Privacy Policy - Stjohnswood Storage

This Privacy Policy explains how Stjohnswood Storage collects, uses, stores, shares, and protects personal data relating to customers and prospective customers. It applies to all Stjohnswood Storage customers in the area, including individuals and businesses who use our storage services, make enquiries, or otherwise interact with us in connection with storage provision.

We are committed to handling personal data in a lawful, fair, and transparent manner in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We aim to ensure that people understand what information we collect, why we collect it, how long we keep it, and what rights they have over it.

1. Personal Data We Collect

We collect only the data that is necessary for the operation of our storage services, for legal compliance, and for the management of customer accounts. Depending on how you interact with us, we may collect the following categories of information:

  • Identity details: name, date of birth, and, where needed, proof of identity.
  • Contact details: postal address, email address, and telephone number.
  • Account information: customer reference numbers, rental details, payment status, and service history.
  • Payment data: billing information, transaction records, and limited financial details needed to process payments.
  • Access and security data: entry logs, key or access records, CCTV images, and other information used to protect our premises.
  • Communication records: emails, messages, notes from calls, and records of complaints, queries, or service requests.
  • Legal and compliance data: information required for fraud prevention, dispute resolution, or the exercise of legal rights.

We do not intentionally collect special category data unless it is provided by you and is necessary for a specific purpose, or unless we are required to do so by law. If such data is collected, it is handled with additional care and only where permitted by law.

2. How We Use Personal Data

We use personal data only where we have a valid lawful basis and for clearly defined purposes. These purposes may include:

  • setting up and managing storage agreements;
  • verifying identity and preventing fraud;
  • processing payments and maintaining accounts;
  • providing access to storage facilities and maintaining security;
  • responding to enquiries, requests, and complaints;
  • sending service-related notices, such as billing updates or policy changes;
  • meeting legal, regulatory, tax, and insurance obligations;
  • protecting our property, customers, staff, and facilities;
  • handling disputes and enforcing agreements.

We will not use your personal data for purposes that are incompatible with the original reason it was collected unless we have a lawful basis to do so and have informed you where required.

3. Lawful Basis for Processing

Under GDPR, we must have a lawful basis for every use of personal data. Stjohnswood Storage relies on one or more of the following legal grounds:

Contract

We process personal data where it is necessary to enter into or perform a contract with you. This includes creating a storage agreement, managing your account, processing payments, providing access to your unit, and delivering agreed services.

Legal Obligation

We may process data where needed to comply with legal or regulatory requirements, such as accounting, tax retention, anti-fraud checks, health and safety obligations, or responding to lawful requests from authorities.

Legitimate Interests

We may process data where it is necessary for our legitimate interests or those of a third party, provided those interests are not overridden by your rights and freedoms. Examples include premises security, loss prevention, internal record-keeping, service improvement, and handling disputes. We always consider whether our interests are proportionate and privacy-friendly.

Consent

In limited situations, we may rely on your consent, for example for certain optional communications or where required for specific data uses. Where consent is used, you may withdraw it at any time, without affecting the lawfulness of processing carried out before withdrawal.

4. Sharing Personal Data and Processors

We do not sell personal data. We may share it only where necessary and lawful, and only with trusted third parties who support the running of our services. These parties may act as processors or, in some cases, independent controllers.

Examples of processors and service providers may include:

  • payment service providers;
  • accounting and bookkeeping providers;
  • IT hosting, software, and data storage providers;
  • security and surveillance service providers;
  • professional advisers such as lawyers, auditors, or insurers;
  • maintenance and operational contractors where access to data is necessary.

Where a processor acts on our behalf, we require them to follow our instructions, protect data appropriately, and use it only for the agreed purpose. We also require suitable contractual safeguards to ensure compliance with data protection law. All processors are chosen with care and are expected to maintain confidentiality and security.

We may also disclose personal data if required by law, court order, regulatory request, or to protect our rights, users, staff, or property.

5. Data Retention

We retain personal data only for as long as necessary for the purpose for which it was collected, including satisfying legal, accounting, security, and dispute-resolution requirements. Retention periods may vary depending on the type of data and the reason for processing.

  • Customer and contract records: kept for the duration of the storage relationship and for a reasonable period afterward.
  • Payment and accounting records: retained for the period required by tax and financial laws.
  • Security records and access logs: retained only as long as needed for safety, monitoring, and incident review.
  • Correspondence and complaint records: retained for as long as necessary to respond to the matter and manage any follow-up issues.

When data is no longer required, it is securely deleted, anonymised, or otherwise disposed of in a safe manner. We review retention needs periodically to make sure we do not keep data for longer than necessary.

6. Data Security

We use appropriate technical and organisational measures to protect personal data against loss, misuse, unauthorised access, disclosure, alteration, or destruction. These measures may include access controls, secure storage, staff confidentiality obligations, restricted permissions, and monitoring of systems where appropriate.

No system can be guaranteed to be completely secure. However, we take reasonable steps to reduce risks and respond appropriately if a data incident occurs. Where required, we will investigate incidents and notify affected individuals and regulators in line with applicable law.

7. Your Rights

Depending on the circumstances, you have several rights under data protection law in relation to your personal data. These rights may include:

  • Right of access: to request a copy of the personal data we hold about you.
  • Right to rectification: to request correction of inaccurate or incomplete information.
  • Right to erasure: to request deletion of your data in certain situations.
  • Right to restriction: to ask us to limit how we use your data in certain circumstances.
  • Right to object: to object to processing based on legitimate interests or direct marketing.
  • Right to data portability: to receive certain data in a structured, commonly used format where applicable.
  • Right to withdraw consent: where processing is based on consent.

To exercise your rights, you may make a request using the usual communication channels provided for account administration. We may need to verify your identity before responding. We will respond within the time limits required by law and may decline a request where an exemption applies.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) or another supervisory authority if you are concerned that your data has been handled unlawfully.

8. International Transfers

If personal data is transferred outside the UK, we will ensure that appropriate safeguards are in place. This may include the use of approved contractual protections or transfers to countries recognised as providing adequate protection. We will only transfer data where permitted by law and where suitable safeguards are available.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or data handling practices. Any updated version will apply from the date it is published or otherwise communicated. We encourage customers to review the policy periodically so they remain informed about how their data is handled.

10. Applicability

This Privacy Policy applies to all Stjohnswood Storage customers in the area, including anyone who uses, applies for, or enquires about our services. By engaging with our services, you acknowledge that your personal data may be processed in accordance with this policy and applicable law.

In summary: we collect only the data we need, use it for lawful and limited purposes, keep it only as long as necessary, share it carefully with trusted processors, and respect your rights under GDPR.

Call Now!
Call Now Get a Quote
Stjohnswood Storage

GDPR-compliant Privacy Policy for Stjohnswood Storage covering data collection, lawful basis, retention, processors, and user rights for all local customers.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.