Habel PropertyHub Privacy Policy

 

1. Introduction

Belvedere Habitat Ltd respects your privacy and is committed to protecting personal data. This Privacy Policy explains how we collect, use, disclose and protect personal data when you visit habel.uk, use app.habel.uk, create an account, communicate with us, receive marketing, connect integrations, or otherwise use Habel PropertyHub.

This Privacy Policy should be read alongside our Terms and Conditions, cookie notice and any in-product notices provided when particular features or integrations are enabled.

The Platform is not intended for children and we do not knowingly collect personal data from children as direct users of the Platform.

2. Controller details and contact

Belvedere Habitat Ltd is the controller for personal data we process for our own purposes, such as account administration, billing, website analytics, marketing, security, support and product improvement.

• Company: Belvedere Habitat Ltd
• Company number: [insert company number]
• Registered office: [insert registered office address]
• Privacy contact: [insert privacy/contact email, e.g. privacy@habel.uk]
• Directly from you when you register, subscribe, complete onboarding, add Properties, invite Authorised Users, contact support, respond to surveys, or submit forms.
• From Authorised Users or customers who add data about tenants, occupiers, guarantors, keyholders, contractors or other people connected with a Property.
• Automatically through cookies, server logs, analytics tools, security tools and similar technologies when you use the website or Platform.
• From Third-Party Services you connect to the Platform, such as document storage, calendar, email, identity, CRM or payment services.
• From public sources, professional advisers, partners, payment processors, analytics providers, CRM providers or other service providers where relevant and lawful.
• Cloud hosting, infrastructure, database, storage, monitoring and security providers.
• Identity, authentication, email, SMS, notification and customer-support providers.
• Payment processors, accounting, finance, banking and subscription-management providers.
• CRM, marketing automation, analytics, product analytics and advertising measurement providers.
• Document-storage, calendar and other integration providers selected or authorised by you.
• Professional advisers, insurers, auditors, lawyers, accountants and consultants.
• Regulators, courts, law enforcement, public authorities or other third parties where required by law or necessary to protect rights, safety and security.
• Buyers, investors, funders or successor organisations if we restructure, sell or transfer all or part of our business or assets, subject to appropriate safeguards.
• Replace placeholders for company number, registered office, contact email and privacy lead/DPO wording.
• Confirm actual subprocessors, integrations, hosting regions, CRM tools, analytics tools and payment providers used at launch.
• Create a separate cookie notice and cookie preference mechanism if non-essential cookies are used.
• Confirm whether AI features are live at launch and update AI wording accordingly.
• Confirm retention periods with product, engineering and legal advisers.
• Prepare a short tenant-facing privacy wording template for landlords if Habel wants to help customers meet transparency obligations.
• Have the document reviewed by a UK data protection solicitor before publication.

We have not named a Data Protection Officer in this draft. Before publication, confirm whether a formal DPO is required or whether a privacy lead/contact should be listed instead.

3. When we act as controller and when we act as processor

For account, billing, support, website, security, analytics, marketing and platform-administration data, we generally act as controller. For Tenant Data and property-management records that a landlord, property manager or Authorised User uploads into the Platform, we generally act as processor on behalf of that customer, unless the law or the context requires otherwise.

If you are a landlord, property owner, agent or property manager using the Platform, you are responsible for providing appropriate privacy information to tenants, occupiers, guarantors, applicants, keyholders, contractors and others whose personal data you add to the Platform.

4. Personal data we collect

Category	Examples
Identity data	Name, username, job title, role, organisation, landlord/agent status and account identifiers.
Contact data	Email address, telephone number, billing address, business address, property address and communication preferences.
Account and profile data	Login details, account settings, plan type, Authorised User permissions, onboarding status, preferences, feedback and survey responses.
Property and tenancy data	Property records, tenancy dates, rent details, certificates, insurance dates, mortgage dates, notices, check-in/check-out records, inspection notes, maintenance tasks and related documents.
Tenant, occupier and keyholder data	Names, contact details, addresses, tenancy or occupancy information, access notes, emergency contacts, guarantor information and communications added by customers.
Financial and transaction data	Billing details, payment status, invoices, subscription records, transaction identifiers and payment-method information processed by payment providers.
Technical data	IP address, device identifiers, browser type and version, time-zone setting, operating system, login data, authentication events, security logs and diagnostic data.
Usage data	Pages viewed, features used, tasks created, files linked, reminders configured, interactions with dashboards, support events and product analytics.
Marketing and communications data	Marketing preferences, email engagement, campaign source, form submissions, webinar/event interactions, CRM notes and communications with us.
Integration data	Metadata and permissions associated with connected services such as document storage, calendar, email, CRM, payment, identity and analytics tools.
AI and automation data	Prompts, inputs, generated outputs, feedback and usage logs where AI-assisted features are enabled.

The Platform is not designed for special category data. You should avoid adding health, biometric, political, religious, trade union, sexual orientation, criminal offence or similarly sensitive information unless strictly necessary and lawful.

5. How we collect personal data

• Directly from you when you register, subscribe, complete onboarding, add Properties, invite Authorised Users, contact support, respond to surveys, or submit forms.
• From Authorised Users or customers who add data about tenants, occupiers, guarantors, keyholders, contractors or other people connected with a Property.
• Automatically through cookies, server logs, analytics tools, security tools and similar technologies when you use the website or Platform.
• From Third-Party Services you connect to the Platform, such as document storage, calendar, email, identity, CRM or payment services.
• From public sources, professional advisers, partners, payment processors, analytics providers, CRM providers or other service providers where relevant and lawful.

