DeckzMart Logo
DeckzMart
Back to Home

Legal Information

DeckzMart Ltd

Terms & ConditionsPrivacy PolicyCookie PolicyAcceptable UseData ProcessingDisclaimer

Privacy Policy

Last Updated: January 10, 2025
Effective Date: January 10, 2025

At DeckzMart Ltd, we are committed to protecting your privacy and personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Data Controller Information

Data Controller: DeckzMart Ltd
Company Registration: England and Wales
Registered Office: London, United Kingdom (Full address to be confirmed)
ICO Registration Number: To be confirmed upon registration
Data Protection Officer: dpo@deckzmart.com
Privacy Contact: privacy@deckzmart.com

2. Information We Collect

2.1 Information You Provide Directly

Account Information:

  • Full name
  • Email address
  • Phone number
  • Company name and address (for business accounts)
  • Profile photograph (optional)
  • Professional credentials and licenses

Authentication Data:

  • Username and password (encrypted)
  • OAuth tokens (Google, etc.)
  • Two-factor authentication codes
  • Security questions and answers

Property Data:

  • Property addresses and descriptions
  • Property photographs and floor plans
  • Pricing and availability information
  • Energy Performance Certificates (EPCs)
  • Maintenance records and inspection reports

Client/Tenant Data (for CRM users):

  • Client names and contact information
  • Property preferences and search criteria
  • Viewing appointments and interactions
  • Communication history
  • Financial information for tenancy applications
  • Identification documents (as required by law)

Payment Information (when implemented):

  • Billing address
  • Payment method details (processed by third-party payment processors)
  • Transaction history
  • VAT/Tax identification numbers

2.2 Information Collected Automatically

Usage Data:

  • Pages viewed and features used
  • Time spent on platform
  • Click patterns and navigation paths
  • Search queries and filters applied
  • Browser type and version
  • Operating system
  • Screen resolution and device type

Technical Data:

  • IP address
  • Device identifiers
  • Cookie identifiers
  • Session information
  • Referrer URLs
  • API request logs

Location Data:

  • Approximate location (from IP address)
  • Precise location (with your explicit consent)
  • Property locations you view or search for

2.3 Information from Third Parties

  • HM Land Registry: Property transaction data and ownership records
  • Office for National Statistics (ONS): Market statistics and demographic data
  • Google OAuth: Basic profile information (name, email, profile picture) when you sign in
  • Service Partners: Information from Alan Boswell Group, HomeLet, and other integrated services
  • Credit Reference Agencies: For tenant referencing (with explicit consent)

3. Legal Basis for Processing

We process your personal data based on the following legal grounds under UK GDPR:

3.1 Contract Performance

Processing necessary to provide our services to you, including:

  • Creating and managing your account
  • Providing platform features and functionality
  • Processing transactions
  • Customer support

3.2 Legitimate Interests

Processing necessary for our legitimate business interests, including:

  • Improving and optimizing our platform
  • Security and fraud prevention
  • Analytics and business intelligence
  • Marketing to existing customers

3.3 Legal Obligations

Processing required to comply with legal requirements:

  • Tax and accounting obligations
  • Right to Rent compliance
  • Anti-money laundering checks
  • Court orders and legal processes

3.4 Consent

Processing based on your explicit consent for:

  • Marketing communications to prospects
  • Precise location tracking
  • Processing of special category data (when applicable)
  • Sharing data with specific third parties

4. How We Use Your Information

4.1 Service Provision

  • Creating and managing your account
  • Providing access to platform features
  • Processing and displaying property listings
  • Facilitating communications between users
  • Managing viewings and appointments
  • Generating reports and analytics

4.2 Analytics and Improvement

  • Understanding how users interact with our platform
  • Identifying and fixing bugs
  • Developing new features
  • Training and improving AI models
  • A/B testing and optimization

4.3 Security and Fraud Prevention

  • Detecting and preventing unauthorized access
  • Identifying fraudulent activity
  • Monitoring for security threats
  • Investigating violations of our Terms

4.4 Communications

  • Sending transactional emails (confirmations, notifications)
  • Customer support communications
  • Important service updates and changes
  • Marketing communications (with consent)

4.5 Legal Compliance

  • Responding to legal requests and court orders
  • Complying with tax and accounting requirements
  • Enforcing our Terms and policies
  • Protecting rights, property, and safety

5. Data Sharing and Disclosure

5.1 Service Providers and Processors

We share data with trusted third-party processors who help us operate:

  • Supabase: Database hosting and authentication (Standard Contractual Clauses in place)
  • Google Cloud: Infrastructure and analytics (UK/EU data centers where possible)
  • Payment Processors: Stripe, PayPal (when implemented)
  • Email Service Providers: For transactional and marketing emails
  • Cloud Storage: For file and image storage

All processors are contractually obligated to protect your data and use it only for specified purposes.

5.2 Service Partners

With your consent, we share data with:

  • Alan Boswell Group: For insurance services
  • HomeLet: For tenant referencing and rent guarantee
  • Credit Reference Agencies: For tenancy applications

5.3 Legal Requirements

We may disclose information when required by law:

  • In response to court orders or subpoenas
  • To comply with legal processes
  • To protect rights, property, or safety
  • In connection with fraud prevention

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the new entity. You will be notified of any such change.

