Privacy Policy - Somerstown Storage

This Privacy Policy explains how Somerstown Storage collects, uses, stores, shares, and protects personal data relating to its customers, prospective customers, visitors, and other individuals whose information we handle. It applies to all Somerstown Storage customers in the area, including anyone who uses our storage services, makes an enquiry, signs a contract, accesses our premises, or otherwise interacts with us in connection with our business. We are committed to handling personal data in a lawful, fair, and transparent way in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who this policy applies to

This policy applies to individuals whose personal data we process in connection with our storage services. This includes:

  • customers and account holders
  • prospective customers and enquiry contacts
  • business customers and authorised representatives
  • people named in rental or access documentation
  • visitors to our premises or systems where personal data is collected

We process personal data only where it is necessary for legitimate business purposes, to provide our services, to meet legal obligations, or where you have given consent.

2. What personal data we collect

We may collect and process the following categories of personal data:

  • Identity data: name, title, date of birth where necessary, and business role if applicable.
  • Contact data: postal address, email address, telephone number, and other communication details.
  • Contract and account data: storage unit details, agreement information, billing records, payment status, service preferences, and correspondence.
  • Verification data: identification documents or proof of address where needed for security, fraud prevention, or compliance.
  • Access and security data: CCTV images, access logs, entry records, incident reports, and security-related notes.
  • Financial data: payment details, transaction records, and invoicing information. We do not intentionally store full card details unless required through a secure payment provider.
  • Communication data: enquiries, complaints, notes from phone calls, messages, and records of customer support interactions.

We do not seek to collect special category data unless it is necessary and lawful to do so. If such information is provided to us incidentally, we will handle it with appropriate care and only where there is a valid legal basis.

3. How we use your data

We use personal data for the following purposes:

  • to provide storage services and manage customer accounts
  • to verify identity and prevent unauthorised access
  • to process payments, invoices, and account administration
  • to communicate about bookings, renewals, changes, or service issues
  • to maintain security, manage site access, and investigate incidents
  • to comply with legal, regulatory, and tax obligations
  • to manage disputes, recover debts, and establish or defend legal claims
  • to improve our operations, service standards, and customer experience

We do not use your personal data for unrelated purposes without a lawful basis.

4. Lawful basis for processing

Under UK GDPR, we must have a lawful basis to process your personal data. Depending on the context, Somerstown Storage relies on one or more of the following bases:

Contract

We process data where it is necessary to enter into or perform a contract with you. This includes creating accounts, managing storage agreements, issuing invoices, and providing access to our services.

Legal obligation

We process data where needed to comply with legal and regulatory obligations, such as accounting, tax, fraud prevention, and record-keeping requirements.

Legitimate interests

We may process data where it is necessary for our legitimate interests and where those interests are not overridden by your rights and freedoms. This may include security monitoring, service administration, customer support, site safety, debt recovery, and business record management.

Consent

In limited cases, we may rely on your consent, for example where consent is required for certain optional communications or non-essential processing. Where we rely on consent, you may withdraw it at any time.

Vital interests and public task

These bases are unlikely to apply in most storage situations, but where relevant and lawful, we may process data to protect vital interests or comply with a public task.

5. Data sharing and processors

We may share personal data with carefully selected third parties who act as processors or independent controllers, only where necessary and subject to appropriate safeguards. Our processors may include:

  • IT and cloud service providers for secure data storage, email, and system management
  • payment service providers for handling transactions
  • accounting and bookkeeping providers for financial administration
  • security service providers supporting CCTV, alarms, or access control systems
  • maintenance and facilities contractors where access to relevant records is required
  • legal, insurance, and debt recovery advisers where needed for compliance or dispute resolution
  • regulators, law enforcement, or public authorities where required by law

All processors are required to handle personal data securely, only on our instructions, and in compliance with data protection law. We do not sell personal data.

6. International transfers

If any processor stores or processes personal data outside the UK, we will ensure that appropriate safeguards are in place. These may include UK adequacy regulations, standard contractual clauses, or equivalent protective measures, as required by law.

7. Data security

We use reasonable technical and organisational measures to protect personal data against loss, misuse, unauthorised access, disclosure, or alteration. These measures may include access controls, password protection, restricted permissions, secure retention procedures, and physical security measures at our premises. While no system is completely secure, we work to maintain an appropriate level of protection.

8. Data retention

We keep personal data only for as long as necessary for the purposes for which it was collected, and to satisfy legal, accounting, insurance, and operational requirements. Retention periods vary depending on the type of data and the reason it is held. In general:

  • customer account and contract records are retained for the duration of the relationship and for a reasonable period after it ends
  • financial and tax records are retained for the period required by law
  • security records, including CCTV and access logs, are retained only as long as necessary for safety and incident management
  • correspondence and complaint records are retained for resolution and follow-up, then deleted or anonymised where appropriate

When personal data is no longer required, we will delete it securely or anonymise it so that it can no longer identify you.

9. Your rights

Under data protection law, you have a number of rights in relation to your personal data. These may include:

  • the right of access to obtain a copy of the personal data we hold about you
  • the right to rectification to correct inaccurate or incomplete data
  • the right to erasure in certain circumstances, sometimes called the right to be forgotten
  • the right to restriction to limit how we use your data in certain situations
  • the right to data portability where processing is based on consent or contract and is carried out by automated means
  • the right to object to processing based on legitimate interests or direct marketing
  • the right to withdraw consent where processing is based on consent

You also have the right to raise concerns with the relevant data protection authority if you believe your rights have been infringed. We encourage you to contact us first so we can address any issues promptly and fairly.

10. Automated decision-making

We do not normally use automated decision-making that produces legal or similarly significant effects. If we ever introduce such processing, we will inform you and explain the logic involved, the significance, and the consequences for you where required by law.

11. Children’s data

Our services are primarily intended for adults and business users. We do not knowingly collect personal data from children except where it is incidental and necessary in connection with a customer’s account or lawful site access arrangements. Where such data is processed, we apply appropriate safeguards.

12. Changes to this policy

We may update this Privacy Policy from time to time to reflect legal, operational, or technical changes. Any revised version will apply from the date it is issued. We encourage customers to review it periodically so they remain informed about how their data is handled.

13. Summary of our commitments

Somerstown Storage is committed to processing personal data lawfully, transparently, and securely. We collect only the information needed to provide storage services, manage accounts, protect our premises, and meet our legal obligations. We use appropriate processors, retain data for no longer than necessary, and respect the rights of individuals whose data we hold. This policy applies to all Somerstown Storage customers in the area and forms part of our approach to responsible data protection.

Call Now!
Call Now Get a Quote
Somerstown Storage

GDPR-compliant Privacy Policy for Somerstown Storage covering data collection, lawful basis, retention, processors, and user rights for all local customers.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.