Privacy Policy - Selfstorage Surrey

Effective date: This Privacy Policy applies to all Selfstorage Surrey customers in the area and explains how we collect, use, store, share, and protect personal data in connection with our self-storage services.

We are committed to handling personal data in a way that is lawful, fair, and transparent, in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy is designed to help customers understand what information we process, why we process it, how long we keep it, and the rights available to individuals whose data we hold.

1. Who this policy applies to

This Privacy Policy applies to all individuals who use, enquire about, or interact with Selfstorage Surrey services in the area, including prospective customers, current customers, former customers, authorised account holders, business contacts, and visitors whose personal data is collected in the course of operating our storage facilities and related services.

By using our services, you acknowledge that your personal data may be processed in the ways described below. If you provide information about another person, you should ensure you have the authority to do so and that they are aware of this policy.

2. Personal data we collect

We collect only the information needed to provide storage services, manage customer relationships, meet legal obligations, and protect our business, staff, and customers. The types of personal data we may collect include:

  • Identity data: name, date of birth, and identification details.
  • Contact data: address, email address, telephone number, and billing contact details.
  • Account and tenancy data: storage unit details, booking records, access permissions, key or access code records, account references, and service history.
  • Payment data: payment records, billing information, transaction status, and limited payment-related details. Where payment is processed by a third party, we may not store full card information.
  • Security and access data: CCTV images, entry logs, alarm records, and records of site access where applicable.
  • Communication data: correspondence with us by email, phone, online forms, post, or other channels.
  • Device and usage data: technical information collected when you use our website or digital systems, such as IP address, browser type, and activity logs.
  • Special category data: we do not intentionally collect special category data unless you choose to provide it, and if we do process such data, we will do so only where a lawful basis exists and additional safeguards apply.

We do not collect more data than is necessary for the purposes stated in this policy, and we aim to keep all data accurate and up to date.

3. How we use personal data

We use personal data to operate our services effectively and responsibly. Typical uses include:

  • setting up and managing customer accounts and storage agreements;
  • verifying identity and preventing fraud;
  • providing access to storage units and managing site security;
  • processing payments, refunds, and account administration;
  • communicating about bookings, service updates, payment reminders, and policy changes;
  • handling queries, complaints, and requests;
  • protecting our premises, staff, customers, and property;
  • meeting legal, tax, accounting, and regulatory obligations;
  • improving our services, systems, and customer experience;
  • establishing, exercising, or defending legal claims.

We will only use your personal data for the purposes for which it was collected, unless we reasonably determine that we need to use it for a compatible purpose or where another lawful basis applies.

4. Lawful basis for processing

We process personal data only where permitted under UK GDPR. Depending on the purpose, our lawful bases may include the following:

Contract

We process data where it is necessary to enter into or perform a contract with you. This includes opening an account, providing storage services, managing access, processing payments, and carrying out obligations under a storage agreement.

Legal obligation

We may process personal data where required to comply with legal obligations, such as tax rules, accounting requirements, fraud prevention, health and safety duties, and responding to lawful requests from public authorities.

Legitimate interests

We may process data where it is necessary for our legitimate interests, provided those interests are not overridden by your rights and freedoms. Examples include maintaining security, preventing misuse of our facilities, improving services, managing business operations, and protecting against loss or damage. When relying on legitimate interests, we consider the impact on individuals and apply appropriate safeguards.

Consent

In limited cases, we rely on consent, for example for certain optional communications or specific uses of data where consent is required. Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.

Vital interests and public task

These lawful bases are unlikely to apply in ordinary storage operations, but where they do apply under exceptional circumstances, we will process data accordingly and in line with the law.

5. Retention of personal data

We keep personal data only for as long as necessary for the purposes for which it was collected, including legal, accounting, reporting, and dispute-resolution requirements. Retention periods vary depending on the category of data and the reason it is held.

  • Customer account and contract records: retained for the duration of the contract and for a reasonable period afterwards to manage claims, disputes, and recordkeeping.
  • Payment and transaction records: retained in line with tax and accounting obligations.
  • CCTV and access records: retained for a limited period unless needed longer for investigation, incident response, or legal purposes.
  • Communication records: retained for as long as needed to respond to queries and maintain service records.
  • Marketing preferences: retained until you withdraw consent or object where applicable.

When data is no longer needed, we will securely delete, anonymise, or destroy it. Retention periods are reviewed regularly to ensure they remain appropriate and lawful.

6. Data processors and sharing of personal data

We may share personal data with trusted third parties that help us deliver our services. These parties act as processors or, in some cases, independent controllers. We only share data where necessary and where appropriate contractual or legal protections are in place.

Categories of processors may include:

  • IT and cloud service providers supporting secure data storage and system administration;
  • payment service providers processing transactions;
  • accounting and bookkeeping providers assisting with financial records;
  • security and surveillance service providers supporting site protection;
  • customer relationship, communication, or administration software providers;
  • professional advisers such as lawyers, auditors, insurers, and consultants;
  • delivery, maintenance, or facilities service providers when required to support operations.

We require processors to handle personal data only on our instructions, to keep it secure, and to comply with data protection law. We do not sell personal data.

We may also disclose personal data if required by law, court order, regulatory request, or where necessary to protect our rights, customers, staff, or property.

7. International transfers

Where a processor or service provider stores or accesses data outside the United Kingdom, we will take steps to ensure an adequate level of protection. This may include using approved contractual clauses, assessing the destination country, and applying additional technical or organisational safeguards where needed.

8. Security of personal data

We use appropriate technical and organisational measures to protect personal data against accidental loss, unlawful access, misuse, alteration, or disclosure. These measures may include access controls, encryption, staff training, restricted permissions, secure storage, and monitoring of systems and premises.

Although we take data security seriously, no system is entirely risk-free. We therefore encourage customers to keep their own account details and access information confidential and to notify us promptly if they suspect unauthorised use.

9. Your rights

Under data protection law, individuals may have the following rights, subject to certain conditions and exemptions:

  • Right of access: to request a copy of the personal data we hold about you.
  • Right to rectification: to ask us to correct inaccurate or incomplete data.
  • Right to erasure: to request deletion of your data in certain circumstances.
  • Right to restriction: to ask us to limit how we use your data in certain situations.
  • Right to object: to object to processing based on legitimate interests or direct marketing.
  • Right to data portability: to request transfer of certain data to you or another provider.
  • Right to withdraw consent: where processing is based on consent, you may withdraw it at any time.

If you wish to exercise any of these rights, we may ask for information to verify your identity before responding. We will respond within the time limits required by law, unless an extension is permitted.

10. Children’s data

Our services are generally intended for adults and business users. We do not knowingly collect personal data from children unless it is necessary in a specific lawful context, such as where a parent or guardian provides information on behalf of a customer. If we become aware that we have collected data improperly, we will take appropriate steps to delete it.

11. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or data handling practices. Any revised version will apply from the date it is published or otherwise communicated. We encourage customers to review this policy periodically to stay informed about how we protect personal data.

12. Summary of our commitment

Selfstorage Surrey is committed to protecting personal data and processing it responsibly. We collect only what is needed, use it for clear and lawful purposes, keep it no longer than necessary, and maintain safeguards when working with processors. We also respect the rights of customers and other individuals whose data we process. Our approach is based on transparency, security, and accountability, ensuring that data is handled in a manner that is both lawful and trustworthy.

Call Now!
Call Now Get a Quote
Selfstorage Surrey

GDPR-compliant Privacy Policy for Selfstorage Surrey covering data collection, lawful basis, retention, processors, and user rights for customers in the area.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.