Privacy Policy - Selfstorage Kingston
This Privacy Policy explains how Selfstorage Kingston collects, uses, stores, shares, and protects personal data. It applies to all Selfstorage Kingston customers in the local area, including prospective customers, current customers, former customers, and any person who interacts with our storage services, enquiries, or related administrative processes. We are committed to handling personal data in a lawful, fair, transparent, and secure manner in line with the UK GDPR and the Data Protection Act 2018.
1. Who We Are
Selfstorage Kingston operates self-storage services and associated customer management functions. In the course of providing these services, we act as a data controller for the personal data we collect and use. This means we decide how and why your personal data is processed for our storage operations, customer administration, payment processing, security, and legal compliance.
We respect your privacy and only process personal data where we have a valid legal basis to do so. This policy should be read carefully so you can understand what information we collect and how your rights are protected.
2. Personal Data We Collect
We collect only the information that is necessary to provide and manage our storage services, operate our business securely, and meet our legal obligations. The categories of data we may collect include:
- Identity data: name, date of birth, and similar identifying details.
- Contact data: address, email address, telephone number, and billing address.
- Contract and account data: storage agreement details, account references, rental dates, unit information, access records, and service history.
- Payment data: payment method details, transaction records, invoicing information, and payment status. We do not store card data unless strictly necessary and permitted by our payment systems.
- Verification data: documents or information used to confirm identity, address, or eligibility to use our services.
- Security data: CCTV footage, entry logs, alarm records, incident reports, and key or access control records where applicable.
- Communication data: emails, phone call notes, written correspondence, complaint records, and customer service interactions.
- Technical data: limited online or system usage information where relevant to protect systems, improve security, and maintain service performance.
We do not intentionally collect special category data unless you provide it to us for a specific lawful reason or it is required in exceptional circumstances, such as legal claims or safety incidents.
3. How We Collect Data
We may collect personal data directly from you when you:
- make an enquiry or request a quote;
- enter into a storage agreement;
- make a payment or manage your account;
- visit or use our storage premises;
- contact us with questions, complaints, or support requests;
- provide documentation for identity or address verification.
We may also collect personal data indirectly from lawful third parties, such as payment providers, identity verification providers, contractors, insurers, legal advisers, debt recovery partners, or public authorities when necessary and permitted by law.
4. Lawful Basis for Processing
We process personal data only where a lawful basis under UK GDPR applies. Depending on the purpose, our lawful bases may include:
4.1 Performance of a Contract
We process your data when it is necessary to enter into or perform a storage agreement, manage your account, provide access to storage facilities, process payments, and deliver customer support.
4.2 Legal Obligation
We may process personal data where required to comply with legal and regulatory obligations, including tax, accounting, fraud prevention, health and safety, and responding to lawful requests from public authorities.
4.3 Legitimate Interests
We may process data where it is necessary for our legitimate business interests and where those interests are not overridden by your rights and freedoms. This may include protecting premises, preventing theft or misuse, maintaining records, managing disputes, improving operations, and ensuring secure business administration. We always assess whether our interests are appropriate and proportionate.
4.4 Consent
In limited circumstances, we may rely on your consent, for example where required for certain optional communications or processing activities. If we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.
4.5 Vital Interests
In rare cases, we may process personal data where it is necessary to protect someone’s vital interests, such as in an emergency involving health or safety.
5. How We Use Your Data
We use personal data for the following purposes:
- to register and manage customer accounts;
- to provide storage services and administer contracts;
- to verify identity and prevent fraud;
- to process payments, refunds, and account balances;
- to maintain security and manage access to facilities;
- to handle complaints, disputes, and claims;
- to meet accounting, tax, and legal requirements;
- to communicate service updates and important administrative notices;
- to improve service quality, internal procedures, and operational safety.
We do not sell personal data. Any processing is limited to the purposes described in this policy or where required by law.
6. Data Sharing and Processors
We may share personal data with carefully selected processors and third parties who help us operate our business. Processors only act on our instructions and are required to protect your data and use it only for specified purposes.
Examples of processors and service providers may include:
- Payment processors that handle secure transactions and billing support;
- IT and cloud service providers that host systems, back up data, or support secure operations;
- Security providers that support surveillance, access control, or incident management;
- Accountancy and audit providers that assist with financial administration and compliance;
- Identity verification services that help confirm customer identity where necessary;
- Legal and professional advisers that support dispute resolution, claims, or regulatory matters;
- Debt recovery or collections partners where lawful and proportionate for unpaid balances;
- Public authorities where disclosure is required by law or necessary for legal proceedings.
Where processors are used, we take reasonable steps to ensure they provide adequate technical and organisational safeguards. We require confidentiality, data security, and compliance obligations through contractual arrangements.
7. Data Retention
We keep personal data only for as long as necessary for the purposes for which it was collected, including to satisfy legal, accounting, and reporting requirements. Retention periods vary depending on the type of information and the reason for processing.
In general:
- customer account and contract records are retained for the duration of the relationship and for a reasonable period afterwards;
- financial records are retained for statutory accounting and tax periods;
- security records, such as CCTV footage, are retained for limited periods unless required for an investigation or legal claim;
- correspondence and complaint records are kept for as long as needed to resolve matters and document business activity;
- records required for legal defence or compliance may be retained longer where necessary.
When data is no longer needed, we delete, anonymise, or securely destroy it. Retention is reviewed regularly to ensure information is not kept longer than necessary.
8. Security of Personal Data
We apply appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure. These measures may include access restrictions, staff confidentiality obligations, secure storage, encryption where appropriate, and monitoring of systems and premises.
Although no method of transmission or storage is completely risk-free, we work to maintain a high level of protection and to respond promptly to any suspected data incident.
9. Your Rights
Under data protection law, you have rights in relation to your personal data. These rights may apply depending on the legal basis and circumstances of processing. Your rights include:
- Right of access: to request a copy of the personal data we hold about you.
- Right to rectification: to ask us to correct inaccurate or incomplete information.
- Right to erasure: to request deletion of your data in certain circumstances.
- Right to restrict processing: to ask us to limit how we use your data in certain situations.
- Right to object: to object to processing based on legitimate interests or direct marketing where applicable.
- Right to data portability: to receive certain data in a structured, commonly used format where processing is based on consent or contract and carried out by automated means.
- Right to withdraw consent: where processing is based on consent, you may withdraw it at any time.
You also have the right to complain to the UK Information Commissioner’s Office if you believe your data protection rights have been infringed. We encourage you to contact us first so we can address concerns promptly and fairly.
10. Automated Decision-Making
We do not normally use fully automated decision-making that produces legal or similarly significant effects. If this changes, we will ensure any such processing is lawful and that appropriate safeguards are in place.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or data protection practices. Any updated version will apply from the date it is published or otherwise communicated. We recommend reviewing this policy periodically to remain informed about how we process personal data.
12. Summary of Our Commitment
Selfstorage Kingston is committed to protecting the privacy of all customers in the area. We collect only the data needed to deliver services, we use it only where we have a lawful basis, we share it carefully with trusted processors, and we retain it only for as long as necessary. We also respect your rights and aim to handle all personal data in a transparent, secure, and accountable way.