Privacy Policy - Chislehurst Storage

Effective date: This Privacy Policy applies to all Chislehurst Storage customers in the area and explains how we collect, use, store, and protect personal data in accordance with the UK GDPR and the Data Protection Act 2018.

1. Introduction

We are committed to handling personal data in a lawful, fair, and transparent manner. This Privacy Policy explains what information we collect from customers, how we use it, the legal basis on which we process it, how long we keep it, who may process it on our behalf, and what rights individuals have in relation to their personal information.

This policy applies to all customers, prospective customers, authorised users, and other individuals whose personal data we process in connection with our storage services in the Chislehurst area.

2. Information We Collect

We only collect personal data that is necessary for operating our storage services, meeting legal obligations, and managing our relationship with customers. The types of personal data we may collect include:

  • Identity information: name, date of birth, and identification details used to verify identity.
  • Contact information: postal address, email address, and telephone number.
  • Account and contract information: storage unit details, booking records, agreement terms, payment arrangements, and service history.
  • Payment information: billing information and transaction records. We do not normally store full card details if payments are handled through secure payment processors.
  • Security information: CCTV images, access logs, gate entry records, alarm records, and incident reports where applicable.
  • Communication records: emails, messages, and notes relating to enquiries, complaints, or service requests.
  • Vehicle or delivery details: where required for site access, deliveries, or collection arrangements.

We may also receive personal data indirectly from third parties such as payment providers, identity verification services, insurers, legal advisers, debt recovery services, or public authorities, where this is necessary and lawful.

3. How We Use Personal Data

We use personal data for the following purposes:

  • to set up and manage customer accounts;
  • to provide storage services and administer storage agreements;
  • to verify identity and prevent fraud;
  • to process payments, refunds, and outstanding balances;
  • to communicate about bookings, renewals, access, and service-related matters;
  • to maintain site security and protect people, property, and assets;
  • to investigate accidents, incidents, complaints, or misuse of services;
  • to comply with legal, regulatory, accounting, and tax obligations;
  • to establish, exercise, or defend legal claims;
  • to improve our services, systems, and customer experience.

We do not use personal data in ways that are incompatible with the purposes for which it was collected unless we have a lawful basis to do so.

4. Lawful Basis for Processing

Under data protection law, we must have a lawful basis to process personal data. Depending on the context, we rely on one or more of the following:

Contract

We process personal data where it is necessary to enter into or perform a contract with a customer. This includes administering storage agreements, managing access, handling billing, and providing support.

Legal Obligation

We may process data where necessary to comply with legal obligations, such as accounting, tax, fraud prevention, record-keeping, health and safety, and responding to lawful requests from authorities.

Legitimate Interests

We may process personal data where it is necessary for our legitimate interests, provided those interests are not overridden by the rights and freedoms of the individual. These interests may include protecting our premises, preventing misuse, recovering debts, improving services, and maintaining business records.

Consent

In limited cases, we may rely on consent, for example where it is required for a specific optional processing activity. Where consent is used, it will be informed, freely given, and capable of being withdrawn at any time.

5. Retention of Personal Data

We keep personal data only for as long as necessary for the purposes for which it was collected, including any legal, accounting, or reporting requirements. Retention periods depend on the type of information and the purpose for which it is used.

  • Contract and account records: retained for the duration of the customer relationship and for a reasonable period afterwards to manage claims, disputes, or administrative matters.
  • Financial records: retained for the period required by tax and accounting laws.
  • Security records: retained only as long as needed for security, incident investigation, or legal purposes.
  • Correspondence: retained for as long as needed to respond to queries, resolve disputes, or demonstrate compliance.

When data is no longer required, it is securely deleted, anonymised, or otherwise disposed of in a safe and appropriate manner.

6. Processors and Sharing of Personal Data

We may share personal data with trusted third parties who act as processors on our behalf or with independent controllers where necessary. These parties are only allowed to process personal data in accordance with our instructions or in line with their own legal obligations.

Examples of processors and recipients may include:

  • payment processing providers;
  • IT, cloud hosting, and security system providers;
  • identity verification and anti-fraud service providers;
  • professional advisers such as accountants, auditors, and legal advisers;
  • debt recovery or credit control services;
  • insurers and claims handlers;
  • law enforcement, regulatory bodies, courts, or other public authorities where required by law.

We require processors to implement appropriate technical and organisational measures to protect personal data and to process it only for authorised purposes. We do not sell personal data.

7. Data Security

We use appropriate security measures designed to protect personal data against unauthorised access, alteration, disclosure, or loss. These measures may include access controls, secure storage, encryption where appropriate, staff confidentiality obligations, and regular review of security practices.

No system is completely secure, but we take reasonable steps to reduce risk and to respond promptly if a potential data incident occurs.

8. International Transfers

If personal data is transferred outside the UK, we will ensure that appropriate safeguards are in place to protect the data in accordance with applicable law. This may include the use of approved contractual clauses or transfers to countries with an adequate level of protection.

9. Your Rights

Individuals whose personal data we process have a number of rights under data protection law. These rights may be subject to conditions and exceptions depending on the circumstances.

  • Right of access: to request a copy of the personal data we hold about you.
  • Right to rectification: to request correction of inaccurate or incomplete data.
  • Right to erasure: to request deletion of personal data in certain circumstances.
  • Right to restrict processing: to ask us to limit how we use your data in certain situations.
  • Right to data portability: to receive certain data in a structured, commonly used format and transmit it to another controller where applicable.
  • Right to object: to object to processing based on legitimate interests or direct marketing where relevant.
  • Right to withdraw consent: where processing is based on consent, you may withdraw consent at any time.

If you wish to exercise any of these rights, we may need to verify your identity before responding. We aim to respond within the statutory timeframe and will explain if any request cannot be fulfilled in full.

10. Children’s Data

Our storage services are intended for adults and business customers. We do not knowingly collect personal data from children unless it is necessary and lawful in specific circumstances, such as where a child is named in an emergency contact or related record.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, our services, or operational practices. Any revised policy will apply from the date it is made available. We encourage customers to review this policy periodically to stay informed about how we handle personal data.

12. Summary of Our Commitment

Chislehurst Storage is committed to processing personal data responsibly, securely, and transparently. We collect only what we need, use it for clear and lawful purposes, retain it for no longer than necessary, and apply suitable safeguards when sharing it with processors or other recipients. All customers in the Chislehurst area are covered by this policy.

By using our services, customers acknowledge that their personal data will be handled in line with this Privacy Policy and applicable data protection laws.

Call Now!
Call Now Get a Quote
Chislehurst Storage

GDPR-compliant Privacy Policy for Chislehurst Storage covering data collection, lawful basis, retention, processors, and user rights for all local customers.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.