Privacy Policy - Carshalton Storage

This Privacy Policy explains how Carshalton Storage collects, uses, stores, shares, and protects personal data. It applies to all Carshalton Storage customers in the area, including prospective customers, account holders, business customers, and anyone who uses our services, visits our premises, or communicates with us in connection with storage services.

We are committed to processing personal data in a lawful, fair, and transparent manner in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We take privacy seriously and aim to ensure that any personal information you provide is handled responsibly and securely.

1. Information We Collect

We may collect and process different types of personal data depending on how you interact with us. This may include:

  • Identity details such as your name, date of birth, and identification information.
  • Contact details such as your address, email address, and telephone number.
  • Account and booking information including storage unit details, contract dates, payment records, and service preferences.
  • Payment information such as billing details and transaction records. We do not store full card details where payment services are handled by secure third-party processors.
  • Security and access information including CCTV footage, visitor logs, entry records, and access control data where applicable.
  • Communication records including emails, messages, call notes, complaints, and customer service correspondence.
  • Technical data such as IP address, browser type, device information, and usage data if you interact with our digital services.

We only collect personal data that is relevant and necessary for the purposes described in this policy. Wherever possible, we avoid collecting information that is not needed for service provision, compliance, or security.

2. How We Use Your Data

We process personal data for several legitimate business and legal purposes, including:

  • to set up and manage your storage account;
  • to provide storage services and related administrative support;
  • to verify identity and prevent fraud;
  • to process payments and manage invoices;
  • to maintain site security and protect property;
  • to respond to enquiries, complaints, and requests;
  • to meet legal, regulatory, and contractual obligations;
  • to improve our operations, service quality, and customer experience;
  • to keep business and financial records for audit and tax purposes.

We will not use your personal data for purposes that are incompatible with the reasons it was collected unless we have a valid lawful basis to do so and have informed you where required.

3. Lawful Basis for Processing

Under data protection law, we must have a lawful basis for each processing activity. Carshalton Storage relies on the following lawful bases:

Performance of a Contract

We process personal data when it is necessary to enter into or perform a storage agreement, manage your account, provide access to your unit, or handle payment arrangements connected to the services you have requested.

Legal Obligation

We may need to process and retain personal data to comply with legal and regulatory requirements, including tax laws, accounting rules, crime prevention obligations, and requests from public authorities where permitted by law.

Legitimate Interests

We may process data where it is necessary for our legitimate interests, provided those interests are not overridden by your rights and freedoms. This includes security monitoring, fraud prevention, business administration, dispute resolution, and service improvement.

Consent

In limited situations, we may rely on your consent, for example where optional marketing communications are sent or where certain non-essential processing requires permission. Where consent is used, you may withdraw it at any time.

Vital Interests

In rare circumstances, we may process personal data to protect someone’s vital interests, such as where emergency action is required to prevent serious harm.

4. Sharing and Processors

We may share personal data with trusted third parties who act as data processors or independent controllers, where necessary for the operation of our business and the delivery of services. These parties may include:

  • Payment service providers who process transactions securely;
  • IT and cloud service providers who support our systems, storage, and communications;
  • Security contractors who assist with site protection, alarm response, or CCTV-related services;
  • Professional advisers such as accountants, insurers, auditors, and legal advisers;
  • Maintenance and facilities providers where access is needed to carry out repairs or site services;
  • Authorities and public bodies where disclosure is required by law or necessary for legal claims, crime prevention, or compliance.

All processors are required to act only on our instructions, protect your data appropriately, and comply with applicable data protection laws. We do not sell personal data.

5. Data Retention

We keep personal data only for as long as necessary for the purposes for which it was collected, or as required by law. Retention periods vary depending on the type of data and the reasons for processing.

  • Customer account records are retained for the duration of the contract and for a period afterwards to manage queries, disputes, or legal claims.
  • Financial and tax records are kept for the period required by accounting and tax legislation.
  • Security records such as CCTV or access logs are retained for a limited period unless needed longer for investigations, incident management, or legal proceedings.
  • Enquiries and correspondence may be held for as long as needed to respond appropriately and maintain accurate business records.

When personal data is no longer required, we will delete it securely or anonymise it so that it can no longer identify you.

6. Data Security

We use appropriate technical and organisational measures to safeguard personal data against loss, misuse, unauthorised access, alteration, or disclosure. These measures may include access controls, password protection, staff training, secure storage, and restricted data access. While no system can be guaranteed completely secure, we work continuously to maintain a high standard of protection.

7. Your Rights

As a data subject under UK GDPR, you have a number of rights in relation to your personal data. These rights may apply depending on the circumstances and legal exceptions.

  • Right of access – you may request a copy of the personal data we hold about you.
  • Right to rectification – you may ask us to correct inaccurate or incomplete information.
  • Right to erasure – in certain cases, you may request deletion of your personal data.
  • Right to restrict processing – you may ask us to limit how we use your data in certain situations.
  • Right to object – you may object to processing based on legitimate interests or direct marketing.
  • Right to data portability – where applicable, you may request your data in a structured, commonly used format.
  • Right to withdraw consent – where processing relies on consent, you may withdraw it at any time.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you believe your data has been handled unlawfully or your rights have not been respected. We encourage you to raise concerns with us first so we can try to resolve them promptly.

8. International Transfers

If personal data is transferred outside the UK, we will ensure appropriate safeguards are in place to protect it in line with data protection law. Such safeguards may include adequacy regulations, standard contractual clauses, or other legally approved transfer mechanisms.

9. Children’s Data

Our storage services are intended for adults and business users. We do not knowingly collect personal data from children unless it is necessary for legitimate administrative or legal reasons and handled with appropriate care.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in law, business practices, or service operations. Any updated version will apply from the date it is issued. We encourage you to review this policy periodically so that you remain informed about how your data is used.

11. Summary of Our Commitment

Carshalton Storage is committed to protecting your privacy, limiting data collection to what is necessary, using lawful bases appropriately, retaining information only as long as needed, and working with processors that meet our security and compliance standards. We recognise the importance of trust and transparency in the handling of personal data, and we aim to respect your rights at every stage of our relationship with you.

By using Carshalton Storage services, you acknowledge that this Privacy Policy applies to your personal data as a customer in the area.

Call Now!
Call Now Get a Quote
Carshalton Storage

GDPR-compliant Privacy Policy for Carshalton Storage covering data use, lawful basis, retention, processors, and user rights.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.