Privacy Policy - Sydenhamhill Storage

This Privacy Policy explains how Sydenhamhill Storage collects, uses, stores, shares, and protects personal data relating to customers, prospective customers, and other individuals in connection with our storage services. It applies to all Sydenhamhill Storage customers in the area and to anyone whose personal data is handled by us in the course of providing our services.

We are committed to handling personal data in a lawful, fair, and transparent manner in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We aim to collect only the data that is necessary, keep it secure, and retain it only for as long as required.

1. Personal Data We Collect

We may collect and process different types of personal data depending on how you interact with us and which services you use. This may include:

  • Identity data such as your name, date of birth, and identification details where needed for verification.
  • Contact data such as address, email address, and telephone number.
  • Account and transaction data such as service records, payment history, invoices, and booking details.
  • Security and access data such as entry logs, keyholder details, alarm records, CCTV images, and access permissions where applicable.
  • Correspondence data such as messages, complaints, queries, and notes relating to service management.
  • Technical data where relevant, including IP address or device information if you use our digital services or online systems.
  • Compliance data such as records needed to meet legal, regulatory, insurance, or fraud-prevention obligations.

We generally collect personal data directly from you when you enquire about, sign up for, or use our storage services. We may also receive data from third parties, for example payment providers, identity verification services, insurers, debt recovery providers, or public authorities where lawful and necessary.

2. How We Use Personal Data

We use personal data only where we have a lawful basis to do so. Common uses include:

  • Setting up and managing customer accounts and storage agreements.
  • Verifying identity and preventing fraud or misuse of our services.
  • Processing payments, issuing invoices, and managing refunds or arrears.
  • Providing customer support and responding to requests, complaints, or disputes.
  • Maintaining site security, protecting property, and controlling access.
  • Meeting legal and regulatory obligations, including tax, accounting, and insurance requirements.
  • Improving our services, operations, and internal record keeping.
  • Defending legal claims and managing incidents or investigations.

We do not use personal data in ways that are incompatible with the purposes described in this Policy unless we notify you and have a lawful reason to do so.

3. Lawful Basis for Processing

Under data protection law, we must have a lawful basis for each processing activity. Depending on the circumstances, we rely on one or more of the following:

Performance of a Contract

We process personal data when it is necessary to enter into or perform our storage agreement with you, manage your account, provide services, and take steps at your request before entering a contract.

Legal Obligation

We process certain data when required to comply with laws and regulations, including financial record keeping, tax obligations, identity verification, and responses to lawful requests from authorities.

Legitimate Interests

We may process personal data where it is necessary for our legitimate interests, provided your rights and freedoms do not override those interests. This includes managing our business, securing our premises, preventing fraud, keeping records, and improving service quality. Where we rely on this basis, we consider the impact on individuals and apply appropriate safeguards.

Consent

In limited cases, we may rely on your consent, for example for certain optional communications or uses not covered by other lawful bases. Where consent is used, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

4. Data Sharing and Processors

We may share personal data with trusted third parties who help us operate and provide our services. These third parties act as processors or, in some cases, independent controllers. We take steps to ensure that any data sharing is lawful, necessary, and subject to appropriate safeguards.

Examples of processors may include:

  • Payment service providers for card processing, direct debit handling, and transaction verification.
  • IT and cloud service providers that host systems, store records, or support secure communications.
  • Security providers that support access control, monitoring, alarm handling, or CCTV-related services.
  • Professional advisers such as accountants, auditors, insurers, and legal advisers where necessary.
  • Identity and fraud prevention services used to verify identity and reduce the risk of misuse.
  • Debt collection or recovery services where accounts become overdue and recovery action is required.

We require processors to act only on our instructions, keep personal data confidential and secure, and comply with data protection law. Where personal data is shared with independent controllers, those parties are responsible for their own compliance and privacy notices may apply.

We may also disclose personal data if required by law, court order, or regulatory request, or where necessary to protect our rights, property, staff, customers, or others.

5. Data Retention

We keep personal data only for as long as necessary for the purposes for which it was collected, and in line with legal, accounting, insurance, and operational requirements. Retention periods vary depending on the type of data and the reason for processing.

In general, we may retain:

  • Contract and account records for the duration of the relationship and for a reasonable period afterwards.
  • Financial and tax records for the period required by law and normal business practice.
  • Security records such as access logs or CCTV images for limited periods unless needed for an incident or investigation.
  • Correspondence and complaints for as long as needed to resolve matters and demonstrate compliance.

When data is no longer needed, we will securely delete, anonymise, or archive it in accordance with our retention procedures. Where data must be retained for legal claims or regulatory purposes, we will keep it only for that specific purpose.

6. Data Security

We use appropriate technical and organisational measures to protect personal data against accidental loss, unauthorised access, misuse, disclosure, alteration, or destruction. These measures may include access controls, secure storage, staff training, restricted permissions, and monitoring of systems and premises.

Although we work hard to protect data, no system can be completely secure. We therefore encourage customers to take care when sharing information and to notify us promptly if they believe their information may have been compromised.

7. Your Rights

Subject to certain conditions and exemptions under data protection law, you have the following rights in relation to your personal data:

  • Right of access to receive a copy of the personal data we hold about you.
  • Right to rectification to correct inaccurate or incomplete data.
  • Right to erasure in certain circumstances, also known as the right to be forgotten.
  • Right to restrict processing in certain situations.
  • Right to data portability for data you provided to us, where processing is based on consent or contract and carried out by automated means.
  • Right to object to processing based on legitimate interests or to direct marketing.
  • Right to withdraw consent where we rely on consent as the legal basis.
  • Right to complain to the relevant supervisory authority if you believe your data protection rights have been infringed.

To exercise your rights, we may need to verify your identity before taking action. We will respond within the time limits set by law and explain if any request cannot be fully met because of legal exemptions or conflicting obligations.

8. International Transfers

If personal data is transferred outside the UK, we will ensure that appropriate safeguards are in place so that the data remains protected to a standard consistent with UK GDPR. These safeguards may include adequacy regulations, standard contractual clauses, or other lawful transfer mechanisms.

9. Children’s Data

Our services are intended for adults and business users. We do not knowingly collect personal data from children unless it is necessary in connection with a lawful service arrangement or where an adult provides details as part of a customer record. If we become aware that we have collected data inappropriately, we will take steps to delete it or handle it lawfully.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or data processing practices. The most current version will apply to the way we handle personal data. We recommend reviewing this Policy periodically to stay informed about how we protect your information.

11. Summary of Our Commitments

Sydenhamhill Storage will process personal data only for clear and lawful purposes, keep it secure, share it only when necessary, and retain it for no longer than required. We value privacy and aim to handle every customer’s information with care, transparency, and respect. This Policy applies to all Sydenhamhill Storage customers in area and should be read alongside any storage agreement or related terms you have with us.

Call Now!
Call Now Get a Quote
Sydenhamhill Storage

GDPR-compliant Privacy Policy for Sydenhamhill Storage covering data use, lawful basis, retention, processors, and user rights for all customers in area.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.