Privacy Policy – Selfstorage Maidavale

This Privacy Policy explains how Selfstorage Maidavale collects, uses, shares, and protects personal data in connection with its storage services. It applies to all Selfstorage Maidavale customers in the area, including prospective customers, account holders, authorised users, and individuals who interact with us in relation to a storage unit, booking, payment, enquiry, or facility access.

We are committed to handling personal data in a lawful, fair, and transparent manner in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy sets out what information we collect, why we collect it, how long we keep it, who may process it on our behalf, and the rights available to individuals.

1. Information We Collect

We collect only the personal data necessary to provide storage services, manage our relationship with customers, meet legal obligations, and protect our premises and users. The categories of data we may collect include:

  • Identity details such as full name, date of birth, and proof of identity.
  • Contact details such as address, email address, and telephone number.
  • Account and service details such as unit number, booking dates, access arrangements, account status, and service preferences.
  • Payment information such as billing records, payment status, transaction references, and limited payment-related details necessary for processing charges.
  • Security and access information such as entry logs, key fob or access card records, CCTV footage, and incident reports where applicable.
  • Communication records such as emails, letters, call notes, complaints, and customer service correspondence.
  • Usage and facility records such as access times, unit changes, notices served, and relevant operational records.

We may also collect information from third parties where permitted by law, for example credit reference agencies, identity verification providers, insurance partners, payment processors, or persons authorised to act on a customer’s behalf.

2. How We Use Personal Data

Selfstorage Maidavale uses personal data for the following purposes:

  • to register customers and set up storage accounts;
  • to verify identity and prevent fraud;
  • to allocate, manage, and administer storage units;
  • to process payments, invoices, refunds, and account adjustments;
  • to provide customer support and respond to enquiries;
  • to maintain security, access control, and site safety;
  • to manage insurance-related matters where relevant;
  • to enforce contractual terms and recover outstanding amounts;
  • to meet legal, tax, accounting, and regulatory obligations;
  • to investigate incidents, disputes, misuse, or unlawful activity;
  • to improve our services, systems, and operational efficiency.

We will not use personal data for purposes that are incompatible with those listed above without first ensuring that such use is lawful and appropriately communicated.

3. Lawful Basis for Processing

We only process personal data where we have a valid legal basis under data protection law. Depending on the circumstances, we rely on one or more of the following bases:

Contract

We process personal data where it is necessary to enter into or perform a contract with a customer, including account creation, unit allocation, billing, and service administration.

Legal Obligation

We may process data where required to comply with legal obligations, including tax rules, accounting requirements, identity verification obligations, fraud prevention duties, and lawful requests from public authorities.

Legitimate Interests

We may process data where it is necessary for our legitimate interests or those of a third party, provided those interests are not overridden by the individual’s rights and freedoms. This includes facility security, protecting property, preventing misuse, maintaining records, and defending legal claims. We balance our interests against the impact on individuals before relying on this basis.

Consent

In limited situations, we may rely on consent, for example where it is specifically required for optional communications or certain types of processing. Where consent is used, it may be withdrawn at any time, without affecting prior lawful processing.

We do not rely on a single lawful basis for all activities. The applicable basis depends on the type of data and the purpose for which it is processed.

4. Sharing and Processors

We may share personal data only where necessary and appropriate for the purposes described in this policy. Some recipients act as processors, meaning they process data on our instructions and under contractual safeguards. Others may be independent controllers where required by law or in connection with their own services.

The types of processors and recipients we may use include:

  • IT and hosting providers that support account systems, storage records, and secure data storage;
  • payment processors that handle card payments, direct debits, or other payment methods;
  • identity verification and fraud prevention providers used to confirm customer identity and reduce risk;
  • security service providers supporting CCTV systems, alarm monitoring, access control, and incident handling;
  • accounting, audit, and professional advisers where necessary for finance, compliance, or dispute management;
  • debt recovery or legal advisers where accounts are in arrears or disputes require formal action;
  • public authorities, regulators, or law enforcement where disclosure is required by law or necessary to establish, exercise, or defend legal rights.

All processors are required to protect personal data, act only on documented instructions, and implement appropriate technical and organisational security measures. We do not sell personal data.

5. Retention of Personal Data

We keep personal data only for as long as necessary for the purpose for which it was collected, including the need to meet legal, accounting, operational, and security requirements. Retention periods depend on the type of information and the circumstances of use.

  • Customer account records are normally kept for the duration of the contract and for a further period where needed for administration, dispute resolution, or legal defence.
  • Financial and tax records are retained for the period required by applicable accounting and tax laws.
  • Security records such as access logs and CCTV footage are retained for a limited period unless needed for investigation, safety, or legal proceedings.
  • Enquiry and correspondence records are kept for as long as necessary to manage the request and any follow-up issues.
  • Legal claim records may be retained longer where necessary to establish, exercise, or defend legal claims.

When personal data is no longer required, we will delete it securely or anonymise it so that it can no longer identify an individual.

6. Data Security

We take appropriate security measures to protect personal data from unauthorised access, loss, misuse, alteration, or disclosure. These measures may include access restrictions, secure storage, staff training, monitoring, and contractual controls on processors. While no system can be guaranteed completely secure, we aim to maintain a level of protection appropriate to the risks involved.

7. Your Rights

Individuals whose personal data we process have rights under data protection law. Subject to legal limits and exemptions, these include the right to:

  • access the personal data we hold about you;
  • rectification of inaccurate or incomplete data;
  • erasure of data in certain circumstances;
  • restrict processing in certain situations;
  • object to processing based on legitimate interests or direct marketing;
  • data portability for information you provided to us, where the law applies;
  • withdraw consent where processing is based on consent;
  • complain to the relevant supervisory authority if you believe your rights have been infringed.

Important: some rights may not apply in full where we need to retain data to comply with a legal obligation, defend legal claims, or meet contractual and security requirements.

8. Automated Decision-Making

We do not use personal data to make decisions based solely on automated processing that produce legal or similarly significant effects, unless this is clearly permitted by law and appropriate safeguards are in place.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, service provision, or operational practices. The current version will apply from the date it takes effect. We encourage customers to review this policy periodically so they remain informed about how their data is handled.

10. Scope of Application

This Privacy Policy applies to all Selfstorage Maidavale customers in the area, as well as prospective customers and authorised individuals acting in connection with our storage services. By using our services, you acknowledge that your personal data may be processed as described in this policy and in accordance with applicable data protection law.

Privacy, security, and lawful handling of personal data are central to the way Selfstorage Maidavale operates.

Call Now!
Call Now Get a Quote
Selfstorage Maidavale

GDPR-compliant Privacy Policy for Selfstorage Maidavale covering data collection, lawful basis, retention, processors, user rights, and regional applicability.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.