Privacy Policy - Anerley Storage

Applies to all Anerley Storage customers in the local area. This Privacy Policy explains how Anerley Storage collects, uses, shares, stores, and protects personal data when you use our storage services, visit our premises, communicate with us, or otherwise interact with us. We are committed to handling personal information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who this policy applies to

This policy applies to all Anerley Storage customers in area, including individuals, business customers, and authorised representatives who enquire about, reserve, access, or manage storage services. It also applies where we receive personal data from third parties acting on your behalf, such as payment providers, identity verification services, and contractors involved in delivering storage services.

2. Personal data we collect

We only collect personal data that is necessary and relevant to provide storage services, manage our relationship with you, meet legal obligations, and protect our business, customers, and premises. The categories of data we may collect include:

  • Identity data such as your name, date of birth, and identification details where required.
  • Contact data such as address, email address, telephone number, and billing address.
  • Account and contract data such as customer reference numbers, storage unit details, access arrangements, booking dates, and service preferences.
  • Payment and transaction data such as payment status, invoice history, and partial payment details processed by payment providers.
  • Security and access data such as entry records, key or access-code usage, CCTV footage, and incident reports.
  • Correspondence data including emails, complaints, service requests, and other communications.
  • Technical data where you interact with our digital systems, including device or browser information, if applicable.

We do not intentionally collect special category data unless it is clearly necessary for a specific legal or operational reason and a valid lawful basis applies. We ask that you do not provide unnecessary sensitive information.

3. How we use personal data

We use personal data for the following purposes:

  • to set up and manage your storage agreement;
  • to verify your identity and prevent fraud;
  • to process payments, invoices, and account administration;
  • to provide access to your storage unit and manage site security;
  • to communicate with you about your account, notices, changes, or service issues;
  • to handle complaints, claims, and disputes;
  • to comply with legal and regulatory obligations;
  • to maintain records and support business operations;
  • to protect the rights, property, and safety of Anerley Storage, our customers, staff, and visitors.

We may also use data in anonymised or aggregated form for operational reporting, service improvement, and planning, provided that it no longer identifies you.

4. Lawful basis for processing

Under data protection law, we must have a lawful basis to process your personal data. Depending on the context, we rely on one or more of the following:

Contract

Processing is necessary to perform our storage agreement with you or to take steps at your request before entering into a contract. This includes setting up accounts, managing access, taking payments, and delivering the services you have requested.

Legal obligation

We process certain information to comply with legal obligations. This may include tax, accounting, fraud prevention, health and safety, security, and lawful requests from authorities.

Legitimate interests

We may process data where it is necessary for our legitimate business interests and those interests are not overridden by your rights and freedoms. Examples include protecting premises, preventing misuse of services, improving operations, resolving disputes, and maintaining business records. When we rely on legitimate interests, we assess whether processing is proportionate and appropriate.

Consent

In limited cases, we may rely on your consent. If we do, you can withdraw consent at any time. Withdrawal does not affect processing carried out before consent was withdrawn.

5. Data sharing and processors

We do not sell your personal data. We may share personal data with trusted service providers and other third parties where necessary and lawful. These parties act as processors or independent controllers depending on the service they provide.

Examples of processors and recipients may include:

  • payment processing providers;
  • IT, cloud hosting, and software support providers;
  • identity verification or fraud prevention services;
  • security and CCTV system providers;
  • professional advisers such as accountants, auditors, insurers, or legal advisers;
  • maintenance, cleaning, or site service contractors, where access is needed to carry out work;
  • government bodies, regulators, law enforcement, or courts where disclosure is required by law.

Where a third party acts as a processor, they are only permitted to process personal data on our instructions, must protect it appropriately, and may not use it for their own purposes. We require appropriate contractual and technical safeguards from our processors.

6. Retention of personal data

We keep personal data only for as long as necessary for the purposes for which it was collected, including to meet legal, accounting, security, and reporting requirements. Retention periods depend on the type of data and the reason for processing.

  • Customer account and contract records are retained for the duration of the agreement and for a period afterwards as required for administration, dispute handling, and legal compliance.
  • Payment and invoice records are kept for the time needed to meet tax and accounting obligations.
  • Security records such as access logs or CCTV footage are kept only for a limited period unless they are needed for an investigation, claim, or legal process.
  • Correspondence and complaint records are retained for as long as needed to resolve the matter and for a reasonable period afterwards.

When data is no longer required, we will delete, anonymise, or securely destroy it.

7. Data security

We take appropriate technical and organisational measures to protect personal data against loss, misuse, unauthorised access, disclosure, alteration, or destruction. These measures may include access controls, staff confidentiality duties, secure storage, system monitoring, and restricted permissions. While no method of transmission or storage is completely secure, we work to maintain a level of security appropriate to the risk.

8. International transfers

If personal data is transferred outside the UK, we ensure that appropriate safeguards are in place in accordance with data protection law. This may include using adequacy regulations, standard contractual clauses, or other lawful transfer mechanisms designed to protect your information.

9. Your rights

Under data protection law, you have a number of rights in relation to your personal data. These rights may be subject to conditions and exceptions, but we will always review requests carefully and respond within the required timeframes.

  • Right of access – you can ask for a copy of the personal data we hold about you.
  • Right to rectification – you can ask us to correct inaccurate or incomplete data.
  • Right to erasure – in some circumstances, you can ask us to delete your data.
  • Right to restrict processing – you can ask us to limit how we use your data in certain situations.
  • Right to data portability – in some cases, you can request a copy of data you provided to us in a reusable format.
  • Right to object – you can object to processing based on legitimate interests and, in some cases, direct marketing.
  • Right to withdraw consent – where processing is based on consent, you may withdraw it at any time.

If you wish to exercise any of these rights, we may need to verify your identity before responding. We will not charge a fee unless a request is manifestly unfounded, excessive, or repetitive.

10. Marketing preferences

We only send marketing communications where permitted by law. You can object to marketing at any time. Where required, we will stop sending such messages once you opt out. Even if you opt out of marketing, we may still contact you about operational matters relating to your storage account.

11. Children’s data

Our services are not directed at children, and we do not knowingly collect personal data from children except where required in connection with an adult customer’s lawful use of our services and where appropriate safeguards are in place.

12. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in law, our services, or how we process personal data. Any updates will take effect when published or otherwise communicated. We encourage customers to review this policy periodically so they remain informed about how their personal data is handled.

13. Summary of our commitment

Anerley Storage is committed to processing personal data fairly, lawfully, and transparently. We collect only what we need, use it for clear and legitimate purposes, share it responsibly with trusted processors, retain it for appropriate periods, and respect your rights under data protection law. This policy is intended to provide clear information to all Anerley Storage customers in area about how their personal data is managed.

Call Now!
Call Now Get a Quote
Anerley Storage

GDPR-compliant privacy policy for Anerley Storage covering data collection, lawful basis, retention, processors, and user rights for local customers.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.