Privacy Policy - Southruislip Storage

Effective date: This Privacy Policy applies to all Southruislip Storage customers in the Southruislip area and explains how we collect, use, store, share, and protect personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

We are committed to handling personal data lawfully, fairly, and transparently. This policy applies where Southruislip Storage provides storage services, customer account management, billing, site access, and related support functions.

1. Personal Data We Collect

We collect only the personal data that is necessary for running our storage services, managing customer relationships, meeting legal obligations, and keeping our site secure. The types of data we may collect include:

  • Identity data: name, title, and date of birth where needed for verification.
  • Contact data: postal address, email address, and telephone number.
  • Account data: customer reference numbers, unit number, booking details, payment status, and communication preferences.
  • Financial data: payment card details or bank payment information, where processed for billing and account administration.
  • Usage data: records relating to access to our premises, alarm logs, gate entry records, and security-related events.
  • Technical data: basic device, browser, or system information where captured through secure business systems.
  • Correspondence data: information contained in emails, forms, telephone notes, complaint records, or service requests.
  • Verification data: copies of identity documents, where required to confirm identity, prevent fraud, or comply with legal requirements.

We do not intentionally collect special category data unless you choose to share it with us or it is necessary for a specific legal or operational reason. If such data is provided, we handle it with appropriate safeguards and only where a lawful basis exists.

2. How We Use Your Data

We use personal data for the following purposes:

  • to create and manage customer accounts;
  • to provide storage services and allocate storage units;
  • to verify identity and prevent misuse of services;
  • to process payments and manage invoices, deposits, and charges;
  • to communicate service updates, notices, and account-related information;
  • to maintain security, monitor access, and investigate incidents;
  • to handle complaints, claims, and support requests;
  • to comply with legal, regulatory, tax, insurance, and accounting obligations;
  • to exercise or defend legal rights;
  • to improve our internal records, systems, and service delivery.

We will only use your personal data for purposes that are compatible with the reasons it was collected, or where we have obtained a new lawful basis for processing.

3. Lawful Basis for Processing

Under UK GDPR, we must have a lawful basis to process your personal data. Southruislip Storage relies on one or more of the following bases:

Contract

We process personal data where it is necessary to enter into or perform a contract with you. This includes setting up your account, managing your storage unit, billing, and providing customer support.

Legal obligation

We may process data to comply with legal requirements such as accounting records, tax rules, fraud prevention, court orders, and regulatory requests.

Legitimate interests

We may process data where it is necessary for our legitimate business interests, provided these interests do not override your rights and freedoms. Examples include site security, access control, preventing theft or damage, managing disputes, and improving operations. When we rely on legitimate interests, we carry out a balancing test to ensure your interests are protected.

Consent

In some limited cases, we may rely on your consent, for example for optional marketing communications or non-essential processing. Where consent is used, you may withdraw it at any time. Withdrawal of consent will not affect processing already carried out before the withdrawal.

4. Data Sharing and Processors

We may share personal data with trusted third parties only where necessary for the purposes described in this policy and always under appropriate confidentiality and data protection safeguards. These third parties may act as processors or independent controllers depending on the service provided.

Examples of processors and service providers may include:

  • payment service providers used to process card or bank transactions;
  • IT, cloud storage, backup, and software support providers;
  • security and access control service providers;
  • accounting, audit, and bookkeeping providers;
  • professional advisers such as lawyers, insurers, or consultants when necessary;
  • delivery, postal, or administrative service providers;
  • regulatory bodies, law enforcement, courts, or government authorities where required by law.

Where a processor acts on our behalf, we require them to process data only on our instructions, to use suitable security measures, and to protect confidentiality. We do not permit processors to use your data for their own purposes.

We do not sell personal data. If data is transferred outside the UK, we ensure that appropriate safeguards are in place, such as adequacy regulations or approved contractual protections.

5. Retention of Personal Data

We keep personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, insurance, and dispute-resolution requirements. The retention period depends on the type of data and the reason for processing.

  • Customer account records: retained for the duration of the contract and for a reasonable period afterwards.
  • Financial and tax records: retained for the period required by law or accounting practice.
  • Security records and access logs: retained for a limited period unless needed longer for investigation, safety, or legal action.
  • Complaints, claims, and correspondence: retained as long as required to resolve the issue and for follow-up or legal defence.
  • Identity verification documents: retained only as long as necessary for the relevant check or compliance purpose.

When data is no longer needed, we will securely delete, anonymise, or destroy it in a controlled manner. We review retention periodically to ensure records are not kept longer than necessary.

6. Data Security

We use appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, destruction, alteration, or disclosure. These measures may include restricted access, secure storage, password protection, staff confidentiality obligations, access logs, and regular system maintenance.

Although no system can be guaranteed completely secure, we take data protection seriously and continually assess our controls to reduce risk. If a personal data breach occurs and we are required to do so, we will notify the appropriate supervisory authority and affected individuals in line with legal requirements.

7. Your Rights

Under data protection law, you have a number of rights regarding your personal data. These rights may apply in full or in part depending on the circumstances of the request and the legal basis for processing.

  • Right of access: you may request confirmation of whether we process your data and ask for a copy.
  • Right to rectification: you may ask us to correct inaccurate or incomplete data.
  • Right to erasure: in certain circumstances, you may ask us to delete your data.
  • Right to restrict processing: you may request that we limit how we use your data in certain cases.
  • Right to object: you may object to processing based on legitimate interests or direct marketing.
  • Right to data portability: where applicable, you may request a copy of certain data in a structured format.
  • Right to withdraw consent: where we rely on consent, you may withdraw it at any time.
  • Right to complain: you may raise concerns with the relevant data protection authority if you believe your rights have been infringed.

We may need to verify your identity before responding to a request. We will respond within the legal time limits and may refuse or limit a request only where permitted by law.

8. Children’s Data

Our storage services are intended for adults. We do not knowingly collect personal data from children unless it is unavoidable in a lawful and limited context, such as emergency contact information provided by an adult customer. If we become aware that we have collected data inappropriately, we will take steps to delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in the law, our services, or our data processing practices. Any updated version will apply from the date it is made available. We encourage customers to review this policy periodically to stay informed about how personal data is handled.

10. Summary of Our Commitment

Southruislip Storage is committed to respecting privacy, protecting personal data, and using information only for legitimate and necessary purposes. We aim to maintain a clear balance between efficient service delivery and strong data protection. By collecting only what we need, limiting retention, controlling access, and working with trusted processors, we seek to ensure your data remains handled responsibly and securely. This policy applies to all Southruislip Storage customers in the area and forms part of our wider commitment to privacy, accountability, and compliance.

Call Now!
Call Now Get a Quote
Southruislip Storage

GDPR-compliant Privacy Policy for Southruislip Storage covering data collection, lawful basis, retention, processors, user rights, and security.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.