Privacy Policy - Stockwell Storage

Effective date: This Privacy Policy applies to all Stockwell Storage customers in area and explains how we collect, use, store, share, and protect personal data in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

We are committed to handling personal information fairly, transparently, and securely. This policy applies to customers, prospective customers, authorised users, and anyone who interacts with Stockwell Storage in connection with storage services, account management, payments, access control, or support.

1. Data we collect

We collect and process personal data that is necessary to provide storage services and manage our business operations. The categories of data may include:

  • Identity data: name, title, date of birth, and identification details where needed for verification.
  • Contact data: postal address, email address, and telephone number.
  • Account data: account number, booking details, tenancy or storage agreement details, and access credentials.
  • Payment data: billing information, transaction history, and payment status. Card details may be processed by our payment providers rather than stored by us.
  • Usage data: records of facility access, unit usage, attendance logs, and related operational information.
  • Technical data: device information, IP address, browser type, and cookies or similar technologies used on our digital services, where applicable.
  • Communications data: enquiries, complaints, support requests, and correspondence with us.
  • Security data: CCTV footage, access logs, incident reports, and evidence collected for site safety and crime prevention.

We do not intentionally collect special category personal data unless it is necessary and lawful to do so. If such data is provided by you, we will only use it where permitted by data protection law and with appropriate safeguards.

2. How we use personal data

We use personal data for the following purposes:

  • to create and manage customer accounts;
  • to provide storage services and maintain access to units and facilities;
  • to process payments, fees, and refunds;
  • to verify identity and prevent fraud;
  • to communicate about bookings, service updates, reminders, and account matters;
  • to protect the security of our premises, staff, customers, and property;
  • to meet legal, regulatory, accounting, and insurance obligations;
  • to resolve disputes, investigate incidents, and enforce agreements;
  • to improve our services, systems, and operational performance;
  • to send marketing communications where permitted by law and where consent or other lawful basis applies.

We only process personal data where we have a valid lawful basis for doing so.

3. Lawful basis for processing

Under UK GDPR, we rely on one or more of the following lawful bases:

Contract

We process data where it is necessary to enter into or perform a contract with you. This includes setting up your storage agreement, managing your account, providing access, and handling payments.

Legal obligation

We may process personal data to comply with legal duties, such as accounting requirements, tax obligations, fraud prevention, health and safety duties, and lawful requests from authorities.

Legitimate interests

We may use personal data where it is necessary for our legitimate business interests, provided those interests are not overridden by your rights and freedoms. This may include site security, CCTV monitoring, customer service improvement, internal administration, network and information security, and preventing misuse of our services.

Consent

Where required, we rely on your consent, for example for certain marketing communications or optional data uses. You may withdraw consent at any time, without affecting the lawfulness of processing carried out before withdrawal.

Vital interests

In rare circumstances, we may process personal data to protect someone’s vital interests, such as in a medical emergency or serious incident.

4. How we share personal data

We may share personal data only where necessary and appropriate. Recipients may include:

  • Payment processors and financial service providers who manage transactions;
  • IT and software providers that host systems, maintain records, or support communications;
  • Security providers involved in access control, monitoring, or incident response;
  • Professional advisers such as accountants, insurers, legal advisers, and auditors;
  • Delivery, maintenance, and logistics providers where relevant to service operations;
  • Regulators, law enforcement, courts, or other authorities where disclosure is required or permitted by law.

Where third parties process personal data on our behalf, they act as processors and are contractually required to keep data secure, follow our instructions, and use data only for agreed purposes.

5. Retention of personal data

We keep personal data only for as long as necessary for the purposes described in this policy, including to meet legal, accounting, insurance, and reporting requirements. Retention periods depend on the type of data and the reason it was collected.

As a general approach:

  • customer account and contract records are kept for the duration of the relationship and for a reasonable period afterwards;
  • payment and invoicing records are retained in accordance with tax and financial record-keeping obligations;
  • security records, including CCTV and access logs, are retained for limited periods unless needed for an investigation or legal claim;
  • enquiry and correspondence records are kept as long as required to manage the matter and for internal record-keeping.

When personal data is no longer needed, we will securely delete, destroy, or anonymise it.

6. Data security

We use appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure. These measures may include access controls, secure storage, encryption, staff training, restricted permissions, and monitoring of systems and facilities.

While we take reasonable steps to protect data, no system can be guaranteed to be completely secure. We therefore encourage customers to protect their own account credentials and to notify us promptly of any suspected unauthorised access.

7. International transfers

If personal data is transferred outside the UK, we will ensure that appropriate safeguards are in place, such as adequacy regulations, standard contractual clauses, or other legally recognised mechanisms. We only transfer data where necessary for our operations and lawful business purposes.

8. Your rights

Under data protection law, you have a number of rights in relation to your personal data. These include:

  • Right of access – to request a copy of the personal data we hold about you.
  • Right to rectification – to ask us to correct inaccurate or incomplete information.
  • Right to erasure – to request deletion of your data in certain circumstances.
  • Right to restriction – to request that we limit how we use your data in certain situations.
  • Right to object – to object to processing based on legitimate interests or direct marketing.
  • Right to data portability – to receive certain data in a structured, commonly used format where applicable.
  • Right to withdraw consent – where processing is based on consent, you may withdraw it at any time.

You also have the right to complain to the relevant data protection supervisory authority if you believe your rights have been infringed. We encourage you to raise any concerns with us first so we can try to resolve them promptly.

9. Children’s data

Our services are intended for adults and business users. We do not knowingly collect personal data from children unless it is necessary in connection with a lawful contract or service arrangement and appropriate consent or legal authority is in place.

10. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in law, our services, or our data handling practices. The most current version will apply to your use of Stockwell Storage services. We encourage customers to review this policy periodically to stay informed about how we protect personal data.

Summary of our approach: we collect only the information needed to operate secure storage services, use it under a valid lawful basis, retain it only as long as necessary, share it with trusted processors under contract, and respect your data protection rights.

This Privacy Policy applies to all Stockwell Storage customers in area.

By using our services, you acknowledge that you have read and understood this policy.

Call Now!
Call Now Get a Quote
Stockwell Storage

GDPR-compliant privacy policy for Stockwell Storage covering data collection, lawful basis, retention, processors, and user rights for all customers in area.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.