Privacy Policy - Selfstorage Catford

This Privacy Policy explains how Selfstorage Catford collects, uses, stores, shares, and protects personal data in connection with our self-storage services. It applies to all Selfstorage Catford customers in the Catford area and to anyone who interacts with us in relation to our services, whether as a customer, prospective customer, authorised user, or business representative.

We are committed to handling personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We aim to be clear about what data we collect, why we collect it, how long we keep it, and what rights individuals have over their information.

1. Information We Collect

We collect personal data that is necessary to provide self-storage services, manage our relationship with customers, maintain security, and comply with legal obligations. The categories of data we may collect include:

  • Identity data such as name, date of birth, and identification details used for verification.
  • Contact data such as address, email address, and telephone number.
  • Account and contract data including booking details, storage unit references, payment status, and service history.
  • Payment data such as billing information and transaction records. We do not intentionally store full card details where payment processing is handled securely by a payment provider.
  • Access and security data such as entry logs, gate access records, CCTV images, and incident reports where required for safety and fraud prevention.
  • Communication data including enquiries, complaints, support requests, and correspondence.
  • Technical data where customers interact with our digital systems, such as IP address, device information, and basic usage logs.

We generally collect data directly from customers. In some cases, we may receive data from third parties, such as identity verification services, payment processors, insurers, legal advisers, or other parties involved in the delivery of our services.

2. How We Use Personal Data

We use personal data only where we have a valid reason under data protection law. Common purposes include:

  • setting up and managing storage agreements;
  • verifying identity and preventing fraud;
  • processing payments and managing invoices;
  • providing access to storage facilities and maintaining site security;
  • responding to enquiries, service requests, and complaints;
  • improving our services and customer experience;
  • meeting regulatory, legal, and insurance requirements;
  • protecting the rights, property, and safety of Selfstorage Catford, customers, staff, and visitors.

We only collect data that is relevant and necessary for these purposes. We do not use personal data for unrelated purposes unless we are permitted to do so by law.

3. Lawful Basis for Processing

Under the UK GDPR, we must have a lawful basis to process personal data. Depending on the situation, we rely on one or more of the following:

Contract

We process personal data where it is necessary to enter into or perform a contract with a customer. This includes creating an account, allocating storage space, collecting payment, and managing service delivery.

Legal Obligation

We process certain data to comply with legal or regulatory requirements, including tax, accounting, insurance, fraud prevention, health and safety, and record-keeping obligations.

Legitimate Interests

We may process personal data where it is necessary for our legitimate interests, provided those interests are not overridden by the rights and freedoms of the individual. Examples include protecting our premises, preventing misuse of services, handling disputes, and improving operational efficiency.

Consent

In limited cases, we may rely on consent, such as for optional marketing communications where required. When consent is used, it will be specific, informed, and freely given. Individuals may withdraw consent at any time.

Vital Interests

In rare circumstances, we may process personal data to protect someone’s vital interests, for example in an emergency involving safety or serious risk.

4. Data Sharing and Processors

We may share personal data with trusted third parties where necessary for the operation of our business and the provision of services. These third parties act either as independent controllers or as processors acting on our behalf.

Examples of processors and service providers may include:

  • IT and cloud hosting providers that store or support our systems;
  • payment processors that handle card or electronic transactions;
  • identity verification providers used to confirm customer identity;
  • security and CCTV service providers supporting site safety;
  • maintenance and facilities contractors where access to limited personal data is necessary;
  • professional advisers such as accountants, auditors, insurers, and legal advisers;
  • debt recovery or enforcement providers where lawful and necessary;
  • public authorities or regulators where required by law.

All processors are selected carefully and are required to protect personal data, act only on our instructions, and implement appropriate technical and organisational security measures. We do not sell personal data.

5. International Transfers

Where a processor or service provider stores or accesses data outside the United Kingdom, we take appropriate steps to ensure the transfer is lawful and protected. This may include relying on adequacy regulations, standard contractual clauses, or other recognised safeguards.

6. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, contractual, and security obligations. Retention periods may vary depending on the type of information and the reason for holding it.

As a general approach:

  • contract and account records are retained for the duration of the relationship and for a reasonable period after it ends;
  • payment and accounting records are kept for the period required by tax and financial regulations;
  • security records, such as access logs and CCTV, are kept only as long as necessary for safety, incident investigation, or legal purposes;
  • correspondence and complaints are retained for as long as needed to resolve the issue and maintain business records;
  • marketing preferences are kept until an individual opts out or the data is no longer needed.

When personal data is no longer required, we securely delete, anonymise, or destroy it.

7. Security of Personal Data

We take data security seriously and use appropriate safeguards to protect personal data against loss, misuse, unauthorised access, disclosure, alteration, or destruction. Measures may include access controls, encryption, secure storage, staff training, monitoring, and physical security procedures. No system is completely risk-free, but we work to reduce risk to an appropriate level.

8. Your Rights

Individuals have rights over their personal data under the UK GDPR. Subject to certain conditions and exemptions, these rights include:

  • Right of access — to request a copy of the personal data we hold about you.
  • Right to rectification — to ask us to correct inaccurate or incomplete information.
  • Right to erasure — to ask us to delete personal data in certain circumstances.
  • Right to restrict processing — to ask us to limit how we use your data in certain situations.
  • Right to data portability — to receive certain data in a structured, commonly used format where technically feasible.
  • Right to object — to object to processing based on legitimate interests or direct marketing.
  • Right to withdraw consent — where processing is based on consent, you may withdraw it at any time.

You also have the right to raise a concern with the UK supervisory authority if you believe your data protection rights have not been respected. We encourage individuals to contact us first so we can try to resolve any issue promptly and fairly.

9. Marketing Preferences

Where we send optional marketing communications, individuals may choose not to receive them. If you opt out, we will stop sending marketing messages as soon as reasonably possible. Even if you opt out of marketing, we may still send important service-related messages that are necessary for contract administration or legal reasons.

10. Children’s Data

Our services are not intended for children acting independently. We do not knowingly collect personal data from children unless it is necessary in relation to a lawful storage arrangement or where a parent, guardian, or authorised adult provides the information for a permitted purpose.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in legal requirements, business practices, or operational needs. The revised policy will apply from the date it is published or otherwise communicated. We encourage customers to review it periodically.

12. Summary of Our Commitment

At Selfstorage Catford, we aim to process personal data fairly, transparently, and securely. We collect only what we need, use it for clear and lawful purposes, retain it for no longer than necessary, and respect the rights of everyone whose data we hold. This policy applies to all Selfstorage Catford customers in the Catford area and supports our commitment to responsible data protection practices.

Call Now!
Call Now Get a Quote
Selfstorage Catford

GDPR-compliant Privacy Policy for Selfstorage Catford covering data collection, lawful basis, retention, processors, and user rights for all Catford-area customers.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.