SPCE is operated by SPCE Ltd (company registration number: 10341227), whose registered office is: 4th Floor Market Chambers, 5-7 St Mary Street, Cardiff, Wales, CF10 1AT (“we”/”us”/”our”).
For the purposes of processing the personal data described in this Policy, we are the data controller (as defined in the Data Protection Act 1998 (the “DP Law”).
Our registration number with the Information Commissioner’s Office is: ZA279411.
Thank you for using SPCE!
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a new regulation which replaced the Data Protection Regulation (Directive 95/46/EC) on the 25th May 2018. The Regulation aims to harmonise data protection legislation across EU member states, enhancing privacy rights for individuals and providing a strict framework within which commercial organisations can legally operate.
We provide a Website and App which allows students, landlords (private and institutional) and agencies to connect directly with one another, thereby streamlining the house hunting process:
SPCE allows students to tailor their letting requirements, agree rent and finalise the rental terms for their property of choice, whilst having the option to utilise a guarantor to assist in finalising the tenancy agreement. Once any given tenancy has begun, the app-based efficiency of SPCE’s revolutionary solution enables real-time management and communication between students and their landlords, as well as guarantors, finally bringing modern tech-enabled convenience to student lettings.
For private landlords, the App and Website allow properties to be listed on a room by room basis and enable rental transactions to take place at a cost. Here, we take a commission (as per the rental value detailed in the tenancy agreement) as payment, so it works on a “no win no fee” basis.
Institutional landlords and agents
We allow institutional landlords and agents (who typically have in-house rent collection and tenancy systems in place) to advertise their properties on SPCE for a fee, determined by the number of properties and/or rooms they wish to advertise.
1. What personal data do we collect and why?
1.1 Information you give to us
We ask for and collect the following personal information about you when you use the SPCE platform. This information is necessary for the adequate performance of the contract between you and us and to allow us to comply with our legal obligations. Without it, we may not be able to provide you with all the requested services.
Determined by your use of SPCE (i.e. the personal information you upload to our App or Website) and whether you sign into SPCE using your social media profile (i.e. Facebook, or any other social media platform that may be available from time to time) and the corresponding log in details, we may collect and process the following information about you:
Where you are a student and you register with SPCE:
- your name, age, gender;
- your contact details including telephone number, mobile number, email address and postal address, and any proof of address you may provide;
- your location, GPS co-ordinates;
- your image, where this is included on your Facebook profile or other social media platform;
- your university name and university id and any other id you may provide;
- your payment information such as bank account details;
- the name of your guarantor and their details such as name, address;
- information about your computer or mobile device, including where available, your IP address, operating system and browser type;
- information in relation to your living habits, search specifications; and
- any other information that you may provide to us through the SPCE Website and/or App.
Where you are a guarantor and you are guaranteeing a student’s account:
- your name, age, gender;
- relationship to student;
- your contact details including telephone number, mobile number, email address and postal address;
- a valid proof of identity, proof of address and any proof of income you may provide;
- other financial information such as bank account details, sort codes;
- information about your computer, including where available your IP address, operating system and browser type; and
- any other information that you may provide to us through the SPCE Website and/or App.
Where you are a landlord (private or institutional), agent or university and you register and/or work with SPCE:
- your name or employee and/or agents name and address;
- your photo or employee and/or agents photo;
- where applicable, your company, agent or university name, address, legal address, director name and address;
- financial information, such as bank account details, sort codes;
- details of your property(ies) such as address, house type, rooms, features, amenities, amount of rent;
- photos of the property(ies);
- details of other tenants located at property(ies);
- tenant requirements;
- information about your computer or mobile device, including where available your IP address, operating system and browser type.; and
- any other information that you may provide to us through the SPCE Website and/or App.
1.2 Information you may choose to give to us
You may choose to provide us with additional personal information in order to obtain a better user experience when using SPCE Platform. This additional information will be processed based on your consent.
- Additional Profile Information: You may choose to provide additional information as part of your SPCE profile (such as gender, preferred language(s), city, and a personal description). Some of this information as indicated in your account settings is part of your public profile page, and will be publicly visible to others.
- Address Book Contact Information: You may choose to import your address book contacts or enter your contacts’ information manually to access certain features of the SPCE Platform, like inviting them to use SPCE.
- Other Information: You may otherwise choose to provide us information when you fill in a form, conduct a search, update or add information to your SPCE Account, respond to surveys, post to community forums, participate in promotions, or use other features of the SPCE Platform.
