Privacy Policy - Selfstorage Westminster

This Privacy Policy explains how Selfstorage Westminster collects, uses, stores, shares, and protects personal data. It applies to all Selfstorage Westminster customers in the Westminster area, including prospective customers, current customers, former customers, website users, and anyone who communicates with us or uses our services. We are committed to handling personal data in a lawful, fair, and transparent manner in accordance with the UK GDPR and the Data Protection Act 2018.

1. Who We Are

For the purposes of data protection law, Selfstorage Westminster acts as the data controller for personal data that we process in connection with our storage services, customer accounts, billing, security, and related communications. This means we decide how and why personal data is used. We take our responsibilities seriously and only process data where we have a valid reason to do so.

2. Personal Data We Collect

We may collect and process a range of personal data depending on how you interact with us and use our services. The types of data we may collect include:

  • Identity data such as your name, date of birth, and identification details where required.
  • Contact data such as address, telephone number, and email address.
  • Account and contract data such as booking details, storage unit details, move-in and move-out dates, and agreement records.
  • Payment data such as billing address, payment status, transaction references, and limited payment information processed through our payment providers.
  • Access and security data such as CCTV records, entry logs, gate access records, and incident reports.
  • Communication data such as enquiries, complaints, support requests, and correspondence.
  • Technical data such as device information, IP address, and browser data where you use our digital services.

We generally do not seek to collect special category data. If such data is accidentally provided to us, we will only process it where permitted by law and where necessary for a specific purpose.

3. How We Collect Personal Data

We may collect personal data directly from you when you complete a booking, sign a storage agreement, make a payment, submit a query, or communicate with us. We may also receive data from third parties such as payment providers, identity verification services, insurance partners, landlords, or business introducers, where this is necessary for the provision of our services or to meet legal obligations.

In addition, certain data may be collected automatically when you interact with our systems, including records relating to site access, security monitoring, and technical usage data.

4. How We Use Personal Data

We use personal data only where the law allows us to do so. The main purposes for which we process data include:

  • Setting up and managing customer accounts.
  • Providing storage services and managing storage units.
  • Processing payments, deposits, refunds, and account balances.
  • Verifying identity and preventing fraud.
  • Managing access to the premises and maintaining site security.
  • Responding to enquiries, service requests, and complaints.
  • Meeting legal, regulatory, tax, and accounting obligations.
  • Enforcing contracts and protecting our legal rights.
  • Improving our services, systems, and customer experience.

We will only use personal data for the purposes for which it was collected unless we reasonably consider that another use is compatible with the original purpose and lawful under data protection law.

5. Lawful Basis for Processing

We rely on the following lawful bases under the UK GDPR:

Performance of a Contract

We process personal data when it is necessary to enter into or perform a storage agreement with you. This includes managing your account, providing access to a storage unit, taking payment, and delivering agreed services.

Legal Obligation

We may process data to comply with legal and regulatory requirements, including tax law, accounting rules, fraud prevention duties, and lawful requests from authorities.

Legitimate Interests

We may process personal data where it is necessary for our legitimate interests or those of a third party, provided your rights do not override those interests. These interests may include site security, preventing crime, managing our business, maintaining accurate records, and improving services. We always consider the impact on your rights before relying on this basis.

Consent

In limited cases, we may rely on your consent, for example for certain optional communications or specific uses of data. Where consent is used, you may withdraw it at any time, without affecting the lawfulness of processing carried out before withdrawal.

6. Sharing Personal Data and Processors

We may share personal data with trusted third parties where necessary for the purposes described in this policy. These third parties may act as processors or, in some cases, independent controllers.

Processors are service providers who process personal data on our behalf and according to our instructions. Examples may include:

  • IT and hosting providers that support our systems, email, and data storage.
  • Payment processors that handle card or electronic payment transactions.
  • Security providers that support CCTV, alarm monitoring, or access systems.
  • Customer management providers that help manage bookings, records, and communications.
  • Professional advisers such as accountants, auditors, insurers, and legal advisers.
  • Maintenance and operational contractors where access to personal data is necessary to perform their services.

We require processors to protect personal data, process it only on our instructions, and implement appropriate security measures. We do not sell personal data.

We may also disclose data where required by law, to respond to lawful requests, to protect our rights, or to prevent fraud, crime, or security threats.

7. International Transfers

If personal data is transferred outside the United Kingdom, we will ensure that appropriate safeguards are in place. These may include adequacy regulations, standard contractual clauses, or other lawful transfer mechanisms. We take reasonable steps to ensure that your personal data remains protected wherever it is processed.

8. Data Retention

We keep personal data only for as long as necessary to fulfil the purposes for which it was collected, including satisfying legal, accounting, contractual, and reporting requirements. Retention periods vary depending on the nature of the data and the purpose of processing.

  • Customer account and contract records may be retained for the duration of the relationship and for a reasonable period afterwards.
  • Payment and accounting records are typically kept for the period required by tax and financial laws.
  • Security records, including CCTV and access logs, are retained only for as long as needed for security, incident investigation, or legal purposes.
  • Enquiry and correspondence records may be retained for a period necessary to manage the communication and any follow-up issues.

When data is no longer required, we will delete it securely or anonymise it so that it can no longer identify you.

9. Data Security

We use appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, loss, or destruction. These measures may include access controls, secure storage, staff training, monitoring, and procedures for handling data breaches. While no system can be guaranteed completely secure, we work continuously to reduce risks and safeguard the information entrusted to us.

10. Your Rights

Under data protection law, you have several rights in relation to your personal data. These include:

  • Right of access – to request a copy of the personal data we hold about you.
  • Right to rectification – to ask us to correct inaccurate or incomplete data.
  • Right to erasure – to ask us to delete personal data in certain circumstances.
  • Right to restriction – to ask us to limit how we use your data in certain cases.
  • Right to object – to object to processing based on legitimate interests or direct marketing.
  • Right to data portability – to receive certain data in a structured, commonly used format.
  • Right to withdraw consent – where processing is based on consent.

To exercise your rights, you may need to provide information so we can verify your identity. We will respond within the time limits required by law unless an extension is permitted. Some rights may be limited where we have a lawful reason to continue processing the data.

11. Automated Decision-Making

We do not generally make decisions based solely on automated processing that produce legal or similarly significant effects on individuals. If this changes, we will update this policy and provide the required information about the logic involved and your rights.

12. Complaints

If you have concerns about how we handle your personal data, we encourage you to raise them with us first so we can try to resolve the matter. You also have the right to complain to the UK data protection supervisory authority if you believe your data protection rights have been infringed.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in law, our services, or how we process personal data. Any updated version will apply from the date it is published, unless stated otherwise. We encourage customers to review this policy periodically to stay informed about how we protect personal data.

This Privacy Policy is intended to be clear, lawful, and easy to understand. It applies to all Selfstorage Westminster customers in the Westminster area and describes how personal data is handled in connection with our storage services.

Call Now!
Call Now Get a Quote
Selfstorage Westminster

GDPR-compliant Privacy Policy for Selfstorage Westminster covering data collection, lawful basis, retention, processors, rights, and area-wide applicability.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.