Privacy Policy - Haroldhill Storage

Effective date: This Privacy Policy applies to all Haroldhill Storage customers in the area and explains how we collect, use, store, share, and protect personal data in connection with our storage services.

Haroldhill Storage is committed to handling personal data in a lawful, fair, and transparent way in line with the UK GDPR and the Data Protection Act 2018. We respect the privacy of our customers, visitors, contractors, and any other individuals whose personal data we process.

1. Who this policy applies to

This policy applies to all Haroldhill Storage customers in area, including individuals, sole traders, partnerships, and representatives of businesses that use our storage facilities or related services. It also applies to anyone who interacts with us in relation to bookings, account management, payments, site access, enquiries, complaints, or security matters.

By using our services, you acknowledge that we may process your personal data as described in this policy.

2. Personal data we collect

We collect only the data that is necessary for operating our services, managing customer accounts, meeting legal obligations, and protecting our business, customers, and property. The information we may collect includes:

  • Identity details: name, title, date of birth where needed for verification, and similar identifying information.
  • Contact details: address, email address, telephone number, and other communication preferences.
  • Account and booking information: storage unit details, rental dates, access permissions, billing records, and service history.
  • Payment information: payment status, transaction records, and limited financial details required to process charges or refunds.
  • Verification information: copies or details of identity documents where required for fraud prevention, legal compliance, or account security.
  • Site usage and access data: entry logs, key fob or access code records, CCTV footage, and security-related records.
  • Communications: records of emails, calls, messages, complaints, claims, or other correspondence with us.
  • Technical information: limited device or browser information if collected through digital systems used to secure or manage services.

We do not intentionally collect special category data unless there is a lawful and necessary reason to do so, such as where you voluntarily provide such information in the context of a complaint or legal issue. Where this occurs, we apply additional safeguards.

3. How we use your data

We use personal data for the following purposes:

  • to open and manage customer accounts;
  • to provide storage services and administer bookings;
  • to process payments, invoices, and refunds;
  • to verify identity and reduce fraud;
  • to maintain security, prevent theft, and protect our premises;
  • to communicate service updates, notices, and operational information;
  • to respond to enquiries, complaints, or claims;
  • to comply with legal, regulatory, accounting, and insurance obligations;
  • to establish, exercise, or defend legal rights;
  • to improve our services, systems, and internal operations.

We only process personal data where it is necessary for one or more lawful purposes and we limit access to those who need it for their role.

4. Lawful basis for processing

Under data protection law, we must have a lawful basis for each processing activity. The lawful bases we rely on are:

Contract

We process personal data when it is necessary to enter into or perform a contract with you. This includes account creation, service delivery, billing, access management, and handling service-related enquiries.

Legal obligation

We process personal data where required to meet legal obligations, including accounting, tax, fraud prevention, security requirements, and compliance with lawful requests from authorities.

Legitimate interests

We may process data where it is necessary for our legitimate business interests, provided these interests are not overridden by your rights and freedoms. This may include protecting our site, preventing misuse, improving operations, and managing disputes. Where we rely on this basis, we assess the impact on individuals and only use data in a proportionate manner.

Consent

In limited situations, we may rely on your consent, for example for certain optional communications or specific uses of data. Where consent is used, you can withdraw it at any time without affecting processing that already took place before withdrawal.

Vital interests

In rare cases, we may process personal data where necessary to protect someone’s vital interests, such as in a serious emergency.

5. Sharing your personal data

We do not sell personal data. We may share it only where necessary and lawful, including with the following categories of recipients:

  • Service providers and processors: companies that support our operations, such as payment processors, IT support providers, cloud storage services, maintenance providers, record management services, and security system suppliers.
  • Professional advisers: accountants, auditors, insurers, legal advisers, and claims handlers.
  • Authorities and regulators: law enforcement, courts, tax authorities, or other public bodies where required by law or where disclosure is necessary to protect our rights.
  • Successors or business transfer parties: if our business or assets are sold, transferred, or reorganised, personal data may be shared as part of that transaction, subject to confidentiality and legal protections.

Where third parties act as processors, they are only permitted to process personal data on our instructions and must implement appropriate security measures. We require contractual safeguards to protect your information.

6. Processors we use

Processors are third parties that handle personal data on our behalf. Haroldhill Storage may use processors to:

  • host and maintain digital systems;
  • process card or online payments;
  • manage customer communications;
  • support CCTV, access control, or alarm systems;
  • store records securely;
  • provide business administration or accounting services.

Each processor is selected carefully, instructed to act only on our behalf, and required to use appropriate technical and organisational security measures. Where data is transferred outside the UK, we ensure suitable safeguards are in place in accordance with applicable data protection law.

7. Data retention

We keep personal data only for as long as necessary to fulfil the purpose for which it was collected, including to meet legal, accounting, insurance, and reporting requirements. Retention periods may vary depending on the type of information and the reason we hold it.

In general:

  • Customer account and contract records: kept for the duration of the service and for a period afterward if needed for legal, operational, or dispute purposes.
  • Financial and tax records: retained in line with statutory obligations.
  • Security logs and CCTV: retained for a limited period unless needed for an incident, investigation, or legal claim.
  • Communications and complaint records: retained as long as necessary to resolve the matter and manage follow-up obligations.

When data is no longer required, we securely delete, anonymise, or archive it in line with our retention procedures.

8. Data security

We use reasonable technical and organisational measures to protect personal data against loss, misuse, unauthorised access, alteration, or disclosure. These measures may include access controls, secure storage, staff training, monitoring, physical safeguards, and encryption where appropriate.

However, no system can be guaranteed to be completely secure. If a personal data incident occurs, we will assess the risk and take appropriate action, including notifications where required by law.

9. Your rights

Under data protection law, you have several rights in relation to your personal data. Subject to legal conditions and exceptions, these may include:

  • Right of access: to request a copy of the personal data we hold about you.
  • Right to rectification: to ask us to correct inaccurate or incomplete data.
  • Right to erasure: to request deletion of your data in certain circumstances.
  • Right to restriction: to ask us to limit how we use your data in certain cases.
  • Right to object: to object to processing based on legitimate interests or direct marketing.
  • Right to data portability: to request transfer of data you provided to us, where applicable.
  • Right to withdraw consent: where processing is based on consent, you can withdraw it at any time.

Please note that some rights may not apply in every situation, particularly where we must keep information to comply with legal obligations or defend legal claims.

10. How to exercise your rights

If you wish to exercise any of your rights, we will consider your request in accordance with applicable law. We may need to verify your identity before responding. We aim to respond within the legal timeframe and will let you know if more information is needed.

We encourage customers to keep their personal details accurate and to inform us of changes where relevant to their account or storage arrangement.

11. Complaints and supervisory authority

If you have concerns about how we handle your personal data, you have the right to raise a complaint with the relevant data protection supervisory authority. You may also contact us through the appropriate customer service channels to raise an issue so that we can review and address it promptly.

12. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in the law, our services, or how we process personal data. Any updated version will apply from the stated effective date. We encourage you to review this policy periodically to remain informed about how your information is handled.

In summary: Haroldhill Storage processes personal data lawfully, securely, and only for legitimate service, compliance, and operational purposes. We aim to keep data accurate, limit retention, protect it with appropriate safeguards, and respect your rights under data protection law.

Call Now!
Call Now Get a Quote
Haroldhill Storage

GDPR-compliant Privacy Policy for Haroldhill Storage covering data collection, lawful basis, retention, processors, and user rights.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.