Privacy Policy - Tottenhamgreen Storage

This Privacy Policy explains how Tottenhamgreen Storage collects, uses, shares, stores, and protects personal data relating to its customers. It applies to all Tottenhamgreen Storage customers in area, including prospective customers, current customers, former customers, and anyone who interacts with us in connection with our storage services.

We are committed to handling personal data in a lawful, fair, and transparent way, in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy should be read alongside any service agreement, booking terms, or related documents that apply to your use of our services.

1. Data We Collect

We only collect personal data that is necessary for providing storage services, managing our relationship with customers, meeting legal obligations, and protecting our legitimate business interests. The types of data we may collect include:

  • Identity data, such as your name, title, date of birth, and identity verification details.
  • Contact data, such as billing address, email address, telephone number, and correspondence details.
  • Account and service data, such as booking details, storage unit information, payment status, access records, and service preferences.
  • Financial data, such as payment card information, bank account details, invoicing records, and transaction history.
  • Security and access data, such as CCTV footage, entry logs, gate access records, alarm or incident reports, and site activity records.
  • Technical data, such as IP address, device identifiers, browser type, and usage information where you interact with our digital systems.
  • Communications data, such as emails, telephone call notes, complaints, feedback, and other messages you send to us.
  • Verification and compliance data, such as proof of identity, proof of address, and documentation required for anti-fraud, security, or regulatory purposes.

In limited cases, we may also process special category data or sensitive information if you voluntarily provide it or if it is necessary to protect legal claims, public security, or another permitted purpose under data protection law. Where we do so, we will ensure that an additional legal condition applies.

2. How We Use Personal Data

We use personal data for the following purposes:

  • to provide and administer storage services;
  • to create and manage customer accounts;
  • to verify identity and prevent fraud;
  • to process payments, refunds, and invoices;
  • to maintain site security and monitor access to storage facilities;
  • to respond to queries, complaints, and service requests;
  • to comply with legal and regulatory obligations;
  • to enforce contracts, recover debts, and resolve disputes;
  • to improve our services, operations, and customer experience;
  • to protect our business, staff, customers, and property;
  • to send service-related notices and administrative communications.

We do not use personal data for purposes that are incompatible with those listed above unless we have a valid legal basis and, where required, notified you appropriately.

3. Lawful Basis for Processing

We process personal data only where we have a lawful basis under data protection law. Depending on the circumstances, we rely on one or more of the following lawful bases:

Performance of a contract

We process data when it is necessary to enter into or perform a contract with you, including managing bookings, delivering storage services, taking payment, and handling account administration.

Legal obligation

We process data where required to meet legal duties, such as tax and accounting obligations, identity verification, fraud prevention, health and safety compliance, and responding to lawful requests from public authorities.

Legitimate interests

We may process data where it is necessary for our legitimate interests or those of a third party, provided your rights do not override those interests. This may include site security, CCTV monitoring, preventing misuse of our facilities, managing business records, and improving services. We always assess whether such processing is proportionate and necessary.

Consent

In some situations, we may rely on your consent, for example where the law requires it or where we choose to use certain optional services. If we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

Vital interests and public task

These bases are unlikely to apply in ordinary storage services, but we may use them in exceptional circumstances where necessary to protect life or where required by law.

4. Retention of Personal Data

We keep personal data only for as long as it is needed for the purpose for which it was collected, including for legal, accounting, tax, insurance, dispute resolution, and security requirements. Retention periods vary depending on the type of data and the reason for holding it.

  • Customer account and contract records are usually retained for the duration of the relationship and for a reasonable period afterwards.
  • Financial and accounting records are retained for the period required by tax and accounting laws.
  • Security records, including CCTV and access logs, are retained for a limited period unless needed longer for an investigation or legal claim.
  • Correspondence and complaints may be retained for as long as necessary to manage the matter and maintain records of decisions.

When personal data is no longer required, we will delete, anonymise, or securely destroy it. Where deletion is not immediately possible, for example because data is stored in backups, we will isolate it from further use until it can be deleted in line with our retention practices.

5. Processors and Data Sharing

We may share personal data with trusted third parties who act as data processors or, in some cases, independent controllers. We only share data when necessary and we require appropriate contractual safeguards.

Processors may include:

  • Payment service providers that process card or bank transactions.
  • IT and cloud service providers that host systems, back up data, or maintain security infrastructure.
  • Security providers that support CCTV, access control, alarm monitoring, or incident response.
  • Professional advisers such as accountants, auditors, insurers, legal advisers, and consultants.
  • Administrative service providers that help with communications, document management, or customer support.

We may also disclose personal data to law enforcement, regulators, courts, debt recovery agencies, or other authorities where required by law or where necessary to establish, exercise, or defend legal claims. If a processor or third party handles data on our behalf, we ensure they are subject to confidentiality, security, and data protection obligations. They may only process data in accordance with our instructions unless they are independently responsible for their own lawful processing.

6. International Transfers

If personal data is transferred outside the UK, we will take appropriate steps to ensure it remains protected to a standard essentially equivalent to UK GDPR requirements. This may include using adequacy regulations, standard contractual clauses, or other lawful safeguards. Where relevant, we will assess the security and legal environment of the destination country before allowing transfer.

7. Security Measures

We use appropriate technical and organisational measures to protect personal data from unauthorised access, loss, alteration, destruction, or disclosure. These measures may include access controls, encryption, secure storage, staff confidentiality obligations, monitoring systems, and regular security review. While no system is completely secure, we work to maintain a level of protection appropriate to the risks involved.

8. Your Rights

Under data protection law, you have several rights in relation to your personal data. These rights may apply in full or in part depending on the legal basis for processing and the circumstances of your request.

  • Right of access – you may ask for a copy of the personal data we hold about you.
  • Right to rectification – you may request correction of inaccurate or incomplete data.
  • Right to erasure – you may request deletion of data in certain circumstances.
  • Right to restrict processing – you may ask us to limit how we use your data in some cases.
  • Right to data portability – where applicable, you may request a copy of certain data in a structured, commonly used format.
  • Right to object – you may object to processing based on legitimate interests or direct marketing.
  • Right to withdraw consent – where we rely on consent, you may withdraw it at any time.
  • Rights related to automated decision-making – you have protections if decisions are made solely by automated means with legal or similarly significant effects.

We may need to verify your identity before responding to a request. We will respond within the time limits required by law and may refuse or limit a request where permitted by law, for example if disclosure would adversely affect others’ rights or legal obligations.

9. Children’s Data

Our services are intended for adults. We do not knowingly collect personal data from children unless it is necessary in a lawful context, such as emergency contact information or a lawful representative arrangement. If we become aware that we have collected data from a child without appropriate authority, we will take reasonable steps to delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, operations, or data handling practices. When changes are made, the updated policy will apply from the date it is published or otherwise communicated. We encourage customers to review it periodically to stay informed about how their data is used.

11. Further Information

If you have concerns about how your personal data is handled, you have the right to raise those concerns with the relevant data protection authority. We also encourage you to contact us directly first so that we can attempt to resolve the matter promptly and fairly. Tottenhamgreen Storage values privacy and aims to handle all personal data responsibly, securely, and in line with applicable law.

Call Now!
Call Now Get a Quote
Tottenhamgreen Storage

GDPR-compliant privacy policy for Tottenhamgreen Storage covering data collection, lawful basis, retention, processors, and user rights for all customers in area.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.