Privacy Policy - Addington Storage

Privacy Policy

This Privacy Policy explains how Addington Storage collects, uses, stores, shares, and protects personal data in connection with its storage services. It applies to all Addington Storage customers in the area, including prospective customers, current customers, former customers, authorised representatives, and other individuals whose personal data we process in the course of providing our services.

We are committed to handling personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We aim to be transparent about what information we collect, why we collect it, how long we keep it, and what rights individuals have over that information.

1. Information We Collect

We collect only the personal data that is necessary for lawful business, operational, security, and legal purposes. The categories of data we may collect include:

  • Identity data: name, title, date of birth, and identification details where required for verification.
  • Contact data: address, email address, telephone number, and other communication details.
  • Account and contract data: account references, booking details, rental agreements, service preferences, and payment status.
  • Payment data: billing information, transaction records, and limited payment-related information needed to process charges and refunds.
  • Security data: CCTV footage, access logs, alarm records, and records of entry to premises or storage areas.
  • Correspondence data: records of emails, calls, messages, complaints, and other communications.
  • Technical data: device and usage information collected through our systems where applicable, such as IP-related logs or system usage records.
  • Verification and compliance data: evidence needed to confirm identity, prevent fraud, comply with law, and meet insurance or contractual requirements.

Where we receive personal data about another person from a customer, such as an emergency contact or an authorised mover, we expect the customer to ensure that the person is informed of this Privacy Policy where appropriate.

2. How We Use Personal Data

We use personal data for the following purposes:

  • to provide storage services and manage customer accounts;
  • to verify identity and prevent unauthorised access or fraud;
  • to issue invoices, take payments, manage credit control, and process refunds;
  • to maintain site security, protect property, and monitor access to storage facilities;
  • to communicate service updates, notices, account information, and important operational information;
  • to respond to enquiries, complaints, and requests;
  • to maintain internal records, reporting, and audit trails;
  • to meet legal, tax, regulatory, insurance, and compliance obligations;
  • to establish, exercise, or defend legal claims; and
  • to improve our services, systems, and security measures.

We do not use personal data for purposes that are incompatible with the original reason for collection unless we have a lawful basis to do so and where required, have informed the relevant individual.

3. Lawful Basis for Processing

We only process personal data where we have a valid lawful basis under the UK GDPR. Depending on the context, the lawful bases we rely on may include:

Contract

We process personal data when it is necessary to enter into or perform a contract with a customer. This includes managing bookings, providing access to storage units, handling payments, and administering customer accounts.

Legal obligation

We process certain data to comply with legal requirements, including tax, accounting, fraud prevention, health and safety, and regulatory obligations. We may also retain records needed to comply with court orders or lawful requests from authorities.

Legitimate interests

We may process personal data where it is necessary for our legitimate interests or those of a third party, provided those interests are not overridden by the rights and freedoms of the individual. Legitimate interests may include protecting premises, preventing crime, managing business operations, improving services, and defending legal claims. We balance our interests against the impact on individuals before relying on this basis.

Consent

In some circumstances, we rely on consent, for example where it is required by law or where we seek permission for specific optional uses. Where consent is used, individuals have the right to withdraw it at any time. Withdrawal will not affect the lawfulness of processing carried out before consent was withdrawn.

Vital interests and public task

Although these bases are unlikely to be used often in a storage context, they may apply in exceptional circumstances where processing is necessary to protect someone’s vital interests or where required for a public task.

4. How We Share Personal Data

We may share personal data with trusted third parties where necessary for the purposes described in this Policy. These may include:

  • Payment service providers who process card or online payments on our behalf;
  • IT and software providers who support our booking, recordkeeping, communication, and security systems;
  • Security providers who assist with monitoring, alarms, access control, or CCTV systems;
  • Professional advisers such as accountants, insurers, auditors, and legal advisers;
  • Delivery, removal, or support contractors where required to deliver services requested by customers;
  • Public authorities where disclosure is required by law, court order, or lawful request; and
  • Debt recovery or dispute resolution partners where necessary to recover unpaid sums or resolve disputes.

We require processors and other third parties acting on our behalf to process personal data only according to our instructions, to keep it secure, and to comply with data protection law. We do not sell personal data.

5. International Transfers

If any service provider stores or processes personal data outside the United Kingdom, we will ensure appropriate safeguards are in place. These safeguards may include adequacy regulations, standard contractual clauses, or other lawful transfer mechanisms. We take steps to ensure that personal data remains protected to a standard consistent with UK GDPR requirements.

6. Data Retention

We keep personal data only for as long as necessary for the purposes for which it was collected, including to meet legal, accounting, insurance, and reporting requirements. Retention periods vary depending on the type of information and the reason for processing.

  • Customer account and contract records: retained for the duration of the relationship and for a further period where needed for legal, accounting, or dispute purposes.
  • Financial records: retained for the period required under tax and accounting law.
  • CCTV and access records: retained for a limited period unless required longer for investigation, security, or legal reasons.
  • Correspondence and complaints: retained as long as necessary to deal with the matter and to evidence how it was resolved.
  • Legal and claims records: retained for the duration of the claim and for any additional period needed to protect our legal position.

When personal data is no longer needed, we will securely delete, anonymise, or otherwise dispose of it in accordance with our records management procedures.

7. Data Security

We take appropriate technical and organisational measures to protect personal data against accidental loss, unauthorised access, unlawful use, alteration, or disclosure. These measures may include access controls, staff training, secure storage, monitoring, encryption where suitable, and regular review of our procedures. While no system can be guaranteed completely secure, we work to maintain a level of protection appropriate to the risks involved.

8. User Rights

Individuals have rights under data protection law in relation to their personal data. Subject to certain conditions and exemptions, these rights may include:

  • Right of access: to request a copy of the personal data we hold about you.
  • Right to rectification: to request correction of inaccurate or incomplete data.
  • Right to erasure: to request deletion of personal data in certain circumstances.
  • Right to restrict processing: to request that we limit how we use your data in certain situations.
  • Right to data portability: to receive certain data in a structured, commonly used format and, where applicable, have it transferred to another controller.
  • Right to object: to object to processing based on legitimate interests or for direct marketing, where applicable.
  • Right to withdraw consent: where processing is based on consent, to withdraw it at any time.
  • Right to complain: to raise concerns with the relevant data protection supervisory authority.

We may need to verify identity before responding to a rights request. We aim to respond within the time limits required by law. If a request is complex or numerous, we may extend the response period where permitted.

9. Children’s Data

Our services are intended for adults. We do not knowingly collect personal data from children except where it is provided incidentally in relation to a customer account or legal requirement. If we become aware that we have collected data from a child without appropriate authority, we will take steps to delete or secure it as appropriate.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, our services, or how we process personal data. The most recent version will apply from the date it takes effect. We encourage customers to review this Policy periodically so they remain informed about how their information is handled.

11. Summary of Our Commitments

Addington Storage is committed to using personal data fairly, lawfully, and transparently. We collect only what we need, use it for clear and legitimate purposes, share it only with trusted processors or where required by law, and keep it only for as long as necessary. We also recognise and respect the rights of individuals over their personal data.

Last reviewed: current policy version applicable to all Addington Storage customers in the area.

This Privacy Policy is designed to reflect core GDPR principles of lawfulness, fairness, transparency, data minimisation, accuracy, storage limitation, integrity, confidentiality, and accountability.

Call Now!
Call Now Get a Quote
Addington Storage

GDPR-compliant Privacy Policy for Addington Storage covering data collection, lawful basis, retention, processors, rights, and scope for all customers in the area.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.