Privacy Policy - Deptford Storage

This Privacy Policy explains how Deptford Storage collects, uses, stores, shares, and protects personal data relating to its customers, prospective customers, and other individuals whose information is processed in connection with storage services. It applies to all Deptford Storage customers in the area, including individuals, businesses, and anyone else who uses or enquires about our services. We are committed to handling personal data lawfully, fairly, and transparently in accordance with the UK GDPR and the Data Protection Act 2018.

1. Who this policy applies to

This policy applies to people who:

  • use or enquire about storage services;
  • sign agreements for storage units or related services;
  • visit our premises or interact with us in connection with a storage arrangement;
  • are named as an account holder, authorised user, guarantor, or emergency contact;
  • are employees, directors, representatives, or contractors of a business customer;
  • otherwise provide personal data to us during the course of dealing with Deptford Storage.

By using our services or providing your information to us, you acknowledge that your personal data will be processed in accordance with this policy.

2. Personal data we collect

We may collect and process the following categories of personal data:

  • Identity data such as name, date of birth, and title.
  • Contact data such as address, telephone number, and email address.
  • Account and contract data such as account references, storage unit details, rental dates, payment history, and correspondence.
  • Payment data such as billing details, transaction records, and limited financial information needed to process payments.
  • Verification data such as identity documents, proof of address, and information used to verify identity or prevent fraud.
  • Access and security data such as CCTV footage, entry logs, alarm records, and incident reports.
  • Communications data such as emails, letters, notes from calls, complaint records, and service-related messages.
  • Technical data such as device identifiers, IP address, and basic usage information when you interact with digital systems we use.

We do not intentionally collect special category data unless it is necessary and lawful to do so, for example where it is contained in communications or required for a legal claim or safeguarding purpose. We ask that you do not provide unnecessary sensitive information.

3. How we collect data

We collect personal data directly from you when you:

  • complete an enquiry, application, or storage agreement;
  • make a payment or update account details;
  • contact us by phone, email, or in person;
  • provide documents for identity or address verification;
  • report an issue, make a complaint, or request support.

We may also collect data from third parties where lawful, including payment providers, credit reference or verification services, insurers, debt recovery providers, legal advisers, public sources, and business partners acting on your behalf. We may additionally collect data through security systems, such as CCTV and access control records, to protect people, property, and premises.

4. Why we use your data

We use personal data for the following purposes:

  • to manage enquiries and provide storage services;
  • to enter into and perform contracts;
  • to verify identity and prevent fraud, money laundering, or misuse;
  • to process payments, refunds, and account administration;
  • to maintain security, monitor site access, and protect property;
  • to respond to questions, complaints, and requests;
  • to enforce terms, recover debts, and manage disputes;
  • to comply with legal and regulatory obligations;
  • to improve our operations, systems, and customer service;
  • to establish, exercise, or defend legal claims.

We will only use your personal data for compatible purposes and will not keep it longer than necessary for those purposes.

5. Lawful basis for processing

Under data protection law, we must have a lawful basis to process personal data. Depending on the situation, we rely on one or more of the following:

Contract

We process personal data where it is necessary to enter into or perform our storage agreement, including account administration, payment processing, and service delivery.

Legal obligation

We process data where necessary to comply with legal requirements, such as accounting, tax, fraud prevention, health and safety, or responding to lawful requests from authorities.

Legitimate interests

We may process personal data where it is necessary for our legitimate interests or those of a third party, provided those interests are not overridden by your rights. This may include site security, CCTV monitoring, service improvement, debt recovery, business administration, and protecting our property and users.

Consent

In limited cases, we may rely on your consent, for example for certain optional communications or where consent is otherwise required by law. Where consent is used, you may withdraw it at any time.

Vital interests and public task

These bases are unlikely to apply in most storage arrangements, but may be used where necessary to protect someone’s life or where required by law.

6. Sharing and processors

We may share personal data with trusted third parties who act as processors or independent controllers, only where necessary and lawful. These may include:

  • payment processing providers;
  • identity verification and fraud prevention providers;
  • IT hosting, cloud storage, and software providers;
  • CCTV and security system providers;
  • professional advisers such as lawyers, accountants, and auditors;
  • debt recovery or enforcement providers;
  • insurers and insurance-related service providers;
  • regulators, law enforcement, courts, and other public authorities where required.

Where a third party acts as a processor, it will only process personal data on our instructions and must apply appropriate security measures. We require processors to treat data confidentially and to use it only for the agreed purpose. If a third party acts as an independent controller, its own privacy notice will apply.

7. International transfers

In some cases, personal data may be stored or accessed outside the UK. Where this happens, we will ensure appropriate safeguards are in place, such as adequacy regulations, standard contractual clauses, or other lawful transfer mechanisms required by applicable law. We take reasonable steps to ensure that overseas transfers protect your data to a standard that is substantially equivalent to UK requirements.

8. Data retention

We keep personal data only for as long as necessary for the purposes for which it was collected, including to satisfy legal, accounting, tax, security, and reporting requirements. Retention periods depend on the type of data and the reason for processing.

  • Contract and account records are usually kept for the duration of the relationship and for a reasonable period afterwards to deal with claims or disputes.
  • Payment and accounting records are typically retained for the period required by tax and accounting law.
  • CCTV and access records are generally retained for a limited period unless required longer for security investigations, incident review, or legal claims.
  • Enquiry and correspondence records may be retained for customer service, compliance, and dispute resolution purposes.

When data is no longer required, we will delete it securely or anonymise it so that it no longer identifies you. Retention is not indefinite; we aim to keep data only for the minimum period needed.

9. Security measures

We use appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure. These measures may include access restrictions, password protection, staff training, secure storage, monitoring systems, and procedures for handling incidents. While no system can be guaranteed completely secure, we regularly review our safeguards and update them where appropriate.

10. Your rights

Under data protection law, you have a number of rights in relation to your personal data. These rights may be subject to conditions or exemptions depending on the circumstances.

  • Right of access – you may ask for a copy of the personal data we hold about you.
  • Right to rectification – you may ask us to correct inaccurate or incomplete data.
  • Right to erasure – you may ask us to delete data in certain circumstances.
  • Right to restriction – you may ask us to limit how we use your data in certain cases.
  • Right to object – you may object to processing based on legitimate interests or direct marketing.
  • Right to data portability – you may ask to receive certain data in a usable format where processing is based on consent or contract and carried out by automated means.
  • Right to withdraw consent – where consent is relied on, you may withdraw it at any time.

If you wish to exercise your rights, we may need to verify your identity before responding. We aim to respond within the time limits required by law.

11. Automated decision-making

We do not normally make decisions about customers solely by automated means that produce legal or similarly significant effects. If this position changes, we will provide appropriate information about the logic involved and your rights.

12. Children

Our services are generally intended for adults and businesses. We do not knowingly collect personal data from children unless it is necessary in connection with a storage arrangement or legal requirement. If we become aware that we have collected data from a child unlawfully, we will take appropriate steps to delete or secure it.

13. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in law, our services, or our data handling practices. Any updated version will apply from the date it is published or otherwise made available. We encourage you to review this policy periodically so that you remain informed about how your data is used.

14. Summary of our approach

Deptford Storage processes personal data only where there is a lawful basis, keeps it for no longer than necessary, uses processors under strict safeguards, and respects the rights of every individual whose information we hold. We are committed to protecting privacy, maintaining trust, and ensuring that all processing is proportionate, secure, and transparent.

Call Now!
Call Now Get a Quote
Deptford Storage

GDPR-compliant privacy policy for Deptford Storage covering data collection, lawful bases, retention, processors, user rights, and area-wide customer coverage.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.