Privacy Policy - Stmarycray Storage

This Privacy Policy explains how Stmarycray Storage collects, uses, stores, shares, and protects personal data relating to its customers in the area. It applies to all Stmarycray Storage customers in area, including prospective customers, current customers, and former customers, as well as any individuals whose personal data is processed in connection with storage services, account management, billing, access control, and site administration. We are committed to handling personal data in a lawful, fair, transparent, and secure manner in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Data We Collect

We collect only the personal data that is necessary for the operation and management of our storage services. The categories of personal data we may process include:

  • Identity data such as your name, title, and any identification details required for account verification.
  • Contact data such as postal address, email address, and telephone number.
  • Account data such as customer reference numbers, booking details, service preferences, and correspondence records.
  • Payment data such as billing information, payment status, invoices, and transaction records. We do not store full card details where payment processing is handled by a secure third-party provider.
  • Access and security data such as gate entry logs, CCTV footage, alarm records, key or access code records, and site attendance information where necessary for security and safety.
  • Communication data such as emails, call notes, complaint records, and any other information you provide when contacting us.
  • Usage data such as information about the storage unit rented, move-in and move-out dates, and service interactions.

We may also receive personal data from third parties where needed to provide our services, for example from payment processors, identity verification services, insurers, or legal and regulatory bodies. We aim to ensure that any third-party information is collected and used only where lawful and appropriate.

2. How We Use Your Data

We use personal data for the following purposes:

  • To set up and manage customer accounts.
  • To provide storage services and administer the rental agreement.
  • To process payments, invoices, refunds, and account adjustments.
  • To verify identity and prevent fraud, misuse, and unauthorized access.
  • To maintain the safety, security, and proper operation of our premises.
  • To communicate with customers about their account, service changes, or important notices.
  • To handle complaints, disputes, and insurance-related matters.
  • To comply with legal, tax, accounting, and regulatory obligations.
  • To establish, exercise, or defend legal claims.

We do not use personal data for unrelated purposes without ensuring that a lawful basis exists and, where required, that you have been informed or have given valid consent.

3. Lawful Basis for Processing

Under data protection law, we must have a lawful basis to process personal data. Depending on the context, Stmarycray Storage relies on one or more of the following lawful bases:

Contract

We process personal data where it is necessary to enter into or perform a contract with you, such as setting up your storage account, managing your unit, and collecting payments.

Legal obligation

We may process personal data where required to comply with applicable laws, including tax, accounting, fraud prevention, health and safety, and record-keeping requirements.

Legitimate interests

We may process personal data where it is necessary for our legitimate interests or those of a third party, provided that your rights and freedoms do not override those interests. This may include premises security, CCTV monitoring, debt recovery, service improvement, and protection against misuse of our facilities.

Consent

In limited situations, we may rely on your consent, for example where you have chosen to receive certain optional communications or where consent is otherwise required by law. When consent is used, you may withdraw it at any time.

4. Data Sharing and Processors

We may share personal data with carefully selected service providers and other third parties where necessary to deliver our services or meet legal requirements. Such parties act as processors or independent controllers, depending on the circumstances.

Typical processors and service providers may include:

  • IT and hosting providers who support our systems, data storage, and security.
  • Payment processors who handle card payments and related financial transactions.
  • Security providers who operate surveillance, alarm, or access control systems.
  • Administrative and customer service providers who help manage records, communications, and support tasks.
  • Professional advisers such as accountants, auditors, insurers, and legal advisers.
  • Debt recovery or enforcement partners where necessary to recover outstanding balances or enforce contractual rights.

We require processors to process personal data only on our documented instructions, to keep it secure, and to comply with applicable data protection law. Where personal data is disclosed to independent controllers, they are responsible for their own privacy practices.

We may also disclose personal data where required by law, court order, regulatory request, or to prevent fraud, protect the rights and safety of individuals, or defend legal claims.

5. International Transfers

If any of our processors or service providers transfer personal data outside the United Kingdom, we will ensure that appropriate safeguards are in place. These safeguards may include adequacy regulations, standard contractual clauses, or other lawful transfer mechanisms permitted under data protection law.

6. Data Retention

We keep personal data only for as long as necessary to fulfil the purposes for which it was collected, including any legal, accounting, insurance, or reporting requirements. Retention periods vary depending on the nature of the data and the reason for processing.

In general:

  • Customer account and contractual records are kept for the duration of the relationship and for a reasonable period afterward.
  • Payment and accounting records are kept for the period required by tax and financial regulations.
  • Security records, including CCTV footage and access logs, are retained only for as long as needed for safety, incident investigation, and operational purposes.
  • Complaint and dispute records may be retained until the issue is resolved and any associated limitation period has expired.

When personal data is no longer needed, we will securely delete, anonymise, or archive it in accordance with our retention practices.

7. Data Security

We use appropriate technical and organisational measures to protect personal data from unauthorized access, loss, misuse, alteration, or disclosure. These measures may include access controls, encryption, secure storage, staff training, and physical security arrangements. However, no system can be guaranteed to be completely secure, and you should take care when sharing information with us.

8. Your Rights

Subject to applicable law, you have the following rights in relation to your personal data:

  • Right of access - to request a copy of the personal data we hold about you.
  • Right to rectification - to ask us to correct inaccurate or incomplete data.
  • Right to erasure - to request deletion of your personal data in certain circumstances.
  • Right to restriction - to ask us to limit how we use your data in certain situations.
  • Right to data portability - to receive certain data in a structured, commonly used format where the legal conditions are met.
  • Right to object - to object to processing based on legitimate interests or direct marketing.
  • Right to withdraw consent - where processing is based on consent, you may withdraw it at any time.

You may also have the right to challenge automated decisions if such processing is used in a way that produces legal or similarly significant effects. Stmarycray Storage does not generally rely on fully automated decision-making in a way that produces such effects.

Please note that some rights are not absolute and may be limited by legal obligations, contractual requirements, or the need to protect the rights of others.

9. How to Exercise Your Rights

If you wish to exercise any of your rights, you should provide sufficient information to help us identify you and understand your request. We may need to verify your identity before responding. We will respond within the time limits required by law and may ask for clarification if your request is unclear or overly broad.

10. Children’s Data

Our storage services are intended for adults. We do not knowingly collect personal data from children for these services. If we become aware that we have inadvertently collected children’s data without a valid legal basis, we will take appropriate steps to remove or secure it.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or data handling practices. The most current version will apply to the processing of personal data. We encourage customers to review it periodically.

12. Complaints

If you have concerns about how we handle personal data, you have the right to raise a complaint with the relevant data protection supervisory authority in the United Kingdom. We encourage you to contact us first so we can address your concerns directly and, where possible, resolve the issue promptly.

Summary of our commitment: Stmarycray Storage processes personal data lawfully, securely, and only for legitimate business purposes connected with storage services, and this policy applies to all Stmarycray Storage customers in area.

Call Now!
Call Now Get a Quote
Stmarycray Storage

GDPR-compliant Privacy Policy for Stmarycray Storage covering data collection, lawful basis, retention, processors, and user rights for all customers in area.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.