Privacy Policy - Chingford Storage

Effective date: This Privacy Policy applies to all Chingford Storage customers in the area and explains how we collect, use, store, and protect personal data in line with the UK GDPR and the Data Protection Act 2018.

This policy is intended to be clear, transparent, and fair. It sets out what information we process, why we process it, who may process it on our behalf, how long we keep it, and the rights available to you as a data subject.

1. Who we are

Chingford Storage provides storage services to individuals and businesses. In the context of this policy, “we,” “us,” and “our” refer to Chingford Storage as the data controller for the personal data we collect and use in connection with our services. We determine the purposes and means of processing your personal data and are responsible for ensuring that it is handled lawfully, securely, and transparently.

2. Personal data we collect

We may collect and process a range of personal data depending on how you interact with us and the services you use. The categories of data may include:

  • Identity data: name, title, date of birth, and identification details where required for verification.
  • Contact data: address, email address, telephone number, and emergency contact details where relevant.
  • Account and contract data: storage unit allocation, booking details, tenancy records, payment arrangements, invoices, and service history.
  • Financial data: payment status, transaction records, billing information, and limited payment card details processed through secure payment providers.
  • Verification and compliance data: information used to verify identity, prevent fraud, and meet legal obligations such as anti-money laundering or property access requirements where applicable.
  • Communications data: correspondence with us by phone, email, forms, or other communication channels.
  • Technical data: IP address, device information, and usage information when our systems or service providers collect it for security, troubleshooting, or audit purposes.
  • CCTV and access data: images, footage, and entry logs collected for site security, safety, and incident management.

We do not intentionally collect special category personal data unless you choose to provide it to us or it is required by law, and if such data is processed we will do so only where a lawful basis and additional condition under data protection law applies.

3. How we use your data

We use personal data for the following purposes:

  • To provide storage services and manage your account or tenancy.
  • To verify your identity and ensure that only authorised persons access storage facilities or related services.
  • To process payments, issue invoices, and maintain financial records.
  • To communicate with you about your storage arrangement, service changes, reminders, or issues affecting your account.
  • To maintain site security, prevent fraud, and protect customers, staff, property, and premises.
  • To comply with legal and regulatory obligations.
  • To resolve disputes, handle complaints, and enforce our contractual rights.
  • To improve our services, systems, and customer experience in a way that does not override your privacy rights.

4. Lawful basis for processing

We only process personal data where we have a lawful basis under the UK GDPR. Depending on the circumstances, we may rely on one or more of the following:

Contract

We process personal data where it is necessary to enter into or perform a contract with you, including managing bookings, account administration, billing, and access to storage services.

Legal obligation

We may need to process data to comply with legal obligations such as accounting, taxation, fraud prevention, health and safety, security, or lawful requests from public authorities.

Legitimate interests

We may process personal data where it is necessary for our legitimate interests or those of a third party, provided those interests are not overridden by your rights and freedoms. Legitimate interests may include site security, CCTV monitoring, business administration, service improvement, and the prevention or detection of unlawful activity.

Consent

In limited situations, we may rely on your consent, for example where optional marketing communications are sent and consent is required. Where we rely on consent, you may withdraw it at any time.

We do not rely on consent where another lawful basis is more appropriate, and we keep the use of each basis under review.

5. Retention of personal data

We keep personal data only for as long as necessary to fulfil the purposes for which it was collected, including satisfying contractual, legal, accounting, insurance, and operational requirements. Retention periods depend on the type of data and the reason for processing.

  • Customer and contract records: retained for the duration of the relationship and for a further period where needed to handle disputes or comply with legal requirements.
  • Financial and tax records: retained for periods required by law and accounting rules.
  • CCTV footage and access logs: retained for a limited period unless required longer for an investigation, claim, or legal obligation.
  • Communications: retained for as long as needed to manage your enquiry or account and to maintain appropriate business records.

When data is no longer needed, we will delete it securely or anonymise it so that it can no longer identify you. Retention is not indefinite; we review data regularly to ensure we do not keep information longer than necessary.

6. Processors and sharing of data

We may share personal data with trusted third parties who act as processors on our behalf or, in some cases, as independent controllers. These parties are only permitted to use your data in accordance with our instructions or their own legal responsibilities.

Examples of processors or service providers may include:

  • Payment processing providers.
  • IT, cloud storage, and software service providers.
  • Security and CCTV monitoring providers.
  • Professional advisers such as accountants, auditors, insurers, and legal advisers.
  • Maintenance, facilities, and support contractors where access to personal data is necessary to perform their tasks.

Where required, we put appropriate contracts and safeguards in place to ensure data is protected and processed lawfully. We do not sell your personal data. We will only disclose data to public authorities, law enforcement, or other parties where required or permitted by law.

7. International transfers

If any processor stores or accesses data outside the UK, we will ensure that appropriate safeguards are in place before the transfer occurs. These safeguards may include adequacy regulations, standard contractual clauses, or other lawful transfer mechanisms recognised under applicable data protection law.

8. Your rights

Subject to certain legal conditions and exemptions, you have the following rights in relation to your personal data:

  • Right of access: to request a copy of the personal data we hold about you.
  • Right to rectification: to ask us to correct inaccurate or incomplete data.
  • Right to erasure: to request deletion of your data in certain circumstances.
  • Right to restriction: to ask us to limit processing in certain situations.
  • Right to object: to object to processing based on legitimate interests or direct marketing.
  • Right to data portability: to receive certain data in a structured, commonly used, machine-readable format where technically feasible.
  • Right to withdraw consent: where processing is based on consent, you may withdraw it at any time.

We will respond to valid requests within the timeframe required by law. If we cannot comply fully, we will explain why and tell you about any applicable exemptions.

9. Security of your data

We use appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure. These measures may include access controls, encryption where appropriate, staff training, secure storage, and regular review of our systems and procedures.

While no system can be guaranteed completely secure, we take data protection seriously and work to maintain a level of security appropriate to the risks associated with the data we process.

10. Automated decision-making

We do not use personal data for automated decision-making that produces legal or similarly significant effects unless we have informed you and are permitted to do so by law. If such processing were introduced, we would provide appropriate information about the logic involved and your rights.

11. Children’s data

Our services are generally intended for adults and business users. We do not knowingly collect personal data from children unless it is necessary for a lawful purpose and appropriate safeguards are in place. If we become aware that we have collected data from a child in error, we will take reasonable steps to delete it.

12. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in the law, our services, or the way we process personal data. Any revised version will apply from the date of publication or from another stated effective date. We encourage you to review this policy periodically to stay informed about how we protect your information.

13. Summary of your privacy protections

In short: we collect only the data needed to deliver and manage storage services, we process it under recognised lawful bases, we retain it for defined periods, we use trusted processors under contract, and we respect your rights under data protection law.

By using Chingford Storage services, you acknowledge that your personal data may be processed in accordance with this Privacy Policy and applicable law.

Call Now!
Call Now Get a Quote
Chingford Storage

GDPR-compliant Privacy Policy for Chingford Storage covering data collection, lawful basis, retention, processors, user rights, and service-area applicability.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.