Privacy Policy - Southcroydon Storage

This Privacy Policy explains how Southcroydon Storage collects, uses, stores, shares, and protects personal data for customers and prospective customers in the Southcroydon area. It applies to all Southcroydon Storage customers in the area, including individuals, household customers, and business customers who use or enquire about our storage services. We are committed to handling personal data in a lawful, fair, and transparent manner in accordance with the UK GDPR and the Data Protection Act 2018.

1. Who we are

Southcroydon Storage provides self-storage and related services. In providing these services, we act as a data controller for the personal data we collect and use in connection with customer accounts, service administration, security, billing, and legal compliance.

2. Personal data we collect

We collect only the information necessary to provide secure and efficient storage services. The categories of personal data we may collect include:

  • Identity information: name, title, and date of birth where needed for identity verification.
  • Contact information: address, email address, telephone number, and emergency contact details where appropriate.
  • Account information: customer reference numbers, service history, booking details, payment records, and communications about your storage unit.
  • Financial information: payment method details, transaction records, and billing information. We do not store full card details unless necessary for payment processing by a secure provider.
  • Identification and verification data: copies of identification documents or proof of address when required for fraud prevention, contract setup, or legal compliance.
  • Security data: CCTV footage, access logs, gate entry records, alarm logs, and incident reports where required to protect our site, staff, customers, and property.
  • Communications: emails, messages, notes of telephone calls, complaint records, and any other correspondence with us.

We generally do not collect special category data. If such information is ever provided to us incidentally, we will handle it with additional care and only where a lawful basis applies.

3. How we use your data

We use personal data for the following purposes:

  • To register and manage your storage account.
  • To verify your identity and prevent misuse or fraud.
  • To provide access to storage units and related services.
  • To process payments, administer invoices, and handle refunds where applicable.
  • To communicate service updates, contract information, and policy notices.
  • To maintain site safety and security through access control and surveillance systems.
  • To investigate complaints, disputes, or incidents.
  • To meet legal and regulatory obligations.
  • To defend or establish legal claims where necessary.

We only use personal data in ways that are compatible with the purposes for which it was collected, unless we have another lawful basis to do so.

4. Lawful basis for processing

Under data protection law, we must have a lawful basis to process your personal data. Southcroydon Storage relies on one or more of the following lawful bases:

  • Contract: processing is necessary to enter into or perform our storage agreement with you.
  • Legal obligation: processing is necessary to comply with laws, including tax, accounting, fraud prevention, and regulatory requirements.
  • Legitimate interests: processing is necessary for our legitimate business interests, such as protecting our premises, securing storage units, managing customer relationships, and preventing crime, provided these interests do not override your rights and freedoms.
  • Consent: where required by law, we will ask for your consent, for example for certain marketing communications or optional services.

Where we rely on consent, you may withdraw it at any time. This will not affect the lawfulness of processing carried out before withdrawal.

5. Sharing your data and processors

We may share personal data with trusted third parties where necessary to run our business and provide services. These third parties act either as processors or, in some cases, as independent controllers. We take reasonable steps to ensure they protect your data and use it only for permitted purposes.

Processors we may use

  • Payment processors: to handle card or electronic payments securely.
  • IT and cloud service providers: to host, maintain, and secure our systems and records.
  • Security service providers: to support alarm monitoring, CCTV systems, or access control.
  • Professional advisers: such as accountants, insurers, auditors, and legal advisers, where needed.
  • Maintenance and facilities contractors: where access to limited personal data is required to complete work safely.

We may also disclose personal data to law enforcement, courts, regulators, or other public authorities where required by law or where necessary to protect our rights, customers, staff, or property.

6. International transfers

Where any processor or service provider stores or accesses personal data outside the United Kingdom, we will ensure appropriate safeguards are in place, such as adequacy regulations or standard contractual clauses, to protect your information to the required legal standard.

7. Data retention

We keep personal data only for as long as necessary for the purposes set out in this Privacy Policy and to meet legal, accounting, or reporting obligations. Retention periods may vary depending on the type of information and the reason it is held. In general:

  • Customer account and contract records are kept for the duration of the relationship and for a reasonable period afterwards.
  • Payment, invoicing, and accounting records are retained for the period required by law.
  • Security records, including CCTV and access logs, are retained only as long as necessary for security, incident review, or investigation purposes.
  • Complaint and dispute records are retained for the time needed to resolve issues and protect against legal claims.

When data is no longer needed, it is securely deleted, anonymised, or destroyed.

8. Data security

We use appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, loss, or destruction. These measures may include access controls, encryption, secure storage, staff confidentiality obligations, and regular review of security procedures. While no system is completely risk-free, we work to reduce risks to an appropriate level.

9. Your rights

Under data protection law, you have several rights in relation to your personal data. These rights may apply in different circumstances and may be limited where legal exemptions apply.

  • Right of access: you can request a copy of the personal data we hold about you.
  • Right to rectification: you can ask us to correct inaccurate or incomplete data.
  • Right to erasure: you can ask us to delete your data in certain situations.
  • Right to restriction: you can ask us to limit how we use your data in certain circumstances.
  • Right to data portability: you can ask for certain data to be provided in a structured, commonly used format.
  • Right to object: you can object to processing based on legitimate interests, and to direct marketing at any time.
  • Right to withdraw consent: where processing is based on consent, you may withdraw it at any time.

If you wish to exercise any of these rights, we will respond in line with legal time limits and may ask for information to verify your identity.

10. Marketing

We may send service-related communications that are necessary for the operation of your account. We will only send marketing communications where permitted by law and, if required, with your consent. You can opt out of marketing at any time. Service messages relating to your storage agreement may still be sent even if you opt out of marketing.

11. Cookies and similar technologies

If we use online systems or digital platforms, we may use cookies or similar technologies to support functionality, improve performance, and maintain security. Any such use will be limited to what is necessary and handled in line with applicable law. Where consent is required, it will be obtained before non-essential cookies are used.

12. Children

Our storage services are not directed at children. We do not knowingly collect personal data from children unless it is necessary in connection with a lawful customer relationship or legal obligation. Where we become aware that data has been collected improperly, we will take appropriate steps to delete or protect it.

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or data handling practices. The updated policy will apply from the date it is published or otherwise communicated. We encourage customers to review it periodically to stay informed about how we process personal data.

14. Complaints and your right to complain

If you have concerns about how we handle your personal data, you should first contact us so we can try to resolve the matter. You also have the right to complain to the UK data protection authority if you believe your data protection rights have been infringed. We encourage you to contact us first so that we have the opportunity to address your concerns promptly and fairly.

Summary principle: Southcroydon Storage processes personal data only when necessary, with appropriate safeguards, and in line with GDPR principles of lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity, and confidentiality.

Call Now!
Call Now Get a Quote
Southcroydon Storage

GDPR-compliant Privacy Policy for Southcroydon Storage covering data collection, lawful basis, retention, processors, and user rights for all customers in the area.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.