Legal
Privacy Policy
Effective Date: April 2026
Forge CRM Limited trading as Get Rent Ready ("we", "us", or "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, and protect your personal data when you visit our website (www.getrentready.co.uk) or use our B2B compliance documentation services.
We are registered with the Information Commissioner's Office (ICO) under registration number ZB813766193.
1. Information We Collect
1.1 Data provided by you (Our Clients)
When you enquire about or sign up for our services, we collect:
- Contact Information: Name, email address, phone number, and job title.
- Business Information: Agency name, company registration number, registered address, and billing details.
- Communication Data: Records of your correspondence with us via email or our website contact forms.
1.2 Data processed on your behalf (Client Data)
In providing our compliance documentation services, we process personal data provided by you (the letting agent) relating to your landlords and tenants. This includes:
- Tenant Data: Names, property addresses, and tenancy start dates.
- Landlord Data: Names, contact emails, and phone numbers.
- Property Data: Deposit amounts, EPC ratings, and safety certificate statuses.
Note: When processing Client Data, we act as a "Data Processor" under the UK GDPR, and you act as the "Data Controller." Our processing of this data is governed by our Data Processing Agreement (DPA).
1.3 Automatically Collected Data
When you visit our website, we may automatically collect technical data, including:
- IP address, browser type and version, time zone setting, and operating system.
- Information about your visit, including the pages you viewed, page response times, and download errors.
2. How We Use Your Data and Lawful Basis
Under the UK General Data Protection Regulation (UK GDPR), we must have a lawful basis for processing your personal data. We rely on the following bases:
| Purpose of Processing | Type of Data | Lawful Basis |
|---|---|---|
| To register you as a new client and set up your account | Contact & Business Information | Contractual Necessity: Necessary to perform our contract with you. |
| To provide our compliance documentation services | Client Data (Tenant/Landlord info) | Contractual Necessity: Necessary to fulfill our service obligations as a Data Processor. |
| To manage payments, fees, and charges | Contact & Business Information | Contractual Necessity and Legitimate Interests: To recover debts due to us. |
| To send you service updates, technical notices, and support messages | Contact Information | Contractual Necessity and Legitimate Interests: To keep you informed about the service you use. |
| To send B2B marketing communications (e.g., cold emails) | Contact Information (Corporate emails only) | Legitimate Interests: To grow our business, in compliance with PECR. You can opt out at any time. |
| To improve our website and services | Automatically Collected Data | Legitimate Interests: To study how customers use our services and develop our business. |
3. Data Sharing and Third-Party Processors
We do not sell your personal data. We only share your data with trusted third-party service providers (Sub-processors) who assist us in operating our business. These include:
- Google Workspace (Google LLC): Used for email hosting, document storage (Google Drive), and data collection (Google Sheets). Data may be transferred outside the UK, subject to appropriate safeguards such as Standard Contractual Clauses (SCCs).
- Tally.so: Used for our client intake forms.
- Wave Accounting / GoCardless: Used for invoicing and payment processing.
All our third-party processors are required to take appropriate security measures to protect your personal data in line with our policies and the UK GDPR.
4. Data Security
We have implemented appropriate technical and organizational security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. These measures include:
- "Zero Local Storage" policy: All client data is stored securely in the cloud (Google Workspace).
- Two-Factor Authentication (2FA) on all business accounts.
- Full-disk encryption on all company devices.
- Strict access controls limiting data access to authorized personnel only.
5. Data Retention
We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
- Client Account Data: Retained for the duration of our contract and for 6 years thereafter for tax and legal purposes.
- Client Data (Tenant/Landlord info): Monthly data sheets and generated compliance documents are permanently deleted 90 days after delivery to you, minimising our risk footprint.
6. Your Legal Rights
Under the UK GDPR, you have the following rights regarding your personal data:
- Right of Access: Request a copy of the personal data we hold about you.
- Right to Rectification: Request correction of incomplete or inaccurate data.
- Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data where there is no good reason for us continuing to process it.
- Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
- Right to Restriction: Request the restriction of processing of your personal data.
- Right to Data Portability: Request the transfer of your personal data to you or a third party.
To exercise any of these rights, please contact us at [email protected]. We aim to respond to all legitimate requests within one month.
7. Cookies
This website uses only strictly necessary functional cookies — small text files that are essential for the site to work correctly (for example, to remember your session state). We do not use analytics cookies, advertising cookies, or any third-party tracking technologies on this website.
Because we only use strictly necessary cookies, we are not required to obtain your consent under the UK Privacy and Electronic Communications Regulations (PECR), and no cookie consent banner is displayed. If this changes in the future, we will update this policy and implement appropriate consent mechanisms before doing so.
8. Contact Us and Complaints
If you have any questions about this Privacy Policy or our data protection practices, please contact us at [email protected].
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.