Self Storage Elephant and Castle Privacy Policy
This Privacy Policy explains how Self Storage Elephant and Castle collects, uses, stores, and protects personal data relating to customers and prospective customers in the Elephant and Castle area. It also explains your rights under the UK General Data Protection Regulation UK GDPR and related data protection laws.
This Policy applies to all Self Storage Elephant and Castle customers, account holders, guarantors, authorised users, and any person making enquiries or using our storage services in the Elephant and Castle area, whether in person, by phone, or online.
Who we are and scope of this Policy
Self Storage Elephant and Castle is a storage service provider offering self storage units and related services in the Elephant and Castle area. For the purposes of data protection law, Self Storage Elephant and Castle is the data controller in respect of the personal data described in this Policy. This means we decide how and why your personal data is processed.
This Privacy Policy covers personal data that we collect in connection with enquiries, reservations, contracts, payments, access to our site or units, and related communications and support.
Personal data we collect
We may collect and process the following categories of personal data about you when you use our services or interact with us:
Identification and contact details, such as your name, postal address, billing address, identification document details, and other information required to confirm your identity.
Account and contract information, such as customer account numbers, storage unit details, rental agreements, dates of occupancy, and other contract-related information.
Communication data, such as records of enquiries, correspondence, and customer service interactions, including notes made during telephone or in-person conversations.
Payment and transaction information, such as payment method details, transaction history, invoices, charges, and records of any arrears or disputes. We do not store full card details when processed through secure payment providers.
Security and access data, such as access control records, unit entry and exit logs, CCTV footage in and around our premises where installed, and incident reports relating to the safety and security of people and property.
Marketing and preference information, such as your consent choices, preferences for how we contact you, and records of marketing communications where you have chosen to receive them.
Technical data related to digital interactions, such as IP address, device information, and basic usage data collected through our website or online booking and enquiry forms, to the extent necessary to operate and secure our services.
How and why we use your personal data
We process your personal data only where we have a lawful basis under data protection law. Depending on the context, we may use your data for the following purposes and legal bases:
To set up and manage your storage contract, including handling enquiries, performing identity checks where appropriate, preparing and administering your rental agreement, and providing storage services to you. The lawful basis is performance of a contract or taking steps at your request before entering into a contract.
To take payment, manage billing, and recover debts, including issuing invoices, processing payments, handling overpayments and refunds, and pursuing arrears through internal processes or external agencies. The lawful basis is performance of a contract and our legitimate interests in receiving payment for services provided.
To manage security and access to our premises, including operating access control systems, maintaining logs of access to units, and using CCTV where installed to help protect customers, staff, and property, and to prevent and detect crime. The lawful basis is our legitimate interests in ensuring the security and safety of our sites and services and, where relevant, compliance with legal obligations.
To provide customer service and communicate with you, including answering questions, dealing with complaints, sending important service updates, and notifying you of changes to your contract or this Policy. The lawful basis is performance of a contract and our legitimate interests in operating an effective storage business.
To comply with legal and regulatory requirements, such as record keeping, tax and accounting obligations, and responding to lawful requests from law enforcement or regulatory authorities. The lawful basis is compliance with a legal obligation.
To send you marketing communications about our storage services, offers, or related products where you have given your consent or where we are otherwise permitted to do so by law. You can withdraw consent or opt out of marketing at any time. The lawful basis is your consent or our legitimate interests in promoting our services, as permitted by law.
To improve and manage our business, including monitoring usage of our services, training staff, analysing customer trends, and enhancing our premises, systems, and processes. The lawful basis is our legitimate interests in running, developing, and protecting our business.
Data sharing and processors
We may share your personal data with carefully selected third parties who assist us in delivering our services. These third parties act as data processors and process personal data on our behalf, subject to contractual obligations to protect your data and use it only according to our instructions.
Examples of such processors may include payment service providers that securely process card and bank payments, IT and cloud service providers that host our systems, customer management tools that help us administer bookings and accounts, and security service providers that support access control or CCTV systems.
We may also share data with professional advisers such as accountants or legal advisers where necessary to obtain professional advice or manage disputes, and with debt recovery agencies or tracing agents when reasonably required to recover unpaid charges. In some cases, we may be required to disclose information to law enforcement agencies, courts, or regulators where this is required by law or necessary to protect our rights, customers, staff, or property.
We do not sell your personal data to third parties.
International transfers
Where any of our service providers are located outside the United Kingdom or the European Economic Area, or store data in other countries, we will ensure that appropriate safeguards are in place to protect your personal data. This may include using standard contractual clauses approved by relevant authorities or ensuring that the destination country has been recognised as providing an adequate level of data protection.
Data retention
We keep your personal data only for as long as is reasonably necessary for the purposes set out in this Privacy Policy and to comply with legal, regulatory, tax, accounting, or reporting requirements.
In general, we retain core contract and account information for a period after your contract ends, to allow us to deal with queries, manage potential disputes, meet our record keeping obligations, and demonstrate our compliance with legal requirements.
Payment records are retained in line with applicable tax and accounting laws. CCTV footage and access control logs are typically kept for a shorter period, unless required for an ongoing investigation, dispute, or legal claim. Marketing records are retained while you remain subscribed or until you withdraw consent or object to further communications, after which we may keep a limited record of your preference so that we can respect your choice.
Your data protection rights
Under UK GDPR and related laws, you have a number of rights in relation to your personal data. These rights may be subject to certain conditions or exemptions.
You have the right of access, meaning you can request confirmation of whether we hold personal data about you and, if so, request a copy of that data, together with certain information about how it is used.
You have the right to rectification, meaning you can ask us to correct inaccurate or incomplete personal data that we hold about you.
You have the right to erasure, sometimes called the right to be forgotten, meaning you can request that we delete your personal data in certain circumstances, for example where it is no longer needed for the purposes for which it was collected, or where you withdraw consent and there is no other lawful basis for processing.
You have the right to restriction of processing, meaning you can ask us to suspend the use of your data in certain situations, for example while we check the accuracy of data or consider an objection you have raised.
You have the right to data portability, meaning you can request that we provide certain personal data to you or another organisation in a structured, commonly used, machine readable format where our processing is based on consent or contract and carried out by automated means.
You have the right to object to processing that is based on our legitimate interests or for direct marketing. Where you object to marketing, we will stop sending you marketing communications. Where you object on other grounds, we will stop processing your data unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or where processing is required for legal claims.
Where we rely on your consent to process personal data, you have the right to withdraw that consent at any time. Withdrawing consent does not affect the lawfulness of processing based on consent before it was withdrawn.
Exercising your rights and complaints
If you wish to exercise any of your rights, you can contact us using the contact details provided in your contract or on our customer documentation. We may need to verify your identity before responding to your request, particularly where sensitive or high risk data is involved.
If you have concerns about how we handle your personal data, we ask that you contact us first so that we can try to resolve the issue. You also have the right to lodge a complaint with the UK data protection supervisory authority if you are not satisfied with our response.
Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or how we manage personal data. When we make significant changes, we will take appropriate steps to bring them to your attention, for example by updating the version available at our premises or on our customer documentation. Your continued use of our services after any changes take effect will signify your acknowledgement of the updated Policy.