1.3 Information we automatically collect from your use of the SPCE platform
When you use the SPCE Platform and the Payment Services, we automatically collect information, including personal information, about the services you use and how you use them. This information is necessary for the adequate performance of the contract between you and us, to enable us to comply with legal obligations and given our legitimate interest in being able to provide and improve the functionalities of the SPCE Platform and Payment Services.
- Geo-location Information: When you use certain features of the SPCE Platform, we may collect information about your precise or approximate location as determined through data such as your IP address or mobile device’s GPS to offer you an improved user experience. Most mobile devices allow you to control or disable the use of location services for applications in the device’s settings menu. SPCE may also collect this information even when you are not using the App if this connection is enabled through your settings or device permissions.
- Usage Information: We collect information about your interactions with the SPCE Platform such as the pages or content you view, your searches for Listings, bookings you have made, and other actions on the SPCE Platform.
- Log Data and Device Information: We automatically collect log data and device information when you access and use the SPCE Platform, even if you have not created an SPCE Account or logged in. That information includes, among other things: details about how you’ve used the SPCE Platform (including if you clicked on links to third party applications), IP address, access dates and times, hardware and software information, device information, device event information, unique identifiers, crash data, cookie data, and the pages you’ve viewed or engaged with before or after using the SPCE Platform.
- Payment Transaction Information: SPCE Payments collects information related to your payment transactions through the SPCE Platform, including the payment instrument used, date and time, payment amount, payment instrument expiration date and billing postcode, PayPal email address, IBAN information, your address and other related transaction details. This information is necessary for the adequate performance of the contract between you and SPCE Payments and to allow the provision of the Payment Services.
1.4 Information we collect from third parties
SPCE may collect information, including personal information, that others provide about you when they use the SPCE platform or obtain information from other sources and combine that with information we collect through the SPCE platform. We do not control, supervise or respond for how the third parties providing your information process your personal data, and any information request regarding the disclosure of your personal information to us should be directed to such third parties.
- Third Party Services: If you link, connect, or login to your SPCE Account with a third party service (e.g. Google, Facebook, WeChat), the third party service may send us information such as your registration and profile information from that service. This information varies and is controlled by that service or as authorized by you via your privacy settings at that service.
- Your References: If someone has written a reference for you, it will be published on your SPCE public profile page with your consent. To learn more, see our Help Centre article about References.
- Background Information: To the extent permitted by applicable laws, SPCE may obtain reports from public records of criminal convictions or sex offender registrations. For Members outside of the United Kingdom, to the extent permitted by applicable laws and with your consent where required, SPCE may obtain the local version of police, background or registered sex offender checks. We may use your information, including your full name and date of birth, to obtain such reports.
- Other Sources: To the extent permitted by applicable law, we may receive additional information about you, such as demographic data or fraud detection information, from third party service providers and/or partners, and combine it with information we have about you. For example, we may receive background check results (with your consent where required) or fraud warnings from service providers like identity verification services for our fraud prevention and risk assessment efforts. We may receive information about you and your activities on and off the SPCE platform through partnerships, or about your experiences and interactions from our partner ad networks.
2. How do we use your information?
We may use the personal data described above for the following purposes:
- to maintain and improve the functionality of the SPCE Website;
- to perform any contract we may have in place with you;
- to communicate with you including sending you notifications about your account;
- to allow us to manage your account you hold with us;
- to improve your user experience and to prevent abuse;
- for tax, risk management and other internal record keeping purposes;
- to respond to any questions or other matters raised by you in relation to us, the SPCE Website or any of our products and services;
- to understand your use of the SPCE Website, or keep a record of your product or service preferences;
- to provide you with information regarding our products and services, where you have consented to be contacted for such purposes or it is otherwise lawful for us to do so;
- for compliance with legal, regulatory and other good governance obligations; and
- for any other purposes related to the management of your legal relationship with us.
Where you are a student:
- in order for us to process and complete your property searches;
- in order for us to assist you in managing your SPCE including the management of fees; and
- to allow us to contact third parties such as guarantors to verify information about you.
Where you are a guarantor:
- to allow you to guarantee someone’s application for accommodation, which will include us contacting you to verify the student’s information;
- to allow you to place a cap on the student’s rental price limit; and
- to allow us to contact third parties such as banks and credit agencies to verify financial information.
Where you are a landlord, agent or university:
- to allow us to facilitate contact with prospective tenants including agreeing the terms of your SPCE and liaising via direct chat on the platform; and
- in order for us to process and complete your property listings that you have placed with us.
