Privacy Policy - Blackheath Storage

Blackheath Storage is committed to protecting the privacy and personal data of all customers and prospective customers who use our services in the area. This Privacy Policy explains how we collect, use, store, share, and protect personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. It applies to all Blackheath Storage customers in the area, including individuals, sole traders, and business representatives who interact with us for storage services.

1. Who We Are

For the purposes of data protection law, Blackheath Storage is the data controller for the personal information described in this Policy. This means we decide how and why your personal data is processed when you use our storage services, make an enquiry, sign a rental agreement, or otherwise interact with us.

2. Information We Collect

We collect only the information that is necessary to provide and manage our services effectively. The types of personal data we may collect include:

  • Identity information such as your name, date of birth, and identification details.
  • Contact information such as your address, email address, and telephone number.
  • Account and contract information such as your storage unit details, rental terms, payment status, and service history.
  • Payment information such as billing details and transaction records. We do not store full payment card details where a third-party payment provider processes payments on our behalf.
  • Verification information such as proof of identity, proof of address, or business registration details where required for security, legal, or fraud prevention purposes.
  • Communications including emails, written correspondence, call notes, complaints, and customer service interactions.
  • Security information such as CCTV footage, access logs, and site entry records where applicable to protect our premises, staff, and customers.

We may also collect limited technical or usage information where you interact with our digital systems, such as device identifiers or log data, to maintain the security and functionality of those systems.

3. How We Use Your Data

We use personal data for clear and lawful purposes related to the delivery of our storage services. These purposes include:

  • setting up and managing customer accounts;
  • entering into and performing storage agreements;
  • processing payments, deposits, refunds, and billing matters;
  • verifying identity and preventing fraud or misuse;
  • communicating with customers about bookings, invoices, access, or policy updates;
  • monitoring the safety, security, and proper operation of our premises;
  • resolving disputes, complaints, and legal claims;
  • meeting legal, regulatory, tax, accounting, and insurance obligations;
  • improving our services, processes, and customer experience.

We will only use your personal data for the purposes for which it was collected, unless we reasonably determine that it is necessary for a compatible purpose or we are otherwise permitted or required by law.

4. Lawful Basis for Processing

Under data protection law, we must have a lawful basis for processing your personal data. The lawful bases we rely on may include:

Contract

We process personal data where it is necessary to enter into or perform our storage agreement with you. This includes creating your account, managing access to your unit, and handling payments.

Legal Obligation

We process certain information where necessary to comply with legal obligations, such as tax recordkeeping, accounting requirements, fraud prevention, or responding to lawful requests from authorities.

Legitimate Interests

We may process data where it is necessary for our legitimate interests, provided those interests are not overridden by your rights and freedoms. Examples include site security, maintaining business records, improving our services, preventing fraud, and managing customer communications.

Consent

In limited cases, we may rely on your consent, for example for certain marketing communications or optional data uses. Where consent is used, you may withdraw it at any time, and we will stop processing the relevant data for that purpose.

5. Data Sharing and Processors

We may share personal data with trusted third parties where necessary to operate our business and provide our services. These third parties act as processors or independent controllers depending on the nature of the service provided. We require all processors to handle personal data securely and only in accordance with our instructions and applicable law.

Categories of processors and recipients may include:

  • Payment service providers to process transactions securely.
  • IT and cloud service providers to host systems, store records, and support operational software.
  • Security and CCTV service providers to assist with monitoring, maintenance, and incident handling.
  • Accountants and auditors to support financial reporting and compliance.
  • Legal and professional advisers where advice or representation is required.
  • Insurers where claims or risk management issues arise.
  • Debt recovery or credit control providers where lawful and necessary for outstanding balances.
  • Regulators, law enforcement, or public authorities where disclosure is required by law or to protect rights, property, or safety.

We do not sell your personal data. Where data is transferred outside the UK, we take appropriate safeguards to ensure it remains protected to the required legal standard.

6. Data Retention

We keep personal data only for as long as necessary for the purposes for which it was collected, and to meet legal, contractual, and operational requirements. Retention periods will vary depending on the type of information and the reason it is held.

In general:

  • contract and customer account records are retained for the duration of the relationship and for a reasonable period afterwards;
  • financial and tax records are retained for the period required by law;
  • security records such as access logs or CCTV footage are kept for a limited period unless needed for an investigation or legal claim;
  • correspondence and complaint records are retained for as long as necessary to resolve issues and demonstrate compliance.

When personal data is no longer needed, we will securely delete, destroy, or anonymise it.

7. Data Security

We take appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure. These measures may include access controls, secure storage, encryption where appropriate, staff training, and restricted processing on a need-to-know basis.

No system is completely secure, but we work to maintain a level of security appropriate to the risks involved and the nature of the data we process.

8. Your Rights

As a data subject, you have rights under the UK GDPR in relation to your personal data. These rights may be subject to certain conditions and exemptions. They include:

  • The right of access to request a copy of the personal data we hold about you.
  • The right to rectification to correct inaccurate or incomplete data.
  • The right to erasure in certain circumstances, also known as the right to be forgotten.
  • The right to restrict processing where you want us to limit how your data is used.
  • The right to data portability to receive certain data in a structured, commonly used format.
  • The right to object to processing based on legitimate interests or direct marketing.
  • The right to withdraw consent where we rely on consent for processing.

You also have the right to raise concerns with the relevant data protection authority if you believe your personal data has been handled unlawfully or unfairly. We encourage you to contact us first so we can address any concerns promptly and transparently.

9. Children

Our storage services are intended for adults and business users. We do not knowingly collect personal data from children in connection with our services. If we become aware that we have collected such data inadvertently, we will take appropriate steps to delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in the law, our services, or our data handling practices. Any revised version will apply from the date it is made available. We encourage customers to review this Policy periodically to stay informed about how we protect personal data.

Summary of our commitment: Blackheath Storage processes personal data fairly, lawfully, and transparently, keeps it only as long as needed, shares it only with appropriate processors and authorities when required, and respects the rights of all customers in the area.

Call Now!
Call Now Get a Quote
Blackheath Storage

GDPR-compliant Privacy Policy for Blackheath Storage covering data collection, lawful basis, retention, processors, and user rights for all area customers.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.