Privacy Policy - Eastbedfont Storage

This Privacy Policy explains how Eastbedfont Storage collects, uses, stores, shares, and protects personal data relating to all Eastbedfont Storage customers in the area. It applies to customers, prospective customers, visitors who interact with our services, and any individual whose personal information is processed in connection with the provision of storage services. We are committed to handling personal data lawfully, fairly, and transparently in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who this Policy Applies To

This policy applies to all Eastbedfont Storage customers in the area, including individuals, business customers, authorised users, and any person acting on behalf of a customer. It also applies to people who make enquiries, request quotations, enter into agreements, access our premises, or communicate with us about our services.

2. Personal Data We Collect

We collect only the personal data necessary to operate our storage services, meet legal obligations, and manage our relationship with customers. The types of personal data we may collect include:

  • Identity information such as name, date of birth, and identification details.
  • Contact information such as address, telephone number, and email address.
  • Account and contract details such as storage unit references, booking records, payment status, and service preferences.
  • Financial information such as payment method, transaction records, and billing history.
  • Security and access information such as entry logs, CCTV footage, and records of site access where applicable.
  • Communications such as emails, notes from calls, complaint records, and correspondence.
  • Technical information where our systems generate logs or records needed for security, fraud prevention, or service administration.

We do not intentionally collect special category data unless it is required by law or you choose to provide it for a specific reason. If such data is provided, we will process it only where lawful and necessary.

3. How We Collect Personal Data

We may collect personal data directly from you when you complete forms, sign an agreement, make a payment, contact us, or use our services. We may also receive data from:

  • third parties authorised by you,
  • payment providers and account processing services,
  • identity verification or fraud prevention services,
  • law enforcement, insurers, legal advisers, or other official bodies where required by law.

Where surveillance or access control is in place, we may also collect data through security systems designed to protect property, staff, and customers.

4. How We Use Personal Data

We use personal data for the following purposes:

  • to provide storage services and manage customer accounts,
  • to verify identity and prevent fraud or misuse,
  • to process payments, refunds, and billing matters,
  • to maintain security and monitor access to our premises,
  • to communicate with customers about bookings, contracts, or service updates,
  • to deal with queries, complaints, and disputes,
  • to comply with legal obligations, regulatory requirements, and lawful requests,
  • to establish, exercise, or defend legal claims.

We will only process personal data where we have a valid legal reason to do so. We do not use personal data for purposes that are incompatible with the reasons it was originally collected unless permitted by law or you have been informed and, where necessary, consented.

5. Lawful Basis for Processing

Under data protection law, we must have a lawful basis for each processing activity. Depending on the context, Eastbedfont Storage may rely on one or more of the following lawful bases:

  • Contract – processing is necessary to enter into or perform a storage agreement with you.
  • Legal obligation – processing is necessary to comply with laws, accounting rules, tax obligations, or lawful requests.
  • Legitimate interests – processing is necessary for our legitimate business interests, such as protecting property, preventing fraud, improving services, and managing operations, provided these interests do not override your rights and freedoms.
  • Consent – where we ask for your permission for specific optional activities, such as certain forms of marketing or optional communications.

Where we rely on legitimate interests, we assess the impact on individuals and balance our interests against your privacy rights. Where we rely on consent, you may withdraw it at any time.

6. Sharing Personal Data and Processors

We may share personal data with trusted third parties who assist us in delivering our services. These recipients act as processors or, in some cases, independent controllers. Processors are only permitted to process personal data on our instructions and must protect it appropriately. They may include:

  • payment service providers,
  • IT hosting, cloud storage, and maintenance providers,
  • security and access control providers,
  • accounting and administrative service providers,
  • identity verification and fraud prevention providers,
  • professional advisers such as lawyers or auditors,
  • public authorities, regulators, courts, or law enforcement where legally required.

We require processors to implement appropriate technical and organisational measures to protect personal data, and where necessary we use written contracts that satisfy UK GDPR requirements. We do not sell personal data.

7. International Transfers

If any personal data is transferred outside the UK, we will ensure that appropriate safeguards are in place before the transfer takes place. This may include adequacy regulations, standard contractual clauses, or other lawful transfer mechanisms recognised by data protection law.

8. Data Retention

We keep personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, contractual, and security requirements. Retention periods depend on the type of data and the reason for processing. In general:

  • contract and account records are kept for the duration of the relationship and for a period afterwards to manage queries or disputes,
  • financial and tax records are retained for the period required by law,
  • security records such as access logs or CCTV footage are kept for a limited period unless required longer for investigation or legal reasons,
  • correspondence and complaint records are retained for as long as necessary to resolve issues and maintain records of service interactions.

When personal data is no longer needed, we will delete it securely or anonymise it so that it can no longer identify you.

9. Security of Personal Data

We use appropriate physical, organisational, and technical measures to protect personal data from unauthorised access, loss, misuse, alteration, or disclosure. These may include access restrictions, secure systems, staff training, and monitoring procedures. Although no system can be guaranteed completely secure, we work to reduce risks and review our safeguards regularly.

10. Your Rights

Under data protection law, you have a number of rights in relation to your personal data. These rights may be subject to conditions, limitations, or exemptions depending on the circumstances. Your rights include:

  • Right of access – you may request a copy of the personal data we hold about you.
  • Right to rectification – you may ask us to correct inaccurate or incomplete data.
  • Right to erasure – you may request deletion of your data in certain situations.
  • Right to restriction – you may ask us to limit how we use your data in certain cases.
  • Right to object – you may object to processing based on legitimate interests or direct marketing.
  • Right to data portability – you may request that certain data be provided to you or transferred to another controller, where applicable.
  • Right to withdraw consent – where processing is based on consent, you may withdraw it at any time.

You also have the right to lodge a complaint with the UK Information Commissioner's Office if you are unhappy with how your personal data has been handled.

11. Automated Decision-Making

We do not normally use automated decision-making that produces legal or similarly significant effects on individuals. If this changes, we will provide appropriate information about the logic involved, the significance of the processing, and your rights.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, business practices, or services. Any revised version will apply from the date it is issued. We encourage customers to review the policy periodically so they remain informed about how their personal data is handled.

13. Summary of Our Commitment

Our approach to privacy

We aim to process personal data in a way that is lawful, fair, transparent, and limited to what is necessary. We respect the privacy of all Eastbedfont Storage customers in the area and use personal data only for legitimate and clearly defined purposes. We also seek to ensure that all processors and partners handling data on our behalf meet high standards of security and confidentiality.

This policy is intended to provide a clear and practical explanation of our data protection practices. If a particular processing activity is not covered here, we will provide additional information where required by law.

Call Now!
Call Now Get a Quote
Eastbedfont Storage

GDPR-compliant Privacy Policy for Eastbedfont Storage covering data collection, lawful basis, retention, processors, and user rights for all customers in the area.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.