1. Introduction

This privacy notice explains how DIVRSE Ltd collects, uses, stores, and protects personal data processed through the Divrse portal system, which includes the Council Portal and the Management Portal (collectively referred to as “the portal”).

This notice applies to all users of the portal, including staff from contracted local authority and housing organisations (“tenants”) and Divrse staff. It should be read alongside the service agreement in place between Divrse Ltd and your organisation.

2. Data Controller

The data controller responsible for the portal is:

Where Divrse processes property, maintenance, or tenancy data on behalf of a contracted organisation, that organisation acts as the data controller and Divrse acts as data processor. A Data Processing Agreement governs this arrangement.

3. What Data We Collect

Portal user accounts:

• Full name and work email address
• Encrypted password
• Role and access permissions
• Organisation assignment
• Date and time of account creation and last login

Operational data (processed on behalf of contracted organisations):

• Property addresses and reference numbers
• Maintenance and repair requests and their status
• Inspection records and outcomes
• Property handback and void management records
• Tenancy move-in and move-out records
• Communications between organisation staff and Divrse
• Financial records including recharges
• File attachments including photographs and documents

Security and audit data:

• All login events including time and IP address
• All data creation, modification, and deletion events
• The user responsible for each action and timestamps

4. Lawful Basis for Processing

• Performance of a contract — processing necessary to deliver the repairs and maintenance services contracted by each organisation
• Compliance with a legal obligation — maintaining records required by law, including financial and health and safety records
• Legitimate interests — maintaining security audit logs and system monitoring to protect the portal and its users

5. How We Use Your Data

Personal data collected through the portal is used exclusively for:

• Authenticating and managing portal user accounts
• Coordinating repairs, maintenance, and property management services
• Communications between Divrse staff and contracted organisation staff
• Generating reports and KPIs for contracted organisations
• Maintaining audit trails for compliance and dispute resolution
• Detecting and preventing unauthorised access or security incidents
• Fulfilling legal and contractual obligations

We do not use portal data for marketing purposes, advertising, or any purpose unrelated to the delivery of our contracted services.

6. Data Sharing

We do not sell or share personal data with third parties for their own purposes. In the course of delivering our services, data may be processed by sub-processors including cloud infrastructure providers, property management software, financial reporting tools, and workflow automation services. All sub-processors are subject to appropriate data processing agreements and are located within the UK or European Economic Area.

We may disclose data to law enforcement or regulatory authorities where required by law.

7. Data Retention

Data Type	Retention Period	Reason
Active property records	Indefinitely while managed	Ongoing management obligation
Tenancy records	7 years after tenancy ends	Legal liability period
Maintenance and repair records	7 years after completion	Legal liability and warranty
Enquiries and tickets	7 years after closure	Dispute resolution
Financial records	7 years	HMRC legal requirement
Audit and security logs	3 years	Security and compliance
User accounts	90 days after staff member leaves	Handover period

8. Security

We have implemented appropriate technical and organisational measures to protect personal data, including:

• All data encrypted in transit using TLS 1.2/1.3
• All passwords stored using bcrypt hashing — never in plain text
• Role-based access controls and multi-tenant data isolation
• Firewall protection and restricted server access
• Comprehensive audit logging of all data access and modifications
• Regular automated backups
• Rate limiting and brute force protection on all login endpoints

9. Your Rights

Under UK GDPR, you have the following rights:

• Right of access — request a copy of the personal data we hold about you
• Right to rectification — ask us to correct inaccurate data
• Right to erasure — ask us to delete your data where there is no legitimate reason to continue processing it
• Right to restrict processing — ask us to suspend processing of your data
• Right to data portability — request your data in a structured, machine-readable format
• Right to object — object to processing based on legitimate interests

To exercise any of these rights, contact us at info@divrse.co.uk. We will respond within 30 days.

If you are not satisfied with our response, you have the right to complain to the Information Commissioner’s Office (ICO) at ico.org.uk or by calling 0303 123 1113.

10. Data Breach Notification

In the event of a personal data breach, we will notify the ICO within 72 hours as required by UK GDPR. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify affected individuals without undue delay. If you believe your data may have been compromised, please contact us immediately at info@divrse.co.uk.

11. Changes to This Notice

We may update this privacy notice from time to time. The date below indicates when it was last updated. We will notify portal users of any significant changes via the portal or by email.

12. Contact Us

← Back to Login

Last updated: 23 April 2026 — DIVRSE Ltd is registered in England and Wales.