Privacy Policy - Croftonpark Storage

Effective date: This Privacy Policy applies to all Croftonpark Storage customers in the area and explains how we collect, use, store, and protect personal data in accordance with the UK GDPR and the Data Protection Act 2018.

1. Introduction

Croftonpark Storage is committed to respecting your privacy and handling your personal information responsibly. This policy explains what personal data we collect, why we collect it, the lawful bases we rely on to process it, how long we keep it, the third parties we may share it with, and the rights you have over your information.

We aim to keep our data practices fair, transparent, and secure. Personal data is handled only where it is necessary for providing storage services, managing customer relationships, meeting legal obligations, or protecting our legitimate business interests.

2. Scope of this Policy

This policy applies to all Croftonpark Storage customers in the area, including prospective customers, current customers, former customers, and individuals who communicate with us about storage services. It also applies to personal data we receive from representatives, business contacts, and anyone acting on behalf of a customer.

Please read this policy carefully so you understand how your information is used when you engage with our services.

3. Personal Data We Collect

We collect only the data needed to provide and manage our storage services. The types of information we may collect include:

  • Identity data: name, title, and date of birth where required for verification.
  • Contact data: address, email address, telephone number, and billing address.
  • Account and contract data: storage unit details, rental dates, payment status, booking information, and agreement records.
  • Financial data: payment card details, bank account details, transaction history, and invoices.
  • Verification data: copies of identity documents, proof of address, or similar information where required to confirm identity or prevent fraud.
  • Security and access data: CCTV records, access logs, gate entry records, incident reports, and site-use information.
  • Correspondence data: emails, letters, complaint records, and notes of calls or interactions.
  • Technical data: limited device or usage information if you interact with digital systems or online forms.

We generally do not intentionally collect special category data unless you choose to provide it to us or we are required to do so by law. If such data is received, we will process it only where permitted under applicable data protection law.

4. How We Collect Personal Data

We may collect personal data directly from you when you:

  • enquire about our services;
  • sign a storage agreement;
  • make payments or set up a billing arrangement;
  • visit our premises;
  • contact us with a query, complaint, or request;
  • provide details for identification or account administration.

We may also receive data from third parties, such as payment providers, identity verification services, insurers, debt recovery services, and law enforcement or regulatory authorities where lawful and necessary.

5. Lawful Basis for Processing

We only process personal data when we have a valid lawful basis under the UK GDPR. Depending on the activity, we rely on one or more of the following:

Contract

We process personal data where it is necessary to enter into or perform a contract with you. This includes setting up your storage account, managing your unit, processing payments, and communicating about your agreement.

Legal obligation

We may process personal data where required to comply with legal obligations, including tax records, accounting requirements, anti-fraud obligations, health and safety duties, and requests from authorities.

Legitimate interests

We may process data where it is necessary for our legitimate business interests, provided those interests are not overridden by your rights and freedoms. This may include security monitoring, preventing fraud, managing disputes, improving services, and protecting property.

Consent

Where required, we will rely on your consent. If we ask for consent, you may withdraw it at any time. Withdrawal of consent will not affect the lawfulness of processing carried out before withdrawal.

Vital interests and public task

In rare cases, we may process data to protect someone’s vital interests or where processing is necessary for a task carried out in the public interest or under official authority.

6. How We Use Personal Data

We use personal data to:

  • provide storage services and maintain customer accounts;
  • verify identity and protect against misuse;
  • process payments and manage invoicing;
  • respond to questions, complaints, and service requests;
  • operate and secure our premises;
  • meet legal, regulatory, insurance, and accounting duties;
  • enforce contractual terms and resolve disputes;
  • improve service quality and operational efficiency.

We do not sell your personal data.

7. Data Sharing and Processors

We may share personal data with trusted third parties who act as processors or independent controllers, depending on the purpose of the sharing. These may include:

  • Payment processors for taking and reconciling payments;
  • IT and cloud service providers for secure data storage, communications, and system support;
  • Identity verification providers to help confirm identity and prevent fraud;
  • Insurance providers where an incident, claim, or policy requirement is involved;
  • Professional advisers such as accountants, auditors, and legal advisers;
  • Debt recovery and credit control providers where accounts remain unpaid;
  • Security service providers supporting CCTV, access control, and site protection;
  • Public authorities where disclosure is required by law or necessary to protect rights.

Where we use processors, they are only allowed to act on our instructions and must protect your information in line with data protection law. We require appropriate contractual safeguards and security measures to be in place.

8. International Transfers

If any personal data is transferred outside the UK, we will ensure appropriate safeguards are used, such as adequacy regulations, standard contractual clauses, or equivalent lawful transfer mechanisms. We take steps to ensure that any transferred data remains protected to a level consistent with UK data protection requirements.

9. Data Retention

We keep personal data only for as long as necessary for the purposes for which it was collected, including legal, accounting, insurance, and reporting requirements. Retention periods may vary depending on the category of information and the reason for processing.

As a general approach:

  • Contract and account records are retained for the duration of the customer relationship and for a reasonable period afterward for legal and operational purposes.
  • Financial and tax records are kept for the period required by law.
  • CCTV and access records are retained for a limited period unless needed for investigation, security, or legal claims.
  • Complaints and correspondence are retained as long as needed to handle the matter and for record-keeping.

When data is no longer required, we will securely delete, anonymise, or archive it in accordance with our retention practices.

10. Security of Your Data

We use appropriate technical and organisational measures to protect personal data against accidental loss, unauthorised access, disclosure, alteration, or destruction. These measures may include access controls, secure storage, encryption where appropriate, staff training, and regular review of security practices.

No system is completely secure, but we work to reduce risk and limit access to personal data to only those who need it for legitimate business purposes.

11. Your Rights

Under data protection law, you have a number of rights in relation to your personal data. These rights may be subject to conditions and exemptions:

  • Right of access: you can request a copy of the personal data we hold about you.
  • Right to rectification: you can ask us to correct inaccurate or incomplete data.
  • Right to erasure: you can ask us to delete your data in certain circumstances.
  • Right to restriction: you can request limited use of your data in some situations.
  • Right to object: you can object to processing based on legitimate interests or direct marketing.
  • Right to data portability: you can request transfer of certain data in a structured, commonly used format.
  • Right to withdraw consent: where processing is based on consent, you may withdraw it at any time.

If you wish to exercise any of these rights, we will respond within the time limits required by law. We may need to verify your identity before responding to your request.

12. Complaints and Supervisory Authority

If you are unhappy with the way we handle your personal data, you have the right to raise a complaint with the relevant supervisory authority. You may also contact us to give us the opportunity to address your concerns directly. We welcome the chance to resolve any issue fairly and promptly.

13. Children’s Data

Our storage services are generally intended for adults. We do not knowingly collect personal data from children except where necessary and lawful, for example in relation to a customer’s household or authorised contact details. Where we become aware that data has been collected unlawfully, we will take appropriate steps to delete or protect it.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, our services, or the way we process personal data. The most current version will apply to your use of Croftonpark Storage services. Where changes are significant, we will take reasonable steps to bring them to your attention.

15. Summary of Key Principles

To summarise, Croftonpark Storage will only collect and use personal data where it is necessary, lawful, and proportionate. We will keep information no longer than required, share it only with appropriate processors or other lawful recipients, and respect the rights of all customers in the area. Our approach is guided by privacy by design, accountability, and the principle of data minimisation.

Call Now!
Call Now Get a Quote
Croftonpark Storage

GDPR-compliant Privacy Policy for Croftonpark Storage covering data collection, lawful basis, retention, processors, rights, and scope for all area customers.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.