Privacy Policy - Southfields Storage

Southfields Storage is committed to protecting the privacy and personal data of all customers in the area. This Privacy Policy explains how we collect, use, store, share, and protect personal information in accordance with the UK GDPR and the Data Protection Act 2018. It applies to all Southfields Storage customers in the area, including prospective customers, current customers, and anyone who communicates with us in connection with storage services.

1. Who We Are

For the purposes of data protection law, Southfields Storage is the data controller for the personal data described in this policy. This means we decide how and why your personal information is used when you interact with us for storage-related services. We are responsible for ensuring that personal data is handled lawfully, fairly, and transparently.

2. Information We Collect

We collect and process different types of personal data depending on your relationship with us. The information we may collect includes:

  • Identity information such as your name, title, and date of birth where required for verification.
  • Contact details such as address, email address, and telephone number.
  • Account and transaction details such as booking records, payment status, invoices, and service history.
  • Identification and verification documents where we need to confirm identity or comply with legal obligations.
  • Storage unit and access information such as access logs, booking dates, key or entry records, and security-related records.
  • Communication records including emails, written correspondence, and notes of calls or service interactions.
  • Technical information if you interact with our systems, such as device data, browser information, and basic usage data necessary for security and performance.

We only collect personal data that is relevant and necessary for providing storage services, managing our relationship with you, and meeting legal or operational requirements.

3. How We Use Your Data

We use personal data for the following purposes:

  • To manage enquiries, quotations, reservations, and storage agreements.
  • To verify identity and help prevent fraud, misuse, and unauthorised access.
  • To process payments, issue invoices, and maintain financial records.
  • To provide access to storage facilities and maintain site security.
  • To communicate with you about your account, service changes, reminders, or important operational matters.
  • To handle complaints, disputes, and customer support requests.
  • To comply with legal, regulatory, tax, insurance, and record-keeping obligations.
  • To improve our services, systems, and customer experience.

We will not use your personal data for purposes that are incompatible with those stated in this policy unless we have a valid lawful basis and, where required, your consent.

4. Lawful Basis for Processing

Under GDPR, we must have a lawful basis to process your personal data. Depending on the situation, we rely on one or more of the following lawful bases:

Contract

We process your data where it is necessary to enter into or perform a contract with you. This includes setting up your storage account, providing services, managing payments, and fulfilling our obligations under the storage agreement.

Legal Obligation

We may process personal data where necessary to comply with laws and regulations, such as tax, accounting, identity verification, fraud prevention, and lawful requests from authorities.

Legitimate Interests

We may process personal data where it is necessary for our legitimate interests, provided those interests are not overridden by your rights and freedoms. Examples include protecting our premises, maintaining service records, improving operations, and managing customer relations. Where we rely on legitimate interests, we assess the impact on your privacy and ensure the processing is proportionate.

Consent

In limited cases, we may ask for your consent to process certain personal data. Where consent is used, you may withdraw it at any time. Withdrawal of consent does not affect processing that took place before consent was withdrawn.

5. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, including meeting legal, accounting, and operational requirements. Retention periods vary depending on the type of data and the reason for processing.

  • Customer account and contract records are usually kept for the duration of the relationship and for a reasonable period afterwards.
  • Financial records are retained for the period required by law, including tax and accounting obligations.
  • Security and access records are retained only as long as needed for site safety, incident review, or operational purposes.
  • Communication records may be kept to manage queries, resolve disputes, and demonstrate compliance.

When personal data is no longer needed, we will securely delete, anonymise, or destroy it in a safe and appropriate manner.

6. Processors and Data Sharing

We may share personal data with trusted third-party processors who help us operate our business and provide services. These parties act on our instructions and are required to protect your data.

Examples of processors may include:

  • IT and cloud service providers who support storage, system maintenance, and data security.
  • Payment processing providers who handle card payments and related financial transactions.
  • Accountancy and administration services that assist with bookkeeping, invoicing, and compliance.
  • Security service providers where required for monitoring, incident handling, or site protection.
  • Professional advisers such as legal, insurance, or audit advisers when needed for legitimate business purposes.

We may also disclose personal data where required by law, court order, or regulatory request, or where necessary to establish, exercise, or defend legal claims. We do not sell personal data.

7. International Transfers

If any of our processors store or access data outside the UK, we ensure appropriate safeguards are in place. These may include adequacy regulations, standard contractual clauses, or other legally approved transfer mechanisms. We take reasonable steps to ensure your personal data remains protected wherever it is processed.

8. Security of Your Data

We use appropriate technical and organisational measures to protect personal data against loss, misuse, unauthorised access, alteration, or disclosure. These measures may include access controls, secure systems, staff awareness, and restricted handling of sensitive records. While no system can be guaranteed completely secure, we aim to maintain a level of protection appropriate to the risks involved.

9. Your Rights

Under data protection law, you have several rights in relation to your personal data. These include:

  • Right of access - you can request a copy of the personal data we hold about you.
  • Right to rectification - you can ask us to correct inaccurate or incomplete data.
  • Right to erasure - you can ask us to delete your data in certain circumstances.
  • Right to restrict processing - you can ask us to limit how we use your data in certain situations.
  • Right to object - you can object to processing based on legitimate interests or direct marketing, where applicable.
  • Right to data portability - you can request certain data in a structured, commonly used format where processing is based on consent or contract and carried out by automated means.
  • Right to withdraw consent - where we rely on consent, you can withdraw it at any time.

You also have the right to lodge a complaint with the Information Commissioner’s Office if you believe your data protection rights have not been respected. We encourage you to raise any concerns with us first so we can try to resolve them promptly.

10. Children’s Data

Our storage services are intended for adults. We do not knowingly collect personal data from children except where it is incidentally provided in connection with a customer relationship and only where lawful and necessary. If we become aware that we have collected personal data from a child inappropriately, we will take reasonable steps to delete it.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in legal requirements, our services, or how we process personal data. Any updates will take effect when published or otherwise communicated. We encourage customers to review this policy periodically so they remain informed about how their information is handled.

12. Summary of Our Commitment

Southfields Storage will only collect and use personal data where we have a valid reason to do so, and we will always aim to be transparent, fair, and secure in our approach. We respect your rights, limit retention to what is necessary, and work only with processors that can provide appropriate safeguards. This policy applies to all Southfields Storage customers in area and is designed to support a trustworthy and lawful service.

Call Now!
Call Now Get a Quote
Southfields Storage

GDPR-compliant Privacy Policy for Southfields Storage covering data collection, lawful basis, retention, processors, and user rights.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.