Privacy Policy - Selfstorage Westhampstead

This Privacy Policy explains how Selfstorage Westhampstead collects, uses, stores, shares, and protects personal data. It applies to all Selfstorage Westhampstead customers in the area, including prospective customers, current customers, former customers, and any individuals who interact with us in relation to storage services, account management, billing, access, or support.

We are committed to handling personal data in a lawful, fair, and transparent manner in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy explains what data we collect, the legal reasons we process it, how long we keep it, who may process it on our behalf, and the rights available to individuals.

1. Personal Data We Collect

We may collect and process personal data directly from you, from your use of our services, or from third parties where lawful and appropriate. The categories of information we may collect include:

  • Identity information such as your name, date of birth, and identification details.
  • Contact information such as your address, email address, and telephone number.
  • Account and contract information such as storage unit details, agreement records, payment terms, and service history.
  • Financial information such as billing details, payment status, and transaction records.
  • Access and security information such as entry logs, device or key access data, CCTV images, and security incident records.
  • Communication records including emails, calls, written messages, and notes from customer service interactions.
  • Usage information related to how you use our facilities, your preferred services, and any requests or complaints you submit.

In limited circumstances, we may also process special category data or data relating to criminal offences if required for security, fraud prevention, legal compliance, or lawful claims handling. Where this occurs, we will apply additional safeguards and only process such information when permitted by law.

2. How We Use Personal Data

We use personal data for the following purposes:

  • To set up and manage storage agreements.
  • To verify identity and prevent fraud.
  • To provide access to storage units and facilities.
  • To process payments, refunds, and invoices.
  • To communicate with customers about their account or service.
  • To respond to questions, complaints, and support requests.
  • To maintain security, monitor for unauthorised access, and protect property.
  • To comply with legal, tax, accounting, and regulatory duties.
  • To establish, exercise, or defend legal claims.

We only use personal data where there is a valid legal basis for doing so. We do not sell personal data to third parties.

3. Lawful Basis for Processing

Under UK GDPR, we must identify a lawful basis before processing personal data. Depending on the specific activity, we rely on one or more of the following lawful bases:

Contract

We process personal data where it is necessary to enter into or perform a contract with you. This includes setting up your storage account, managing your access to the unit, sending service updates, and processing payments.

Legal Obligation

We may process data where necessary to comply with legal obligations, including accounting rules, taxation requirements, anti-fraud obligations, and lawful requests from public authorities.

Legitimate Interests

We may process data where it is necessary for our legitimate interests, provided these interests are not overridden by your rights and freedoms. Examples include site security, CCTV monitoring, service improvement, debt recovery, fraud prevention, and protecting the business and customers from loss or damage.

Consent

In limited cases, we may rely on your consent, for example where you voluntarily choose to receive certain communications or agree to optional processing. Where we rely on consent, you may withdraw it at any time.

Vital Interests

In rare and exceptional cases, we may process data to protect someone’s vital interests, such as in an emergency involving health or safety.

4. Retention of Personal Data

We keep personal data only for as long as necessary for the purposes for which it was collected, including to meet legal, accounting, and reporting requirements. Retention periods vary depending on the type of data and the purpose of processing.

  • Customer agreement and account records are generally retained for the duration of the contract and for a period after it ends to handle queries, disputes, and legal claims.
  • Payment and accounting records are retained for the period required by tax and financial laws.
  • Security records such as access logs and CCTV footage are retained for a limited period unless needed longer for investigation, legal proceedings, or incident resolution.
  • Correspondence and complaints are kept for as long as necessary to resolve the matter and to maintain service records.

When personal data is no longer required, we will securely delete, anonymise, or archive it in accordance with our retention practices and applicable law.

5. Processors and Third Parties

We may share personal data with trusted third-party service providers who act as processors on our behalf. These processors are only permitted to use personal data in accordance with our instructions and are required to protect it appropriately. Categories of processors may include:

  • IT and cloud service providers that host or maintain systems used for business operations.
  • Payment service providers that handle card payments and transaction processing.
  • Security providers that support alarm systems, access control, CCTV, and monitoring services.
  • Administrative and communications providers that assist with messaging, record keeping, and document management.
  • Professional advisers such as accountants, auditors, insurers, and legal advisers where necessary.

We may also disclose personal data to public authorities, regulators, law enforcement, courts, or other third parties where required or permitted by law. Where service providers process data outside the United Kingdom or European Economic Area, we will ensure appropriate safeguards are in place in accordance with data protection law.

6. Data Security

We take appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure. These measures may include access controls, encryption, secure storage, staff training, restricted permissions, and monitoring of systems. While we work hard to safeguard data, no system can be guaranteed to be completely secure.

7. Your Rights

Individuals whose data we process have rights under UK GDPR. Depending on the circumstances, these may include:

  • Right of access – to request a copy of the personal data we hold about you.
  • Right to rectification – to request correction of inaccurate or incomplete data.
  • Right to erasure – to request deletion of your data in certain situations.
  • Right to restrict processing – to ask us to limit how we use your data in certain cases.
  • Right to object – to object to processing based on legitimate interests or direct marketing.
  • Right to data portability – to request transfer of certain data in a structured, commonly used format where applicable.
  • Right to withdraw consent – where processing is based on consent, you may withdraw it at any time.

You may also have the right to complain to the Information Commissioner’s Office (ICO) if you believe your data protection rights have been infringed. We encourage individuals to raise concerns with us first so we can try to resolve matters promptly and fairly.

8. How We Respond to Rights Requests

We may need to verify your identity before responding to a rights request. This helps us protect your data and prevent unauthorised disclosure. We aim to respond within the time limits required by law, usually one month, although this may be extended in complex cases. If we cannot action a request, we will explain the reason where permitted by law.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or data processing practices. Any updates will take effect when published in the revised version. We encourage customers to review this policy periodically to stay informed about how personal data is handled.

Summary of Commitment: Selfstorage Westhampstead handles personal data responsibly, lawfully, and transparently, using it only where necessary for storage services, security, compliance, and legitimate business purposes, while respecting customer rights.

Call Now!
Call Now Get a Quote
Selfstorage Westhampstead

GDPR-compliant Privacy Policy for Selfstorage Westhampstead covering data collection, lawful basis, retention, processors, and user rights.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.