Privacy Policy - Westdrayton Storage

Westdrayton Storage is committed to protecting the privacy and personal data of all customers in the area. This Privacy Policy explains how we collect, use, store, share, and protect personal information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. It applies to all Westdrayton Storage customers in the area, including individuals and businesses that use our storage services, make enquiries, or otherwise interact with us.

1. Who We Are

For the purposes of data protection law, Westdrayton Storage acts as the data controller in relation to the personal data we collect and process. This means we decide how and why your personal data is used. We are responsible for ensuring that your information is handled lawfully, fairly, and transparently.

2. Personal Data We Collect

We collect only the personal data that is necessary to provide our storage services, manage our customer relationship, operate our business, and meet legal obligations. The types of information we may collect include:

  • Identity details such as your name, title, and date of birth where needed.
  • Contact details such as address, email address, and telephone number.
  • Account and contract information including storage unit details, booking information, billing records, and communication history.
  • Payment information such as transaction records and limited payment details required to process fees.
  • Access and security information such as records of site entry, access times, and security logs where applicable.
  • Correspondence including emails, calls, messages, complaints, and service requests.
  • Technical information such as device or usage data if you interact with digital systems we operate.

We do not intentionally collect more personal data than is necessary. We also do not seek to collect special category data unless you choose to provide it or we are required to do so for a lawful reason.

3. How We Collect Your Data

We may collect your personal data directly from you when you:

  • make an enquiry;
  • sign a storage agreement;
  • make payments or update your account;
  • contact us with a query, complaint, or request;
  • visit or use our storage facilities;
  • interact with our customer service processes.

We may also receive information from third parties where necessary, such as payment processors, identity verification providers, debt recovery partners, insurers, legal advisers, or public authorities. Where we receive data from third parties, we will only use it for legitimate business purposes and in accordance with applicable law.

4. Why We Use Your Personal Data

We process personal data for the following purposes:

  • to provide and manage storage services;
  • to create and administer customer accounts;
  • to process payments and manage billing;
  • to verify identity and prevent fraud;
  • to maintain site safety, security, and access control;
  • to respond to enquiries and customer support requests;
  • to deal with disputes, complaints, and claims;
  • to comply with legal, tax, accounting, and regulatory obligations;
  • to improve our services and operational efficiency;
  • to protect our rights, property, customers, and staff.

We will only use your information for the purposes for which it was collected, unless we reasonably consider that we need to use it for another compatible purpose and the law allows us to do so.

5. Lawful Basis for Processing

Under UK GDPR, we must have a lawful basis for processing your personal data. We rely on one or more of the following lawful bases:

Contract

We process your data where it is necessary to enter into or perform a contract with you, such as setting up your storage account, managing your unit, or administering payments.

Legal Obligation

We process data where required to comply with legal duties, including tax, accounting, fraud prevention, health and safety, and lawful requests from public authorities.

Legitimate Interests

We may process data where it is necessary for our legitimate business interests, provided those interests are not overridden by your rights and freedoms. This may include site security, service management, record keeping, risk control, debt recovery, and internal administration.

Consent

In limited cases, we may rely on your consent, for example for certain optional communications or specific processing activities. Where consent is used, you may withdraw it at any time.

6. Data Sharing and Processors

We do not sell your personal data. However, we may share it with trusted third parties who act as processors or, in some cases, independent controllers. These parties are only given access to the information they need to perform their services and are required to protect it appropriately.

Processors we may use include:

  • IT and cloud service providers that store or support our business systems;
  • payment service providers that handle card or electronic payments;
  • security and monitoring providers that assist with site protection;
  • accounting and bookkeeping providers that help with financial administration;
  • legal and professional advisers that support compliance and dispute resolution;
  • maintenance and facilities contractors where access to data is necessary for operational reasons;
  • debt recovery or credit control services where required to collect outstanding sums;
  • identity verification or fraud prevention services where appropriate.

Where a third party acts as a processor, we require them to process personal data only on our documented instructions, keep it secure, and return or delete it when no longer needed. If data is transferred outside the UK, we will ensure appropriate safeguards are in place.

7. Data Retention

We keep personal data only for as long as necessary for the purposes for which it was collected, including to satisfy legal, accounting, and reporting requirements. The retention period depends on the type of data and the reason we hold it.

As a general rule:

  • customer account and contract records are retained for the duration of the relationship and for a reasonable period afterward;
  • payment and invoicing records are retained in line with tax and accounting obligations;
  • security and access records are retained for a limited time unless they are needed for investigation or legal purposes;
  • correspondence and complaints may be kept for as long as necessary to resolve issues and maintain accurate records;
  • where legal claims may arise, records may be retained until limitation periods expire.

When data is no longer required, we will delete it securely or anonymise it so that it can no longer identify you.

8. Data Security

We take appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, disclosure, alteration, or destruction. These measures may include access restrictions, secure systems, staff training, and appropriate vendor controls. While no system is completely secure, we work to maintain a level of security appropriate to the risks involved.

9. Your Rights

Under data protection law, you have a number of rights in relation to your personal data. These rights may apply in different circumstances and may be subject to legal exceptions. Your rights include:

  • Right of access – you can request a copy of the personal data we hold about you.
  • Right to rectification – you can ask us to correct inaccurate or incomplete data.
  • Right to erasure – you may ask us to delete your data where it is no longer needed or where another legal basis applies.
  • Right to restriction – you can request that we limit how we use your data in certain situations.
  • Right to data portability – you can request certain data in a structured, commonly used format where processing is based on consent or contract and carried out by automated means.
  • Right to object – you can object to processing based on legitimate interests or direct marketing.
  • Right to withdraw consent – where we rely on consent, you may withdraw it at any time.

If you wish to exercise any of these rights, we will respond in accordance with applicable law. We may need to verify your identity before acting on your request.

10. Automated Decision-Making

We do not normally use automated decision-making that has a legal or similarly significant effect on you. If that changes, we will provide clear information about the logic involved, the significance of the processing, and your rights.

11. Complaints and Supervisory Authority

If you are unhappy with how we handle your personal data, please let us know so we can try to resolve the issue. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection matters.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or data protection practices. Any updated version will apply from the date it is made available. We encourage customers to review this policy periodically to stay informed.

13. Summary of Our Commitment

We respect your privacy and aim to process personal data in a fair, lawful, transparent, and secure way. Westdrayton Storage uses personal data only where necessary, keeps it no longer than needed, and ensures that any third parties we use are bound to protect it properly. This Privacy Policy applies to all Westdrayton Storage customers in the area and is intended to give you clear information about how we handle your data.

Call Now!
Call Now Get a Quote
Westdrayton Storage

GDPR-compliant privacy policy for Westdrayton Storage covering data collection, lawful basis, retention, processors, rights, and customer scope in the area.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.