Self Storage West Hampstead Privacy Policy
This Privacy Policy explains how Self Storage West Hampstead collects, uses, stores and protects personal data relating to customers and prospective customers. It applies to all Self Storage West Hampstead customers and enquirers in the surrounding area, whether you contact us online, by post, by phone, or visit our premises in person.
Self Storage West Hampstead is committed to complying with applicable data protection laws, including the UK General Data Protection Regulation and the Data Protection Act 2018. We act as the data controller for the personal data described in this Privacy Policy.
Personal Data We Collect
We collect and process different types of personal data depending on how you interact with us and the services you use. This may include:
Identification data, such as your full name, date of birth, proof of identity details and proof of address details.
Contact details, such as your postal address, billing address, and any other contact information you choose to provide.
Contract and account data, such as your storage unit number, contract start and end dates, services selected, payment history, correspondence with us, and records of any queries or complaints.
Payment and billing data, such as payment method details and invoicing information. Where required, we may receive limited information from payment providers and banks in order to allocate and reconcile payments.
Security and access data, such as CCTV footage, access control logs, vehicle registration numbers recorded on site, and records relating to incidents, accidents or security investigations.
Technical and usage data, such as information about how you use our website or online portals, including device information, log data and preference settings, where this is collected through your use of our online services.
Marketing preferences, including whether you wish to receive marketing communications from us and how you prefer to be contacted.
How We Collect Your Data
We collect personal data in a variety of ways, including:
When you request a quote, make an enquiry or ask us for information about our services.
When you enter into a storage agreement or any other contract with us.
When you visit our premises and use our facilities, including access control systems and CCTV monitored areas.
When you communicate with us by email, post, telephone or in person.
When you use our website or online services, where certain technical and usage data may be collected automatically.
From third parties, where permitted by law, such as payment service providers or authorities, for example to verify identity or investigate fraud or security incidents.
Lawful Basis for Processing
We process your personal data only where we have a valid lawful basis under data protection law. Depending on the circumstances, this may include:
Contractual necessity: We process personal data to take steps at your request before entering into a contract, and to perform our contract with you. This includes managing your booking, providing access to storage units, processing payments, communicating with you about your account, and handling queries or complaints.
Legal obligations: We process personal data where necessary to comply with our legal and regulatory obligations, such as tax and accounting requirements, record keeping duties, responding to lawful requests from authorities, and meeting health and safety obligations.
Legitimate interests: We process personal data where it is necessary for our legitimate business interests and your interests and fundamental rights do not override those interests. This may include ensuring the security and safety of our premises, staff and customers, preventing and detecting fraud or misuse of our services, maintaining and improving our services and facilities, and defending or establishing legal claims.
Consent: In some cases, we rely on your consent, for example where we send you certain types of marketing communications. Where we rely on consent, you can withdraw it at any time as explained in this Privacy Policy.
How We Use Your Personal Data
We use the personal data we collect for the following purposes:
To provide self storage and related services to you, including processing your application, setting up your account, managing your contract and providing customer support.
To administer billing and payments, including issuing invoices, collecting payments, processing refunds where appropriate, and managing any debt recovery processes.
To secure our facilities, staff, customers and property, including monitoring access control systems, using CCTV for security and safety purposes, and investigating or recording security related incidents.
To communicate with you about your account, service updates, changes to our terms, and other important information relating to your use of our services.
To manage our relationship with you, including dealing with your requests, feedback, enquiries or complaints.
To conduct internal business operations, such as auditing, quality assurance, staff training, and general business administration.
To send you marketing communications about our services where you have consented to receive them or where we are otherwise permitted to do so by law, and to record and respect your marketing preferences.
Data Sharing and Processors
We may share your personal data with carefully selected third parties where necessary for the purposes set out in this Privacy Policy. These third parties may act as data processors, processing personal data on our behalf, or as independent controllers.
Typical categories of third parties include:
IT and hosting providers who supply and manage our business systems, website and data storage services.
Payment service providers, banks and financial intermediaries who facilitate payments, refunds and fraud prevention.
Security and access control service providers who support our on site security systems, including CCTV and access control technologies.
Professional advisers, such as lawyers, accountants or auditors, where necessary for the provision of their services and to protect our legal rights.
Debt recovery agencies and credit control services, where necessary to recover outstanding amounts owed to us.
Public authorities and law enforcement agencies, where we are legally required or permitted to do so, for example to prevent or investigate crime, or in connection with legal proceedings.
Whenever we use data processors, we require them to process your personal data only on our documented instructions, to keep it secure, and to comply with applicable data protection laws.
International Transfers
Where it is necessary to transfer personal data outside the United Kingdom or European Economic Area, we will take steps to ensure that an adequate level of protection is in place. This may involve using standard contractual clauses or other legally recognised safeguards. You can contact us for further information about international transfers that may apply to your personal data.
Data Retention
We keep personal data only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying legal, accounting or reporting requirements.
In general, we retain customer account and contract information for a period after the end of your storage agreement to deal with any queries, disputes or legal claims and to comply with statutory retention obligations.
CCTV footage and access control logs are kept for a limited period, which is determined by our security and operational needs, unless a particular recording is required to be kept longer in connection with an investigation or legal proceedings.
Marketing data is retained for as long as you remain subscribed or show engagement with our communications, or until you object or withdraw your consent, whichever happens first, subject to our need to maintain limited records of your preferences.
When personal data is no longer required, we will delete or anonymise it in a secure manner.
Your Data Protection Rights
Under data protection law, you have certain rights in relation to your personal data. Subject to legal conditions and exemptions, these include:
Right of access: You can request confirmation of whether we process your personal data and obtain a copy of that data, along with certain information about how we use it.
Right to rectification: You can ask us to correct inaccurate or incomplete personal data we hold about you.
Right to erasure: In certain circumstances, you can ask us to delete your personal data, for example where it is no longer needed for the purpose for which it was collected, or where you withdraw consent and there is no other lawful basis for processing.
Right to restriction of processing: You can ask us to restrict the processing of your personal data in certain situations, for example while we verify its accuracy or consider an objection you have raised.
Right to data portability: In certain cases, you can ask to receive the personal data you have provided to us in a structured, commonly used and machine readable format, and to have it transmitted to another controller where technically feasible.
Right to object: You can object to the processing of your personal data based on our legitimate interests, including profiling based on those interests. You also have an absolute right to object at any time to your personal data being used for direct marketing.
Right to withdraw consent: Where we rely on your consent to process your personal data, you may withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
If you wish to exercise any of these rights, you can contact us using the details provided in your contract or any recent correspondence from us. We may need to verify your identity before responding to your request, and we will respond within the timeframes required by law.
Data Security
We take appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction or damage. These measures include physical security at our premises, access controls, staff training, and the use of secure systems and processes.
While we work to protect your personal data, no method of transmission or storage is completely secure. You are responsible for keeping any passwords or access codes confidential and for notifying us promptly if you suspect any unauthorised use of your account or access credentials.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements or operational needs. When we make material changes, we will take reasonable steps to bring them to your attention, for example by updating the version available at our premises or through our online channels. We encourage you to review this Privacy Policy periodically to stay informed about how we handle your personal data.
