Privacy Policy - Sanderstead Storage

Effective date: This Privacy Policy applies to all Sanderstead Storage customers in the area and explains how personal data is collected, used, stored, shared, and protected when you use our storage services.

We are committed to handling personal data in a fair, transparent, and secure way, in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who this policy applies to

This Privacy Policy applies to all Sanderstead Storage customers in the area, including individual account holders, authorised users, prospective customers, visitors, and business customers whose data we process in connection with our storage services.

By using our services, applying for storage, or interacting with us in relation to a storage agreement, you acknowledge that your personal data will be processed in accordance with this policy.

2. Personal data we collect

We only collect personal data that is necessary for operating our storage services, meeting legal obligations, and maintaining our business relationship with you. The information we collect may include:

  • Identity data: full name, date of birth, and proof of identity.
  • Contact data: address, email address, telephone number, and billing details.
  • Account and contract data: storage unit references, agreements, payment status, access permissions, and customer correspondence.
  • Financial data: payment records, invoices, and transaction history.
  • Usage data: dates and times of access, security logs, and records of site entry where applicable.
  • Technical data: device, browser, or system information if you use any online tools connected with our services.
  • Security and incident data: CCTV records, reports of damage, complaints, and incident notes.

We may also collect limited special category data only where required by law or where you voluntarily provide it and we have a lawful basis to process it. In general, we do not seek to collect sensitive personal data unless it is necessary and appropriate safeguards are in place.

3. How we use your personal data

We process personal data for the following purposes:

  • to set up and manage your storage account;
  • to verify identity and prevent fraud;
  • to provide access to storage facilities and manage security;
  • to collect payments, issue invoices, and manage arrears;
  • to communicate with you about your contract, service updates, or operational matters;
  • to maintain records required by law, tax rules, or insurance purposes;
  • to investigate complaints, incidents, misuse, or unlawful activity;
  • to improve our services and ensure the safety of our customers, staff, and property.

We only use your personal data where it is necessary, relevant, and proportionate for the stated purpose.

4. Lawful basis for processing

Under UK GDPR, we must have a lawful basis before processing personal data. We rely on the following lawful bases:

Contract

We process personal data where it is necessary to enter into or perform our storage agreement with you. This includes managing your account, granting access, handling payments, and providing the service you requested.

Legal obligation

We may need to process data to meet legal and regulatory obligations, including tax, accounting, fraud prevention, health and safety, and record-keeping requirements.

Legitimate interests

We may process data where it is necessary for our legitimate interests or those of a third party, provided your rights and freedoms do not override those interests. Examples include protecting our site, preventing theft, maintaining security logs, and improving service operations.

Consent

In limited cases, we may rely on your consent, for example where you choose to receive optional communications or where we need permission for a specific purpose. Where consent is used, you can withdraw it at any time without affecting the lawfulness of earlier processing.

5. Data retention

We keep personal data only for as long as necessary to fulfil the purposes for which it was collected, unless a longer retention period is required by law.

  • Customer contract records: retained for the duration of the storage agreement and for a reasonable period afterwards.
  • Payment and accounting records: retained for statutory and financial compliance periods.
  • Security and access logs: retained only as long as needed for security and incident management.
  • Complaints and disputes: retained until the matter is resolved and for any further period needed to defend legal claims.
  • Marketing or optional consent records: retained until you withdraw consent or opt out.

When personal data is no longer needed, we will securely delete, anonymise, or archive it in line with our retention procedures.

6. Data processors and sharing

We may share personal data with trusted third parties who act as data processors or independent controllers, but only where it is necessary and appropriate safeguards are in place.

Typical processors may include:

  • Payment service providers who handle card or bank transactions;
  • IT and cloud service providers who host systems, databases, or backup services;
  • Security providers who support CCTV, alarm monitoring, or access control;
  • Accountants or professional advisers who assist with compliance and financial record-keeping;
  • Insurance providers where claims, incidents, or policy matters are involved;
  • Legal or debt recovery advisers when necessary to protect our rights or pursue outstanding payments.

We require our processors to process data only on our instructions, keep it secure, and comply with data protection law. We do not sell personal data.

We may also disclose information if required by law, court order, or lawful request from public authorities. If data is transferred outside the UK, we will ensure suitable safeguards are in place to protect it.

7. Security of your information

We use appropriate technical and organisational measures to protect personal data from unauthorised access, loss, misuse, alteration, or disclosure. These measures may include access controls, secure storage, staff confidentiality obligations, and monitoring of systems and premises.

While no system can be guaranteed completely secure, we take reasonable steps to reduce risk and safeguard the information entrusted to us.

8. Your rights under UK GDPR

You have a number of rights in relation to your personal data, subject to certain legal limitations. These rights include:

  • Right of access: you can ask for a copy of the personal data we hold about you;
  • Right to rectification: you can request correction of inaccurate or incomplete data;
  • Right to erasure: you can ask us to delete personal data in certain circumstances;
  • Right to restriction: you can request that we limit how we use your data in certain cases;
  • Right to data portability: you can request a copy of some data in a structured, commonly used format;
  • Right to object: you can object to processing based on legitimate interests or direct marketing;
  • Right to withdraw consent: where we rely on consent, you may withdraw it at any time.

You also have the right to complain to the UK Information Commissioner’s Office if you believe your data has not been handled lawfully.

9. Automated decision-making

We do not normally use fully automated decision-making or profiling that produces legal or similarly significant effects. If this changes, we will ensure you are informed and that appropriate safeguards are applied.

10. Children’s data

Our storage services are intended for adults and business users. We do not knowingly collect personal data from children unless it is provided by an adult customer and is necessary for the service relationship.

11. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in law, operations, or technology. Any revised version will apply from the date it is made available. We encourage customers to review it periodically.

12. Summary of our approach

Sanderstead Storage processes personal data carefully and only where it is needed for legitimate business, contractual, or legal reasons. We keep data secure, retain it for no longer than necessary, and respect your rights under UK GDPR.

In short: we collect only what is necessary, use it for clear purposes, share it responsibly with trusted processors, and protect your rights throughout the customer relationship.

Call Now!
Call Now Get a Quote
Sanderstead Storage

GDPR-compliant Privacy Policy for Sanderstead Storage covering data collection, lawful basis, retention, processors, and user rights for all customers in the area.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.