Privacy Policy - Selfstorage Clapham
This Privacy Policy explains how Selfstorage Clapham collects, uses, stores, and protects personal data relating to customers, prospective customers, visitors, contractors, and other individuals whose information we process in connection with our self-storage services. This policy applies to all Selfstorage Clapham customers in the area, including anyone who enquires about, books, accesses, manages, or receives services from us.
We are committed to handling personal data in a lawful, fair, and transparent manner, in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We only collect information that is necessary for specific purposes, and we keep it only for as long as needed.
1. Who We Are
For the purposes of data protection law, Selfstorage Clapham acts as a data controller when we decide why and how personal data is processed. This means we are responsible for ensuring your information is used appropriately and protected with suitable safeguards.
This policy applies to personal data processed in relation to:
- storage enquiries and quotations;
- customer account creation and management;
- identity and security checks;
- payments and billing;
- site access and facility security;
- customer communications;
- contract administration and legal compliance.
2. Personal Data We Collect
We may collect and process different categories of personal data depending on how you interact with us. The information we collect may include:
- Identity data: name, date of birth, and identification details where required;
- Contact data: address, email address, telephone number, and correspondence details;
- Account data: customer reference numbers, booking details, storage unit information, and service history;
- Payment data: payment method, billing records, transaction history, and related financial information;
- Access and security data: entry logs, CCTV footage, alarm or incident records, and site access records;
- Communication data: emails, telephone notes, complaint records, and feedback;
- Technical data: limited device and usage information collected through our systems, where applicable.
We generally do not seek to collect special category data. However, if such information is provided to us voluntarily or becomes necessary in relation to a legal claim, incident, or safeguarding concern, we will only process it where permitted by law and with appropriate safeguards.
3. How We Collect Data
We collect personal data in several ways:
- directly from you when you complete forms, make enquiries, sign agreements, or communicate with us;
- from third parties acting on your behalf, such as agents or authorised representatives;
- from payment providers, fraud prevention services, and similar service partners;
- from security systems such as CCTV, access controls, and incident reporting tools;
- from publicly available sources where needed for verification or compliance.
Where we collect information from third parties, we do so only where there is a lawful basis and the processing is relevant to the services we provide.
4. Lawful Basis for Processing
We process personal data only where we have a valid lawful basis under UK GDPR. Depending on the context, our lawful bases may include:
Contract
We process data where it is necessary to enter into or perform a contract with you. This includes creating accounts, managing storage bookings, processing payments, and providing access to your unit.
Legal Obligation
We may process information where necessary to comply with legal requirements, such as tax, accounting, fraud prevention, health and safety, or law enforcement requests.
Legitimate Interests
We may process data where it is necessary for our legitimate interests, provided those interests do not override your rights and freedoms. This may include maintaining security, preventing crime, improving services, managing disputes, and protecting our business assets.
Consent
In limited cases, we may rely on your consent, for example for certain marketing communications or optional processing activities. Where we rely on consent, you can withdraw it at any time.
Vital Interests
In rare situations, we may process data to protect someone’s vital interests, such as in an emergency or serious incident.
5. How We Use Your Information
We use personal data for the following purposes:
- to respond to enquiries and provide quotations;
- to set up and administer customer accounts;
- to verify identity where appropriate;
- to process payments and issue invoices or receipts;
- to manage storage access and facility security;
- to communicate with you about services, renewals, and account matters;
- to investigate complaints, claims, and incidents;
- to maintain records required for legal, regulatory, or insurance purposes;
- to improve our operations, security, and customer experience.
We do not use your personal data for purposes that are incompatible with the reasons it was originally collected unless we have a lawful basis to do so.
6. Data Sharing and Processors
We may share personal data with trusted third parties who help us operate our business. These parties act as processors when they process data on our behalf and only in accordance with our instructions. Examples may include:
- payment service providers;
- IT and cloud hosting providers;
- customer management and booking system providers;
- security and surveillance service providers;
- accounting and bookkeeping providers;
- professional advisers such as lawyers, insurers, or auditors;
- delivery, maintenance, or operational contractors where necessary.
We may also disclose information where required by law, court order, or lawful request from a regulator, police force, or other public authority.
Where we use processors, we ensure that they are contractually bound to protect personal data, use it only for specified purposes, and maintain appropriate security measures.
7. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including satisfying legal, accounting, insurance, and reporting obligations. Retention periods depend on the type of information and the reason we hold it.
In general:
- customer account and contract records are retained for the duration of the relationship and for a reasonable period afterwards;
- payment and accounting records are retained for the period required by tax and financial laws;
- security records, including CCTV and access logs, are retained for a limited period unless needed longer for an investigation or legal claim;
- enquiry data that does not result in a service agreement is kept only briefly, unless longer retention is justified by a legitimate reason.
When data is no longer required, we securely delete, anonymise, or destroy it.
8. Data Security
We use appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure. These measures may include access controls, password protection, encryption where relevant, staff training, and restricted handling procedures.
While no system can be guaranteed completely secure, we regularly review our safeguards and update them where appropriate to reduce risk.
9. Your Rights Under GDPR
You have several rights in relation to your personal data. Subject to legal limits and exemptions, these rights include:
- Right of access: to request a copy of the personal data we hold about you;
- Right to rectification: to ask us to correct inaccurate or incomplete information;
- Right to erasure: to request deletion of your data in certain circumstances;
- Right to restriction: to ask us to limit how we use your data in certain situations;
- Right to object: to object to processing based on legitimate interests or direct marketing;
- Right to data portability: to receive certain information in a structured, commonly used format;
- Right to withdraw consent: where processing is based on consent, you may withdraw it at any time;
- Right to lodge a complaint: to raise concerns with the relevant data protection authority.
We may need to verify your identity before responding to a rights request. We will respond within the time limits required by law, normally within one month, unless the request is complex or numerous.
10. International Transfers
Where personal data is transferred outside the United Kingdom, we will ensure appropriate safeguards are in place so that your information remains protected in accordance with applicable data protection laws.
11. Cookies and Similar Technologies
If we use online tools or digital systems that involve cookies or similar technologies, these will be used only where necessary or with appropriate consent where required. Any such use will be limited to legitimate operational, security, or analytical purposes.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in law, operations, or data processing practices. Any revised version will apply from the date it is published or made available. We encourage customers to review this policy periodically.
13. Summary of Your Data Relationship with Us
In summary, Selfstorage Clapham processes personal data only where necessary, keeps it secure, retains it for justified periods, and shares it only with approved processors or where required by law. We are committed to respecting your privacy and ensuring that all customers in the Clapham area receive clear, lawful, and fair treatment in relation to their personal data.
Your privacy matters to us, and we aim to handle your information responsibly at every stage of our service.