Privacy Policy - Selfstorage Croydon

This Privacy Policy explains how Selfstorage Croydon collects, uses, stores, shares, and protects personal data in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. It applies to all Selfstorage Croydon customers in the area, including prospective customers, current customers, former customers, visitors, and any individual who interacts with our storage services.

1. Who We Are

Selfstorage Croydon provides storage services for individuals and businesses in Croydon and the surrounding area. For the purposes of data protection law, we act as a data controller when we determine why and how personal data is processed. In some cases, we may also use third-party service providers who act as data processors on our behalf.

2. Personal Data We Collect

We only collect personal data that is necessary for the provision and management of our storage services, legal compliance, and business administration. The categories of data we may collect include:

  • Identity data such as your name, date of birth, and identification details.
  • Contact data such as your postal address, email address, and telephone number.
  • Account and contract data such as booking details, tenancy agreements, payment status, and service preferences.
  • Payment data such as billing records, bank details, payment confirmations, and transaction history.
  • Security data such as CCTV footage, access logs, vehicle registration details, and site entry records.
  • Communication data such as enquiries, complaints, feedback, and correspondence.
  • Technical data such as IP address, device information, and basic website interaction data where applicable.

We do not intentionally collect special category data unless it is necessary and you have provided it for a specific reason, or unless we are legally required to do so. Special category data includes information about health, religion, political opinions, biometric data, and similar sensitive information.

3. How We Collect Personal Data

We may collect personal data in the following ways:

  • Directly from you when you enquire about storage, make a booking, sign a contract, or use our services.
  • When you communicate with us by phone, email, online forms, or in person.
  • Through security systems such as access control systems and CCTV.
  • From payment providers, identity verification services, and other service partners where necessary.
  • From public sources or fraud-prevention databases where permitted by law.

4. Purposes of Processing

We process personal data only where necessary and for specific purposes. These may include:

  • Managing enquiries and providing quotations.
  • Setting up and administering customer accounts and storage agreements.
  • Processing payments, refunds, and account adjustments.
  • Verifying identity and preventing fraud.
  • Maintaining security of our premises, staff, customers, and stored property.
  • Complying with legal and regulatory obligations.
  • Handling complaints, disputes, and customer support requests.
  • Improving our services, systems, and customer experience.

5. Lawful Basis for Processing

Under GDPR, we must have a lawful basis to process your personal data. Depending on the situation, we rely on one or more of the following lawful bases:

Contract

We process personal data where it is necessary to enter into or perform a contract with you. This includes managing your storage agreement, processing payments, and providing access to your storage unit.

Legal Obligation

We may process personal data where we are required to do so by law, such as keeping financial records, complying with tax requirements, or assisting law enforcement where legally required.

Legitimate Interests

We may process personal data when it is necessary for our legitimate interests, provided those interests are not overridden by your rights and freedoms. Examples include maintaining site security, preventing fraud, managing our business operations, and improving service quality.

Consent

In limited situations, we may rely on your consent, for example for certain marketing communications or optional data uses. Where consent is used, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

6. Data Sharing and Processors

We may share personal data with trusted third parties where necessary for the purposes described in this policy. These third parties may act as processors or, in some cases, independent controllers. When a third party processes data on our behalf, we ensure that appropriate contractual and technical safeguards are in place.

Examples of processors may include:

  • IT and cloud service providers that host our systems.
  • Payment processing providers that handle card or bank transactions.
  • Security providers supporting CCTV, alarms, or access control systems.
  • Administrative and customer service support providers.
  • Professional advisers such as accountants, auditors, or legal advisers.

We may also disclose personal data where required by law, by court order, or to protect the rights, property, or safety of Selfstorage Croydon, our customers, staff, or the public.

7. International Transfers

If any of our processors or service providers transfer personal data outside the United Kingdom, we will only allow this where appropriate safeguards are in place. These safeguards may include adequacy regulations, standard contractual clauses, or other legally recognised transfer mechanisms.

8. Retention of Personal Data

We keep personal data only for as long as necessary for the purposes for which it was collected, including to satisfy legal, accounting, contractual, and security requirements. Retention periods depend on the type of data and the reason it is held.

  • Contract and account data are usually retained for the duration of the agreement and for a reasonable period afterwards.
  • Payment and transaction records may be retained for tax and accounting purposes in accordance with legal requirements.
  • Security records such as CCTV footage are normally kept only for a limited period unless needed for investigation or legal proceedings.
  • Correspondence and complaint records may be retained for as long as needed to resolve issues and evidence our handling of the matter.

When data is no longer required, we will delete it securely or anonymise it so that it can no longer identify you.

9. Data Security

We take the security of personal data seriously and use appropriate technical and organisational measures to protect it against unauthorised access, loss, misuse, alteration, or disclosure. These measures may include access controls, encryption, secure storage, staff training, and restricted data access.

While we take reasonable steps to protect your data, no system can be guaranteed to be completely secure. If we become aware of a personal data breach that is likely to pose a risk to your rights and freedoms, we will take appropriate action and notify the relevant supervisory authority and affected individuals where legally required.

10. Your Rights Under GDPR

You have a number of rights in relation to your personal data. These rights may be subject to legal limitations and exemptions.

  • Right of access – you can request a copy of the personal data we hold about you.
  • Right to rectification – you can ask us to correct inaccurate or incomplete data.
  • Right to erasure – you may request deletion of your data in certain circumstances.
  • Right to restriction – you may ask us to limit the processing of your data in certain cases.
  • Right to data portability – you may request certain data in a structured, commonly used format.
  • Right to object – you may object to processing based on legitimate interests or direct marketing.
  • Right to withdraw consent – where processing is based on consent, you may withdraw it at any time.

You also have the right to raise concerns with the UK Information Commissioner’s Office if you believe your data has not been handled lawfully.

11. Marketing Communications

We will only send direct marketing where permitted by law. If marketing is based on consent, we will seek your permission first. If marketing is based on legitimate interests, you may object at any time. We will always respect your choice and stop such communications where required.

12. Children’s Data

Our services are generally intended for adults. We do not knowingly collect personal data from children unless it is necessary in connection with a lawful storage arrangement and appropriate authorisation has been provided by a parent, guardian, or responsible adult.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in law, regulation, our services, or how we process personal data. Any updated version will apply from the date it is published. We encourage customers to review the policy periodically to stay informed.

14. Summary of Our Commitments

Selfstorage Croydon is committed to handling personal data fairly, lawfully, and transparently. We only collect data that is needed, use it for clear and legitimate purposes, keep it secure, retain it for no longer than necessary, and respect the rights of all individuals whose data we process. This policy applies to all Selfstorage Croydon customers in the area and is designed to ensure that your information is treated with care and in accordance with GDPR principles.

Call Now!
Call Now Get a Quote
Selfstorage Croydon

GDPR-compliant Privacy Policy for Selfstorage Croydon covering data collection, lawful basis, retention, processors, security, and user rights for all local customers.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.