Privacy Policy - Chiswick Storage

This Privacy Policy explains how Chiswick Storage collects, uses, stores, shares, and protects personal data in connection with storage services. It applies to all Chiswick Storage customers in the area, including prospective customers, account holders, individuals named on rental agreements, and any person who communicates with us about our services. We are committed to handling personal data in a lawful, fair, and transparent manner in accordance with the UK GDPR and the Data Protection Act 2018.

1. Who We Are

For the purposes of data protection law, Chiswick Storage acts as the data controller for the personal data we collect and use in the course of providing storage services. This means we determine the purposes and means of processing your personal data.

We recognise the importance of privacy and aim to process only the information that is necessary to manage enquiries, enter into contracts, provide storage services, maintain security, meet legal obligations, and improve our operations.

2. Personal Data We Collect

We collect and process personal data directly from you, from documents you provide, from our records, and in some cases from third parties where permitted by law. The categories of data may include:

  • Identity information such as your name, date of birth, and proof of identity where required.
  • Contact details such as address, telephone number, and email address.
  • Contract and account information including storage unit details, rental dates, payment status, and correspondence relating to your account.
  • Payment information such as bank or card-related transaction records, although full card details are usually processed by payment providers rather than stored by us.
  • Security records such as access logs, CCTV images, and incident reports where applicable for site protection.
  • Communications data including enquiries, complaints, feedback, and messages exchanged with our team.
  • Technical information if you use any digital systems we operate, such as device or browser information and limited usage logs.

We do not intentionally collect special category data unless it is necessary and lawful to do so, for example if you voluntarily provide information relevant to a claim or complaint. Where such data is processed, we apply additional safeguards.

3. How We Use Your Data

We use personal data for the following purposes:

  • to assess enquiries and provide quotations or storage availability;
  • to enter into and manage rental agreements;
  • to verify identity and prevent fraud;
  • to process payments, deposits, fees, refunds, and account adjustments;
  • to maintain the security of our facilities, staff, customers, and stored goods;
  • to handle complaints, disputes, insurance-related matters, or legal claims;
  • to comply with tax, accounting, and other legal obligations;
  • to improve our services, systems, and customer experience;
  • to send service-related communications, including notices about your account or site operations.

We only use your data where we have a valid lawful basis and where the use is compatible with the original purpose for which it was collected.

4. Lawful Basis for Processing

Under UK GDPR, we rely on different lawful bases depending on the activity involved:

Contract

We process personal data where it is necessary to perform a contract with you or to take steps at your request before entering into a contract. This includes setting up your storage account, managing access, collecting payments, and providing customer support.

Legal Obligation

We may process data to meet legal obligations, such as record-keeping, tax compliance, fraud prevention, and responding to lawful requests from authorities.

Legitimate Interests

We may process data where it is necessary for our legitimate interests, provided your interests and rights do not override ours. These interests include protecting our premises and customers, preventing misuse of our services, resolving disputes, and improving our operations. We conduct balancing assessments where appropriate.

Consent

In limited cases, we may rely on consent, for example for certain optional marketing activities or the use of non-essential cookies where applicable. Where consent is used, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

5. Retention of Personal Data

We keep personal data only for as long as necessary for the purposes for which it was collected, or as required by law. Retention periods depend on the type of information and the reason for holding it.

  • Account and contract records are generally kept for the duration of the relationship and for a reasonable period afterwards.
  • Financial and tax records are retained in line with statutory accounting and tax requirements.
  • Security records, including access records and CCTV images, are kept for a limited period unless needed for an investigation or legal claim.
  • Correspondence and complaint records are retained for as long as necessary to resolve the matter and for evidence of proper handling.

When personal data is no longer required, we will securely delete, anonymise, or archive it in accordance with our retention practices.

6. Sharing Personal Data and Processors

We may share personal data with trusted third parties where necessary and lawful. These third parties may act as processors or, in some circumstances, as separate controllers. Processors only act on our instructions and are subject to contractual obligations to protect personal data.

Examples of processors may include:

  • IT and cloud service providers that host or support our systems;
  • payment processing providers that handle transactions;
  • security service providers, including alarm monitoring or CCTV support;
  • document storage, administrative, and communications service providers;
  • professional advisers such as accountants, auditors, or legal advisers where required.

We may also disclose personal data to law enforcement, regulators, insurers, courts, or other parties where we are required to do so by law or where disclosure is necessary to protect our rights, customers, staff, or property.

We do not sell your personal data. Where transfers outside the UK are necessary, we will ensure appropriate safeguards are in place in accordance with applicable data protection law.

7. Data Security

We take appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, destruction, or disclosure. These measures may include restricted access controls, staff confidentiality obligations, secure storage systems, password protection, and regular review of security processes.

Although no system can be guaranteed to be completely secure, we work to reduce risk and respond promptly to suspected breaches. If a personal data breach occurs and is likely to result in a high risk to your rights and freedoms, we will take action in line with legal requirements.

8. Your Rights

You have a number of rights under data protection law, subject to certain conditions and exemptions. These include:

  • Right of access – to request a copy of the personal data we hold about you.
  • Right to rectification – to ask us to correct inaccurate or incomplete data.
  • Right to erasure – to request deletion of your data where there is no valid reason for us to keep it.
  • Right to restrict processing – to ask us to limit how we use your data in certain circumstances.
  • Right to object – to object to processing based on legitimate interests or direct marketing.
  • Right to data portability – to receive certain data in a structured, commonly used format where applicable.
  • Right to withdraw consent – where processing is based on consent.

You also have the right to lodge a complaint with the Information Commissioner’s Office if you are concerned about how your personal data has been handled. We encourage you to raise any concerns with us first so we can try to resolve them promptly.

9. Children’s Data

Our storage services are intended for adults and business users. We do not knowingly collect personal data from children in the ordinary course of business. If we become aware that we have collected a child’s personal data without appropriate consent or lawful basis, we will take steps to address it.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in the law, our practices, or our services. Any updated version will apply from the date it is published or otherwise communicated. We encourage you to review this policy periodically to stay informed about how we protect your data.

Summary of our approach: collect only necessary data, use it lawfully, retain it for limited periods, share it securely with processors, and respect your rights at all times.

Call Now!
Call Now Get a Quote
Chiswick Storage

GDPR-compliant privacy policy for Chiswick Storage covering data collection, lawful basis, retention, processors, and user rights.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.