annually and whenever there is a significant change to our data processing activities or applicable law. The ‘Last updated’ date at the top of this document reflects when it was last revised.

Where changes are material, we will notify you by email or by posting a prominent notice on our website. Continued use of our services after a change constitutes your acknowledgement of the updated notice.


Milards Ltd  |  ICO Reg No: ZA283192  |  Scottish Letting Agent Reg No: LARN190294  |  hello@milards.com