By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
Preferences
Deny
Accept
Chilling
Dining
PRE-ING
PRE-ING
STUDYING
HANGOVERS
Dining
DINNER PARTIES
DINNER PARTIES
PRE-ING
STUDYING

Privacy Policy

Our team are on hand to ensure you have all the information you need about our brand and business.

HYBR LIMITED (“Hybr”, “we”, “us”, or “our”) is committed to protecting personal data and handling it with care, transparency, and security.

This Privacy Policy explains how we process personal data when you use our website, platform, and services (together, the “Services”), and how we comply with the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018.

1. Who We Are

Hybr is a lettings automation platform that helps letting agents manage marketing, enquiries, applicant qualification, viewings, and communications.

Our role under data protection law

In most cases:

  • Letting agents or property operators are the Data Controllers
  • Hybr acts as a Data Processor, processing personal data strictly on the Controller’s documented instructions, under a Data Processing Agreement (“DPA”)

In limited situations (for example, when you contact Hybr directly via our website), Hybr acts as a Data Controller for that data.

2. The Data We Process
2.1 Personal Data Processed on Behalf of Letting Agents (Hybr as Processor)

Hybr processes personal data on behalf of letting agents under the lawful bases determined by the Controller, typically:

  • Performance of a contract (UK GDPR Art. 6(1)(b))
  • Legitimate interests (Art. 6(1)(f))
  • Compliance with legal obligations (Art. 6(1)(c))
  • Consent, where obtained by the Controller (Art. 6(1)(a))

This includes the following categories of Controller Data:

a) Applicant & Enquiry Data
  • Enquiry details received from advertising portals such as Rightmove, Zoopla, OnTheMarket, UniHomes, and other connected sources
  • Information submitted by applicants during the enquiry, qualification, or viewing booking process

Important clarifications:

  • These leads belong to the letting agent
  • They are not opted into Hybr marketing
  • They are never shared with or visible to other agents
  • Hybr does not claim ownership of applicant or tenant data
b) Applicant Qualification & Suitability Data

Where configured by the Controller, this may include information provided by applicants relating to:

  • Budget and affordability indicators
  • Household or group composition
  • Employment or student status
  • Declarations relating to eligibility criteria set by the agent (e.g. income multipliers or adverse credit)

This data is processed solely to assess suitability against agent-defined criteria and strictly on the Controller’s instructions.

Hybr does not intentionally process special category data (such as health data or ethnicity). If such data is inadvertently submitted, Hybr will notify the Controller and process it only as strictly necessary.

c) Existing Tenant Data
  • Name
  • Email address
  • Phone number

Purpose:

Used solely to enable automated viewing notifications and tenancy-related workflows as instructed by the Controller.

2.2 Data Collected Directly by Hybr (Hybr as Controller)

Where you interact directly with Hybr outside of an agent-managed application (for example via our website, sales enquiries, or support communications), we may collect:

  • Name
  • Work email address
  • Phone number
  • Company name and job title
  • Website usage and technical data (IP address, browser type, device information, activity logs)

This data is used only for:

  • Responding to enquiries and providing demos or support
  • Managing customer and partner relationships
  • Operating and securing our website and Services
  • Improving platform performance and reliability

3. How We Use (and Don’t Use) Personal Data
We use personal data to:
  • Provide and operate the Hybr platform
  • Automate enquiry handling, qualification, scheduling, and communications
  • Maintain platform security, performance, and reliability
  • Comply with legal and regulatory obligations
We do not:
  • Sell personal data
  • Use tenant or applicant data for Hybr marketing
  • Contact tenants or applicants with Hybr promotions
  • Allow other agents to access your data
  • Repurpose Controller Data for unrelated commercial use

Hybr may use anonymised and/or aggregated data (which does not identify individuals) for product improvement, analytics, benchmarking, and business insights.

4. Data Security & Protection

Hybr implements appropriate technical and organisational measures proportionate to the risk, including:

  • Encryption: Data encrypted at rest and in transit (AES-256)
  • Access controls: Role-based access, granted only where strictly necessary
  • Data isolation: Each client’s data is logically segregated
  • Monitoring & logging: Continuous monitoring for suspicious activity
  • Vendor due diligence: Security and compliance reviews of key suppliers

5. Data Retention

Personal data is retained only for as long as necessary and in line with our DPA:

  • Applicant / Enquiry Data:
  • Retained for up to 24 months, unless the Controller instructs earlier deletion
  • Existing Tenant Data:Retained for the duration of the tenancy and deleted when:
    • New tenant details are added, or
    • 12 months after the tenancy ends
    • (whichever occurs first)

Letting agents may request deletion or export of Controller Data at any time.

6. Personal Data Breaches

Where Hybr becomes aware of a personal data breach affecting Controller Data:

  • We will notify the relevant Controller without undue delay and, where feasible, within 48 hours
  • We will provide all information reasonably required to support the Controller’s obligations under UK GDPR

Controllers remain responsible for any required notifications to the ICO (typically within 72 hours under UK GDPR Art. 33) and to affected individuals where applicable.

Hybr maintains an Incident Response Plan covering detection, containment, recovery, and post-incident review.

7. Sub-Processors

Hybr uses trusted third-party sub-processors (such as cloud hosting and communications providers) to deliver the Services.

All sub-processors:

  • Are subject to written Data Processing Agreements
  • Are reviewed for security and compliance
  • Process data only on Hybr’s documented instructions

A current list of sub-processors is available upon request.

8. Your Rights

Depending on your role, you may have rights to:

  • Access your personal data
  • Request correction or deletion
  • Restrict or object to processing
  • Request data portability
  • Withdraw consent (where applicable)

For tenant and applicant data, the letting agent remains the Data Controller. Requests should usually be directed to them.

Hybr will promptly assist Controllers with:

  • Data subject access requests (DSARs)
  • Deletion or export requests
  • Regulatory enquiries

We maintain records of processing activities (UK GDPR Art. 30) and conduct regular privacy and security reviews.

9. International Transfers

Where personal data is processed outside the UK, Hybr ensures appropriate safeguards are in place, including:

  • UK-approved Standard Contractual Clauses
  • Adequacy regulations where applicable

10. Cookies

Hybr uses cookies and similar technologies to operate and improve the website and Services.

Further details are provided in our Cookie Policy.

11. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will always be available on our website.

12. Contact Us

If you have questions about this Privacy Policy or how data is handled:

Email: hello@hybr.co.uk

Company: HYBR LIMITED

Registered Office: 101 Blenheim Crescent, London, England, W11 2EQ