Please note that when we obtain a photo from your mobile or computer i.e. photos of your property or your profile photo, a copy is stored on our database which is associated with SPCE. A copy may also exist in our archived systems. We may also store the details you enter on the SPCE Website in a database. This database, along with one or more backup copies is stored on computers based in the European Union. Please note that all information captured via the Website shall be sent to cloud storage where an internet connection is available.
We may store and process your information on our own technology systems or on systems owned by third parties that may store and process your information on our behalf.
3. Aggregated information
We may also convert your personal data into anonymous data and use it (normally on an aggregated statistical basis) for research and analysis to improve the SPCE Website and/or our products and services.
Anonymised aggregated personal information does not personally identify you or any other user of the SPCE Website and is therefore not personal data.
4. On what legal basis do we process your personal data?
Our legal basis for the processing of personal data is our legitimate business interests, described in more detail below, although we will also rely on contract, legal obligation and consent for specific uses of data.
We will rely on contract if we are negotiating or have entered into a tenancy agreement with you or your organisation or any other contract to provide services to you or receive services from you or your organisation.
We will rely on legal obligation if we are legally required to hold information on to you to fulfil our legal obligations.
We will in some circumstances rely on consent for particular uses of your data and you will be asked for your express consent, if legally required. Examples of when consent may be the lawful basis for processing include permission to share your details with landlords or prospective tenants when you have given it.
4.1 Our Legitimate Business Interests
We have a number of lawful reasons that mean we can use your personal information, including your consent, where you give it. One lawful reason is something called ‘legitimate interests’. In general terms, “Legitimate Interests” means we can process your personal information if:
- We have a genuine and legitimate reason; and
- We are not harming any of your rights and interests.
Should we want or need to rely on consent to lawfully process your data we will request your consent orally, by email or by an online process for the specific activity we require consent for and record your response on our system. Where consent is the lawful basis for our processing you have the right to withdraw your consent to this particular processing at any time.
6. Do we share your personal data with any third parties?
In order to process your personal data for the purposes described in this Policy, your personal data may need to be disclosed to (or otherwise processed by) third parties acting on behalf of us. Such third parties could include employees or agents who are employed to administer and provide support for your account with SPCE.
We may disclose your personal information to third parties if we are under a duty to disclose or share your personal data, in order to comply with any legal regulations or good governance obligations, or in order to enforce or to protect our rights, property, or safety, or that of our customers or other persons with whom we have a business relationship, or to purchasers or prospective purchasers in relation to a disposal of our business or assets.
We will share your data for the purpose of carrying out analytics. For analytics data, we use Google Analytics, MailChimp, Mandril and HotJar. If you would like to review their respective privacy policies, please refer to the following links:
- Mailchimp/Mandrill: Mailchimp, our email campaign service provider, to keep you up to date with our news. Mailchimp has certified its agreement to the EU/US Privacy Shield. See further here – link mailchimp.com/legal/privacy
Hotjat: Hotjar is a way for us to understand how visitors to SPCE interact with our App and Website. See further here - www.hotjar.com/privacy
With your consent, we may also permit selected third parties to use your data, to provide you with information about goods and services which may be of interest to you and they may contact you about these by email, post or telephone (further details below).
We may also permit selected third parties to use your data, to help provide you the best service we can, you can see a full list of our partner here: www.liveinSPCE.com/partners
In relation to digital marketing if you have visited our Website or interacted with us through social media then we may share information with our marketing partners (listed below) to create and run marketing campaigns, including, marketing and retargeting:
- The Tab
- BAM Marketing
- Cup the Market
- Kiss FM
- The University Paper
- Save the Student
- National Association of Student Money (NASMA)
- National Landlord Association (NLA)
- Social Chain
- Studio Graphene
- Hello Consultants
- Various Universities and/or higher education bodies
In addition, we work with Experian, a third-party credit reference agency, which may use your personal data as part of its Rental Exchange service. This information will be used to allow tenants to improve their credit score without having to take on additional debt. Prospective payment data will be shared with the Rental Exchange and may be made available to other organisations. For more information, please refer to the following link: www.experian.co.uk/rental-exchange
You may at any time log into your account and delete your details from our system if you are no longer interested in receiving our service. However where you have entered into a tenancy, whether as a landlord or student you will be bound by our Terms of Service. If you would like to review our Terms of Service, please refer to the following link: www.liveinSPCE.com/terms
Where you are a student:
In order to provide you with the service, we will share your personal data with prospective landlords who have property vacancies to fill. Landlords will have access to your information, such as your name and details. Landlords will be able to contact you where you have shown interest in their SPCE. Landlords will also be able to start live chats with you, where you permit this or initiate this. We will also share your information with your named guarantor in order to verify your information.
