Privacy Policy - Harrowweald Storage

Harrowweald Storage is committed to protecting the privacy and personal data of all customers in the Harrowweald area. This Privacy Policy explains how we collect, use, store, share, and protect personal information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. It applies to all Harrowweald Storage customers in area, including prospective customers, current customers, and former customers whose data we retain for legal or operational reasons.

1. Scope of This Policy

This Privacy Policy applies to personal data processed by Harrowweald Storage in connection with storage services, account management, billing, access control, customer communications, security, and legal compliance. It covers data collected directly from you, data generated through your use of our services, and data obtained from third parties where permitted by law.

We only process personal data where we have a valid lawful basis and where doing so is necessary, fair, and proportionate. We do not collect more information than we need for the purposes described in this policy.

2. Personal Data We Collect

We may collect the following categories of personal data:

  • Identity information such as your name, date of birth, and identification details where required for verification.
  • Contact details such as postal address, email address, and telephone number.
  • Account and service information including storage unit details, booking records, contract information, and service preferences.
  • Billing and payment information such as payment method, transaction records, invoicing details, and amounts paid. We do not store full card details where payment processing is handled by secure payment providers.
  • Access and security records including entry logs, CCTV footage, alarm records, and incident reports where applicable.
  • Communications including emails, written correspondence, service queries, complaints, and feedback.
  • Technical information such as device, browser, and usage data if you interact with our digital systems.

In limited cases, we may also collect information relevant to safeguarding, loss prevention, or legal claims. If you provide special category data, we will only process it where a lawful basis and additional condition under data protection law applies.

3. How We Use Your Data

We use personal data for the following purposes:

  • to set up and manage storage agreements;
  • to verify identity and prevent fraud;
  • to process payments and manage accounts;
  • to provide access to storage facilities and maintain site security;
  • to communicate about your booking, billing, or service issues;
  • to comply with legal obligations, including tax and record-keeping duties;
  • to enforce contractual rights, recover unpaid sums, or handle disputes;
  • to improve our services, systems, and customer experience;
  • to protect the rights, property, and safety of customers, staff, and visitors.

Where required, we may use CCTV and access records to investigate security incidents, theft, damage, or unauthorised access. This processing is carried out to protect legitimate interests and maintain a secure environment.

4. Lawful Basis for Processing

Under UK GDPR, we must have a lawful basis for each processing activity. Depending on the context, Harrowweald Storage relies on one or more of the following bases:

Contract

We process personal data when it is necessary to enter into or perform a storage contract. This includes taking bookings, managing your account, issuing invoices, and providing access to your unit.

Legal Obligation

We may process personal data where required to comply with legal duties, such as tax rules, accounting obligations, fraud prevention requirements, and lawful requests from authorities.

Legitimate Interests

We may process data where it is necessary for our legitimate business interests, provided those interests are not overridden by your rights and freedoms. Examples include site security, CCTV monitoring, service improvement, debt recovery, and protecting against misuse of our facilities.

Consent

In limited situations, we may rely on consent, for example for optional marketing communications where legally required. If we rely on consent, you may withdraw it at any time without affecting processing that took place before withdrawal.

Vital Interests and Public Tasks

These bases are unlikely to apply in most routine storage situations, but we may rely on them in exceptional cases involving serious risk to health or safety or where lawfully required by public authorities.

5. Sharing Your Information and Processors

We may share personal data with carefully selected third parties that assist us in running our business. These parties act as processors or independent controllers depending on the service provided.

Typical processors may include:

  • IT and hosting providers that support our systems, data storage, and security tools;
  • payment service providers that handle card or electronic transactions securely;
  • accounting and bookkeeping providers that assist with financial records and compliance;
  • security providers that support surveillance, alarm monitoring, or access systems;
  • maintenance and facilities contractors where access to limited personal data is needed to complete work;
  • legal, insurance, and debt recovery advisers where necessary for claims, disputes, or recoveries.

We only share information where necessary and subject to appropriate confidentiality and data protection safeguards. Processors are required to process data only on our instructions, protect it appropriately, and delete or return it when no longer needed. We do not sell personal data.

In some circumstances, we may need to disclose information to courts, regulators, law enforcement, or other public bodies when required by law or when necessary to establish, exercise, or defend legal claims.

6. Retention of Personal Data

We keep personal data only for as long as necessary for the purposes for which it was collected, including legal, accounting, and reporting obligations. Retention periods depend on the type of data and the reason for processing.

  • Customer account and contract records are generally retained for the period of the agreement and for a reasonable period afterwards to deal with queries, disputes, or claims.
  • Financial and tax records are kept for the period required by law, which may be several years after the end of the relevant financial year.
  • CCTV and access logs are retained only for as long as necessary for security, incident investigation, and crime prevention, unless an incident requires longer retention.
  • Correspondence and support requests are retained for as long as needed to resolve the matter and maintain proper business records.

When data is no longer needed, we will delete it securely or anonymise it so that it can no longer identify you. Retention decisions are reviewed periodically to ensure that data is not kept longer than necessary.

7. Your Rights

Under data protection law, you have a number of rights in relation to your personal data. These rights apply subject to certain legal conditions and exceptions:

  • Right of access – you can request confirmation of whether we process your data and obtain a copy of it.
  • Right to rectification – you can ask us to correct inaccurate or incomplete information.
  • Right to erasure – you can ask us to delete data in certain circumstances, for example where it is no longer needed and we have no legal reason to keep it.
  • Right to restriction – you can ask us to limit processing in certain situations.
  • Right to object – you can object to processing based on legitimate interests, including certain types of direct marketing.
  • Right to data portability – you can ask for certain data to be provided in a structured, commonly used format where technically feasible and legally applicable.
  • Right to withdraw consent – where we rely on consent, you may withdraw it at any time.

You also have the right to lodge a complaint with the UK Information Commissioner’s Office if you believe your data protection rights have been infringed. We encourage you to raise any concerns with us first so we can try to resolve the issue promptly.

8. Data Security

We use appropriate technical and organisational measures to protect personal data against unauthorised access, loss, alteration, or disclosure. These measures may include access controls, staff confidentiality obligations, secure storage, encryption, monitoring, and regular review of security procedures. While no system can be guaranteed completely secure, we work to protect data to a standard that is appropriate to the risks involved.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in law, technology, or how we operate. Any updated version will apply from the date it is published or otherwise communicated. We recommend reviewing this policy periodically to stay informed about how your personal data is handled.

10. Summary of Our Commitment

Harrowweald Storage treats privacy as a core responsibility. We collect only the data needed to provide and secure our services, use it lawfully, retain it only for as long as necessary, and share it only with trusted processors or where required by law. We are committed to handling personal data fairly, transparently, and securely for all customers in the Harrowweald area.

Call Now!
Call Now Get a Quote
Harrowweald Storage

GDPR-compliant privacy policy for Harrowweald Storage covering data use, lawful basis, retention, processors, and user rights for all local customers.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.