Privacy Policy - Selfstorage Elephantandcastle

This Privacy Policy explains how Selfstorage Elephantandcastle collects, uses, shares, stores, and protects personal data relating to customers, prospective customers, and other individuals who interact with our storage services. It applies to all Selfstorage Elephantandcastle customers in the area, including individuals who enquire about our services, sign a storage agreement, access our premises, use related services, or otherwise provide personal information to us.

We are committed to handling personal data in a lawful, fair, and transparent manner in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy should be read carefully so that you understand what information we collect, why we collect it, how long we keep it, who may process it on our behalf, and what rights you have in relation to your data.

1. Who We Are

For the purposes of data protection law, Selfstorage Elephantandcastle acts as the data controller for the personal data described in this Privacy Policy. This means we determine the purposes and means of processing your personal data in connection with the provision and management of our storage services.

We take privacy seriously and aim to collect only the information we need, use it only for legitimate purposes, and retain it only for as long as necessary.

2. Personal Data We Collect

We may collect and process different categories of personal data depending on your relationship with us and the services you use. The information may include:

  • Identity data, such as your name, title, date of birth, and identification details.
  • Contact data, such as postal address, email address, and telephone number.
  • Contract and account data, such as storage unit details, agreement dates, billing records, payment status, and account history.
  • Financial data, such as payment card information or bank account details, where necessary for billing and collections.
  • Verification data, such as copies of identity documents and proof of address, where needed for legal and security reasons.
  • Access and security data, such as CCTV footage, gate access records, alarm logs, visitor logs, and incident reports.
  • Communication data, such as emails, messages, complaint records, and notes relating to customer service interactions.
  • Technical data, such as IP address, device information, and browsing activity when you interact with digital systems we use to manage services.

We generally collect information directly from you when you enquire about services, complete a booking or agreement, make a payment, communicate with us, or use our facilities. We may also receive data from third parties where appropriate, such as payment providers, identity verification services, debt recovery providers, insurers, or legal advisers.

3. How We Use Your Personal Data

We use personal data for the following purposes:

  • To provide and manage storage services.
  • To open and administer customer accounts.
  • To verify identity and prevent fraud.
  • To process payments, refunds, and account balances.
  • To communicate with you about your agreement, access, and service matters.
  • To maintain security, protect property, and monitor the premises.
  • To comply with legal, regulatory, tax, and accounting obligations.
  • To manage complaints, disputes, insurance issues, and debt recovery.
  • To improve our services, systems, and operational efficiency.

We only process personal data when we have a lawful basis to do so and when the processing is necessary for a clear and legitimate purpose.

4. Lawful Basis for Processing

Under data protection law, we must identify a lawful basis before processing your personal data. Depending on the situation, we rely on one or more of the following:

Contract

We process personal data when it is necessary to enter into or perform a contract with you. This includes setting up your storage account, managing access to your unit, taking payments, and providing customer support related to the agreement.

Legal Obligation

We process personal data where required to comply with legal obligations, such as tax laws, accounting rules, anti-fraud requirements, safety rules, or lawful requests from authorities.

Legitimate Interests

We may process personal data where it is necessary for our legitimate business interests and where those interests are not overridden by your rights and freedoms. Examples include preventing crime, securing our site, managing risk, improving service quality, and handling disputes. We always consider whether the processing is proportionate and whether your privacy interests require additional safeguards.

Consent

In limited cases, we may rely on your consent, for example for certain optional communications or specific uses of information that are not covered by another lawful basis. Where consent is used, you have the right to withdraw it at any time.

Vital Interests

In rare circumstances, we may process personal data where it is necessary to protect someone’s vital interests, such as in an emergency involving health or safety.

5. Retention of Personal Data

We keep personal data only for as long as necessary to fulfil the purposes for which it was collected, including to meet legal, accounting, regulatory, and reporting obligations. Retention periods vary depending on the type of data and the reason for processing.

In general:

  • Customer contract and billing records are typically retained for the duration of the agreement and for a period afterward to meet legal and tax requirements.
  • Identity verification and compliance records may be retained where necessary for fraud prevention, audit, or legal defence.
  • CCTV and access logs are usually retained for a shorter period unless needed for an investigation, security incident, or legal claim.
  • Complaint and dispute records may be retained for as long as necessary to resolve the matter and demonstrate proper handling.

When personal data is no longer required, we will delete it or anonymise it securely. Where appropriate, we apply data minimisation and storage limitation principles to reduce unnecessary retention.

6. Processors and Third Parties

We may share personal data with trusted third parties who act as processors on our behalf or as independent controllers in limited circumstances. These parties are only permitted to process data in accordance with our instructions or their own legal obligations.

Examples of processors and third parties may include:

  • Payment processors who handle card or bank transactions.
  • IT and cloud service providers who support our systems, data storage, and security tools.
  • Security providers who assist with monitoring, alarm systems, and incident response.
  • Identity verification providers who help us confirm customer identity where required.
  • Professional advisers, such as accountants, insurers, auditors, and legal advisers.
  • Debt recovery and collections partners, where payment issues require action.
  • Public authorities, regulators, or law enforcement bodies where disclosure is required by law.

We require processors to implement appropriate technical and organisational measures to safeguard personal data. Where a processor no longer requires the data, they must return, delete, or securely destroy it in line with our instructions and legal requirements.

7. Data Security

We use suitable security measures to protect personal data against accidental loss, unauthorised access, misuse, alteration, or disclosure. These measures may include access controls, encryption, secure storage, staff training, CCTV, and internal policies governing information handling.

Although we work hard to protect personal data, no system can be guaranteed to be completely secure. If a data breach occurs that may affect your rights or freedoms, we will respond in accordance with applicable law and take appropriate remedial steps.

8. Your Rights

As a data subject under UK GDPR, you have a number of rights in relation to your personal data. These rights are not absolute and may be subject to legal conditions or exemptions. Your rights include:

  • Right of access – to request a copy of the personal data we hold about you.
  • Right to rectification – to ask us to correct inaccurate or incomplete data.
  • Right to erasure – to request deletion of your data in certain circumstances.
  • Right to restriction – to ask us to limit processing in specific situations.
  • Right to data portability – to receive certain data in a structured, commonly used format.
  • Right to object – to object to processing based on legitimate interests or direct marketing.
  • Right to withdraw consent – where processing is based on consent, you may withdraw it at any time.

You also have the right to raise concerns about how your data is handled. If you believe your data protection rights have been infringed, you may seek to exercise your legal remedies under applicable law.

9. International Transfers

Where personal data is transferred outside the UK, we will ensure that suitable safeguards are in place to protect it. These safeguards may include adequacy regulations, standard contractual clauses, or other legally recognised transfer mechanisms.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in legal requirements, operational practices, or service arrangements. Any revised version will apply from the date it becomes effective. We encourage you to review this policy periodically so that you remain informed about how we process your personal data.

11. How We Apply This Policy

This Privacy Policy applies to all Selfstorage Elephantandcastle customers in area and to related individuals whose personal data we process in connection with our storage operations. By using our services, you acknowledge that your information may be processed as described in this policy, in compliance with applicable data protection law and in a manner designed to respect your privacy.

In summary, we collect only the data needed to deliver secure and reliable storage services, we process it under clear lawful bases, we keep it only for appropriate periods, we use processors carefully, and we respect your rights under data protection law.

Call Now!
Call Now Get a Quote
Selfstorage Elephantandcastle

GDPR-compliant Privacy Policy for Selfstorage Elephantandcastle covering data collection, lawful basis, retention, processors, and user rights.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.