5.5 Public Information

Property listings you create may be visible to the public, including:

  • Property addresses (with house numbers removed for privacy)
  • Property descriptions and features
  • Photographs and floor plans
  • Pricing information
  • Agent/landlord contact information (as you specify)

6. International Data Transfers

We primarily store data in the UK and EU. However, some service providers may process data outside the UK/EEA. When this occurs, we ensure adequate safeguards:

  • Standard Contractual Clauses (SCCs): EU-approved contract terms
  • Adequacy Decisions: Countries recognized by the UK/EU as providing adequate protection
  • US Providers: Compliance with UK-US and EU-US data transfer frameworks (where applicable)

7. Data Retention

7.1 Active Accounts

We retain your data for as long as your account is active and for a reasonable period afterward to:

  • Provide continued service
  • Comply with legal obligations
  • Resolve disputes
  • Enforce agreements

7.2 Inactive Accounts

Accounts inactive for 12 months will receive a deletion notice. If no response within 30 days:

  • Personal data will be anonymized or deleted
  • Property listings will be anonymized in archives
  • Transaction records may be retained for legal compliance

7.3 Specific Retention Periods

  • Account Information: Duration of account + 12 months
  • Transaction Records: 7 years (tax law requirement)
  • Communications: Duration of account + 2 years
  • Technical Logs: 90 days (unless required for security investigation)
  • Marketing Preferences: Until you opt out or account closure + 1 year

7.4 Right to Erasure Exceptions

We may retain data longer if required for:

  • Legal obligations (e.g., tax records)
  • Establishing, exercising, or defending legal claims
  • Public interest or scientific/historical research (anonymized)

8. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

8.1 Right to Access (Subject Access Request)

You can request a copy of all personal data we hold about you. We will provide this free of charge within 30 days.

8.2 Right to Rectification

You can request correction of inaccurate or incomplete personal data. Most information can be updated directly in your account settings.

8.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data when:

  • It's no longer necessary for the purposes collected
  • You withdraw consent (where consent was the legal basis)
  • You object to processing and there are no overriding legitimate grounds
  • Data was unlawfully processed

8.4 Right to Restrict Processing

You can request we limit how we use your data while:

  • Verifying accuracy of disputed data
  • Assessing your objection to processing
  • Processing is unlawful but you don't want deletion
  • You need the data for legal claims

8.5 Right to Data Portability

You can receive your data in a machine-readable format (CSV, JSON) and transmit it to another controller.

8.6 Right to Object

You can object to processing based on:

  • Legitimate interests: We must stop unless we demonstrate compelling legitimate grounds
  • Direct marketing: We must stop immediately upon request
  • Scientific/historical research: Unless necessary for public interest

8.7 Rights Related to Automated Decision-Making

You have the right not to be subject to solely automated decisions with significant effects. Our AI features are decision-support tools requiring human oversight, not fully automated decision-makers.

8.8 How to Exercise Your Rights

To exercise any of these rights:

  1. Email us at privacy@deckzmart.com or dpo@deckzmart.com
  2. Provide your name, email, and account details (for verification)
  3. Specify which right(s) you wish to exercise
  4. We will respond within 30 days (may be extended to 60 days for complex requests)

9. Security Measures

We implement industry-standard security measures to protect your data:

9.1 Technical Measures

  • Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Role-based access with least privilege principle
  • Authentication: Strong password requirements, optional 2FA
  • Network Security: Firewalls, intrusion detection systems
  • Regular Audits: Quarterly security assessments and penetration testing

9.2 Organizational Measures

  • Staff Training: Regular data protection and security training
  • Confidentiality Agreements: All staff bound by confidentiality obligations
  • Data Minimization: We collect only necessary data
  • Incident Response: Documented procedures for data breaches

9.3 Data Breach Notification

In the event of a data breach:

  • We will notify the ICO within 72 hours (if breach poses risk to rights and freedoms)
  • Affected users will be notified without undue delay (if high risk)
  • Notification will include nature of breach, likely consequences, and mitigation measures

10. Cookies and Tracking Technologies

We use cookies and similar technologies. For detailed information, see our Cookie Policy.

10.1 Essential Cookies

Required for platform functionality:

  • Session management
  • Authentication
  • Security features

10.2 Analytics Cookies

Help us understand usage (with consent):

  • Google Analytics (anonymized IP)
  • Usage statistics
  • Performance monitoring

10.3 Preference Cookies

Remember your settings:

  • Theme preference (dark/light mode)
  • Language selection
  • Dashboard customizations

11. Children's Privacy

Our service is not intended for children under 18. We do not knowingly collect data from children without parental consent. If you believe we have collected information from a child, please contact us immediately at privacy@deckzmart.com.

12. Updates to This Policy

We may update this Privacy Policy to reflect:

  • Changes in our practices
  • New features or services
  • Legal or regulatory changes

When we make material changes:

  • We will update the "Last Updated" date
  • We will notify you via email
  • Changes take effect 30 days after notification
  • Continued use indicates acceptance

13. Your Right to Complain

If you believe we have mishandled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

  • Website: ico.org.uk
  • Helpline: 0303 123 1113
  • Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

However, we encourage you to contact us first so we can attempt to resolve your concern.

14. Contact Us

For privacy-related inquiries:

  • Data Protection Officer: dpo@deckzmart.com
  • Privacy Team: privacy@deckzmart.com
  • Subject Access Requests: sar@deckzmart.com
  • General Support: support@deckzmart.com
  • Postal Address: DeckzMart Ltd, London, United Kingdom (Full address to be confirmed)

Your Privacy Matters

We are committed to transparency and protecting your personal data. If you have any questions about how we handle your information, please don't hesitate to contact us.

If you have questions about these legal documents, please contact us at legal@deckzmart.com

© 2026 DeckzMart Ltd. All rights reserved.