Privacy Policy - Selfstorage Canarywharf
This Privacy Policy explains how Selfstorage Canarywharf collects, uses, stores, shares, and protects personal data in connection with our storage services. It applies to all Selfstorage Canarywharf customers in the area, including prospective customers, current customers, former customers, and individuals who contact us on behalf of a customer. We are committed to handling personal data fairly, lawfully, and transparently in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable privacy laws.
1. Personal Data We Collect
We collect only the personal data that is necessary for operating our storage services, meeting legal requirements, and managing our relationship with you. The categories of data we may collect include:
- Identity information: name, date of birth, and identification details where required for verification.
- Contact information: postal address, email address, and telephone number.
- Account and contract information: storage unit details, booking records, contract terms, payment status, and service preferences.
- Payment information: billing details and transaction records. We do not store full card details where payment processing is handled securely by a payment provider.
- Security information: CCTV footage, access logs, and records of site entry or exit where such systems are in use.
- Communications: correspondence, complaints, enquiries, and notes from conversations relating to your account or service use.
- Technical data: limited data such as device, browser, and usage information when you interact with digital systems used to manage services.
We generally do not seek to collect special category data. If such data is provided to us inadvertently, we will handle it in accordance with applicable law and only where a lawful basis exists.
2. How We Use Personal Data
We use personal data for the following purposes:
- to set up and manage storage agreements;
- to verify identity and prevent fraud;
- to process payments, deposits, refunds, and billing;
- to provide customer service and handle enquiries or complaints;
- to maintain site safety, security, and access control;
- to comply with legal, regulatory, tax, and accounting obligations;
- to enforce our terms and protect our legal rights;
- to maintain accurate business records and improve our services.
We will not use your personal data for purposes that are incompatible with those set out in this Privacy Policy unless we are required or permitted to do so by law.
3. Lawful Basis for Processing
We only process personal data where we have a lawful basis under data protection law. Depending on the context, we rely on one or more of the following bases:
Contract
We process personal data where it is necessary to enter into or perform a contract with you, such as managing your storage space, processing payments, and delivering agreed services.
Legal obligation
We process certain data to meet legal and regulatory obligations, including accounting, tax, fraud prevention, health and safety, and lawful requests from authorities.
Legitimate interests
We may process data where it is necessary for our legitimate interests, provided those interests are not overridden by your rights and freedoms. This may include protecting our premises, preventing misuse of services, improving operations, and managing business records. When relying on legitimate interests, we consider the potential impact on you and take steps to minimise any intrusion.
Consent
In limited situations, we may rely on your consent, for example for certain optional communications. Where consent is used, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.
4. Data Sharing and Processors
We may share personal data with trusted third parties that help us operate our business. These third parties act either as processors or independent controllers, depending on the service provided.
- Payment service providers: to process payments securely.
- IT and cloud service providers: to host systems, store records, and support operational software.
- Security providers: to maintain alarms, access systems, and CCTV-related services.
- Professional advisers: such as accountants, insurers, auditors, or legal advisers where necessary.
- Public authorities: where disclosure is required by law or necessary to establish, exercise, or defend legal claims.
Where we use processors, we require them to process personal data only on our documented instructions, keep it secure, and use appropriate technical and organisational measures. They are not permitted to use your data for their own independent purposes.
We do not sell personal data. Any sharing is limited to what is necessary for the purposes described in this policy.
5. International Transfers
If personal data is transferred outside the UK, we will ensure that appropriate safeguards are in place, such as adequacy regulations or approved contractual safeguards. These measures are designed to protect your data to the same standard expected under UK GDPR.
6. Data Retention
We keep personal data only for as long as necessary for the purposes for which it was collected, including satisfying legal, accounting, security, and business requirements. Retention periods depend on the type of data and the reason for holding it.
- Contract and account records: retained for the duration of the relationship and for a reasonable period afterwards.
- Payment and accounting records: retained for the period required by tax and financial laws.
- Security records: such as CCTV footage and access logs, retained only as long as needed for security, incident investigation, or legal purposes.
- Correspondence and complaints: retained for as long as necessary to resolve issues and meet legal obligations.
When data is no longer needed, we will delete, anonymise, or securely destroy it. Retention periods may be extended where necessary to deal with legal claims or compliance obligations.
7. Data Security
We use appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure. These measures may include access controls, secure storage, staff confidentiality obligations, and regular review of security practices. While no system can be guaranteed completely secure, we take data protection seriously and continually work to reduce risk.
8. Your Data Protection Rights
Under data protection law, you may have the following rights in relation to your personal data:
- Right of access: to request a copy of the personal data we hold about you.
- Right to rectification: to ask us to correct inaccurate or incomplete data.
- Right to erasure: to ask us to delete your data in certain circumstances.
- Right to restriction: to request limited processing in certain situations.
- Right to object: to object to processing based on legitimate interests or direct marketing.
- Right to data portability: to request transfer of certain data in a commonly used format where applicable.
- Right to withdraw consent: where processing is based on consent, you may withdraw it at any time.
These rights are not absolute and may be subject to legal exceptions. If you exercise a right, we may need to verify your identity before responding. We will respond within the time limits required by law.
9. Automated Decision-Making
We do not use personal data for decisions that produce legal or similarly significant effects based solely on automated processing, unless we have informed you and the law permits it. If this ever changes, we will provide appropriate information and safeguards.
10. Children’s Data
Our services are intended for adults. We do not knowingly collect personal data from children unless it is necessary in connection with a customer’s account or legal obligation. If we become aware that we have collected data from a child without appropriate authority, we will take steps to delete it where required.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or data protection practices. The updated version will apply from the date it is published or otherwise made available. We encourage customers to review it periodically to stay informed about how their personal data is handled.
12. Contact and Complaints
If you have questions about this Privacy Policy or wish to exercise your rights, you may raise your request through the usual customer service channels used for account administration. You also have the right to complain to the UK data protection supervisory authority if you believe your rights have been infringed.
Summary: Selfstorage Canarywharf processes customer data lawfully, securely, and transparently for storage services, security, compliance, and legitimate business needs.