Privacy Policy - Selfstorage Chiswick
This Privacy Policy explains how Selfstorage Chiswick collects, uses, stores, shares, and protects personal data in connection with our storage services. It applies to all Selfstorage Chiswick customers in the Chiswick area, including prospective customers, account holders, and individuals who interact with us on behalf of a business or organisation. We are committed to processing personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who We Are
Selfstorage Chiswick provides self-storage services, including unit rentals, account management, access administration, billing, and customer support. For the purposes of data protection law, we act as the data controller for the personal data we collect and use in connection with our services. This means we determine how and why your personal data is processed.
2. Personal Data We Collect
We only collect personal data that is necessary for the operation of our services, the management of customer accounts, and compliance with legal obligations. Depending on your relationship with us, we may collect the following categories of information:
- Identity data: name, date of birth, and identification details used to verify identity.
- Contact data: address, email address, and telephone number.
- Account data: customer account number, contract details, storage unit details, and service preferences.
- Payment data: billing records, payment status, and limited financial information needed to process transactions.
- Access and security data: access logs, entry records, CCTV footage where applicable, and security incident reports.
- Communication data: correspondence with our team, complaints, queries, and service-related notes.
- Technical data: device, browser, and usage information if you interact with any digital systems we use for account or service administration.
We do not intentionally collect special category data unless it is required by law or you choose to provide it in a specific context, such as a reasonable adjustment request. Where such data is processed, we do so only with an appropriate lawful basis and additional safeguards.
3. How We Use Your Data
We use personal data to operate our storage services efficiently, securely, and lawfully. Typical uses include:
- creating and managing your customer account;
- providing and administering storage units;
- processing payments and handling invoices;
- verifying identity and preventing fraud;
- maintaining site safety and security;
- responding to enquiries, complaints, and support requests;
- meeting legal, tax, accounting, and regulatory obligations;
- protecting our business, customers, staff, and property;
- improving our services and internal processes.
We use your personal data only for specified, explicit, and legitimate purposes and do not process it in a manner that is incompatible with those purposes.
4. Lawful Basis for Processing
Under UK GDPR, we must have a lawful basis before processing personal data. Selfstorage Chiswick relies on the following lawful bases depending on the context:
Contract
We process personal data where it is necessary to enter into or perform a contract with you. This includes account setup, unit allocation, billing, access management, and customer support related to your storage agreement.
Legal Obligation
We process certain data where we are required to comply with legal obligations, such as tax record-keeping, accounting requirements, crime prevention measures, or responding to lawful requests from public authorities.
Legitimate Interests
We may process data where it is necessary for our legitimate interests, provided your interests and fundamental rights do not override those interests. Examples include site security, fraud prevention, operational management, and limited business improvement activities. Where we rely on legitimate interests, we consider whether the processing is proportionate and respectful of your privacy.
Consent
In limited situations, we may rely on your consent, for example for certain optional communications or uses of data not covered by another lawful basis. Where consent is used, it will be freely given, specific, informed, and unambiguous. You may withdraw consent at any time, without affecting processing already carried out before withdrawal.
5. Sharing Your Data and Processors
We may share personal data with trusted third parties where necessary to provide our services, run our business, or comply with the law. These third parties may act as processors or, in some cases, independent controllers.
Examples of processors may include:
- payment service providers that handle transactions;
- accounting and bookkeeping providers;
- IT, cloud storage, and software support providers;
- customer communication and administrative service providers;
- security monitoring or CCTV service providers;
- document storage and archiving providers.
Where a third party acts as a processor, we ensure there is a written data processing agreement in place requiring them to process data only on our instructions, keep it secure, and comply with data protection law.
We may also disclose personal data to:
- law enforcement agencies or courts where required by law;
- professional advisers such as auditors or legal advisers;
- insurers or debt recovery services where necessary and lawful;
- other parties in the event of a business reorganisation, merger, or transfer of assets.
We do not sell your personal data.
6. Data Retention
We keep personal data only for as long as it is needed for the purpose for which it was collected, or for as long as required by law. Retention periods depend on the type of data and the reasons for processing. In general:
- Customer and contract records are retained for the duration of the agreement and for a reasonable period afterwards to handle disputes, audits, or claims.
- Payment and accounting records are typically retained for the period required by tax and accounting laws.
- Security logs and CCTV records are retained only for a limited time unless needed for an investigation or legal matter.
- Correspondence and support records are retained as long as necessary to resolve queries and maintain accurate service history.
When data is no longer needed, we securely delete, anonymise, or archive it in accordance with our retention practices and legal obligations.
7. Data Security
We use appropriate technical and organisational measures to protect personal data from unauthorised access, loss, alteration, disclosure, or destruction. These measures may include access controls, secure storage, staff confidentiality obligations, system monitoring, and restricted permissions. While no system can be guaranteed completely secure, we work to maintain a high standard of protection.
8. Your Rights
Under data protection law, you have a number of rights in relation to your personal data. These rights may apply in full or in part depending on the legal basis for processing and the circumstances of your request. Your rights include:
- Right of access: you can request confirmation of whether we process your data and ask for a copy of it.
- Right to rectification: you can ask us to correct inaccurate or incomplete personal data.
- Right to erasure: you can ask us to delete your data in certain circumstances, subject to legal retention requirements.
- Right to restriction: you can request that we limit the processing of your data in certain situations.
- Right to data portability: you can request a copy of certain data in a structured, commonly used format where applicable.
- Right to object: you can object to processing based on legitimate interests or direct marketing.
- Right to withdraw consent: where processing is based on consent, you may withdraw it at any time.
You also have the right to lodge a complaint with the relevant data protection supervisory authority if you believe your personal data has not been handled in accordance with the law. We encourage you to raise concerns with us first so that we can try to resolve them promptly and fairly.
9. Children’s Data
Our services are intended for adult customers and business users. We do not knowingly collect personal data from children except where it is necessary in connection with an account holder, authorised contact, or legal obligation. If we become aware that we have collected data unlawfully, we will take appropriate steps to delete it.
10. International Transfers
If any personal data is transferred outside the UK, we will ensure that appropriate safeguards are in place to protect it. These safeguards may include adequacy regulations, standard contractual clauses, or other lawful transfer mechanisms recognised under UK data protection law.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal obligations, or operational needs. Any revised version will apply from the date it is made available. We encourage customers to review this policy periodically to stay informed about how we use personal data.
12. Summary of Our Commitment
Selfstorage Chiswick is committed to handling personal data lawfully, fairly, and transparently. We collect only what we need, use it for clear purposes, and retain it only as long as necessary. We also ensure that our processors are selected carefully and that your rights are respected.
By using Selfstorage Chiswick services, you acknowledge that your personal data will be processed in line with this Privacy Policy and applicable data protection law.