Privacy Policy - Stpaulscray Storage

This Privacy Policy explains how Stpaulscray Storage collects, uses, shares, stores, and protects personal data relating to our customers, prospective customers, visitors, and other individuals whose information we process in connection with our storage services. This policy applies to all Stpaulscray Storage customers in the area and to anyone interacting with our services in that area.

We are committed to handling personal data in a lawful, fair, and transparent manner in accordance with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 where relevant.

1. Who We Are

Stpaulscray Storage provides storage services to individuals and businesses. In operating our services, we act as a data controller for the personal data described in this policy, meaning we determine the purposes and means of processing that data.

2. Personal Data We Collect

We collect only the personal data necessary to operate our services, manage accounts, maintain security, comply with legal obligations, and improve our operations. The categories of data we may collect include:

  • Identity information such as name, date of birth, and identification details where required for verification purposes.
  • Contact information such as address, email address, and telephone number.
  • Account and contract information such as booking details, service preferences, payment status, and customer correspondence.
  • Financial information such as payment records, billing details, and transaction confirmations. We do not store full payment card details unless this is necessary and lawfully permitted through secure payment systems.
  • Access and security information such as key fob records, entry logs, CCTV images, alarm records, and site access activity where applicable.
  • Communications data such as enquiries, complaints, feedback, or requests you send to us.
  • Technical data such as device, browser, and usage information when you interact with our digital systems, if any.

We generally collect data directly from you when you make an enquiry, sign a storage agreement, use our services, make payments, or communicate with us. We may also receive personal data from third parties where necessary, such as payment providers, insurers, credit reference agencies, identity verification services, legal representatives, or emergency responders.

3. How We Use Personal Data

We use personal data for the following purposes:

  • To provide storage services and manage customer accounts.
  • To verify identity and prevent fraud, misuse, or unauthorised access.
  • To process payments, invoices, refunds, and account administration.
  • To communicate about bookings, access, service changes, and support matters.
  • To maintain security, monitor site access, and protect people, property, and premises.
  • To comply with legal, regulatory, accounting, and tax obligations.
  • To resolve disputes, enforce agreements, and establish, exercise, or defend legal claims.
  • To improve the quality, safety, and efficiency of our services.

Where CCTV or access systems are used, this is primarily for safety, crime prevention, and property protection. We apply appropriate safeguards to ensure these systems are used proportionately and lawfully.

4. Lawful Basis for Processing

We process personal data only where we have a valid lawful basis under data protection law. Depending on the context, our lawful bases may include:

Contract

We process data where it is necessary to enter into or perform a contract with you, such as opening an account, delivering storage services, managing payments, or providing access to your unit.

Legal Obligation

We may process personal data to comply with legal requirements, including tax, accounting, health and safety, fraud prevention, and record-keeping obligations.

Legitimate Interests

We may process data where it is necessary for our legitimate interests or those of a third party, provided your rights and freedoms do not override those interests. These interests may include securing our premises, protecting against theft or damage, managing business operations, improving services, and handling disputes. Where we rely on legitimate interests, we assess the impact on your rights and apply appropriate safeguards.

Consent

In limited circumstances, we may rely on your consent, for example where required for certain optional communications or uses. Where consent is used, you may withdraw it at any time, without affecting the lawfulness of processing carried out before withdrawal.

5. Sharing and Processors

We may share personal data with trusted third parties where necessary for the purposes described in this policy. These parties may act as processors, service providers, or independent controllers depending on the service they provide.

Processors are organisations that process personal data on our behalf and under our instructions. They may include:

  • Payment processing providers
  • IT and software service providers
  • Data storage and cloud service providers
  • Security and CCTV system providers
  • Maintenance and facilities contractors
  • Professional advisers such as accountants, auditors, insurers, or legal advisers

We require processors to implement appropriate technical and organisational measures to protect personal data and to use it only for permitted purposes. We may also disclose personal data to regulators, law enforcement agencies, courts, or other authorities where legally required or where necessary to protect our rights, customers, staff, or property.

We do not sell personal data.

6. Data Retention

We keep personal data only for as long as necessary for the purposes for which it was collected, including to meet legal, accounting, reporting, and operational requirements. Retention periods depend on the type of data and the reason we hold it.

In general, we may retain:

  • Contract and account records for the duration of the customer relationship and for a reasonable period afterwards.
  • Payment and invoice records for the period required by tax and accounting law.
  • Security records such as access logs or CCTV footage for a limited period unless they are needed for an investigation, legal claim, or incident response.
  • Correspondence and complaints for as long as needed to handle the matter and for a short additional period for record-keeping.

When personal data is no longer needed, we will delete, anonymise, or securely destroy it. If data must be kept longer due to a legal or dispute-related reason, we will limit access and retention to what is necessary.

7. Data Security

We use appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure. These measures may include access controls, secure storage, staff training, confidentiality obligations, and regular review of our systems and procedures. While no system can be guaranteed to be completely secure, we take reasonable steps to reduce risks and respond promptly to incidents.

8. Your Rights

Under data protection law, you may have the following rights in relation to your personal data:

  • Right of access – to request a copy of the personal data we hold about you.
  • Right to rectification – to ask us to correct inaccurate or incomplete data.
  • Right to erasure – to request deletion of your data in certain circumstances.
  • Right to restriction – to ask us to limit the way we use your data in certain situations.
  • Right to object – to object to processing based on legitimate interests or direct marketing.
  • Right to data portability – to receive certain data in a structured, commonly used format, where applicable.
  • Right to withdraw consent – where processing is based on consent, to withdraw it at any time.

These rights are not absolute and may be subject to legal exceptions or limitations. If you wish to exercise your rights, we will assess your request in accordance with applicable law.

9. Children’s Data

Our services are not intended for children, and we do not knowingly collect personal data from children except where necessary and lawful in connection with a customer account or service arrangement. Where we become aware that we have collected data unlawfully, we will take appropriate steps to delete or protect it.

10. International Transfers

If personal data is transferred outside the UK or the European Economic Area, we will ensure that appropriate safeguards are in place, such as adequacy regulations, standard contractual clauses, or equivalent legal protections, to ensure your data remains protected.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or data protection practices. The most current version will apply to the personal data we process. We encourage customers to review this policy periodically to stay informed about how we handle personal data.

12. Additional Information

Where required by law, we will provide additional notices at the time we collect personal data or before using it for a new purpose. If you have concerns about how your data is handled, you have the right to raise those concerns with the relevant data protection authority.

By using Stpaulscray Storage services, you acknowledge that your personal data may be processed in accordance with this Privacy Policy.

Call Now!
Call Now Get a Quote
Stpaulscray Storage

GDPR-compliant Privacy Policy for Stpaulscray Storage covering data collection, lawful basis, retention, processors, rights, and scope for all customers in the area.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.