Privacy Policy - Selfstorage Tooting

This Privacy Policy explains how Selfstorage Tooting collects, uses, shares, stores, and protects personal data in connection with our storage services. It applies to all Selfstorage Tooting customers in the local area and to anyone who enquires about or uses our services. We are committed to handling personal information in a lawful, fair, and transparent manner in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who this policy applies to

This policy applies to all Selfstorage Tooting customers in area, including individuals, business customers, authorised representatives, and prospective customers who contact us, request a quote, visit our facilities, sign a storage agreement, or use our services in any way. It also applies where we process personal data on behalf of customers where necessary to provide safe and secure storage services.

2. Information we collect

We collect only the personal data that is relevant and necessary for operating our storage services, managing accounts, and meeting legal obligations. Depending on your relationship with us, we may collect the following categories of information:

  • Identity details such as name, date of birth, and title.
  • Contact details such as address, email address, and telephone number.
  • Account and contract information including storage unit details, booking records, payment status, and agreement history.
  • Payment information such as partial card details, transaction references, billing records, and invoicing details.
  • Identification documents where needed for verification, fraud prevention, or legal compliance.
  • Access and security records including entry logs, CCTV images, alarm records, and incident reports.
  • Communications such as emails, complaint records, call notes, and customer service correspondence.
  • Technical data where applicable, such as device information or website usage data collected through security and performance tools.

We do not intentionally collect special category data unless you provide it to us voluntarily or it is required by law or in the context of a security incident. If such data is received, we will handle it with appropriate safeguards and only where a lawful basis exists.

3. How we use personal data

We use personal data for the following purposes:

  • to register and manage customer accounts;
  • to provide and administer storage services;
  • to process payments, refunds, and invoices;
  • to verify identity and prevent fraud;
  • to maintain security, monitor premises, and protect property;
  • to communicate about bookings, renewals, account issues, and service changes;
  • to handle complaints, queries, and disputes;
  • to comply with tax, accounting, insurance, and regulatory obligations;
  • to improve our services, internal processes, and customer experience;
  • to establish, exercise, or defend legal claims where necessary.

We will only use personal data for the purpose for which it was collected, unless we reasonably consider that we need to use it for a compatible purpose or where the law allows otherwise.

4. Lawful basis for processing

We process personal data only where we have a valid lawful basis under UK GDPR. The main bases we rely on are:

Contract

We process your data where it is necessary to enter into or perform a contract with you, such as creating your account, providing storage services, managing access, and handling payments.

Legal obligation

We process data where required to comply with legal duties, such as accounting, tax records, fraud prevention, safety obligations, or responding to lawful requests from public authorities.

Legitimate interests

We may process data where it is necessary for our legitimate interests, provided your rights do not override those interests. This includes protecting our property, maintaining security, preventing misuse, improving operations, and managing business risk. We balance these interests against your privacy rights before relying on this basis.

Consent

Where required, we will ask for your consent before processing your data. If you give consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing carried out before consent was withdrawn.

Vital interests and legal claims

In exceptional situations, we may process data to protect someone’s vital interests or to establish, exercise, or defend legal claims.

5. Sharing personal data and processors

We may share personal data with trusted third parties where necessary to operate our services, protect our business, or meet legal obligations. These third parties act as processors or, in some cases, as independent controllers.

Typical processors may include:

  • Payment service providers that handle card transactions and billing support;
  • IT and cloud service providers that store data, maintain systems, or support communications;
  • Security providers that manage alarms, CCTV systems, and access control;
  • Accountants and bookkeeping providers that assist with financial records;
  • Customer support and software vendors that help manage bookings or messaging;
  • Professional advisers such as lawyers, insurers, and auditors;
  • Public authorities where disclosure is required by law.

Where we use processors, we ensure they are bound by written contracts requiring them to process personal data only on our instructions, keep it secure, and comply with data protection law. We do not sell your personal data.

6. International transfers

If any personal data is transferred outside the UK, we will ensure appropriate safeguards are in place, such as an adequacy regulation, standard contractual clauses, or another lawful transfer mechanism recognised under UK data protection law.

7. Data retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including any legal, accounting, tax, security, or dispute-resolution requirements. Retention periods vary depending on the type of information and the reason it is held.

  • Customer and contract records are generally kept for the duration of the service relationship and for a reasonable period afterwards.
  • Financial and tax records are kept for the period required by law.
  • Security records, including CCTV and access logs, are kept only for as long as necessary for security, investigation, or incident management.
  • Enquiry records may be kept for a shorter period if no contract is formed.

When data is no longer required, we will securely delete, destroy, or anonymise it.

8. Security of your data

We take appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure. These measures may include access controls, encryption where suitable, secure storage, staff training, and regular review of our security practices. While no system can be guaranteed as completely secure, we work to reduce risk and respond promptly to any suspected incident.

9. Your rights under GDPR

You have a number of rights in relation to your personal data. Subject to legal limits and verification of identity, you may have the right to:

  • Access the personal data we hold about you;
  • Rectify inaccurate or incomplete data;
  • Erase your data in certain circumstances;
  • Restrict how we process your data in certain situations;
  • Object to processing based on legitimate interests;
  • Data portability for data you provided to us in a structured, commonly used format where applicable;
  • Withdraw consent where processing is based on consent;
  • Complain to the Information Commissioner’s Office if you believe your rights have been infringed.

We may need to retain some data where required by law or where we have overriding legitimate grounds to continue processing.

10. Children’s data

Our services are generally intended for adults. We do not knowingly collect personal data from children unless it is necessary in connection with a lawful service arrangement and appropriate safeguards are in place.

11. Changes to this Privacy Policy

We may update this policy from time to time to reflect changes in our services, legal duties, or privacy practices. Any updated version will apply from the date it is issued. We encourage customers to review this policy periodically so they remain informed about how their data is handled.

12. Summary of our commitment

Selfstorage Tooting is committed to using personal data responsibly, minimising what we collect, keeping it secure, and ensuring that processing is lawful and transparent. We recognise the importance of privacy and take our responsibilities seriously for every customer in the area. If you use our services, you can expect us to handle your information with care, purpose, and respect for your rights.

Call Now!
Call Now Get a Quote
Selfstorage Tooting

GDPR-compliant Privacy Policy for Selfstorage Tooting covering data collection, lawful basis, retention, processors, and user rights.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.