Privacy Policy - Eltham Storage

Eltham Storage is committed to protecting the privacy and personal data of all customers in the area. This Privacy Policy explains how we collect, use, store, share, and protect personal information in accordance with the UK GDPR and the Data Protection Act 2018. It applies to all Eltham Storage customers in area, including prospective customers, current customers, account holders, and individuals who interact with us in connection with storage services.

1. Who We Are

For the purposes of data protection law, Eltham Storage acts as the data controller for the personal data described in this Privacy Policy. This means we decide how and why your personal data is processed. We are responsible for ensuring that your information is handled lawfully, fairly, and transparently.

2. Information We Collect

We may collect and process different categories of personal data depending on the services you use and the way you interact with us. This may include:

  • Identity information such as your name, date of birth, and identification details.
  • Contact information such as your address, email address, and telephone number.
  • Account and contract information such as booking details, storage unit reference, payment status, and service history.
  • Payment information such as billing records and partial payment details. We do not normally store full card details where payments are processed securely by third-party providers.
  • Access and security information such as entry logs, CCTV footage, and incident reports where applicable.
  • Communication records such as emails, phone notes, and other correspondence.
  • Technical information such as device and usage data if you interact with us through digital systems.

We only collect information that is relevant and necessary for providing storage services, managing customer relationships, maintaining security, and meeting legal obligations. We do not intentionally collect special category data unless it is required by law or you choose to provide it for a specific reason.

3. How We Use Your Personal Data

We use personal data for the following purposes:

  • To register and manage customer accounts.
  • To provide storage services and administer contracts.
  • To process payments, refunds, and account balances.
  • To verify identity and prevent fraud.
  • To maintain site safety, security, and operational integrity.
  • To communicate with you about your account, service updates, or important notices.
  • To handle complaints, claims, or disputes.
  • To comply with legal and regulatory obligations.

We only process personal data for specific, explicit, and legitimate purposes. We do not use your information in ways that are incompatible with those purposes.

4. Lawful Basis for Processing

Under data protection law, we must have a lawful basis to process personal data. Depending on the context, we rely on one or more of the following bases:

Contract

We process your data where it is necessary to enter into or perform a contract with you. This includes setting up your account, managing your storage unit, issuing invoices, and delivering related services.

Legal Obligation

We may process data where necessary to comply with legal requirements, such as tax, accounting, fraud prevention, or lawful requests from public authorities.

Legitimate Interests

We may process personal data where it is necessary for our legitimate interests, provided your rights and freedoms do not override those interests. This may include site security, business administration, customer support, and internal record keeping. When we rely on legitimate interests, we consider whether the processing is proportionate and whether it has a minimal impact on your privacy.

Consent

In some situations, we may rely on your consent, for example for certain optional communications or non-essential data processing. Where consent is used, you have the right to withdraw it at any time.

5. Sharing and Processors

We may share personal data with trusted third parties where necessary for the operation of our business. These third parties act as processors or independent controllers depending on the services they provide.

Examples of processors may include:

  • Payment service providers that securely process card or electronic payments.
  • IT and cloud service providers that host, store, or maintain our systems.
  • Security service providers that support CCTV, alarm, or access control systems.
  • Professional advisers such as accountants, auditors, legal advisers, or insurers.
  • Maintenance and operational contractors who require limited access to personal data to carry out services.

All processors are required to handle personal data securely, only on our instructions, and in compliance with applicable data protection law. We do not sell personal data. Where data is shared with an independent controller, such as a regulator or law enforcement body, that organisation is responsible for its own processing.

6. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, and reporting requirements. Retention periods depend on the type of information and the reason for processing.

  • Customer account records are generally kept for the duration of the relationship and for a reasonable period afterwards.
  • Financial and tax records may be retained for the period required by law.
  • Security records such as access logs or CCTV footage are kept only as long as needed for safety, investigation, or prevention purposes.
  • Correspondence and complaint records may be retained to evidence actions taken and resolve disputes.

When data is no longer required, we will delete it securely or anonymise it so that it can no longer identify you. Retention is reviewed regularly to ensure we do not keep information longer than necessary.

7. Security of Your Information

We use appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure. These measures may include access controls, secure systems, staff training, and physical security procedures.

Although we take data security seriously, no system can be guaranteed to be completely secure. If a personal data breach occurs that is likely to result in a risk to your rights and freedoms, we will respond in line with legal requirements.

8. Your Rights

As a data subject, you have rights under the UK GDPR in relation to your personal data. These rights may include:

  • Right of access – to request a copy of the personal data we hold about you.
  • Right to rectification – to ask us to correct inaccurate or incomplete information.
  • Right to erasure – to request deletion of your data in certain circumstances.
  • Right to restriction – to ask us to limit how we use your data in certain situations.
  • Right to data portability – to request transfer of data you provided to us in a structured format, where applicable.
  • Right to object – to object to processing based on legitimate interests or direct marketing.
  • Right to withdraw consent – where processing is based on consent, you may withdraw it at any time.

If you exercise any of these rights, we may need to verify your identity before responding. Some rights are subject to legal conditions and may not apply in every case. We will respond within the timeframe required by law.

9. Automated Decision-Making

We do not normally use fully automated decision-making that has legal or similarly significant effects on customers. If this changes, we will update this policy and provide appropriate information about the process involved and your rights.

10. Children’s Data

Our storage services are intended for adults. We do not knowingly collect personal data from children unless it is provided incidentally in connection with an adult customer relationship or legal obligation. If we become aware that we have collected data from a child without appropriate basis, we will take reasonable steps to delete it.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in law, business practices, or operational needs. The most current version will apply to your use of Eltham Storage services. We encourage customers to review this policy periodically so they remain informed about how their personal data is handled.

12. Summary of Key Principles

Eltham Storage processes personal data lawfully, fairly, and transparently. We collect only what is needed, use it for clear purposes, keep it secure, share it only with trusted processors or where required by law, and retain it only for as long as necessary. We also respect your rights and aim to make it easy for all customers in area to understand how their information is used.

This Privacy Policy applies to all Eltham Storage customers in area.

Call Now!
Call Now Get a Quote
Eltham Storage

GDPR-compliant Privacy Policy for Eltham Storage covering data collection, lawful basis, retention, processors, and user rights for all customers in area.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.