Privacy Policy - Southwoodford Storage

This Privacy Policy explains how Southwoodford Storage collects, uses, stores, and shares personal data relating to all Southwoodford Storage customers in area. It applies to individuals who use our storage services, make enquiries, sign agreements, access our facilities, or otherwise interact with us in connection with storage services. We are committed to handling personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who this policy applies to

This policy applies to customers, prospective customers, business account holders, authorised users, and any individuals whose personal information is provided to us in relation to our storage services. It also applies to people who visit our premises, communicate with us, or are named on account documents. By using our services, you acknowledge that your personal data may be processed as described in this policy.

2. Information we collect

We only collect information that is necessary and relevant to provide storage services, manage customer accounts, maintain security, and meet legal obligations. The data we may collect includes:

  • Identity information, such as name, date of birth, and identification documents where required for verification.
  • Contact details, such as address, telephone number, and email address.
  • Account and contractual information, including storage unit details, agreement dates, payment status, and billing records.
  • Payment information, such as payment method details and transaction history, though full card details are usually processed by third-party payment providers rather than stored by us.
  • Security information, including access logs, CCTV footage, and records of visits to our facilities.
  • Communication records, such as emails, written correspondence, complaints, enquiries, and service requests.
  • Compliance information, including information needed for fraud prevention, legal compliance, and dispute handling.

In some cases, we may also receive information from third parties such as payment processors, identity verification providers, legal advisers, insurers, or public authorities where appropriate and lawful.

3. How we use your data

We use personal data to operate our business and provide storage services efficiently and securely. Typical uses include:

  • setting up and managing customer accounts;
  • verifying identity and preventing fraud;
  • processing payments and maintaining records;
  • communicating about bookings, access, invoices, notices, and service updates;
  • monitoring site security and protecting customers, staff, and property;
  • handling complaints, disputes, and claims;
  • meeting legal, tax, and regulatory obligations;
  • improving our services, systems, and operational processes.

We do not use personal data for purposes that are incompatible with the reasons it was collected unless we have a valid lawful basis and, where required, additional notice or consent.

4. Lawful basis for processing

Under data protection law, we must have a lawful basis for each processing activity. We rely on the following lawful bases:

Contract

We process personal data when it is necessary to enter into or perform a contract with you. This includes managing your storage agreement, administering payments, providing access, and handling contractual communications.

Legal obligation

We may process information where required to comply with legal obligations, including accounting, tax, fraud prevention, identity checks where necessary, and responding to lawful requests from authorities.

Legitimate interests

We may process information where it is necessary for our legitimate interests, provided those interests are not overridden by your rights and freedoms. This may include protecting premises, maintaining business records, preventing misuse of our services, resolving disputes, and improving security.

Consent

In limited situations, we may rely on consent, for example where we request permission for specific optional communications or uses not covered by other lawful bases. Where we rely on consent, you have the right to withdraw it at any time.

5. Sharing personal data and processors

We may share personal data with trusted third parties who help us run our business. These parties act either as processors or independent controllers depending on the circumstances.

Our processors may include:

  • payment processing providers;
  • IT hosting and cloud storage providers;
  • security and CCTV system providers;
  • identity verification and anti-fraud service providers;
  • customer management and communications service providers;
  • professional advisers, such as accountants, auditors, or solicitors, where they act in a supporting capacity.

We require processors to handle personal data only on our instructions, to keep it secure, and to comply with applicable data protection law. We do not sell personal data. We may also disclose data to insurers, law enforcement, courts, or public authorities where necessary, lawful, and proportionate.

6. International transfers

Where a processor or service provider stores or accesses data outside the UK, we ensure appropriate safeguards are in place. These may include adequacy regulations, standard contractual clauses, or other recognised transfer mechanisms. We will take steps to protect your information to a standard consistent with UK data protection requirements.

7. Data retention

We keep personal data only for as long as necessary for the purpose for which it was collected, including to satisfy legal, accounting, contractual, or security requirements. Retention periods depend on the nature of the information and our obligations.

  • Customer account records are retained for the duration of the contract and for a reasonable period afterwards to manage claims, disputes, and recordkeeping.
  • Payment and invoicing records are retained for the period required by tax and accounting law.
  • Security records, including access logs and CCTV footage, are kept for a limited period unless needed for investigation or legal proceedings.
  • Enquiry and correspondence records are retained as long as necessary to respond to the matter and maintain an appropriate business record.

When personal data is no longer needed, we will securely delete, anonymise, or archive it in line with our retention practices.

8. Security of your information

We use appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, or alteration. These measures may include access controls, secure storage, staff confidentiality obligations, and monitoring of systems. While no system can be guaranteed to be completely secure, we work to maintain a level of protection appropriate to the risks involved.

9. Your rights

Under data protection law, you have a number of rights in relation to your personal data. These rights may be subject to legal limits and exceptions. They include:

  • Right of access - you may request a copy of the personal data we hold about you.
  • Right to rectification - you may ask us to correct inaccurate or incomplete information.
  • Right to erasure - in some cases, you may ask us to delete your data.
  • Right to restriction - you may ask us to limit how we use your data in certain circumstances.
  • Right to object - you may object to processing based on legitimate interests or direct marketing.
  • Right to data portability - where applicable, you may request your data in a structured, commonly used format.
  • Right to withdraw consent - where we rely on consent, you may withdraw it at any time.

We may need to verify your identity before responding to a request. We aim to respond within the time limits set by law. If we are unable to act on a request, we will explain why, subject to legal restrictions.

10. Automated decision-making

We do not typically use solely automated decision-making that produces legal or similarly significant effects for customers. If this changes, we will ensure the process is lawful and provide the information required by law.

11. Complaints and concerns

If you have concerns about how we handle personal data, you may raise them with us so we can review and address the matter. You also have the right to lodge a complaint with the UK data protection supervisory authority if you believe your rights have been infringed.

12. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in law, our services, or our data handling practices. Any updated version will apply from the date it is made available. We encourage customers to review this policy periodically so they remain informed about how their data is used.

13. Summary of our commitments

Southwoodford Storage is committed to processing personal data fairly, lawfully, and transparently. We collect only the information needed to provide storage services, protect our premises, meet legal obligations, and manage our business responsibly. We share data only with trusted processors or where legally required, and we retain it only for as long as necessary. Your privacy matters to us, and we aim to safeguard your information at every stage.

Call Now!
Call Now Get a Quote
Southwoodford Storage

GDPR-compliant Privacy Policy for Southwoodford Storage covering data collection, lawful basis, retention, processors, and user rights for all customers in area.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.