Privacy Policy
Effective Date: 24/11/2025
Flatm8 ("we", "our", or "us") is committed to protecting your privacy. We are a non-profit social venture operating in the public interest. This policy explains how we handle your personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who We Are
Flatm8 is the data controller for the personal information we process. Contact: team@flatm8.co.uk
2. The Data We Collect
We collect the following categories of personal data:
- Identity Data: Email address, username.
- Profile Data: Your password (encrypted), address history, and preferences.
- Content Data: Reviews, photos, and comments you submit.
- Technical Data: IP address, browser type, and device information (for security and debugging).
3. How We Use Your Data
We process your data for specific purposes under the following lawful bases:
| Purpose | Lawful Basis |
|---|---|
| To register you as a new user | Performance of a Contract |
| To manage our relationship with you | Performance of a Contract |
| To publish and verify reviews | Legitimate Interests (providing a trusted platform) |
| To detect and prevent fraud/abuse | Legitimate Interests (network security) |
| Public-interest research & advocacy | Legitimate Interests (social mission) or Consent (where applicable) |
4. Data Sharing
We do not sell your data. We strictly limit sharing to:
- Service Providers: IT and system administration services (e.g., hosting providers) who process data on our behalf under strict confidentiality.
- Public-Interest Partners: Trade unions, civic tech organisations, and researchers. Sharing is limited to non-profit, rights-based, or housing policy purposes. We prioritise anonymised data.
- Legal Requirements: If required by law or to protect the rights and safety of our community.
5. International Transfers
We store data primarily within the UK/EEA. If we transfer data outside this area, we ensure it is protected by appropriate safeguards (e.g., UK International Data Transfer Agreement).
6. Data Retention
We retain your personal data only as long as necessary to fulfil the purposes we collected it for.
- Account Data: Retained whilst your account is active.
- Reviews: Retained indefinitely as part of the public record of housing standards, unless you request deletion.
- Anonymised Data: May be kept indefinitely for research.
7. Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way. Access is limited to employees and partners who have a business need to know.
8. Your Legal Rights
Under the UK GDPR, you have rights including:
- Access: Request a copy of your personal data.
- Correction: Request correction of inaccurate data.
- Erasure: Request deletion of your data ("right to be forgotten").
- Objection: Object to processing based on legitimate interests.
- Restriction: Request restriction of processing.
- Portability: Request transfer of your data.
To exercise any of these rights, please contact us at team@flatm8.co.uk.
9. Complaints
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO.