Self Storage Shoreditch Privacy Policy
This Privacy Policy explains how Self Storage Shoreditch collects, uses, discloses, and protects personal data relating to all our customers and prospective customers in the Shoreditch area. It also sets out your rights under the UK General Data Protection Regulation and the Data Protection Act 2018.
By using our self storage services, visiting our premises, or communicating with us, you acknowledge that you have read and understood this Privacy Policy. We may update this policy from time to time, and any changes will apply from the date of publication.
Who This Policy Applies To
This Privacy Policy applies to all Self Storage Shoreditch customers, prospective customers, website visitors, and any individuals who contact us or otherwise interact with our services in the Shoreditch area. It applies whether you are an individual customer, a business customer, or acting on behalf of another organisation.
Types of Personal Data We Collect
We may collect and process the following categories of personal data about you:
Identification data: name, title, date of birth, and identification documents where required for security or contractual purposes.
Contact details: postal address, billing address, and any other contact information you provide to us.
Account and contract information: customer number, storage unit details, rental agreements, access codes, billing history, and correspondence relating to your account.
Payment and transaction data: payment method details (excluding full card details where processed by payment providers), records of payments, invoices, and refunds.
Communication data: information contained in emails, letters, and telephone or in-person communications with our staff.
Usage and access information: records of access to our premises, such as entry and exit times, key fob or access code usage, and any access logs required for security.
CCTV and security data: images and recordings captured by CCTV and security systems on and around our premises, used for safety and crime prevention.
Website and technical data: when you visit our website, we may collect technical information such as IP address, device information, and usage statistics through standard web technologies and cookies where applicable.
Lawful Bases for Processing Your Data
We process your personal data only where we have a lawful basis under the UK GDPR. Depending on the context, we may rely on the following lawful bases:
Contract: to take steps at your request before entering into a storage agreement, to enter into a contract with you, and to perform our contractual obligations, such as managing your storage unit and processing your payments.
Legal obligation: to comply with legal and regulatory requirements, including tax laws, accounting rules, and obligations related to crime prevention and law enforcement requests.
Legitimate interests: to operate and improve our business, ensure the security and integrity of our premises, prevent fraud, manage customer relationships, and handle enquiries and complaints. When we rely on legitimate interests, we balance our interests against your rights and freedoms.
Consent: in limited situations where required by law or where no other lawful basis applies, we may seek your explicit consent, for example for certain types of optional communications. You can withdraw your consent at any time.
How We Use Your Personal Data
We may use your personal data for the following purposes:
To set up and manage your storage account, including verifying your identity, preparing and administering contracts, and managing access to your storage unit.
To process payments, issue invoices, manage billing cycles, and handle any financial queries or disputes.
To communicate with you about your account, including notices about payments, contract renewals, changes to terms, access issues, or important service information.
To maintain safety and security at our premises, including monitoring access logs and using CCTV to deter and investigate theft, vandalism, or other security incidents.
To respond to your enquiries, complaints, or requests for information, whether made by phone, in writing, or in person.
To manage our business operations, including reporting, auditing, training, and improving our services and customer experience.
To comply with laws and regulations, respond to lawful requests from public authorities, and exercise or defend legal claims.
Data Sharing and Use of Processors
We do not sell your personal data. We may share your personal data with third parties where necessary for the purposes described in this Privacy Policy, including:
Service providers and processors: such as payment processors, IT and hosting providers, security and CCTV system providers, document storage or destruction services, and professional advisers who act on our instructions and are subject to confidentiality and data protection obligations.
Professional and legal advisers: such as accountants, auditors, insurance providers, and legal advisers where necessary for our business operations or to handle legal claims.
Public authorities and law enforcement: where required by law, court order, or to assist with the prevention and detection of crime.
Other third parties: if we undergo a business restructuring, transfer, or sale of part or all of our business, in which case your personal data may form part of the transferred assets, subject to appropriate safeguards.
Whenever we use processors to handle personal data on our behalf, we ensure that appropriate contracts are in place to require them to process personal data only in accordance with our instructions, to keep it secure, and to comply with applicable data protection laws.
Data Retention
We keep your personal data only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.
Account and contract records are generally retained for the duration of your relationship with us and for a period after your contract ends, to address any queries, disputes, or legal claims and to comply with statutory retention periods.
Payment and financial information is retained in line with legal and tax obligations, which may require us to keep certain records for several years.
CCTV and security footage is retained for a limited period, which is typically short, unless it is required for the investigation of an incident, the prevention of crime, or for use in legal proceedings.
When personal data is no longer needed for the purposes for which it was collected, it will be securely deleted, anonymised, or otherwise removed from our systems.
International Data Transfers
Where we transfer personal data outside the United Kingdom, we will ensure that appropriate safeguards are in place to protect your data, such as reliance on adequacy regulations, standard contractual clauses, or other lawful transfer mechanisms recognised by data protection law.
Your Data Protection Rights
Under the UK GDPR, you have a number of rights in relation to your personal data, subject to certain conditions and exemptions. These include:
Right of access: you can request confirmation that we process your personal data and obtain a copy of the personal data we hold about you, together with certain information about how it is processed.
Right to rectification: you can ask us to correct inaccurate or incomplete personal data. It is important that the information we hold about you is accurate and up to date.
Right to erasure: in some circumstances, you can request that we delete your personal data, for example where it is no longer necessary for the purposes for which it was collected or where you withdraw consent where consent was the lawful basis for processing.
Right to restriction of processing: you can request that we restrict the processing of your personal data in certain situations, such as where you contest the accuracy of the data or object to our processing.
Right to data portability: where processing is based on your consent or on a contract and is carried out by automated means, you may have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
Right to object: you can object at any time, for reasons relating to your particular situation, to processing based on our legitimate interests. We will stop processing your data unless we can demonstrate compelling legitimate grounds which override your interests, rights, and freedoms, or where the processing is needed for legal claims.
Rights in relation to automated decision-making: where we carry out automated decision-making or profiling that has legal or similarly significant effects, you may have the right to request human intervention, to express your point of view, and to contest the decision.
Exercising Your Rights and Complaints
If you wish to exercise any of your rights, or if you have any questions or concerns about how we handle your personal data, you can contact us using the contact details provided on our website or at our premises.
You also have the right to lodge a complaint with the Information Commissioner's Office if you believe that your data protection rights have been infringed. Further information about your rights and how to complain is available from the Information Commissioner's Office.
Security of Your Personal Data
We take appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or damage. These measures include access controls, secure storage, staff training, and regular review of our security practices. While we strive to protect your personal data, no system can be completely secure, and you share responsibility for keeping your access credentials and account information safe.
This Privacy Policy applies to all Self Storage Shoreditch customers and users in the Shoreditch area who interact with our services, and it is intended to provide clear and transparent information about how and why we process personal data.