6. How and why we use personal data

Purpose	Examples	Likely lawful basis
Provide the Platform	Create accounts, authenticate users, store property records, display dashboards, manage tasks, reminders and documents.	Contract; legitimate interests; legal obligation where applicable.
Manage subscriptions and payments	Process billing, invoices, renewals, failed payments, tax records and account status.	Contract; legal obligation; legitimate interests.
Customer support and administration	Respond to enquiries, troubleshoot issues, provide onboarding support and manage service communications.	Contract; legitimate interests.
Security and fraud prevention	Monitor login events, detect abuse, investigate incidents, protect systems and prevent misuse.	Legitimate interests; legal obligation.
Product improvement and analytics	Understand feature usage, improve workflows, debug errors, measure performance and develop new features.	Legitimate interests; consent where required for non-essential cookies.
Marketing and CRM	Send product updates, newsletters, launch offers, demos, onboarding campaigns and similar communications.	Consent; legitimate interests; soft opt-in where available; legal obligation for opt-outs.
Integrations	Connect to selected third-party tools, sync calendar reminders, link documents, send notifications or process payments.	Contract; legitimate interests; consent/authorisation where required by the integration.
AI-assisted features	Summarise records, extract data, suggest tasks or identify missing information, where enabled.	Contract; legitimate interests; consent where required by the feature or settings.
Legal and compliance	Comply with law, respond to regulators, enforce terms, resolve disputes and keep necessary records.	Legal obligation; legitimate interests; establishment, exercise or defence of legal claims.

7. Marketing

We may send marketing communications where permitted by law. You can opt out of marketing emails at any time using the unsubscribe link in the email or by contacting us. We may still send service messages, security notices, billing messages and other non-marketing communications relating to your Account or the Platform.

8. Cookies and similar technologies

We may use cookies, pixels, SDKs, local storage and similar technologies to operate the website and Platform, keep users signed in, remember preferences, secure sessions, understand usage and measure marketing performance. Non-essential cookies should only be used where permitted by law and, where required, with consent.

Before publication, prepare a separate cookie notice or cookie preference centre listing the cookies, providers, purposes, durations and choices available to users.

9. Sharing personal data

We may share personal data with the following categories of recipients where necessary and lawful:

Where customers add Tenant Data to the Platform, we process it in accordance with our Terms and the customer’s instructions, subject to legal requirements.

10. International transfers

Some providers may process personal data outside the UK. Where this happens, we will use appropriate safeguards where required, such as UK adequacy regulations, the UK International Data Transfer Agreement, the UK Addendum to EU standard contractual clauses, or another lawful transfer mechanism.

Before publication, confirm the actual hosting region and subprocessors used at launch and update this section accordingly.

11. Data security

We use appropriate technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse, alteration or disclosure. Measures may include access controls, encryption in transit, authentication, logging, backups, role-based permissions, security monitoring and supplier due diligence.

No online service can guarantee absolute security. You are responsible for securing your devices, networks, passwords, Authorised User access and connected Third-Party Services.

12. Data retention

Data type	Draft retention approach
Account and profile data	For the life of the Account, then for a reasonable period for audit, security, legal claims and business records.
Billing and transaction records	Normally retained for at least six years where needed for tax, accounting and legal purposes.
Customer Data and Tenant Data	For the life of the customer Account or Subscription, then deleted or anonymised after expiry of any backup, legal, security or dispute-resolution retention period.
Support communications	For as long as needed to resolve the enquiry and maintain a record of support history, then deleted or anonymised when no longer required.
Marketing data	Until you unsubscribe, withdraw consent, object, or the data is no longer needed for the marketing purpose.
Security logs	For a limited period appropriate to security monitoring, incident investigation and fraud prevention.
Analytics data	Aggregated or anonymised where possible; identifiable analytics retained only for as long as needed for the relevant purpose.

Retention periods must be finalised against the actual product architecture, backup policy, legal advice and customer commitments.

13. Your rights

Depending on the circumstances and lawful basis, individuals may have rights to access personal data, correct inaccurate data, request erasure, restrict processing, object to processing, request portability, withdraw consent and complain to the Information Commissioner’s Office.

If your request relates to Tenant Data or other Customer Data controlled by one of our customers, we may direct you to that customer or handle the request in accordance with the customer’s instructions and applicable law.

You can contact the UK Information Commissioner’s Office via ico.org.uk. We would appreciate the opportunity to deal with your concerns first, so please contact us using the details above.

14. Third-party links and services

The website or Platform may contain links to or integrations with third-party websites, plug-ins, applications and services. We do not control those third parties and are not responsible for their privacy practices. You should read their privacy notices and terms before connecting or using them.

15. Automated decision-making

We do not currently intend to make decisions with legal or similarly significant effects about individuals based solely on automated processing. If this changes, we will update this Privacy Policy and provide any required notices and safeguards.

16. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. Where changes are material, we will take reasonable steps to notify users, such as by email or in-app notice. The “last updated” date should be revised whenever the policy is changed.