Privacy Policy - Thorntonheath Storage

Thorntonheath Storage is committed to protecting the privacy and personal data of all customers in the Thorntonheath area. This Privacy Policy explains how we collect, use, store, share, and protect personal data in accordance with the UK GDPR and the Data Protection Act 2018. It applies to all Thorntonheath Storage customers in the area, including prospective customers, current customers, former customers, account holders, and individuals who interact with us in connection with our services.

1. Who We Are

For the purposes of data protection law, Thorntonheath Storage acts as the data controller in relation to the personal data described in this policy. This means we decide how and why your personal data is processed when you use our storage services, visit our premises, communicate with us, or otherwise engage with us as a customer or potential customer.

2. Personal Data We Collect

We collect only the information necessary to provide storage services, manage our relationship with you, and meet our legal obligations. The types of personal data we may collect include:

  • Identity data such as your name, date of birth, and identification details where required for verification purposes.
  • Contact data such as your address, email address, and telephone number.
  • Contract data such as account details, booking information, service preferences, rental period, and payment arrangements.
  • Financial data such as payment card details, bank details, and transaction records, where applicable.
  • Verification data such as proof of identity or address, where needed to satisfy legal or security checks.
  • Usage data such as records of unit access, dates of entry and exit, and service interactions.
  • Security data such as CCTV images, access logs, and incident reports where permitted by law.
  • Communication data such as correspondence, complaints, enquiries, and records of customer service interactions.

We do not intentionally collect special category data unless you choose to provide it to us voluntarily and it is necessary for a specific lawful purpose.

3. How We Collect Personal Data

We may collect personal data directly from you when you complete forms, sign a storage agreement, make payments, contact us, or use our services. We may also collect data from:

  • identity verification providers;
  • payment processors and financial institutions;
  • security systems such as CCTV and access control systems;
  • publicly available sources where lawful and necessary;
  • third parties acting on your behalf, such as an authorised representative.

4. How We Use Personal Data

We use personal data for the following purposes:

  • to set up and manage your storage account;
  • to provide storage services and maintain access to your unit;
  • to process payments, fees, refunds, and billing;
  • to verify identity and prevent fraud;
  • to monitor site safety and security;
  • to handle enquiries, complaints, and disputes;
  • to comply with legal, tax, accounting, and regulatory obligations;
  • to enforce our contractual rights and manage debt recovery where necessary;
  • to improve our services, systems, and customer experience;
  • to notify you of service-related matters, such as policy updates or changes to your agreement.

We only process personal data when we have a lawful basis to do so.

5. Lawful Basis for Processing

Under UK GDPR, we rely on one or more of the following lawful bases:

Contract

We process your personal data where it is necessary to enter into or perform our storage agreement with you. This includes account administration, billing, access management, and service delivery.

Legal obligation

We process data where required to comply with applicable laws, including tax, accounting, anti-fraud, health and safety, and business record requirements.

Legitimate interests

We may process personal data where it is necessary for our legitimate interests, provided your interests and rights do not override ours. This may include protecting our premises, preventing fraud, managing customer service, and improving operations. Where we rely on legitimate interests, we assess the impact on your privacy and ensure that processing is proportionate.

Consent

In limited circumstances, we may rely on your consent, for example where it is required for a specific optional service. Where consent is used, you may withdraw it at any time without affecting processing already carried out lawfully.

6. Sharing and Processors

We may share personal data with trusted third parties, known as processors, who act on our instructions and are required to protect your data. These may include:

  • payment service providers for secure payment processing;
  • IT and cloud service providers for data storage and system support;
  • identity verification services for customer due diligence;
  • security providers for CCTV, access control, or alarm monitoring;
  • accountants, auditors, and professional advisers;
  • debt recovery, legal, or dispute resolution providers where necessary;
  • maintenance or technical service providers supporting our operations.

We may also disclose personal data to regulators, law enforcement, courts, insurers, or other authorities where required or permitted by law. We do not sell your personal data.

7. International Transfers

If any processor stores or accesses data outside the UK, we will take appropriate safeguards to ensure your personal data remains protected to an adequate standard, in line with applicable data protection law.

8. Data Retention

We keep personal data only for as long as necessary for the purposes for which it was collected, including to meet legal, contractual, and operational requirements. Retention periods may vary depending on the type of data and the reason for processing.

As a general rule:

  • customer account and contract records are retained for the duration of the agreement and for a reasonable period afterwards;
  • financial and tax records are retained for the period required by law;
  • security records, such as CCTV footage, are retained for a limited period unless needed for an investigation or legal claim;
  • correspondence and complaint records are retained as long as needed to manage the matter and defend our legal position.

When data is no longer needed, we securely delete, anonymise, or destroy it.

9. Security of Your Data

We use appropriate technical and organisational measures to protect personal data against loss, misuse, unauthorised access, alteration, or disclosure. These measures may include access controls, encryption, staff confidentiality obligations, secure storage, and regular review of our processes.

While no system is completely risk-free, we aim to maintain a high standard of data security.

10. Your Rights

As a data subject, you have rights under data protection law. Subject to legal limits, you may:

  • access the personal data we hold about you;
  • rectify inaccurate or incomplete data;
  • erase your data in certain circumstances;
  • restrict processing in certain cases;
  • object to processing based on legitimate interests or direct marketing;
  • data portability for information you provided to us where applicable;
  • withdraw consent where processing is based on consent;
  • make a complaint to the UK Information Commissioner’s Office if you believe your rights have been infringed.

We may need to verify your identity before responding to a rights request. Some rights may not apply in full where legal exemptions exist.

11. Automated Decision-Making

We do not generally use automated decision-making that produces legal or similarly significant effects for customers. If this changes, we will provide appropriate information about the logic involved and your rights relating to such processing.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in law, our services, or our processing activities. The latest version will apply to all Thorntonheath Storage customers in the area from the date of publication. We encourage you to review this policy periodically to stay informed.

13. Summary of Our Commitment

Thorntonheath Storage respects your privacy and handles personal data responsibly, lawfully, and transparently. We collect only what we need, use it for legitimate purposes, retain it for appropriate periods, and work with processors who meet strict data protection standards. You remain in control of your personal data through the rights available to you under UK GDPR.

Effective for all Thorntonheath Storage customers in the area. This Privacy Policy is intended to provide clear information about how we manage your personal data and support your confidence in using our services.

Call Now!
Call Now Get a Quote
Thorntonheath Storage

GDPR-compliant Privacy Policy for Thorntonheath Storage covering data collection, lawful basis, retention, processors, and user rights for all local customers.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.