Privacy Policy - Crewshill Storage

This Privacy Policy explains how Crewshill Storage collects, uses, stores, shares, and protects personal data in connection with its storage services and related operations. It applies to all Crewshill Storage customers in the area, including prospective customers, account holders, and individuals who communicate with us about our services. We are committed to handling personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Privacy is an important part of our service. We only process personal data where we have a lawful basis to do so, and we aim to be transparent about how and why information is used.

1. Personal Data We Collect

We collect only the personal data that is necessary for lawful and legitimate business purposes. The information we collect may include:

  • Identity information such as name, title, and date of birth where needed for account verification.
  • Contact details such as address, email address, and telephone number.
  • Account and contract information including rental dates, unit allocation, payment status, correspondence, and service preferences.
  • Payment information such as billing records, transaction references, and partial payment card details processed through secure payment systems.
  • Security information such as CCTV footage, access logs, alarm records, and incident reports where relevant to the safety and protection of premises, staff, customers, and stored goods.
  • Communications including emails, messages, notes from phone calls, complaint records, and customer service interactions.
  • Technical information such as device and usage data when you interact with digital systems we use to manage services.

We generally do not seek special category data. If such data is provided to us inadvertently, we will only process it where legally permitted and necessary, and we will limit access to it.

2. How We Use Personal Data

We use personal data to operate our storage services efficiently, lawfully, and securely. Typical uses include:

  • Managing enquiries, quotations, reservations, and customer accounts.
  • Providing access to storage units and related services.
  • Processing payments, issuing invoices, and maintaining financial records.
  • Verifying identity and preventing fraud.
  • Protecting our premises, customers, staff, and property.
  • Responding to customer requests, complaints, and disputes.
  • Maintaining service quality, auditing operations, and improving our internal processes.
  • Meeting legal, regulatory, tax, insurance, and record-keeping obligations.

We do not use personal data for purposes that are incompatible with the original reason it was collected unless we have a valid legal basis to do so.

3. Lawful Basis for Processing

Under data protection law, we must have a lawful basis for each processing activity. Crewshill Storage relies on the following bases where appropriate:

Contract

We process personal data where it is necessary to enter into or perform a contract with you. This includes setting up a storage agreement, managing your account, collecting payments, and providing the services you requested.

Legal Obligation

We may process personal data to comply with legal obligations, including tax requirements, accounting rules, fraud prevention, health and safety duties, and lawful requests from authorities.

Legitimate Interests

We may process personal data where it is necessary for our legitimate interests, provided your rights and interests do not override those interests. Examples include protecting our premises, investigating incidents, maintaining security, improving services, and managing internal administration. When we rely on legitimate interests, we consider the impact on individuals and implement safeguards.

Consent

In limited circumstances, we may ask for your consent, for example where it is required for a specific optional service. If we rely on consent, you have the right to withdraw it at any time.

4. Retention of Personal Data

We keep personal data only for as long as necessary for the purpose for which it was collected, or as required by law. Retention periods depend on the nature of the information and the legal or operational need to retain it.

  • Customer account and contract records are typically retained for the duration of the relationship and for a reasonable period after the agreement ends.
  • Financial and tax records are retained in line with legal and accounting requirements.
  • Security records such as access logs and CCTV footage are kept only for as long as necessary for security and incident management, unless a longer period is required for investigation or legal proceedings.
  • General correspondence is retained for as long as needed to resolve the matter or maintain accurate business records.

When personal data is no longer needed, we will securely delete, destroy, or anonymise it.

5. Processors and Third Parties

We may share personal data with trusted third-party service providers who process data on our behalf. These parties are known as processors. They are only permitted to use personal data in accordance with our instructions and applicable law.

Examples of processors may include:

  • Payment service providers for secure transaction handling.
  • IT and cloud storage providers for system hosting, data backup, and secure communications.
  • Accounting and bookkeeping providers for financial administration.
  • Security or surveillance service providers for monitoring and incident management.
  • Maintenance, repair, or facility management contractors where access to limited personal data is necessary.

We may also share data with independent third parties where required by law, such as law enforcement, courts, insurers, regulators, or professional advisers. In all cases, we take steps to ensure that any sharing is lawful, necessary, and proportionate.

6. Data Security

We use appropriate technical and organisational measures to protect personal data against unauthorised access, loss, alteration, disclosure, or destruction. These measures may include restricted access controls, secure storage, password protection, staff training, and regular review of data handling practices.

No method of transmission or storage is completely risk-free, but we work to reduce risk and respond promptly to any suspected data incident.

7. International Transfers

Where personal data is transferred outside the UK, we will ensure that appropriate safeguards are in place to protect it, such as adequacy regulations or standard contractual clauses where required. We will only transfer data when lawful and necessary for service delivery or operational support.

8. Your Rights

As a data subject, you have important rights under the UK GDPR. Subject to legal limits, these rights include:

  • Right of access – you may request a copy of the personal data we hold about you.
  • Right to rectification – you may ask us to correct inaccurate or incomplete data.
  • Right to erasure – you may request deletion of your data in certain circumstances.
  • Right to restriction – you may ask us to limit processing in certain situations.
  • Right to object – you may object to processing based on legitimate interests or direct marketing.
  • Right to data portability – you may request certain data in a structured, commonly used format where applicable.
  • Right to withdraw consent – where processing is based on consent, you can withdraw it at any time.

To protect privacy, we may need to verify your identity before responding to a request. We will respond within the time limits set by law and explain if any exception applies.

9. Children’s Data

Crewshill Storage services are generally intended for adults. We do not knowingly collect personal data from children except where required in a lawful business context and with appropriate safeguards. If we become aware that we have collected data from a child without a lawful basis, we will take appropriate steps to delete it.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in law, operations, or security practices. Any updated version will apply from the date it is issued. We encourage customers to review this policy periodically so they remain informed about how personal data is handled.

11. Complaints and Further Information

If you believe your data rights have been infringed, you may raise a concern through our internal procedures and, if necessary, with the relevant data protection authority. We encourage you to contact us first so we can review and address the issue promptly and fairly.

Summary of our approach: we collect only the information needed to provide secure storage services, process it under valid lawful bases, retain it for appropriate periods, use trusted processors where necessary, and respect your rights under data protection law.

This Privacy Policy applies to all Crewshill Storage customers in the area.

Call Now!
Call Now Get a Quote
Crewshill Storage

GDPR-compliant privacy policy for Crewshill Storage covering data collection, lawful basis, retention, processors, and user rights for all local customers.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.