Privacy Policy - Chelsfield Storage

Chelsfield Storage is committed to protecting the privacy and personal data of all customers in our area. This Privacy Policy explains how we collect, use, store, share, and protect personal information in accordance with the UK GDPR and the Data Protection Act 2018. It applies to all Chelsfield Storage customers in area, including prospective customers, current customers, former customers, and any individuals who communicate with us in relation to our services.

1. Who we are

For the purposes of data protection law, Chelsfield Storage is the data controller in relation to the personal information described in this policy. This means we decide how and why personal data is processed. We take our responsibilities seriously and aim to ensure that personal data is handled lawfully, fairly, and transparently.

2. Information we collect

We collect only the personal data that is necessary for providing storage services, managing our business, and meeting our legal obligations. The types of information we may collect include:

  • Identity information: name, title, date of birth where needed, and verification details.
  • Contact information: address, email address, telephone number, and billing address.
  • Account and contract details: storage unit details, agreement records, payment status, and service preferences.
  • Financial information: payment records, bank details, card details handled through secure payment providers, and transaction history.
  • Security information: access logs, CCTV footage, and records of site entry or exit where applicable.
  • Communication data: emails, messages, phone call notes, complaints, and service requests.
  • Technical data: limited device or usage data if collected through security or website systems.

We do not intentionally collect special category data unless it is necessary and lawful to do so. If such information is provided to us, we will process it only where permitted by law and with appropriate safeguards.

3. How we use personal data

We use personal data for the following purposes:

  • to provide and manage storage services;
  • to verify identity and prevent fraud;
  • to create, administer, and terminate customer accounts;
  • to process payments, invoices, and arrears;
  • to maintain site safety and security;
  • to communicate with customers about their storage agreement;
  • to handle complaints, queries, and disputes;
  • to comply with legal, regulatory, and insurance obligations;
  • to improve our services and operational efficiency;
  • to defend or establish legal claims where necessary.

We will only process personal data for the purposes for which it was collected, unless we reasonably determine that we need to use it for a compatible purpose or another lawful reason allowed under data protection law.

4. Lawful basis for processing

Under UK GDPR, we must have a lawful basis to process personal data. Depending on the context, we may rely on one or more of the following:

Contract

We process personal data where it is necessary to enter into or perform our storage agreement with you. This includes setting up accounts, managing access, taking payments, and delivering services you have requested.

Legal obligation

We may process data where required to comply with laws and regulations, such as tax, accounting, fraud prevention, and safety requirements.

Legitimate interests

We may process data where it is necessary for our legitimate business interests, provided that those interests are not overridden by your rights and freedoms. Examples include site security, CCTV monitoring, service improvement, debt recovery, and protecting our business from misuse or unlawful activity.

Consent

In limited circumstances, we may rely on your consent, for example for certain optional communications. Where consent is used, you may withdraw it at any time, without affecting the lawfulness of processing carried out before withdrawal.

Vital interests and public task

These bases are unlikely to apply in most storage-related situations, but may be used if necessary to protect life or comply with a public authority requirement.

5. Sharing personal data and processors

We may share personal data with trusted third parties where necessary for the operation of our business, legal compliance, or service delivery. These third parties act either as processors or independent controllers depending on the circumstances.

Processors are organisations that process personal data on our behalf under written instructions and appropriate security obligations. Examples may include:

  • payment processing providers;
  • IT hosting and cloud storage providers;
  • security monitoring and CCTV service providers;
  • accounting and bookkeeping services;
  • customer management or email systems;
  • maintenance and facility management contractors where access to personal data is necessary.

We may also share data with professional advisers, insurers, law enforcement, courts, regulators, or debt recovery services where appropriate and lawful. We do not sell personal data.

When we use processors, we require them to handle data securely, only for our instructions, and in compliance with data protection law. We assess third parties carefully before sharing personal data with them.

6. Data retention

We keep personal data only for as long as necessary for the purposes for which it was collected, including to satisfy legal, accounting, and reporting requirements. Retention periods vary depending on the type of data and why we hold it.

  • Customer account and contract records: retained for the duration of the service relationship and for a further period where needed for legal claims or recordkeeping.
  • Payment and accounting records: kept in line with tax and financial obligations.
  • Security records and access logs: retained for a limited period unless needed longer for investigations, safety, or legal proceedings.
  • Communication records: retained as long as necessary to manage queries, disputes, or service history.

When personal data is no longer required, we will delete it securely or anonymise it so that it can no longer identify an individual. Retention is reviewed regularly to ensure that data is not held longer than necessary.

7. Data security

We use appropriate technical and organisational measures to protect personal data against unauthorised access, loss, alteration, or disclosure. These measures may include access controls, staff training, secure storage, encryption where suitable, and restricted permissions for sensitive records. While no system can be guaranteed to be completely secure, we work to maintain a level of security appropriate to the risk.

8. International transfers

Where personal data is transferred outside the UK, we will ensure that suitable safeguards are in place. These may include adequacy regulations, standard contractual clauses, or other lawful transfer mechanisms approved under applicable data protection law.

9. Your rights

Under data protection law, you have a number of rights in relation to your personal data. These rights may be subject to conditions and exceptions.

  • Right of access: you may request a copy of the personal data we hold about you.
  • Right to rectification: you may ask us to correct inaccurate or incomplete data.
  • Right to erasure: you may request deletion of data in certain circumstances.
  • Right to restrict processing: you may ask us to limit how we use your data in specific situations.
  • Right to object: you may object to processing based on legitimate interests or direct marketing.
  • Right to data portability: you may request data you provided to us in a structured, commonly used format, where applicable.
  • Right to withdraw consent: where we rely on consent, you may withdraw it at any time.
  • Right to complain: you have the right to raise a concern with the relevant supervisory authority if you believe your data has been mishandled.

We will respond to rights requests within the time limits required by law and may ask for information to verify identity before taking action. Your privacy rights matter to us, and we aim to deal with all requests fairly and promptly.

10. Children’s data

Our services are generally intended for adults. We do not knowingly collect personal data from children unless it is necessary in connection with a lawful customer arrangement and appropriate consent or authority exists. If we become aware that we have collected data from a child without a lawful basis, we will take steps to delete it.

11. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in legal requirements, business practices, or service arrangements. The latest version will apply from the date it is published or otherwise communicated. We encourage customers to review this policy periodically so they remain informed about how their personal data is handled.

Chelsfield Storage is committed to keeping personal information secure, using it only where lawful, and respecting the rights of all customers in area. If you continue to use our services, you do so on the basis of the practices described in this policy.

Call Now!
Call Now Get a Quote
Chelsfield Storage

GDPR-compliant Privacy Policy for Chelsfield Storage covering data collection, lawful bases, retention, processors, and user rights.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.