Privacy Policy - Selfstorage Ealing

This Privacy Policy explains how Selfstorage Ealing collects, uses, shares, and protects personal data relating to customers, prospective customers, visitors, contractors, and other individuals whose information we process in connection with our storage services. It applies to all Selfstorage Ealing customers in the area and is intended to meet the requirements of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

We are committed to handling personal data lawfully, fairly, and transparently. We also aim to ensure that personal data is adequate, relevant, and limited to what is necessary for the purposes for which it is processed.

1. Who this policy applies to

This policy applies to individuals who:

  • enquire about our storage services;
  • enter into a storage agreement with us;
  • use or access storage units, facilities, or related services;
  • communicate with us by phone, email, in person, or through forms;
  • are authorised users, emergency contacts, guarantors, or representatives linked to a customer account;
  • visit our premises or are captured by security systems.

2. Personal data we collect

We may collect and process different categories of personal data depending on your relationship with us. The information we collect may include:

  • Identity data such as name, date of birth, and identification details used to verify identity;
  • Contact data such as address, email address, and telephone number;
  • Account and contract data including storage agreement details, unit numbers, payment status, and service preferences;
  • Financial data such as payment card details, billing information, and records of transactions;
  • Correspondence data including emails, messages, call notes, complaint records, and other communications;
  • Security and access data such as CCTV images, access logs, key or entry records, and incident reports;
  • Technical data where applicable, such as limited online identifiers or device information when you use digital services;
  • Special category data only where necessary and lawful, for example if such information is disclosed to us in connection with an incident, complaint, or legal matter.

We do not seek to collect unnecessary personal data. Where we ask for information, it is generally because it is needed for a contract, legal obligation, or our legitimate business interests.

3. How we collect personal data

We may collect personal data directly from you when you:

  • complete forms or applications;
  • sign a storage agreement;
  • make payments or set up account details;
  • contact us with questions or requests;
  • report incidents, damage, or complaints;
  • interact with us during visits to the premises.

We may also receive data from third parties, such as:

  • payment service providers;
  • identity verification and fraud prevention services;
  • insurance providers, if relevant to your storage arrangement;
  • law enforcement, regulators, courts, or legal advisers;
  • public sources where necessary for verification or debt recovery purposes.

4. How we use personal data

We process personal data for the following purposes:

  • to provide, manage, and administer storage services;
  • to verify identity and prevent fraud, misuse, or unlawful activity;
  • to manage accounts, payments, invoices, and arrears;
  • to communicate about bookings, access, service updates, and support requests;
  • to maintain security, protect property, and monitor premises;
  • to investigate incidents, disputes, claims, or complaints;
  • to meet legal and regulatory obligations;
  • to establish, exercise, or defend legal claims;
  • to improve our services and business operations.

We will only use your personal data for the purpose for which it was collected, unless we reasonably believe we need to use it for another compatible purpose and that use is lawful.

5. Lawful basis for processing

Under UK GDPR, we must have a lawful basis to process personal data. Depending on the situation, our lawful bases may include:

Contract

We process personal data where it is necessary to enter into or perform a contract with you, such as setting up a storage account, providing access to a unit, processing payments, or managing your agreement.

Legal obligation

We may process personal data where necessary to comply with legal obligations, including accounting requirements, tax laws, fraud prevention duties, and responding to lawful requests from authorities.

Legitimate interests

We may process personal data for our legitimate interests, provided those interests are not overridden by your rights and freedoms. These interests may include protecting our premises, preventing theft or damage, managing customer relationships, recovering debts, improving services, and ensuring business continuity.

Consent

Where we rely on consent, we will make this clear at the point of collection. You may withdraw consent at any time where consent is the lawful basis, without affecting the lawfulness of processing before withdrawal.

Vital interests and public task

These bases are unlikely to be used routinely, but may apply in exceptional circumstances, such as an emergency or where required by law.

6. Sharing personal data and processors

We may share personal data with trusted third parties who act as processors or, in some cases, as independent controllers. Processors only process personal data on our instructions and under contract. They may include:

  • IT and cloud service providers who host systems, store data, or support communications;
  • payment processors who handle card or online transactions;
  • identity verification and anti-fraud providers who help verify customers and prevent misuse;
  • security service providers who support alarm, access control, and CCTV systems;
  • accounting and professional advisers such as auditors, insurers, and legal advisers;
  • debt recovery or enforcement services where payment issues need to be addressed;
  • maintenance and facilities contractors where access to limited personal data is necessary to perform services.

We may also disclose personal data where required by law, for example to regulators, courts, law enforcement agencies, or other public bodies.

Where personal data is transferred outside the UK, we will ensure appropriate safeguards are in place, such as adequacy regulations or standard contractual clauses, to protect your information.

7. Data retention

We keep personal data only for as long as necessary to fulfil the purposes for which it was collected, including for legal, accounting, and reporting requirements. Retention periods depend on the type of data and the purpose of processing.

As a general approach:

  • customer account and contract records are retained for the duration of the relationship and for a period afterward to handle queries, claims, or legal obligations;
  • financial and tax records are kept for the period required by law;
  • security records, such as CCTV footage, are retained for a limited time unless needed for investigation or legal proceedings;
  • correspondence and complaint records are retained for as long as necessary to manage the issue and demonstrate compliance.

When personal data is no longer required, we will securely delete, destroy, or anonymise it.

8. Security of personal data

We use appropriate technical and organisational measures to protect personal data against unauthorised access, loss, alteration, or disclosure. These measures may include access controls, staff training, secure storage, and monitoring systems. While we work to protect all data, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

9. Your rights

Under data protection law, you have a number of rights in relation to your personal data. These rights may be subject to conditions or exemptions depending on the circumstances.

  • Right of access – you can request a copy of the personal data we hold about you;
  • Right to rectification – you can ask us to correct inaccurate or incomplete information;
  • Right to erasure – you can ask us to delete your data in certain circumstances;
  • Right to restriction – you can ask us to limit processing in certain cases;
  • Right to data portability – you can ask for certain data to be provided in a structured, commonly used format where technically feasible;
  • Right to object – you can object to processing based on legitimate interests or direct marketing;
  • Right to withdraw consent – where processing is based on consent, you can withdraw it at any time;
  • Right to lodge a complaint – you can raise concerns with the UK data protection authority if you believe your rights have been infringed.

To protect your privacy, we may need to verify your identity before responding to a request.

10. Automated decision-making

We do not use fully automated decision-making that produces legal or similarly significant effects about you without human involvement, unless we notify you and the law permits it. If this changes, we will explain the logic involved, the significance of the processing, and your rights.

11. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in the law, our practices, or our services. The latest version will apply from the date it is issued. We encourage customers to review it periodically so they remain informed about how their personal data is handled.

By using Selfstorage Ealing services, you acknowledge that your personal data may be processed in accordance with this Privacy Policy and applicable data protection law.

Call Now!
Call Now Get a Quote
Selfstorage Ealing

GDPR-compliant Privacy Policy for Selfstorage Ealing covering data collection, lawful basis, retention, processors, and user rights.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.