Privacy Policy

The information set out in this Privacy Policy is provided to individuals whose personal data we process (you or your) as data controller, in compliance with our obligations under the Data Protection Act 2018 and the UK GDPR (as defined in the as defined in the Data Protection, Privacy and Electronic Communications Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations SI 2019/419) (GDPR).

1. Who Are We?

  • For all personal data collected by companies within the BYM Group and the BYM Capital Group the data Controller is BYM Capital Ltd (BYM, us or we). BYM are registered in England under registration number 09862005 and our registered office is at 16 Great Queen Street, Covent Garden, London, United Kingdom, WC2B 5AH.
  • You can contact us:
    • By post to 16 Great Queen Street, Covent Garden, London, United Kingdom, WC2B 5AH;
    • Using our website contact form which can be found on our website.
    • By telephone on the contact number published on our website from time-to-time; or
    • By email on
  • We at BYM are committed to maintaining the trust and confidence of visitors to our website, our customers and anyone with whom we do business. We want you to know that we are not in the business of selling or trading email lists with other companies and businesses for marketing purposes. In this Privacy Policy we’ve provided lots of detailed information on when and why we collect your personal information, how we use it and the limited conditions under which we may disclose it to others and how we keep it secure.
  • By using the BYM websites and mobile applications or otherwise providing your personal information to us, you agree to the collection, use and sharing of your information in accordance with this statement. Please read this Privacy Policy carefully and contact us if you have any questions.
  • Personal information is information, or any combination of separate pieces of information, that could be used to identify you, or which is directly identifiable as information relating to you.
  • Should you have any queries in respect of this statement or our use of personal data, please contact our Data Controller on

2. What Data Do We Collect?

  • We may collect information about you from a variety of sources. This includes information we collect directly from you, information we collect when you make an application for one of our properties, view our online content or use our mobile applications or other services; and information we collect about you from other sources, including our property management service providers or letting agents.


  • Information we collect directly from you.
    • We collect information from you directly when you enter into a contract to occupy one of our properties, contact us or make an enquiry about one of our premises, create an account on our websites or mobile applications, call or email us, or otherwise give information to us directly. The following are examples of information we may collect from you:
      • Your name, data of birth, email address, postal address, telephone number, fax number (Profile Data);
      • Your account details, including your Contact Data and your username and password (Account Data);
      • Payment information (such as a credit card or bank account) (Financial Data);
      • Future communication preferences, telephone number and recordings when you call our central line, and records of contact between us and you (Communication Data);
      • Passport information, previous address history (and references), credit checks, proof of address documentation and previous bank statements (Verification Data);
      • Certain technical log data (such as your IP address), website analytics, and user traffic data (Usage Data);
      • Your Profile Data, Communication Data and your marketing preferences, including any properties you have rented or made enquiries about in the past (Marketing Data).


  • Information from Other Sources
    • We may receive information from our property agents if you make an enquiry about one of our properties or enter into a contract for one of our properties. Such data will include your Profile Data, Financial Data, and verification Data.
    • Our tenant management agents will provide us with personal data regarding your occupation of our properties, including Profile Data and Communication Data, details about your rental payments and services you have requested.
    • We may be passed your Profile Data by our property agents where they believe that you will have an interest in one of our developments.


  • Special category data
    • Except as set out above, we do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.


3. Who do we share information with?

  • We may disclose your personal information to, and your personal data may be processed by:
    • any member of our group of companies or our associated companies (this means our subsidiaries, our ultimate holding company and all its subsidiaries, and any other company owned or controlled within the BYM group);
    • our insurers and or professional advisors insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defence of legal claim whether in court proceedings or in an administrative or out-of-court procedure;
    • our consultants and third parties necessary to enable us to fulfil our obligation to you under contract or to offer our services either directly or through that third party and to provide you any information that you have consented to receive;
    • our payment service providers Paypal or our bank (as it changes from time-to-time). We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds;
    • regulators, fraud prevention agencies or other third parties for the purposes of monitoring and/or enforcing our compliance with any legal and regulatory obligations, including statutory or regulatory reporting or the detection or prevention of unlawful acts;
    • any guarantor you have listed in your contract with us for the purpose of invoking that guarantee or informing the guarantor of your failure to comply with the contract;
    • our own professional advisers and auditors for the purpose of seeking professional advice or to meet our audit responsibilities; and
    • third parties which process information on our behalf (e.g. internet service and data storage and security platform providers, tenant management services providers and property agents, service providers who need to provide maintenance services at our properties, and those organisations we engage to help us send communications to you) so that they may help us to provide you with the services and information you have requested.

