Privacy Policy - Colneyhatch Storage

This Privacy Policy explains how Colneyhatch Storage collects, uses, stores, shares, and protects personal data in connection with its storage services. It applies to all Colneyhatch Storage customers in the area, including individuals and businesses that use our storage facilities, related administrative services, or any support functions connected to their storage agreement.

We are committed to handling personal data in a lawful, fair, and transparent manner in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We only collect data that is necessary for legitimate business purposes and retain it for no longer than required.

1. Information We Collect

We may collect and process personal data directly from you, from your interactions with our services, and in limited cases from third parties where permitted by law. The data we collect may include:

  • Identity information: name, date of birth, and identification details provided for account setup or security verification.
  • Contact information: postal address, billing address, email address, and telephone number.
  • Contract and account information: storage unit details, booking records, payment status, service preferences, and correspondence relating to your account.
  • Payment information: payment method details and transaction records. We do not store unnecessary card data where payment processing is handled by a third-party provider.
  • Security and access information: access logs, CCTV-related records where applicable, incident reports, and other safety-related records.
  • Communications: emails, forms, complaints, queries, and other messages exchanged with us.
  • Technical data: limited device or usage information if you interact with digital systems we operate for account management or access control.

We do not seek to collect special category data unless it is provided to us voluntarily and is necessary for a specific legal or operational reason. Where such data is involved, we will apply additional safeguards required by law.

2. How We Use Your Data

We use personal data only for clearly defined purposes connected to the operation of our storage services. These purposes include:

  • setting up and managing your customer account;
  • processing bookings, payments, renewals, and account administration;
  • providing access to storage facilities and maintaining site security;
  • responding to enquiries, complaints, and requests;
  • sending service-related notices, such as contract updates or important operational information;
  • meeting legal, regulatory, tax, accounting, and insurance obligations;
  • protecting our rights, property, staff, customers, and premises;
  • preventing fraud, misuse, and unlawful activity;
  • improving our services, systems, and customer experience where appropriate.

We will not use personal data for unrelated purposes without informing you and, where required, obtaining an appropriate lawful basis.

3. Lawful Basis for Processing

Under data protection law, we must have a lawful basis to process personal data. Depending on the type of data and the purpose for which it is used, we rely on the following lawful bases:

Performance of a contract

We process personal data when it is necessary to enter into or perform a storage agreement with you. This includes managing your account, allowing access to your unit, handling payments, and providing agreed services.

Legal obligation

We process data where needed to comply with legal obligations, including accounting, tax recordkeeping, safety requirements, fraud prevention, and lawful disclosure requests.

Legitimate interests

We may process data where it is necessary for our legitimate interests or those of a third party, provided your rights and freedoms do not override those interests. Examples include site security, managing service quality, maintaining records, and protecting against unauthorised access or damage.

Consent

In limited circumstances, we may ask for your consent, for example where it is required for optional communications or specific processing activities. Where consent is relied upon, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

4. Sharing Your Information

We may share personal data with trusted service providers and other third parties where necessary and lawful. These may include:

  • payment processors;
  • IT and cloud service providers;
  • security and monitoring providers;
  • accounting, audit, and legal advisers;
  • insurance providers and loss assessors;
  • regulators, public authorities, law enforcement, or courts where required by law.

We only share the minimum information needed for the relevant purpose. Any third party that processes data on our behalf must do so under a contract requiring confidentiality, appropriate security measures, and compliance with data protection law.

5. Processors

Where we engage third parties to process personal data on our behalf, they act as processors. This means they may only use the data in accordance with our instructions and for the purposes we specify. Examples of processor activities may include hosting systems, maintaining software, managing payment services, sending operational communications, or supporting security functions.

We conduct appropriate due diligence before appointing processors and require them to implement technical and organisational measures that protect personal data against loss, misuse, unauthorised access, alteration, or disclosure. We remain responsible for ensuring that processing arrangements are lawful and that data subjects’ rights are respected.

6. Data Retention

We keep personal data only for as long as necessary for the purposes for which it was collected, including any legal, accounting, or reporting requirements. Retention periods may vary depending on the type of record and the nature of the relationship.

  • Customer account records: kept for the duration of the contract and for a reasonable period afterwards to manage claims, disputes, or administrative needs.
  • Payment and finance records: retained in line with tax and accounting obligations.
  • Security records: kept only for the period needed for site protection, incident review, or legal purposes.
  • Communications: retained for as long as necessary to respond to queries, resolve issues, and keep accurate business records.

When data is no longer required, we will securely delete, anonymise, or otherwise dispose of it in a safe and appropriate manner.

7. Security of Personal Data

We use suitable technical and organisational measures to help protect personal data from unauthorised access, accidental loss, destruction, or alteration. These measures may include restricted access controls, staff training, secure storage, encryption where appropriate, and procedures for managing incidents.

Although we take reasonable steps to protect your data, no system can be guaranteed to be completely secure. We therefore encourage all customers to take care with their own account details and to notify us promptly if they suspect any unauthorised activity.

8. Your Rights

Under data protection law, you have a number of rights in relation to your personal data. Subject to certain conditions and exemptions, you may have the right to:

  • access the personal data we hold about you;
  • rectify inaccurate or incomplete data;
  • erase your data in certain circumstances;
  • restrict processing in certain situations;
  • object to processing based on legitimate interests or direct marketing;
  • data portability for data processed by automated means and based on consent or contract;
  • withdraw consent where processing relies on consent;
  • lodge a complaint with the relevant supervisory authority if you believe your rights have been infringed.

We will respond to valid requests in accordance with legal requirements. In some cases, we may need to verify your identity before acting on a request. This helps us protect your data and ensure that it is disclosed only to the correct person.

9. International Transfers

Where personal data is transferred outside the UK, we will ensure that appropriate safeguards are in place and that the transfer complies with applicable data protection law. Such safeguards may include adequacy regulations, standard contractual clauses, or other recognised transfer mechanisms.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or data handling practices. Any updated version will apply from the date it is made available. We encourage customers to review it periodically to stay informed about how we process personal data.

11. Contact and Complaints

If you have questions about this Privacy Policy or wish to exercise your rights, you should contact us through the appropriate customer service channel provided in your storage agreement or account materials. If you are not satisfied with our response, you may have the right to raise a complaint with the relevant data protection authority.

Colneyhatch Storage is committed to protecting privacy and handling personal data responsibly. By using our services, you acknowledge that your information will be processed in accordance with this Privacy Policy and applicable law.

Call Now!
Call Now Get a Quote
Colneyhatch Storage

GDPR-compliant Privacy Policy for Colneyhatch Storage covering data collection, lawful basis, retention, processors, and user rights for all customers in the area.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.