Where you have added other students to the same SPCE, we will share your information with these additional students (subject to you initiating this request).
Where you are a guarantor:
In order to provide you with the service, we will verify the financial information you submit, with a third-party credit reference agency such as Experian or Homelet. These third parties will have access to your information, such as your name and details.
In order to provide you with the service, we will have to obtain all necessary financial information from you such as debit or credit card numbers.
Where you are a landlord or agency:
As part of the service, we will share your personal data with prospective tenants who are interested in your property listing(s). They will receive details of your property and your name. You will be able to liaise with tenants over direct chat and tenants will be able to contact you to raise queries and inform you where i.e. a repair is required in your SPCE.
7. Where do we store your data and what safeguards are in place to protect it?
The data that we collect from you is stored on Amazon Web Services (AWS) servers within the European Economic Area (”EEA”). We take appropriate steps with a view to protecting the security of your personal information. We will treat all your information in strict confidence and we will endeavour to take all reasonable steps to keep your information secure once it has been transferred to our systems. We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorised access, alteration, disclosure or destruction of your personal information.
All information you provide to us is stored on these secure servers and any payment transactions are encrypted. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Please note that the transmission of information via the internet is not completely secure. We cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk.
8. How do we conduct direct marketing?
We would like to provide you with information about new products, services, promotions and offers from us and or our third party partners (as listed on the SPCE Website), which may be of interest to you. This communication may occur by post, e-mail. SMS or telephone. From time to time we may also wish to share your contact details with these third parties so that they can contact you directly about their own products, services, promotions and offers.
Where we need consent for this we will ask for it separately (outside of this Policy). Where we need to give you an opt-out opportunity before we send you our own marketing we will do so. Any direct marketing that you receive from us in electronic form will also provide a simple means for you to opt-out of receiving further marketing communications. For example, in e-mails we may provide you with an “unsubscribe” link, or an e-mail address to which you can send an opt-out request. We will take steps to stop any marketing to which you object or in respect of which you withdraw your consent within a reasonable period, but please allow sufficient time for the change to be administered.
9. Transfers to other countries
Your personal data may be transferred by us as data controller to countries and territories outside the UK and the European Economic Area which do not have the same level of protections for personal data as apply in the UK. We are required by the DP Law to ensure that there are adequate protections for it in those other countries and territories.
10. How you can change your details
You can manage your information and amend your details within SPCE by accessing your account. If you are a guarantor, you will not have a separate SPCE account, please contact us instead using the details contained in section 14.
If you stop using SPCE, your information will be retained on our servers and affiliated database for a period of time after which it shall be deleted. All data retention shall be in accordance with DP Law and applicable law and regulatory requirements.
11. What are your rights in relation to your personal data?
The GDPR provides you with the following rights. To:
of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Request the restriction of processing
of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
of your personal information to another party in certain formats, if practicable.
to a supervisory body which in the United Kingdom is the Information Commissioner’s Office. The ICO can be contacted through this link: ico.org.uk/concerns/
You have the right to request access to or receive copies of the personal data that we hold about you. If you would like to exercise this right, please contact us at email@example.com.
If you believe that any information we have about you is incorrect or incomplete and you are unable to change it yourself via your account, please contact us using the details provided above us as soon as possible. We will take steps to seek to correct or update any information if we are satisfied that the information we hold is inaccurate.
12. How do we use cookie on our Website?
13. What should I do if I suspect a data breach?
Under the GDPR, SPCE has a responsibility to keep the personal data it holds safe, and as part of this we must have appropriate safeguards in place to ensure that we act appropriately in the event of a data breach. If you suspect that there has been a data breach in relation to personal data that SPCE has under its control then please notify us immediately. Once we have been notified then we, SPCE, will act in accordance with of our Data Breach Policy, and the response team members (all of which have received the appropriate training) will ensure they respond in an adequate manner.
14. Changes to the Policy
We may change this Policy from time to time by updating this page in order to reflect changes in the law and/or our privacy practices. We will update the date at the top of the Policy accordingly. We encourage you to check this Policy for changes when you revisit the SPCE Website.
15. Contacting us
We hope that we have shared with you all the information you need, but in the event that we haven’t, or if you have any questions then please contact us at firstname.lastname@example.org.