Privacy Policy - Selfstorage Paddington

This Privacy Policy explains how Selfstorage Paddington collects, uses, stores, shares, and protects personal data relating to our customers, prospective customers, visitors, and other individuals whose information we process. It applies to all Selfstorage Paddington customers in the Paddington area, including anyone who enquires about, signs up for, uses, manages, or terminates a storage service with us.

We are committed to handling personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy is designed to be clear, fair, and transparent about our practices. It should be read together with any terms and conditions that apply to the storage services we provide.

1. Personal Data We Collect

We collect only the information that is necessary for us to provide storage services, manage our relationship with you, meet legal obligations, and protect our business, customers, and premises. The types of personal data we may collect include:

  • Identity data such as your name, date of birth, and identification details.
  • Contact data such as your address, email address, and telephone number.
  • Payment data such as billing details and payment transaction information.
  • Account and service data such as unit details, access records, booking information, invoices, and communication history.
  • Security data such as CCTV images, entry logs, and incident records where applicable.
  • Technical data such as IP address, device details, and usage data if you interact with our digital systems.
  • Correspondence data such as messages, complaints, feedback, and requests you send to us.

In limited cases, we may process special category data or other sensitive information only where this is necessary and permitted by law, for example if it is voluntarily disclosed in relation to an issue we must address. We do not seek to collect such data unless there is a clear legal or operational need.

2. How We Collect Personal Data

We may collect personal data directly from you when you:

  • request information about our services;
  • create or manage a storage account;
  • sign agreements or complete forms;
  • make payments or update your details;
  • communicate with us by phone, email, or in person;
  • visit our premises or use access-controlled facilities.

We may also receive personal data from third parties, including payment providers, identity verification providers, insurers, legal advisers, debt recovery services, or public authorities where relevant and lawful. In some situations, data may be generated automatically through the operation of our security systems and facility management tools.

3. Why We Use Your Personal Data

We use personal data for the following purposes:

  • to provide storage services and administer your account;
  • to verify identity and reduce fraud;
  • to take payment and manage billing;
  • to communicate with you about your booking, account, or service updates;
  • to monitor access to our premises and maintain security;
  • to investigate complaints, disputes, theft, damage, or misuse;
  • to comply with legal, regulatory, tax, and accounting obligations;
  • to establish, exercise, or defend legal claims;
  • to improve our services, systems, and customer experience.

We process personal data only for specified, explicit, and legitimate purposes. We will not use your information in a way that is incompatible with those purposes unless we have a lawful basis to do so.

4. Lawful Basis for Processing

Under data protection law, we must have a lawful basis for each processing activity. Depending on the context, we rely on one or more of the following:

Performance of a Contract

We process personal data where it is necessary to enter into or perform our storage agreement with you. This includes managing bookings, providing access, issuing invoices, and handling service-related communications.

Legal Obligation

We process personal data where required to comply with laws and regulations, including tax, accounting, fraud prevention, health and safety, and other statutory duties.

Legitimate Interests

We may process personal data where it is necessary for our legitimate interests or those of a third party, provided that your rights and freedoms do not override those interests. Examples include protecting our premises, preventing misuse, managing disputes, improving services, and maintaining secure records. Where we rely on legitimate interests, we assess the impact of the processing and balance our interests against your rights.

Consent

Where required by law, we will ask for your consent before processing your data. If you give consent, you may withdraw it at any time. Withdrawing consent will not affect the lawfulness of processing carried out before withdrawal.

5. Data Sharing and Processors

We may share personal data with trusted third parties that help us run our business. These parties act as processors or, in some cases, independent controllers. We require processors to handle personal data only on our instructions, to keep it secure, and to comply with data protection law.

Processors and other recipients may include:

  • payment processing providers;
  • IT hosting, cloud storage, and software support providers;
  • security monitoring and CCTV maintenance providers;
  • identity verification and fraud prevention services;
  • professional advisers such as accountants, auditors, insurers, and lawyers;
  • debt recovery and credit control services where necessary;
  • delivery, repair, or maintenance providers when access is needed;
  • law enforcement, regulators, courts, or other public authorities where required by law.

We do not sell your personal data. If personal data is transferred outside the UK, we will ensure that appropriate safeguards are in place, such as standard contractual clauses or another lawful transfer mechanism approved under data protection law.

6. Retention of Personal Data

We keep personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, and reporting requirements. Retention periods vary depending on the type of data and the nature of our relationship with you.

  • Customer account and contract records are usually retained for the duration of the service relationship and for a period afterwards to deal with disputes or legal claims.
  • Payment and accounting records are retained for the period required by tax and financial regulations.
  • Security records such as CCTV footage or access logs are retained for a limited period unless needed for an investigation, claim, or legal process.
  • Correspondence and complaints may be retained for as long as necessary to resolve the matter and maintain appropriate records.

When personal data is no longer needed, we will delete it securely or anonymise it so that it can no longer identify you.

7. Data Security

We take appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure. These measures may include access controls, secure storage, staff training, confidentiality obligations, and monitoring of our systems and premises.

While we work hard to protect data, no method of transmission or storage is completely secure. If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will take appropriate steps in line with applicable law.

8. Your Rights

As a data subject, you have rights over your personal data. Depending on the circumstances, these may include:

  • Right of access – to request a copy of the personal data we hold about you.
  • Right to rectification – to have inaccurate or incomplete data corrected.
  • Right to erasure – to request deletion of your data in certain cases.
  • Right to restriction – to ask us to limit how we use your data in certain circumstances.
  • Right to data portability – to receive certain data in a structured, commonly used format where applicable.
  • Right to object – to object to processing based on legitimate interests or direct marketing.
  • Right to withdraw consent – where processing is based on consent.

You may also have the right to lodge a complaint with the UK data protection regulator if you believe your rights have been infringed. We encourage you to contact us first so we can try to resolve any concerns promptly and fairly.

9. Automated Decision-Making

We do not make decisions about you based solely on automated processing that produce legal or similarly significant effects, unless we are legally permitted to do so and you are informed. If such processing is ever used, we will provide appropriate safeguards.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or data protection practices. The most current version will apply to the processing of personal data by Selfstorage Paddington. We encourage customers to review this policy periodically so they remain informed about how their information is handled.

Summary: Selfstorage Paddington’s GDPR-compliant privacy policy explains what data we collect, why we process it, how long we keep it, who we share it with, and the rights customers have over their personal data.

Call Now!
Call Now Get a Quote
Selfstorage Paddington

GDPR-compliant Privacy Policy for Selfstorage Paddington covering data use, lawful basis, retention, processors, security, and user rights.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.