4. What do we do with your data?

  • The types of personal data that we may collect, use, store and transfer about you will depend on the relationship we have with you. We have set out below the types of information collected above in paragraph 2, together with the purpose and legal grounds for processing as set out below.
    • Account Data and Profile Data: We may process Account Data and Profile Data because it is in our legitimate interests to do so for the purposes of providing our services, letting a property to you, ensuring our service providers (including maintenance and utilities providers) can provide services to you in order to comply with our contractual obligations to you, operating our website, ensuring the security of our website and services and communicating with you and properly administering our website, properties and business.
    • Financial Data: If it is necessary for the performance of our contract for the purpose of taking payment and issuing applicable refunds, including taking all applicable rent and service charge payments, and for instructing our debt collection partners in case you fail to pay rent in accordance with your contract.
    • Financial Data and Verification Data: where such data is provided to us in the course of your use of our services we may process this data because it is in our legitimate interests to do so or because it is necessary for the performance of our contract with you in order to let a property to you, respond to your enquiries regarding a property, to conduct checks we are contractually or legally required to undertake before we are permitted to let a property to you or to satisfy our own verification and identity checks.
    • Communication Data: We may process your information based on your consent or because it is in our legitimate interests to do so
      • contained in any enquiry you submit to us  for the purposes of dealing with and responding to your enquiry.
      • We will also process your data as part of any add-on service that we provide in relation to our properties (such as tenant information portal, app or other communications)
    • Marketing Data: where you have provided your consent, or where it is in our legitimate interests for the purpose of offering, marketing and selling relevant goods and/or services to you or letting you know about other properties you may be interested in.
    • Usage Data: We may process data about your usage of our website and services for the purposes of analysing the use of website and services based on our legitimate interests, namely the monitoring and improving our website and services.
    • Cookies Data: Where consent has been obtained: We may use “cookies” and other anonymous web tracking technologies (such as “web beacon” and “pixel tags”) implemented by us or by third party service providers. A cookie is a small file of letters and numbers that is sent to your device when you visit our site, allowing our site to recognise your browser if you revisit it. Cookies may store your online preferences and other information about the interaction you make in the site.

5. How is data used internationally?

  • We have offices in the United Kingdom and abroad.
  • We will not transfer your personal data to any third party based in any country which is outside the UK unless:
    • the country or recipient is covered by an adequacy decision of the Commission under GDPR Article 45;
    • appropriate safeguards have been put in place which meet the requirements of GDPR Article 46 (for example using the approved Standard Model Clauses for transfers of personal data outside the UK); or
    • one of the derogations for specific situations under GDPR Article 49 is applicable to the transfer.  These include (in summary):
      • the transfer is necessary to perform, or to form, a contract to which we are a party:
        • with you; or
        • with a third party where the contract is in your interests;
      • the transfer is necessary for the establishment, exercise or defence of legal claims;
      • you have provided your explicit consent to the transfer; or
      • the transfer is of a limited nature, and is necessary for the purpose of our compelling legitimate interests.
  • Any subcontractors or consultants operating outside the UK shall also be required to adhere to the necessary standards of data protection as set out by the European Commission.
  • You acknowledge that personal data that you submit for publication through our website or services may be available, via the internet, around the world. We cannot prevent the use (or misuse) or such personal data by others.

6. How can you access your personal information and what are your rights?

  • You have certain rights under existing data protection laws, including the right to (upon written request) access a copy of your personal data that we are processing. In accordance with the Data Protection Act 2018 and the GDPR:
    • you will have the following rights:
      • right to access: the right to request certain information about, access to and copies of the personal information about you that we are holding (please note that you are entitled to request one copy of the personal information that we hold about you at no cost, but for any further copies, we reserve the right to charge a reasonable fee based on administration costs); and
      • right to rectification: the right to have your personal information rectified if it is inaccurate or incomplete; and
    • in certain circumstances, you will also have the following rights:
      • right to erasure/“right to be forgotten”: the right to withdraw your consent to our processing of the data (if the legal basis for processing is based on your consent) and the right to request that we delete or erase your personal information from our systems (however, this will not apply if we are required to hold on to the information for compliance with any legal obligation or if we require the information to establish or defend any legal claim);
      • right to restriction of use of your information: the right to stop us from using your personal information or limit the way in which we can use it; and
      • right to object: the right to object to our use of your personal information including where we use it for our legitimate interests or for marketing purposes.
  • For any requests or queries regarding your rights as set out above, please email your request to our data protection administrator on
  • If you consider our use of your personal information to be unlawful, you have the right to lodge a complaint with the UK’s supervisory authority, the Information Commissioner’s Office. Please see further information on their website:

7. Data Retention

  • We will retain your personal data as follows:
    • Data to be utilised based on your consent will be retained until such time as you expressly withdraw your consent or for a maximum period of five years from the latest update by you of your data, notwithstanding that we will contact you prior to deleting such data.
    • Data being processed based on a contract between you and us will be retained for the duration of such contract and for a period of one year after the termination of such contract.
    • We will, without exception, retain your personal data where such retention is necessary for our compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.

8. Cookies and Analytics

  • Please see the cookie and analytics notice on our website.

9. Automated Data Processing

  • We do not make decisions based solely on automated data processing, including profiling.

10. Security

  • We keep your information protected by taking appropriate technical and organisational measures to guard against unauthorised or unlawful processing, accidental loss, destruction or damage.
  • However, while we will do our best to protect your personal information, we cannot guarantee the security of your information which is transmitted via an internet or similar connection. It is important that all details of any username, password and/or other identification information created to access our servers are kept confidential by you and should not be disclosed to or shared with anyone.

11. Changes to this Privacy Policy

  • We may update this policy from time-to-time by publishing a new version on our website.
  • You should check this page occasionally to ensure you are happy with any changes to this policy.
  • We will notify you of significant changes to this policy by email.


  • Policy Version & Date:
    • Version 3
    • Date 31.05.2022