Privacy Policy - Selfstorage Sutton

This Privacy Policy explains how Selfstorage Sutton collects, uses, stores, shares, and protects personal data relating to customers, prospective customers, visitors, and other individuals whose information we process in connection with our storage services. It applies to all Selfstorage Sutton customers in the area and to anyone who interacts with our services in the course of making enquiries, entering into a storage agreement, managing a unit, or using related facilities and services.

We are committed to handling personal data in a lawful, fair, and transparent way in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy is designed to help you understand what information we collect, why we collect it, how long we keep it, who may process it on our behalf, and the rights you have over your personal information.

1. Data We Collect

We only collect personal data that is necessary for the operation of our storage services, for legal compliance, and for legitimate business administration. The types of information we may collect include:

  • Identity details such as your name, date of birth, and, where required, proof of identity documents.
  • Contact details such as postal address, email address, and telephone number.
  • Contract and account information including storage unit number, rental dates, payment status, billing records, and communication preferences.
  • Payment information such as bank account details, card transaction references, and payment history. We do not intentionally store full card security codes.
  • Security and access information such as CCTV records, gate access logs, sign-in records, key or access code usage, and incident reports.
  • Correspondence including emails, letters, complaint details, service requests, and notes from phone calls or in-person discussions.
  • Technical information where you use our online systems, such as IP address, device details, cookies, and browser data, if applicable.

We generally collect personal data directly from you when you make an enquiry, sign a storage agreement, pay invoices, submit a request, or communicate with us. In some cases, we may also receive data from third parties such as payment providers, fraud prevention services, legal representatives, insurers, or public authorities.

2. How We Use Your Personal Data

We use personal data only where permitted by law and only for specified purposes. These purposes may include:

  • providing storage services and managing your account;
  • verifying identity and preventing unauthorised access;
  • processing payments, issuing invoices, and managing arrears;
  • communicating with you about your storage agreement and related matters;
  • maintaining security, including use of CCTV and access control;
  • handling complaints, incidents, disputes, and claims;
  • meeting legal, tax, accounting, insurance, and regulatory obligations;
  • protecting our business, staff, customers, property, and lawful interests;
  • improving our services, systems, and operational efficiency;
  • keeping records required for administration and audit purposes.

We do not sell personal data. Any use of your data will be limited to the purposes described in this policy or to other purposes that are compatible with those purposes and permitted by law.

3. Lawful Basis for Processing

Under GDPR, we must have a lawful basis for each type of processing. Depending on the circumstances, Selfstorage Sutton may process your personal data on one or more of the following bases:

Contract

We process personal data where it is necessary to enter into or perform a contract with you. This includes creating your account, administering your storage unit, handling payments, and delivering the services you have requested.

Legal obligation

We may process personal data when required to comply with legal obligations, such as accounting rules, tax requirements, identity verification obligations, fraud prevention, and lawful requests from authorities.

Legitimate interests

We may process personal data where it is necessary for our legitimate interests and where those interests are not overridden by your rights and freedoms. Examples include protecting our premises, preventing crime, managing business records, enforcing agreements, and improving service quality. Where we rely on legitimate interests, we assess the impact on your privacy and apply appropriate safeguards.

Consent

In limited situations, we may rely on your consent, for example for certain marketing communications or non-essential cookies if used. Where consent is relied upon, you may withdraw it at any time, and withdrawing consent will not affect the lawfulness of processing carried out before withdrawal.

4. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including to meet legal, accounting, and reporting requirements. The exact retention period depends on the type of information and the reason it is held.

  • Customer and contract records are usually kept for the duration of the agreement and for a period afterwards to deal with disputes, claims, or regulatory requirements.
  • Financial records are typically retained for the periods required by tax and accounting law.
  • Security records such as CCTV footage and access logs are kept for a limited period unless needed for investigation, enforcement, or legal proceedings.
  • Correspondence and complaint records may be retained for as long as necessary to resolve the matter and to demonstrate compliance.

When data is no longer required, it is securely deleted, anonymised, or otherwise disposed of in a safe and appropriate manner. Retention periods may vary depending on legal obligations and operational needs.

5. Processors and Sharing of Data

We may share personal data with trusted third parties who act as processors or independent controllers, but only where necessary and with appropriate safeguards. Processors act on our instructions and are contractually required to protect your data.

  • Payment processors that handle card or bank payment transactions;
  • IT and software providers that support booking, account, communication, backup, and security systems;
  • Security service providers that support CCTV, alarms, or access control;
  • Professional advisers such as accountants, auditors, insurers, legal advisers, and debt recovery specialists;
  • Regulatory, law enforcement, or public authorities where disclosure is required by law or needed to protect rights and interests.

We ensure that any processor we use has suitable technical and organisational measures in place. Where personal data is transferred outside the UK, we will take steps to ensure that appropriate safeguards are in place in line with data protection law.

6. Your Rights

Under data protection law, you have several rights in relation to your personal data. These rights may be subject to legal conditions and exceptions.

  • Right of access – you can request a copy of the personal data we hold about you.
  • Right to rectification – you can ask us to correct inaccurate or incomplete information.
  • Right to erasure – in certain circumstances, you can request deletion of your data.
  • Right to restriction – you can ask us to limit how we use your data in certain situations.
  • Right to object – you can object to processing based on legitimate interests and to direct marketing.
  • Right to data portability – where applicable, you can request your data in a structured, commonly used format.
  • Right to withdraw consent – where we rely on consent, you may withdraw it at any time.

If you wish to exercise any of these rights, we will respond within the legal time frame and may need to verify your identity before acting on your request. You also have the right to complain to the UK Information Commissioner's Office if you believe your data has been handled unlawfully or unfairly.

7. Security of Personal Data

We use appropriate technical and organisational measures to protect personal data from unauthorised access, alteration, disclosure, loss, or destruction. These measures may include access controls, staff training, secure storage, activity logging, and regular review of systems and procedures. While we take reasonable steps to protect data, no system can be guaranteed to be completely secure.

8. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in legal requirements, operational practices, or service improvements. The most current version will apply to our processing of personal data. We encourage customers to review this policy periodically to stay informed about how we protect privacy and manage personal data.

Summary of commitment: Selfstorage Sutton handles personal data responsibly, lawfully, and only for clear business, contractual, and legal purposes, while respecting the rights of every customer in the area.

Call Now!
Call Now Get a Quote
Selfstorage Sutton

GDPR-compliant Privacy Policy for Selfstorage Sutton covering data use, lawful basis, retention, processors, security, and user rights for all local customers.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.