on this page
We review all businesses using EVoR to check you’re doing the right thing. You’re responsible for your business and staff meeting your obligations for EVoR. Your obligations for EVoR include:
- getting customer consent, including confirming identify
- telling us about rent updates
- making rent updates
- staff access
- privacy
- security.
Customer consent
You must get a customer’s consent and confirm their identity before you use EVoR to update rent details for them. It is voluntary for them, and they can withdraw their consent at any time. You must also:
- get consent from every customer you want to use EVoR for
- make sure you confirm the identity of the customer before you get consent or use EVoR
- keep consent records for 2 years from the last time you provided accommodation to the person
- ensure your consent record uses wording substantially in the form described in the EVoR procedural guide for businesses.
Rent updates
You must update your tenants’ rent details between 15 and 50 days before the rent changes, using EVoR.
You can’t make a rent update through EVoR outside this time. Tenants will need to verify their rent with us another way.
Follow these steps to make rent updates, once you get customer consent:
- Use EVoR to update the customer’s rent details.
- If any technical issues arise during the update process, contact the EVoR Helpdesk.
- If your business can’t update the customer’s rent details using EVoR after contacting the Helpdesk, you must tell the customer within 14 days that you can’t make the update.
- If you can’t make the update you must tell the customer they must update their details directly with us to maintain their eligibility for Rent Assistance.
Staff access
You must train new staff in all aspects of using EVoR before they access EVoR.
Always use your own logon ID and password - don’t share these.
Tell us immediately if any staff no longer need access to EVoR. We’ll remove their access.
Business changes
Tell us about changes to your business. These include changes to either your:
- business structure or practices
- contact details, including authorised and contact officers.
Privacy and security
You must comply with privacy and secrecy legislation for personal information, protected information, and confidential information. This means you can’t:
- access any records without a business need
- use the customer’s CRN for any purpose other than for EVoR data exchange
- share customer information without consent from the customer
- access your own information or the information of people you know
- allow access to information to any unauthorised person.
You must tell us of any security incidents such as unauthorised disclosure.
Store customer details in a locked cabinet or secure database.
Make sure you can find consent records at review time.
More information
Find all your obligations in the EVoR policy, terms and procedural guide.