Privacy Policy - Purley Storage

Purley Storage is committed to protecting the privacy of all customers in the area and handling personal data in a lawful, fair, and transparent manner. This Privacy Policy explains how we collect, use, store, share, and protect personal information when individuals use our storage services, make enquiries, enter into agreements, or otherwise interact with us. This policy applies to all Purley Storage customers in the area.

1. Who We Are

Purley Storage provides storage-related services to private individuals, families, and businesses. For the purposes of data protection law, we act as a data controller in relation to the personal data we determine the purposes and means of processing. We are responsible for ensuring that personal data is handled in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Personal Data We Collect

We may collect and process different types of personal data depending on how you interact with us and which services you use. The information we collect may include:

  • Identity data such as your name, title, date of birth, and proof of identity where required.
  • Contact data such as postal address, email address, and telephone number.
  • Contract data such as account details, storage unit references, billing records, and service history.
  • Payment data such as bank details, payment status, and transaction records.
  • Verification data such as documents needed for fraud prevention, security checks, or legal compliance.
  • Usage data such as access logs, date and time of entry, and facility usage records.
  • Communication data such as correspondence with our team, complaints, or feedback.
  • Technical data such as device information or limited online interaction data if you use any digital services connected to our operations.

We normally collect personal data directly from you when you enquire about storage, sign an agreement, make a payment, complete forms, or communicate with us. In some cases, we may also receive data from third parties, including payment providers, identity verification services, fraud prevention services, insurers, or legal and regulatory bodies.

3. How We Use Personal Data

We use personal data only when we have a valid reason to do so. Typical uses include:

  • Setting up and managing storage agreements.
  • Verifying identity and preventing fraud.
  • Processing payments and maintaining financial records.
  • Managing access to storage facilities and monitoring security.
  • Responding to enquiries, complaints, and service requests.
  • Maintaining business records and meeting legal obligations.
  • Protecting the rights, property, and safety of Purley Storage, our customers, staff, and visitors.
  • Improving our services and ensuring proper administration of our business.

We do not use personal data for purposes that are incompatible with the reason it was originally collected, unless we have a lawful basis to do so and have informed you where required.

4. Lawful Basis for Processing

Under data protection law, we must have a lawful basis for each type of processing. We rely on the following lawful bases as appropriate:

Contract

We process personal data where it is necessary to enter into or perform a contract with you. This includes managing your storage account, providing the agreed services, handling payments, and administering access to your unit.

Legal Obligation

We may process personal data where necessary to comply with legal and regulatory obligations. This can include tax, accounting, fraud prevention, record-keeping, and responding to lawful requests from authorities.

Legitimate Interests

We may process personal data where it is necessary for our legitimate business interests, provided those interests are not overridden by your rights and freedoms. Examples include securing our premises, preventing misuse of services, managing risks, and improving our operations. When we rely on legitimate interests, we consider the nature of the data, the impact on you, and whether the processing is proportionate.

Consent

Where required by law, we may ask for your consent, for example in relation to certain optional communications or specific processing activities. Where processing is based on consent, you may withdraw that consent at any time, without affecting the lawfulness of processing carried out before withdrawal.

5. Sharing Personal Data and Processors

We may share personal data with trusted third parties who assist us in operating our business. These organisations act as processors when they process data on our instructions, or as separate controllers where they determine their own purposes. Such parties may include:

  • Payment processors and financial service providers.
  • Identity verification and fraud prevention providers.
  • IT, cloud storage, software, and data security providers.
  • Professional advisers such as accountants, auditors, insurers, or legal advisers.
  • Maintenance, security, and access control service providers.
  • Public authorities, regulators, law enforcement agencies, or courts where required by law.

All processors are required to handle personal data securely, to process it only on our instructions, and to use appropriate technical and organisational measures. We do not permit processors to use your data for their own unrelated purposes.

6. International Transfers

In some cases, your personal data may be stored or processed outside the UK if our service providers operate internationally. Where this happens, we ensure appropriate safeguards are in place, such as standard contractual clauses, adequacy regulations, or other lawful transfer mechanisms designed to protect your data to a standard consistent with UK data protection law.

7. Data Retention

We keep personal data only for as long as necessary to fulfil the purposes for which it was collected, including any legal, accounting, or reporting requirements. Retention periods depend on the type of information and the reason for holding it. In general:

  • Contract and account records are kept for the duration of the relationship and for a period afterwards to deal with claims, disputes, and regulatory obligations.
  • Payment and financial records are retained for the period required by tax and accounting laws.
  • Security and access records are kept for a limited period unless needed longer for investigations, insurance matters, or legal claims.
  • Correspondence and complaint records are retained for as long as necessary to manage the issue and evidence our handling of it.

When data is no longer needed, we will delete it securely or anonymise it so that it can no longer identify you.

8. Data Security

We use appropriate technical and organisational measures to protect personal data from unauthorised access, loss, misuse, alteration, or disclosure. These measures may include restricted access controls, secure storage, password protection, staff training, and monitoring procedures. While no system can be guaranteed to be completely secure, we take reasonable steps to reduce risks and protect information.

9. Your Rights

Under data protection law, you have a number of rights in relation to your personal data. These rights may apply in different circumstances and may be subject to legal limits. Your rights include:

  • Right of access – to request a copy of the personal data we hold about you.
  • Right to rectification – to request correction of inaccurate or incomplete data.
  • Right to erasure – to request deletion of your data where there is no lawful reason for us to keep it.
  • Right to restriction – to ask us to limit how we use your data in certain cases.
  • Right to data portability – to receive certain information in a structured, commonly used, machine-readable format.
  • Right to object – to object to processing based on legitimate interests or direct marketing.
  • Right to withdraw consent – where processing relies on consent, you may withdraw it at any time.

If you wish to exercise any of these rights, we will review your request and respond in line with data protection law. We may need to verify your identity before taking action. Some rights are not absolute, and there may be circumstances where we are legally permitted or required to continue processing.

10. Complaints and Supervisory Authority

If you have concerns about how we handle your personal data, you should raise them with us first so that we can review and address the issue. You also have the right to lodge a complaint with the UK data protection supervisory authority if you believe your data protection rights have been infringed. We encourage you to contact us so that we can try to resolve any issue promptly and fairly.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or data handling practices. Any updated version will apply from the date it is made available. We recommend reviewing this policy periodically to stay informed about how your personal data is protected.

12. Summary of Our Commitment

Purley Storage is committed to using personal data responsibly and only for clear, lawful purposes. We aim to collect only the information we need, keep it accurate, retain it for no longer than necessary, and protect it with appropriate safeguards. By following the principles of data minimisation, transparency, and accountability, we seek to respect the privacy of every customer in the area and maintain trust in our services.

Call Now!
Call Now Get a Quote
Purley Storage

GDPR-compliant privacy policy for Purley Storage covering data use, lawful basis, retention, processors, and user rights for all local customers.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.