Privacy Policy - Thamesmead Storage

This Privacy Policy explains how Thamesmead Storage collects, uses, stores, shares, and protects personal data. It applies to all Thamesmead Storage customers in the area, including prospective customers, current customers, former customers, and authorised contacts acting on behalf of a customer. We are committed to handling personal data in a lawful, fair, and transparent manner in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

Thamesmead Storage provides storage services to individuals and businesses. In the course of delivering these services, we act as a data controller for the personal data we collect and decide how and why that data is used. This policy describes the information we process and the rights available to you under data protection law.

2. Personal Data We Collect

We may collect and process personal data when you enquire about our services, make a booking, use our storage facilities, or communicate with us. The categories of data we may collect include:

  • Identity information such as your name, title, and date of birth where required.
  • Contact details such as address, email address, and telephone number.
  • Account and booking information such as rental history, unit size, access records, and payment status.
  • Payment information such as billing address and transaction details. We do not store full card details unless strictly necessary and securely processed by a payment provider.
  • Security and access data such as entry logs, CCTV footage, alarm records, and authorised access details, where applicable.
  • Communication records including emails, messages, complaint records, and notes of calls or visits.
  • Verification data such as proof of identity or business details if required for fraud prevention, legal compliance, or account setup.

We only collect data that is necessary for specific, legitimate purposes. We do not intentionally collect unnecessary personal data.

3. How We Use Your Data

We use personal data to manage customer accounts, provide storage services, maintain security, process payments, handle enquiries, comply with legal obligations, and improve the quality of our operations. Typical uses include:

  • setting up and administering storage agreements;
  • confirming identity and eligibility for services;
  • communicating about bookings, invoices, access, and service updates;
  • protecting facilities, customers, staff, and property;
  • preventing fraud, misuse, and unauthorised access;
  • meeting tax, accounting, insurance, and regulatory obligations;
  • resolving disputes and enforcing contractual rights.

We will not use your personal data for purposes that are incompatible with the original reason it was collected.

4. Lawful Basis for Processing

We process personal data only where we have a lawful basis under UK GDPR. Depending on the circumstance, our lawful bases may include:

Contract

We process data where it is necessary to enter into or perform a contract with you. This includes account creation, billing, service delivery, access management, and related communications.

Legal Obligation

We may process data to comply with laws and regulations, including accounting rules, tax requirements, fraud prevention obligations, and lawful requests from authorities.

Legitimate Interests

We may process data where it is necessary for our legitimate business interests, provided those interests do not override your rights and freedoms. Examples include securing premises, maintaining records, improving services, managing disputes, and defending legal claims.

Consent

In limited cases, we may rely on your consent, for example where consent is required for certain optional communications or specific processing activities. Where we rely on consent, you may withdraw it at any time.

5. Data Sharing and Processors

We may share personal data with trusted third parties where necessary and proportionate. These third parties may act as data processors or independent controllers, depending on the service provided. Processors are only permitted to act on our instructions and must protect your data appropriately.

Examples of processors and service providers may include:

  • IT and cloud storage providers;
  • payment processing services;
  • accounting and bookkeeping providers;
  • security, CCTV, and access-control system providers;
  • customer communications and document management providers;
  • professional advisers such as insurers, auditors, solicitors, and consultants, where necessary.

We may also disclose data if required by law, by court order, or to protect our rights, staff, customers, or property. Where data is shared outside the UK, we ensure appropriate safeguards are in place.

6. Data Retention

We keep personal data only for as long as necessary to fulfil the purposes for which it was collected, including any legal, accounting, or reporting requirements. Retention periods depend on the type of data and the reason it is held.

  • Customer and contract records are generally retained for the duration of the relationship and for a reasonable period afterwards to manage disputes, claims, or legal obligations.
  • Financial and invoice records are retained for the period required by tax and accounting law.
  • Security records such as access logs or CCTV footage are retained only as long as needed for safety, investigation, or incident management.
  • Enquiry records may be retained for a shorter period if no agreement is entered into.

When data is no longer needed, it is securely deleted, anonymised, or destroyed. Retention is reviewed regularly to ensure that information is not kept longer than necessary.

7. Your Rights

Under data protection law, you have a number of rights regarding your personal data. These rights may be subject to legal restrictions, but we will always assess requests carefully and respond where appropriate.

  • Right of access – you can request a copy of the personal data we hold about you.
  • Right to rectification – you can ask us to correct inaccurate or incomplete data.
  • Right to erasure – in certain circumstances, you can ask us to delete your data.
  • Right to restrict processing – you can request limits on how we use your data in specific situations.
  • Right to data portability – where applicable, you may request data in a structured, commonly used format.
  • Right to object – you may object to processing based on legitimate interests or direct marketing.
  • Right to withdraw consent – where we rely on consent, you may withdraw it at any time.

If you wish to exercise any of these rights, we may need to verify your identity before responding. We aim to handle requests without undue delay and within the time limits set by law.

8. Security of Your Data

We use appropriate technical and organisational measures to protect personal data from unauthorised access, loss, alteration, or disclosure. These measures may include access controls, secure systems, staff training, encryption where appropriate, and regular monitoring of our processes. While no system can be guaranteed completely secure, we take data protection seriously and review our safeguards regularly.

9. International Transfers

If any of our processors or service providers store or access data outside the UK, we will ensure suitable protections are in place in accordance with applicable law. This may include the use of approved contractual safeguards or adequacy decisions where relevant.

10. Children’s Data

Our storage services are not directed to children, and we do not knowingly collect personal data from children unless it is necessary in connection with a lawful customer relationship and appropriately authorised by an adult.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, our services, or how we process personal data. Any revised version will apply from the date it takes effect. We encourage customers to review this policy periodically so they remain informed about how their information is handled.

12. Summary of Key Principles

Thamesmead Storage is committed to processing personal data in a way that is lawful, transparent, limited, secure, and fair. We collect only what we need, use it for clear and legitimate purposes, retain it only as long as necessary, and respect your rights under UK GDPR. This policy applies to all Thamesmead Storage customers in the area and is intended to provide a clear understanding of our privacy practices.

Call Now!
Call Now Get a Quote
Thamesmead Storage

GDPR-compliant Privacy Policy for Thamesmead Storage covering data collection, lawful basis, retention, processors, and user rights for all local customers.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.