Privacy Policy - Croydon Storage

Effective from: This Privacy Policy applies to all Croydon Storage customers in the area and explains how we collect, use, store, and protect personal data in line with the UK GDPR and the Data Protection Act 2018.

1. Introduction

Croydon Storage is committed to handling personal information lawfully, fairly, and transparently. We collect only the data needed to provide storage services, manage customer accounts, maintain security, meet legal obligations, and improve our business operations. This policy applies to all customers, prospective customers, visitors, and individuals whose personal data we process in connection with our services.

We do not sell personal data. We also aim to keep your information accurate, secure, and retained only for as long as necessary.

2. What Data We Collect

We may collect and process the following categories of personal data:

  • Identity data: name, date of birth, and identification details where needed for verification.
  • Contact data: address, email address, telephone number, and billing address.
  • Account data: customer reference numbers, storage unit details, service preferences, and communication history.
  • Payment data: payment status, transaction records, and limited financial details required to process payments.
  • Security data: CCTV footage, access logs, alarm records, and incident reports.
  • Usage data: information about how you use our facilities, such as entry times and service interactions.
  • Correspondence data: complaints, enquiries, feedback, and any information you provide when contacting us.

We may also collect information from third parties where necessary, such as identity verification services, payment providers, insurers, or legal and regulatory bodies.

3. How We Use Your Data

We use personal data for the following purposes:

  • to set up and manage customer accounts;
  • to provide storage services and related support;
  • to verify identity and prevent fraud;
  • to process payments, invoices, and account administration;
  • to monitor site security and protect customers, staff, and property;
  • to handle disputes, complaints, and customer service enquiries;
  • to comply with legal and regulatory requirements;
  • to maintain business records and improve our service delivery;
  • to defend legal claims and manage insurance matters.

We only use your information where we have a valid reason to do so.

4. Lawful Basis for Processing

Under data protection law, we must have a lawful basis for processing your personal data. We rely on the following bases:

Contract

We process your data when it is necessary to enter into or perform a contract with you. This includes managing your storage account, providing access to your unit, processing payments, and dealing with service-related queries.

Legal Obligation

We process some data to comply with legal requirements, such as record keeping, tax obligations, fraud prevention, health and safety duties, and responding to lawful requests from authorities.

Legitimate Interests

We may process data where it is in our legitimate interests or those of a third party, provided your rights and freedoms do not override those interests. Examples include site security, CCTV monitoring, service improvement, internal administration, and protecting against misuse of our facilities.

Consent

Where required, we will ask for your consent before processing your data. For example, we may ask for permission to send certain marketing communications. You can withdraw consent at any time, where consent is the basis for processing.

5. Data Sharing and Processors

We may share personal data with trusted third-party service providers who process data on our behalf. These include processors such as:

  • payment processing providers;
  • IT support and cloud storage providers;
  • customer management and accounting service providers;
  • security and CCTV system providers;
  • identity verification and fraud prevention providers;
  • legal advisers, insurers, and debt recovery services where necessary;
  • regulatory, law enforcement, or government bodies where required by law.

All processors are required to handle personal data securely, only use it for our instructions, and comply with applicable data protection laws. We take steps to ensure appropriate contractual safeguards are in place before any data is shared.

We do not allow processors to use your personal data for their own unrelated purposes.

6. Data Retention

We keep personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, security, and reporting requirements. Retention periods vary depending on the type of data and the reason we hold it.

  • Customer account and contract records: retained for the duration of the contract and for a reasonable period afterwards to deal with claims, disputes, and legal obligations.
  • Payment and financial records: retained for the period required by tax and accounting law.
  • Security records and CCTV: retained for a limited period unless needed for investigation, safety, or legal purposes.
  • Correspondence and complaints: retained for as long as needed to resolve the issue and maintain appropriate records.

When personal data is no longer required, it is securely deleted, anonymised, or destroyed.

7. Data Security

We use appropriate technical and organisational measures to protect personal data against unauthorised access, loss, disclosure, alteration, or destruction. These measures may include access controls, secure systems, encryption, staff training, and physical security measures at our facilities.

While we work hard to protect your data, no system can be guaranteed to be completely secure. If a data incident occurs that presents a risk to your rights and freedoms, we will act promptly in line with legal obligations.

8. Your Rights

Under data protection law, you may have the following rights regarding your personal data:

  • Right of access: to request a copy of the personal data we hold about you.
  • Right to rectification: to request correction of inaccurate or incomplete data.
  • Right to erasure: to ask us to delete your data in certain circumstances.
  • Right to restriction: to request limited processing in certain situations.
  • Right to object: to object to processing based on legitimate interests or direct marketing.
  • Right to data portability: to receive certain data in a structured, commonly used format where applicable.
  • Right to withdraw consent: where we rely on consent, you may withdraw it at any time.

If you wish to exercise any of these rights, we will respond within the time limits set by law. In some cases, we may need to verify your identity before acting on your request.

9. International Transfers

In limited cases, personal data may be processed outside the UK if a service provider operates internationally. When this happens, we will ensure appropriate safeguards are in place so that your data remains protected to the required legal standard.

10. Children’s Data

Our services are not intended for children under 18 unless they are represented by a parent or guardian acting on their behalf. We do not knowingly collect children’s personal data unless it is necessary for lawful service provision and appropriate consent or authority has been provided where required.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or data processing practices. Any updates will be effective once published or otherwise communicated where appropriate. We encourage customers to review this policy periodically.

12. Complaints

If you have concerns about how we handle personal data, you may raise them with us so we can investigate and respond appropriately. You also have the right to lodge a complaint with the UK Information Commissioner’s Office if you believe your data protection rights have been infringed.

13. Summary of Our Commitment

Croydon Storage is committed to using personal data responsibly, securely, and only where there is a lawful basis. We collect only what is necessary, limit access to trusted processors, retain information for no longer than required, and respect your rights under data protection law. This policy applies to all Croydon Storage customers in the area and is designed to ensure your personal data is handled with care and transparency.

Call Now!
Call Now Get a Quote
Croydon Storage

GDPR-compliant Privacy Policy for Croydon Storage covering data collection, lawful basis, retention, processors, and user rights for all local customers.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.