Privacy Policy - Selfstorage Stockwell

This Privacy Policy explains how Selfstorage Stockwell collects, uses, stores, shares, and protects personal data. It applies to all Selfstorage Stockwell customers in the Stockwell area, including prospective customers, account holders, storage unit users, visitors, and anyone who communicates with us in connection with our services. We are committed to handling personal data in a lawful, fair, and transparent manner in accordance with the UK GDPR and the Data Protection Act 2018.

1. Who we are

For the purposes of data protection law, Selfstorage Stockwell acts as the data controller for the personal data we collect and process in relation to our storage services. This means we decide how and why your personal data is used. We take data protection seriously and aim to only process information that is necessary to provide secure, reliable, and efficient storage services.

2. Personal data we collect

We may collect and process the following categories of personal data:

  • Identity data: name, date of birth, and similar identifying details.
  • Contact data: address, email address, and telephone number.
  • Account and contract data: storage unit details, booking information, access records, payment status, and service history.
  • Payment data: billing details and transaction records. We do not ordinarily store full payment card details where payment processing is handled by a secure payment provider.
  • Security and access data: key codes, entry logs, CCTV images where applicable, and incident reports.
  • Communications data: messages, call notes, complaints, feedback, and correspondence.
  • Technical data: device, browser, and usage information when you interact with our digital systems.

We generally collect personal data directly from you when you enquire about our services, sign up for storage, complete forms, make payments, or contact us. In some cases, we may receive information from third parties such as payment processors, identity verification providers, insurance partners, or legal and regulatory bodies where appropriate and lawful.

3. How we use your data

We use personal data for the following purposes:

  • to provide and manage storage services;
  • to set up and administer accounts and contracts;
  • to verify identity and prevent fraud;
  • to process payments, invoices, and refunds;
  • to manage access to storage facilities and maintain security;
  • to communicate with you about your account, bookings, and service updates;
  • to respond to enquiries, complaints, and requests;
  • to comply with legal obligations and regulatory requirements;
  • to establish, exercise, or defend legal claims;
  • to improve our services, systems, and operational processes.

We will only process your personal data where there is a lawful basis to do so and where the processing is necessary for a legitimate and specific purpose.

4. Lawful basis for processing

Under data protection law, we must rely on one or more lawful bases to process personal data. Depending on the context, we may process your data on the following bases:

Performance of a contract

We process personal data when it is necessary to enter into or perform our storage agreement with you. This includes managing bookings, allocating storage space, taking payments, and providing customer support connected to your contract.

Legal obligation

We may process personal data to comply with legal obligations, such as accounting, tax, fraud prevention, health and safety, and responses to lawful requests from authorities.

Legitimate interests

We may process personal data where it is in our legitimate interests to do so, provided those interests are not overridden by your rights and freedoms. Examples include maintaining security, preventing misuse of our services, improving our operations, and managing business records. Where we rely on legitimate interests, we assess the impact on individuals and ensure the processing is proportionate.

Consent

In limited situations, we may rely on your consent, for example for certain optional marketing or non-essential data processing. Where consent is used, you have the right to withdraw it at any time. Withdrawal of consent will not affect the lawfulness of processing carried out before withdrawal.

Vital interests and public interest

In rare circumstances, we may process data to protect someone’s vital interests or where necessary for tasks carried out in the public interest, though these bases are not generally central to our day-to-day storage operations.

5. Data retention

We keep personal data only for as long as necessary to fulfil the purposes for which it was collected, including to meet legal, accounting, contractual, and security requirements. Retention periods vary depending on the type of information and the reason it is held.

  • Account and contract records are normally retained for the duration of the relationship and for a period afterwards to deal with disputes, claims, and audit requirements.
  • Payment and invoicing records are retained for the period required by tax and accounting rules.
  • Security logs and access records are kept only as long as needed for security management and incident investigation.
  • Enquiry and communication records may be retained for a reasonable time to ensure continuity of service and accurate record keeping.

When data is no longer required, we will securely delete, anonymise, or otherwise dispose of it in accordance with our retention practices. If we need to keep information for legal claims or regulatory reasons, we will retain it only for as long as necessary for that purpose.

6. Processors and third parties

We may share personal data with trusted third-party service providers acting as processors on our behalf. These parties are only permitted to process personal data according to our instructions and must implement appropriate security measures. Examples may include:

  • IT and hosting providers who support our systems and data storage;
  • payment processors who handle transactions securely;
  • identity verification services used for fraud prevention and account security;
  • security providers supporting site monitoring or incident response;
  • professional advisers such as accountants, insurers, auditors, and legal advisers;
  • regulators, law enforcement, or public authorities where required by law.

Where data is shared with processors, we ensure appropriate contractual safeguards are in place. If personal data is transferred outside the UK, we will only do so where suitable legal protections exist to safeguard your information.

7. Security of your data

We use appropriate technical and organisational measures to protect personal data against loss, misuse, unauthorised access, alteration, or disclosure. These measures may include access controls, secure storage, staff training, monitoring, and regular review of our procedures. While no system can be guaranteed to be completely secure, we work continuously to protect the integrity and confidentiality of the information we hold.

8. Your rights

As a data subject, you have a number of rights under the UK GDPR. These rights may be subject to legal limits or exceptions, but we will always assess your request carefully and respond appropriately. Your rights include:

  • Right of access: you can request a copy of the personal data we hold about you.
  • Right to rectification: you can ask us to correct inaccurate or incomplete data.
  • Right to erasure: in certain circumstances, you can ask us to delete your personal data.
  • Right to restriction: you can request that we limit how we use your data in specific situations.
  • Right to data portability: you may request that certain data be provided in a structured, commonly used format.
  • Right to object: you can object to processing based on legitimate interests or direct marketing.
  • Right to withdraw consent: where we rely on consent, you may withdraw it at any time.

If you believe your rights have not been respected, you also have the right to lodge a complaint with the UK Information Commissioner’s Office. We encourage you to raise concerns with us first so we can try to resolve the matter promptly and fairly.

9. Automated decision-making

We do not normally use fully automated decision-making that produces legal or similarly significant effects. If this changes, we will provide clear information about the logic involved, the significance of the processing, and your rights in relation to it.

10. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or data protection practices. Any updated version will apply from the date it is published or otherwise communicated. We encourage you to review it periodically to stay informed about how we protect your personal data.

In summary: Selfstorage Stockwell processes personal data lawfully, transparently, and securely, using it only when necessary for storage services, legal compliance, and legitimate business purposes, while respecting your rights and retaining data for only as long as needed.

Call Now!
Call Now Get a Quote
Selfstorage Stockwell

GDPR-compliant privacy policy for Selfstorage Stockwell covering data collection, lawful basis, retention, processors, and user rights for all local customers.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.