Privacy Policy - Grahamepark Storage

Effective date: This Privacy Policy applies to all Grahamepark Storage customers in the area and explains how we collect, use, share, and protect personal data in connection with our storage services.

We are committed to handling personal data fairly, lawfully, and transparently in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This Privacy Policy is intended to help you understand what information we collect, why we collect it, how long we keep it, who may process it on our behalf, and the rights available to you.

1. Data We Collect

We collect only the personal data necessary to provide storage services, manage our business operations, maintain security, and meet legal obligations. The types of data we may collect include:

  • Identity information such as your name, date of birth, and identification details.
  • Contact information such as your postal address, email address, and telephone number.
  • Account and contract information such as booking records, rental agreements, payment status, access permissions, and correspondence related to your storage unit.
  • Financial information such as billing details, payment records, and transaction references.
  • Security and access information such as entry logs, CCTV images or footage, alarm records, and incident reports where applicable.
  • Usage information relating to how you use our storage services, including move-in and move-out dates, unit allocation, and service preferences.
  • Communication data including emails, messages, notes of phone calls, and records of complaints or queries.

We generally collect this information directly from you when you request services, sign a contract, make a payment, access a facility, or contact us. In some cases, we may also receive data from third parties such as payment processors, insurers, debt collection agencies, identity verification providers, or legal representatives where this is necessary and permitted by law.

2. How We Use Personal Data

We use personal data for the following purposes:

  • to provide and administer storage services;
  • to set up and manage customer accounts;
  • to process payments, refunds, and account adjustments;
  • to verify identity and prevent fraud;
  • to maintain site security and manage access control;
  • to investigate accidents, damage, theft, or other incidents;
  • to communicate with you about your account, invoices, notices, or service updates;
  • to comply with legal and regulatory obligations;
  • to manage disputes, enforce agreements, and defend legal claims;
  • to improve our services, systems, and customer experience.

We will only use personal data for the purposes for which it was collected unless we reasonably consider that we need to use it for another compatible purpose. If we need to use it for an unrelated purpose, we will notify you and, where required, seek a lawful basis to do so.

3. Lawful Basis for Processing

Under data protection law, we must have a lawful basis for processing your personal data. Depending on the specific activity, we may rely on one or more of the following grounds:

Contract

We process your data where it is necessary to enter into or perform a contract with you. This includes managing your storage agreement, collecting fees, allocating units, providing access, and responding to requests related to your account.

Legal obligation

We process certain information where needed to comply with legal requirements, such as accounting, tax, health and safety, fraud prevention, and responding to lawful requests from public authorities.

Legitimate interests

We may process personal data where it is necessary for our legitimate business interests, provided those interests are not overridden by your rights and freedoms. Examples include maintaining site security, preventing misuse of our services, improving service quality, and defending legal claims. We carefully balance our interests against your privacy rights before relying on this basis.

Consent

In limited situations, we may rely on your consent, for example where certain optional communications or specific uses of data require it. Where consent is used, you can withdraw it at any time, without affecting the lawfulness of processing carried out before withdrawal.

4. Data Sharing and Processors

We do not sell your personal data. However, we may share it with trusted third parties that act as processors or independent controllers, where necessary to run our business and provide services to you.

Processors are organisations that process personal data on our behalf and under our instructions. Examples may include:

  • payment service providers and card processors;
  • accounting, bookkeeping, and audit services;
  • IT hosting, cloud storage, and software providers;
  • customer relationship and communications platforms;
  • security, CCTV, and alarm monitoring providers;
  • identity verification and fraud prevention providers;
  • professional advisers such as lawyers, insurers, and consultants;
  • debt recovery or collections agencies, where required.

We require processors to handle personal data securely, only in accordance with our instructions, and in compliance with applicable data protection law. Some third parties may act as independent controllers, such as law enforcement, regulators, or courts, where they determine their own purposes for processing.

Where data is transferred outside the UK, we will ensure appropriate safeguards are in place, such as an adequacy regulation, standard contractual clauses, or another lawful transfer mechanism. We take reasonable steps to ensure that any international transfers are protected to a standard consistent with UK data protection requirements.

5. Retention of Personal Data

We keep personal data only for as long as necessary for the purposes for which it was collected, including any legal, accounting, reporting, or dispute-resolution requirements. Retention periods may vary depending on the type of data and the reason for processing.

Typical retention periods may include:

  • Contract and account records: retained for the duration of the storage relationship and for a further period after closure to address queries or claims.
  • Payment and invoice records: retained for the period required by tax and accounting law.
  • Security logs and CCTV footage: retained for a limited time unless required for an investigation, legal claim, or insurance matter.
  • Correspondence and complaint records: retained for as long as necessary to manage the issue and evidence the outcome.

When personal data is no longer needed, we will delete it securely or anonymise it so it can no longer be linked to you. In some cases, we may need to retain certain records for longer if required by law or where a dispute is ongoing.

6. Data Security

We use appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, destruction, or damage. These measures may include restricted access controls, secure storage systems, staff training, and contractual safeguards with processors. While no system can be guaranteed completely secure, we work to maintain a high standard of protection and review our controls regularly.

7. Your Rights

As a data subject, you have a number of rights under UK data protection law. These rights may apply depending on the circumstances and the legal basis for processing.

  • Right of access: you can request a copy of the personal data we hold about you.
  • Right to rectification: you can ask us to correct inaccurate or incomplete data.
  • Right to erasure: you can request deletion of your data in certain circumstances.
  • Right to restriction: you can ask us to limit how we use your data in certain cases.
  • Right to object: you can object to processing based on legitimate interests or direct marketing.
  • Right to data portability: you can request a copy of certain data in a structured, commonly used format where applicable.
  • Right to withdraw consent: where processing is based on consent, you may withdraw it at any time.

If you exercise any of these rights, we may need to verify your identity before responding. We aim to respond within the time limits required by law. In some cases, we may not be able to comply fully if an exemption applies or if we must retain the data for legal reasons.

You also have the right to lodge a complaint with the UK Information Commissioner's Office if you believe your personal data has been handled unlawfully or unfairly.

8. Children’s Data

Our storage services are generally intended for adults. We do not knowingly collect personal data from children except where it is necessary in connection with a service, legal obligation, or where a parent or guardian provides information on their behalf. If we become aware that we have collected data inappropriately, we will take appropriate steps to delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, our services, or how we process personal data. Any updated version will apply from the date it is published or otherwise communicated. We encourage you to review this policy periodically to stay informed about how we protect your privacy.

10. Summary of Key Principles

In summary, Grahamepark Storage collects only the information needed to provide safe and reliable storage services, uses it on a lawful basis, shares it only where necessary with trusted processors or legal authorities, and keeps it only for as long as required. We aim to ensure that all processing is lawful, fair, and transparent, and that your rights are respected at every stage.

This policy applies to all Grahamepark Storage customers in the area and should be read alongside any terms and conditions that govern your storage agreement.

Call Now!
Call Now Get a Quote
Grahamepark Storage

GDPR-compliant privacy policy for Grahamepark Storage covering data use, lawful bases, retention, processors, and user rights.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.