Self Storage Brompton Privacy Policy
This Privacy Policy explains how Self Storage Brompton collects, uses, stores, and protects your personal data. It also explains your rights under data protection laws, including the UK General Data Protection Regulation and the Data Protection Act. This Privacy Policy applies to all Self Storage Brompton customers and prospective customers in our operating area, as well as anyone who contacts us or uses our services.
Who We Are and Scope of This Policy
Self Storage Brompton provides storage services to individual and business customers. We act as the data controller in relation to the personal data we collect and process about you. This means we decide how and why your personal data is used and are responsible for ensuring it is handled in accordance with applicable data protection laws.
This Privacy Policy applies to all personal data we process about our customers, including people making enquiries, website visitors, and anyone using our facilities or related services in the Self Storage Brompton area.
Personal Data We Collect
We may collect and process the following categories of personal data about you:
Identification and contact details, such as your full name, postal address, billing address, and any other address you provide to us for correspondence or invoicing.
Contact information, such as your preferred contact method and any communication details you provide when you contact us or complete enquiry forms.
Contract and account information, such as details of your storage unit, rental agreements, access permissions, payment history, and any communications regarding your contract with us.
Payment and billing information, such as limited payment details necessary to process your payments, billing records, and transaction history. We do not store full card details where payments are processed through a secure payment provider.
Security and access information, such as access logs, unit number, dates and times of access to the facility, and relevant details captured as part of our security measures, which may include CCTV images recorded on our premises.
Communications data, including information you provide when you contact us in person, by post, or through other communication channels. This may include queries, feedback, and any complaints.
Technical and usage data, where applicable, including information generated through your use of any online platforms we operate, such as basic device information, approximate location data, and how you interact with our online content, where this is necessary for security, diagnostics, or service improvement.
Lawful Basis for Processing Your Personal Data
We only process your personal data when we have a lawful basis to do so. Depending on the specific processing activity, we rely on one or more of the following lawful bases:
Performance of a contract. We process your personal data to take steps at your request before entering into a contract and to fulfil our obligations under a contract with you. This includes processing data to set up your storage unit, manage your account, process payments, and provide customer service.
Legal obligations. We may process your data to comply with legal or regulatory requirements, including accounting rules, health and safety requirements, and obligations relating to crime prevention and law enforcement cooperation.
Legitimate interests. We may process your personal data where it is necessary for our legitimate business interests, and where these interests are not overridden by your rights and freedoms. Our legitimate interests include protecting our premises and property, preventing fraud or misuse of our services, managing our operations, improving our services, and communicating with our customers about service-related matters.
Consent. In limited cases, we may rely on your consent, for example where required for specific types of optional communications or for certain forms of marketing. Where we rely on consent, you can withdraw it at any time by contacting us using the details provided in your contract or other communications from us.
How We Use Your Personal Data
We use the personal data we collect for the following purposes:
To provide and manage your storage services, including processing your application, setting up your account, granting access to our facilities, and administering your contract.
To process payments and manage billing, including invoicing, processing transactions, addressing payment issues, and maintaining financial records.
To communicate with you, including responding to your enquiries, sending information about your account, notifying you of important changes to our services or terms, and dealing with any concerns or complaints.
To maintain security and prevent fraud, including monitoring access to the premises, using CCTV for safety and security, investigating suspicious activity, and taking steps to protect our customers, staff, and property.
To comply with legal and regulatory obligations, including maintaining appropriate records, cooperating with law enforcement where required, and fulfilling health and safety responsibilities.
To improve and manage our services, including analysing how our services are used, developing new services, and carrying out internal reporting and management activities.
Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to meet any legal, accounting, or reporting requirements.
In general, we keep customer account and contract information for the duration of your relationship with us and for a period after your contract ends, in line with applicable limitation periods and statutory retention obligations. This allows us to respond to any queries or disputes and to comply with our legal obligations.
Security and access data, such as CCTV footage and access logs, is retained for a shorter period, which is determined by our security needs and any legal or insurance requirements. This period is kept under review and is not longer than necessary for the purposes of security and incident investigation, unless a longer retention period is required by law or for the establishment, exercise, or defence of legal claims.
When personal data is no longer needed, we take steps to delete or anonymise it securely.
Data Processors and Third Parties
We may share your personal data with trusted third parties who act as data processors on our behalf. These third parties only process your data in accordance with our instructions and for the purposes described in this Privacy Policy. They are required to keep your data secure and confidential.
Typical categories of data processors include providers of secure payment processing, billing and accounting service providers, facility management and maintenance providers where access to limited data is necessary, IT and cloud service providers that host or support our systems, and security service providers involved in the operation and maintenance of our security systems.
In some circumstances, we may share personal data with other third parties acting as independent controllers where required by law or where necessary to protect our legitimate interests. This may include law enforcement authorities, regulatory bodies, professional advisers, insurers, or debt recovery agencies where appropriate.
We do not sell your personal data. Any sharing of data is limited to what is necessary and is carried out in accordance with data protection law.
International Transfers
Where we use service providers that are based outside the United Kingdom or where data is processed in another country, we take steps to ensure that an adequate level of protection is in place. This may include using jurisdictions that have been recognised as providing an adequate level of data protection or putting in place appropriate safeguards such as standard contractual clauses approved by relevant authorities.
Your Data Protection Rights
You have several rights in relation to the personal data we hold about you, subject to certain conditions and exemptions under data protection law:
The right of access. You can request confirmation of whether we process your personal data and obtain a copy of that data, along with information about how it is used.
The right to rectification. You can ask us to correct or complete inaccurate or incomplete personal data we hold about you.
The right to erasure. In certain circumstances, you can request that we delete your personal data. This right is not absolute and may not apply where we need to retain data for legal or contractual reasons.
The right to restrict processing. You can ask us to restrict the processing of your personal data in certain situations, for example while we are considering a request for rectification or objection.
The right to object. You can object to our processing of your personal data when we are relying on legitimate interests as the lawful basis, including profiling based on those interests. We will stop processing unless we have compelling legitimate grounds that override your interests, rights, and freedoms, or where processing is necessary for legal claims.
The right to data portability. Where processing is based on consent or contract and carried out by automated means, you may be entitled to receive certain personal data in a structured, commonly used, and machine-readable format and to request that it is transmitted to another controller, where technically feasible.
The right to withdraw consent. If we rely on your consent to process personal data, you can withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of processing carried out before withdrawal.
You also have the right to lodge a complaint with the relevant data protection supervisory authority if you believe your data protection rights have been infringed. We encourage you to contact us first so we can try to resolve any concerns.
Security of Your Personal Data
We use appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage. These measures are designed to ensure a level of security appropriate to the risks presented by the processing, taking into account the nature of the personal data and the context in which it is used.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, our services, or legal requirements. When we make changes, we will update the date of the latest version and, where appropriate, notify you through our usual communication channels or during your next interaction with us. We encourage you to review this Privacy Policy periodically to stay informed about how we handle your personal data.
