Self Storage Croydon Privacy Policy
This Privacy Policy explains how Self Storage Croydon collects, uses, stores and protects your personal data in line with the UK General Data Protection Regulation and the Data Protection Act 2018. It applies to all Self Storage Croydon customers and prospective customers in the local area, including individuals, sole traders and representatives of businesses using or enquiring about our storage services.
Who this Privacy Policy applies to
This Privacy Policy applies to all individuals who interact with Self Storage Croydon in the course of using, or considering using, our storage facilities and related services in the Croydon area. This includes customers with active or past storage agreements, people making enquiries, visitors to our premises and individuals acting on behalf of corporate customers.
Personal data we collect
We collect and process different categories of personal data depending on your relationship with us and how you interact with our services. This may include:
Identification and contact data such as full name, residential or business address, billing address, date of birth, and contact details including postal address and online contact details where provided.
Customer account and contract data such as storage unit number, length of stay, access permissions, records of communications with you, copies of signed contracts, payment history, and information relating to additional services you request.
Payment and billing data such as invoicing details, payment method information, transaction amounts and dates, and records necessary for accounting and tax purposes. Where payment is processed through third-party providers, we will receive confirmation of payment status and relevant references.
Security and access data such as CCTV footage recorded at our premises, door and gate access logs, visit times, vehicle registration numbers recorded on site where relevant, and incident reports relating to safety and security.
Technical and usage data such as information you provide via online enquiry forms, website usage data including pages visited and time spent on our site, and log data necessary to maintain the security and performance of our online services.
How we collect your personal data
We collect personal data directly from you when you:
Make an enquiry by phone, in person or through our website.
Enter into a storage agreement or update an existing agreement.
Make a payment or request a refund or credit.
Visit our premises, where CCTV systems record video footage and access control systems record entry and exit events.
Communicate with us for customer service, complaints, or general enquiries.
We may also receive limited data about you from third parties, such as payment service providers confirming payment status, or from law enforcement and regulatory authorities where legally required.
Lawful bases for processing
Self Storage Croydon processes your personal data only where there is a lawful basis under data protection law. Depending on the circumstances, we may rely on the following lawful bases:
Performance of a contract. We process your data when it is necessary to enter into or fulfil our storage agreement with you. This includes managing your bookings, providing access to your unit, processing payments, communicating about your account, and handling termination or renewal.
Legal obligation. We process data where we are required to do so to comply with applicable laws, regulations and court orders. This may include record-keeping for tax and accounting, insurance requirements, and responding to lawful requests from law enforcement or regulatory authorities.
Legitimate interests. We process data where necessary for our legitimate business interests, provided that your rights and freedoms do not override those interests. Examples include ensuring site and staff security through CCTV and access logs, preventing and detecting fraud or misuse of our facilities, maintaining our IT and physical infrastructure, and improving our services.
Consent. In limited cases, we may rely on your explicit consent, for example where you ask us to contact you with certain types of marketing. You may withdraw your consent at any time, but this will not affect processing that has already occurred before you withdrew consent.
How we use your personal data
We use your personal data for the following purposes:
To set up, administer and manage your storage agreement, including verifying your identity, communicating with you, managing access and processing payments.
To operate and secure our premises, including the use of CCTV for the prevention and detection of crime and to ensure the safety of customers, visitors and staff.
To manage customer service interactions, address enquiries, handle complaints, and resolve disputes.
To maintain accurate financial and business records, undertake internal reporting and meet our legal and regulatory obligations.
To protect our rights, property and safety and that of our customers, including the enforcement of contractual terms and debt recovery processes.
To improve and develop our services, premises and customer experience, based on feedback and usage information.
Data sharing and processors
We will not sell your personal data. We may share your data with trusted third parties where this is necessary and lawful. These third parties act either as independent controllers or as processors acting on our instructions.
Typical categories of data processors we use include:
IT and cloud service providers that host our systems, storage and backup solutions, and provide software used for account management, document storage and communications.
Payment processing and merchant service providers that handle card and electronic payments and assist with fraud prevention.
Security and maintenance providers that support CCTV operation, access control systems, and building management.
Professional advisers such as accountants, auditors, and legal advisers where necessary for business operations or in connection with legal claims.
Where third parties act as processors, they are bound by a written contract requiring them to process personal data only on our instructions, to implement appropriate security measures and to respect your privacy rights.
We may also share data with law enforcement, regulatory bodies, courts or other public authorities where required by law or necessary to protect our legal rights or those of others.
International transfers
Where any of our service providers transfer personal data outside the United Kingdom or the European Economic Area, we will ensure that appropriate safeguards are in place, such as the use of standard contractual clauses or reliance on adequacy regulations, to ensure your data is protected to standards equivalent to those required in the UK.
Data retention
We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, including satisfying any legal, accounting or reporting requirements.
In general, we keep:
Customer account and contract data for the duration of your storage agreement and for a period afterwards as required for legal limitation periods, dispute resolution and financial record keeping.
Payment and billing records for the time required under tax and accounting laws.
CCTV footage and access logs for a limited period necessary for security and incident investigation, unless a particular recording or log needs to be kept longer in connection with an ongoing investigation or legal claim.
When personal data is no longer needed, we will securely delete it, anonymise it or, where this is not possible, securely store it and restrict access until deletion is possible.
Your data protection rights
Under data protection law, you have a number of rights in relation to your personal data, subject to certain conditions and exceptions. These rights include:
Right of access. You can request a copy of the personal data we hold about you and information about how we process it.
Right to rectification. You can ask us to correct inaccurate or incomplete personal data about you.
Right to erasure. You can ask us to delete your personal data in certain circumstances, for example where it is no longer needed for the original purpose and there is no overriding lawful basis to continue processing it.
Right to restriction. You can ask us to restrict the processing of your data in certain circumstances, such as while a dispute about accuracy or lawful processing is being resolved.
Right to data portability. You can request that we provide certain personal data to you in a structured, commonly used and machine-readable format, or transfer it to another controller where technically feasible.
Right to object. You can object to processing based on our legitimate interests, including any direct marketing, and we will stop processing unless we can demonstrate compelling legitimate grounds to continue.
Right to withdraw consent. Where processing is based on your consent, you can withdraw that consent at any time. This will not affect the lawfulness of processing before withdrawal.
How to exercise your rights and complaints
If you wish to exercise any of your rights or have questions about how we handle your personal data, you can contact Self Storage Croydon using the contact details provided on our main customer documentation or at our premises.
You also have the right to lodge a complaint with the UK Information Commissioner's Office if you believe your data protection rights have been infringed. Further information on how to do this is available directly from the Information Commissioner's Office.
Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our services, technology, legal requirements or how we process personal data. The updated version will be made available to customers and will apply from the date it is issued. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.
