Privacy Policy - Coulsdon Storage

This Privacy Policy explains how Coulsdon Storage collects, uses, stores, shares, and protects personal data relating to its customers and prospective customers. It applies to all Coulsdon Storage customers in the area, including individuals and business users who use our storage services, make enquiries, or otherwise interact with us.

We are committed to handling personal information in a lawful, fair, and transparent manner in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy is designed to help you understand what information we collect, why we collect it, how long we keep it, who may process it on our behalf, and what rights you have over your information.

1. Personal Data We Collect

We only collect personal data that is necessary for providing storage services, maintaining security, complying with legal obligations, and managing our relationship with you. The type of data collected may include:

  • Identity information such as your name, date of birth, and identification details where required for verification.
  • Contact details such as address, email address, and telephone number.
  • Account and contract information including booking details, storage unit references, payment status, and service preferences.
  • Billing and payment information such as invoice records and partial payment details necessary to manage charges and arrears.
  • Access and security information such as gate access records, CCTV images, alarm logs, and entry timestamps where applicable.
  • Communication records including enquiries, complaints, notices, and correspondence.
  • Technical data such as device or browser information if you interact with our digital services.

We do not intentionally collect special category data unless it is required for a specific legal reason or you voluntarily provide it in the course of communication. If such information is received, it will be handled with additional care and only where a lawful basis exists.

2. How We Use Your Data

Coulsdon Storage uses personal data only for legitimate storage business purposes and for legal compliance. We may process your data to:

  • manage enquiries, quotations, bookings, and customer accounts;
  • provide access to storage facilities and maintain site security;
  • issue invoices, collect payments, and manage debts;
  • communicate about your storage arrangement or service updates;
  • prevent fraud, misuse, unauthorised access, and criminal activity;
  • comply with tax, accounting, regulatory, and legal obligations;
  • respond to disputes, complaints, claims, or enforcement requests;
  • improve operational efficiency and service quality.

We only use personal data for the purpose for which it was collected unless we reasonably believe a compatible purpose applies and doing so is lawful.

3. Lawful Basis for Processing

Under data protection law, we must have a lawful basis for each processing activity. Depending on the context, Coulsdon Storage relies on one or more of the following bases:

Contract

Processing is necessary for the performance of a contract when we need your personal data to set up and manage your storage agreement, provide access, issue invoices, and deliver the services you have requested.

Legal Obligation

We process certain information because it is necessary to comply with legal obligations, including accounting rules, tax requirements, fraud prevention duties, and record-keeping obligations.

Legitimate Interests

We may process data where it is necessary for our legitimate interests, provided those interests are not overridden by your rights and freedoms. These interests include protecting property, securing the premises, preventing misuse, managing business operations, and ensuring service continuity.

Consent

In limited situations, we may rely on your consent, for example where it is clearly required for a specific optional activity. When we rely on consent, you may withdraw it at any time, without affecting the lawfulness of processing carried out before withdrawal.

4. Data Sharing and Processors

We may share personal data with trusted third parties that help us operate the business. These recipients act either as independent controllers or as processors acting on our behalf under written contracts. Processors are required to process data only under our instructions and to keep it secure.

Examples of processors may include:

  • IT and cloud service providers that host business systems, backups, and secure record storage;
  • payment processing providers that handle card transactions or payment collection;
  • security providers that support alarm monitoring, CCTV management, or access control systems;
  • accounting and bookkeeping providers that assist with invoicing and financial records;
  • professional advisers such as auditors, insurers, lawyers, or consultants where required;
  • debt recovery or enforcement services where lawful and necessary to recover outstanding sums.

We may also disclose personal data to public authorities, law enforcement bodies, or regulators when required by law or where disclosure is necessary to protect rights, safety, or property. We do not sell personal data.

5. International Transfers

If any processor stores or accesses data outside the UK, we will ensure appropriate safeguards are in place. These may include adequacy regulations, standard contractual clauses, or other legally recognised transfer mechanisms. We take reasonable steps to ensure that your data remains protected wherever it is processed.

6. Data Retention

We keep personal data only for as long as necessary for the purposes described in this policy, and then we securely delete or anonymise it. Retention periods vary depending on the type of data and the legal requirements that apply.

  • Customer account and contract records are typically retained for the duration of the relationship and for a further period after it ends to deal with disputes, claims, or auditing needs.
  • Financial and tax records are retained for the period required by law and standard accounting practice.
  • Security records such as CCTV and access logs are retained for a limited period unless they are needed for investigation, enforcement, or legal proceedings.
  • Enquiry records are kept only as long as needed to respond properly and manage follow-up communication.

When data is no longer required, we take appropriate steps to delete it securely or remove identifying details so that it can no longer be linked to you.

7. Your Rights

Under data protection law, you have a number of rights in relation to your personal data. These rights are not absolute and may be subject to legal limits. You may have the right to:

  • access the personal data we hold about you;
  • rectify inaccurate or incomplete information;
  • erase your data in certain circumstances;
  • restrict how we process your data in certain situations;
  • object to processing based on legitimate interests or direct marketing;
  • data portability where processing is based on consent or contract and carried out by automated means;
  • withdraw consent where processing relies on consent;
  • lodge a complaint with the relevant data protection authority if you believe your rights have been infringed.

If you exercise any of these rights, we may need to verify your identity before responding. We aim to respond within the timescales set by law.

8. Data Security

We use appropriate technical and organisational measures to protect personal data against loss, misuse, unauthorised access, alteration, or disclosure. These measures may include access controls, secure storage, staff confidentiality obligations, system monitoring, and regular review of security practices. While no system can be guaranteed completely secure, we work hard to minimise risk and maintain a high standard of protection.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, our services, or our internal procedures. Any revised version will apply from the date it is published or otherwise communicated. We encourage customers to review this policy periodically to stay informed about how personal data is handled.

10. Summary of Key Principles

Coulsdon Storage is committed to transparency, security, and lawful processing. We collect only the data we need, use it for clearly defined purposes, keep it only as long as required, and share it only with trusted processors or when the law requires it. We respect your rights and aim to handle every customer’s data with care, fairness, and accountability.

This Privacy Policy applies to all Coulsdon Storage customers in the area and is intended to provide clear information about our personal data practices.

Call Now!
Call Now Get a Quote
Coulsdon Storage

GDPR-compliant privacy policy for Coulsdon Storage covering data collection, lawful basis, retention, processors, and user rights for all local customers.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.