Privacy Policy - Selfstorage Waterloo

Selfstorage Waterloo is committed to protecting the privacy and personal data of all customers in the Waterloo area. This Privacy Policy explains how we collect, use, store, share, and protect personal information when you use our storage services. It applies to all Selfstorage Waterloo customers in the area, including prospective customers, account holders, authorised users, and anyone who communicates with us in relation to our services.

1. Introduction

We respect your privacy and process personal data in accordance with the UK GDPR and the Data Protection Act 2018. We only collect information that is necessary for providing storage services, managing customer relationships, meeting legal obligations, and improving our operations. This policy is intended to be clear, fair, and transparent about how your data is used.

By using our services, you acknowledge that your personal data may be processed as described in this policy. We strive to keep all information accurate, secure, and retained only for as long as necessary.

2. Personal Data We Collect

We may collect and process the following categories of personal data:

• Identity information such as your name, date of birth, and identification details.
• Contact information including address, email address, and telephone number.
• Account and service information such as storage unit details, booking records, payment history, and correspondence.
• Verification information where needed for security, fraud prevention, or legal compliance.
• Financial information such as billing details, payment confirmations, and transaction records.
• Access and security information including entry logs, key or access device usage, and CCTV records where applicable.
• Communication records such as emails, calls, complaints, and service requests.
• Website and technical data if you interact with digital systems, including device information, cookies, and usage data.

We normally collect data directly from you when you enquire about, book, or use our storage services. We may also receive information from third parties where lawful and necessary, such as payment providers, identity verification services, legal representatives, or debt recovery services.

3. How We Use Your Data

We use personal data for the following purposes:

• To register and manage your storage account.
• To provide storage facilities and related services.
• To verify identity and prevent fraud.
• To process payments, invoices, refunds, and account administration.
• To communicate service updates, notices, and policy changes.
• To maintain site safety, security, and access control.
• To respond to enquiries, complaints, and disputes.
• To comply with legal and regulatory obligations.
• To support legitimate business operations, auditing, and service improvement.

We do not use personal data for purposes that are incompatible with those described in this policy without first ensuring a lawful basis to do so.

4. Lawful Basis for Processing

Under GDPR, we must have a lawful basis for each processing activity. Selfstorage Waterloo relies on the following lawful bases:

Contract

We process personal data where it is necessary to enter into or perform a contract with you. This includes setting up accounts, managing storage units, processing payments, and delivering agreed services.

Legal obligation

We may process personal data to comply with legal requirements, such as tax recordkeeping, fraud prevention, safety obligations, and responding to lawful requests from authorities.

Legitimate interests

We may process data where it is necessary for our legitimate interests, provided those interests do not override your rights and freedoms. Examples include managing our business efficiently, maintaining security, preventing misuse, and defending legal claims.

Consent

In limited situations, we may rely on your consent, for example for certain optional communications or non-essential cookies. Where consent is used, you may withdraw it at any time.

Vital interests

In rare circumstances, we may process information to protect someone’s vital interests, such as in an emergency affecting health or safety.

5. Data Sharing and Processors

We may share personal data with trusted third parties who act as processors on our behalf or, in some cases, as independent controllers. All processors are required to handle personal data securely and only in line with our instructions and applicable data protection laws.

Typical categories of processors may include:

• Payment service providers for card processing, invoicing, and transaction handling.
• IT and cloud service providers for data hosting, system maintenance, and secure storage.
• Security service providers for access control, alarm monitoring, and CCTV support.
• Identity verification and fraud prevention providers where checks are necessary.
• Professional advisers such as accountants, auditors, insurers, and legal advisers.
• Debt recovery or dispute resolution providers where required to manage overdue accounts or claims.

We may also disclose data where required by law, court order, regulatory request, or to protect the rights, property, or safety of Selfstorage Waterloo, our customers, or others.

6. International Transfers

Where a processor or service provider stores or accesses data outside the United Kingdom, we will ensure appropriate safeguards are in place. This may include adequacy regulations, standard contractual clauses, or equivalent protections recognised under data protection law.

7. Data Retention

We keep personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, tax, and reporting requirements. Retention periods may vary depending on the nature of the data and the reason for processing.

In general:

• Customer account and contract records are retained for the duration of the service relationship and for a reasonable period afterward.
• Financial and tax records are retained for the period required by law.
• Security records such as access logs and CCTV footage are retained only for as long as necessary for safety, investigation, or incident management.
• Correspondence and complaint records are retained for as long as needed to resolve the matter and demonstrate compliance.

When data is no longer required, it is securely deleted, anonymised, or archived in accordance with our retention procedures.

8. Data Security

We use appropriate technical and organisational measures to protect personal data against accidental loss, unauthorised access, alteration, disclosure, or destruction. These measures may include secure access controls, staff confidentiality obligations, encryption where appropriate, limited permissions, and monitoring of systems and facilities.

However, no method of transmission or storage is completely secure. While we take reasonable steps to safeguard your data, we cannot guarantee absolute security.

9. Your Rights Under GDPR

As a data subject, you have several rights in relation to your personal data. These rights may be subject to certain conditions and exemptions under applicable law.

Right of access

You may request confirmation of whether we process your personal data and obtain a copy of the information we hold about you.

Right to rectification

You may ask us to correct inaccurate or incomplete personal data.

Right to erasure

In some circumstances, you may request deletion of your personal data, for example where it is no longer necessary for the purpose collected.

Right to restriction

You may ask us to restrict processing in certain situations, such as while a data accuracy issue is being reviewed.

Right to data portability

Where processing is based on consent or contract and carried out by automated means, you may request a copy of your data in a structured, commonly used, machine-readable format.

Right to object

You may object to processing based on legitimate interests or direct marketing. We will stop processing unless we can demonstrate compelling grounds or legal necessity.

Rights related to automated decision-making

We do not make decisions about you based solely on automated processing that produce legal or similarly significant effects, unless this is clearly communicated and lawful safeguards are in place.

You also have the right to withdraw consent where processing is based on consent. This will not affect processing carried out before withdrawal.

10. How to Exercise Your Rights

If you wish to exercise any of your rights, you should make a clear request describing the information or action you want. We may need to verify your identity before responding. We aim to handle requests promptly and within the time limits set by law.

We may not always be able to comply with a request in full if retaining the data is required by law or necessary for the establishment, exercise, or defence of legal claims.

11. Children’s Data

Our storage services are generally intended for adults. We do not knowingly collect personal data from children unless it is necessary for a legitimate and lawful purpose, such as where a child’s information is included in a legal or emergency context. If we become aware that we have collected data improperly, we will take steps to delete it where appropriate.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, technology, or our services. The latest version will apply to all Selfstorage Waterloo customers in the area from the date it is published or otherwise made available. We encourage you to review it periodically so that you remain informed about how your personal data is protected.

13. Summary of Our Commitment

Selfstorage Waterloo processes personal data fairly, transparently, and securely. We collect only what is necessary, use it for legitimate storage-related purposes, and retain it for no longer than needed. We work with processors that are bound by strict data protection obligations and we respect your rights under GDPR.

We are committed to handling your information with care, accountability, and respect.