Privacy Policy - Rotherhithe Storage

Effective date: This Privacy Policy applies to all Rotherhithe Storage customers in the area and explains how we collect, use, store, and protect personal data in compliance with the UK GDPR and the Data Protection Act 2018.

We are committed to handling personal information lawfully, fairly, and transparently. This policy applies to current, past, and prospective customers, as well as anyone who interacts with us in connection with storage services, account management, access arrangements, billing, or support.

1. Who We Are

Rotherhithe Storage provides storage services to individuals and businesses. For the purposes of data protection law, we act as the data controller for personal data we collect and use in connection with our services. This means we decide why and how your personal data is processed.

We take our responsibilities seriously and apply appropriate technical and organisational measures to safeguard personal data against unauthorised access, accidental loss, misuse, or alteration.

2. Information We Collect

We may collect and process the following categories of personal data:

  • Identity data: full name, title, date of birth, and identification details where required for verification.
  • Contact data: address, email address, telephone number, and other communication details.
  • Account data: customer reference numbers, storage unit details, access records, booking information, and service preferences.
  • Payment data: payment card details, bank account information, billing address, and transaction history.
  • Correspondence data: emails, letters, call notes, complaints, and feedback.
  • Security and access data: CCTV images, access logs, gate entry records, alarm activity, and incident reports where applicable.
  • Technical data: device information, IP address, browser type, and usage data when you interact with our digital services or systems.

In some cases, we may also process limited sensitive or special category data only where necessary and permitted by law, for example if such information is voluntarily disclosed in relation to a complaint, access request, or safeguarding matter. We do not seek to collect special category data unless there is a clear lawful basis for doing so.

3. How We Use Your Data

We use personal data for the following purposes:

  • to provide and manage storage services;
  • to create and administer customer accounts;
  • to verify identity and prevent fraud;
  • to process payments, deposits, invoices, refunds, and arrears;
  • to communicate service updates, notices, and account information;
  • to manage access to storage facilities and maintain security;
  • to respond to enquiries, complaints, and disputes;
  • to comply with legal and regulatory obligations;
  • to protect our rights, property, staff, customers, and visitors;
  • to analyse service performance and improve operations;
  • to maintain internal records, audit trails, and evidence of transactions.

We only use your data for purposes that are compatible with the reasons it was collected, or where we have a valid legal reason to do otherwise.

4. Lawful Basis for Processing

Under GDPR, we must have a lawful basis for each type of processing. Depending on the context, we rely on the following bases:

Contract

We process personal data where it is necessary to enter into or perform a contract with you. This includes setting up an account, providing storage services, processing payments, and managing access arrangements.

Legal Obligation

We may process personal data where required to comply with laws and regulations, including accounting, tax, fraud prevention, health and safety, and lawful requests from public authorities.

Legitimate Interests

We may process personal data where it is necessary for our legitimate business interests, provided these interests do not override your rights and freedoms. Examples include maintaining security, preventing misuse, managing disputes, improving services, and keeping records of interactions.

Consent

Where consent is needed, such as for certain optional communications or specific processing activities, we will ask for it clearly and separately. You may withdraw consent at any time, without affecting the lawfulness of processing carried out before withdrawal.

5. Sharing and Processors

We may share personal data with trusted third parties who act as processors or, in some cases, independent controllers. These parties only process data on our instructions or where there is another lawful basis.

Examples of processors and service providers may include:

  • payment processors and banking service providers;
  • IT hosting, cloud storage, and software providers;
  • security and CCTV service providers;
  • maintenance and facilities management contractors;
  • professional advisers such as accountants, auditors, or legal advisers;
  • customer communication platforms and document management providers.

We require processors to implement appropriate security measures and to process personal data only in accordance with our written instructions, where applicable. We do not sell personal data.

We may also disclose data where required by law, court order, regulatory request, or where necessary to protect our legitimate interests, enforce agreements, or prevent crime.

6. International Transfers

If any personal data is transferred outside the UK, we will ensure that appropriate safeguards are in place. These may include adequacy regulations, standard contractual clauses, or other lawful transfer mechanisms designed to protect your information to an equivalent standard.

7. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, including legal, accounting, insurance, and reporting requirements. Retention periods vary depending on the type of data and the reasons for processing.

In general, we may retain:

  • account and contract records for the duration of the customer relationship and for a reasonable period afterwards;
  • financial and tax records for the period required by law;
  • security records, including access logs and CCTV footage, for short periods unless needed for investigation or legal purposes;
  • correspondence and dispute records for as long as necessary to deal with the matter and protect our rights.

When data is no longer needed, we will securely delete, anonymise, or destroy it.

8. Your Rights Under GDPR

You have a number of rights in relation to your personal data. Subject to legal limits and exemptions, these may include:

  • The right to be informed about how we use your data.
  • The right of access to obtain a copy of the personal data we hold about you.
  • The right to rectification to correct inaccurate or incomplete data.
  • The right to erasure in certain circumstances, also known as the right to be forgotten.
  • The right to restrict processing in certain cases, for example while a dispute is being resolved.
  • The right to data portability for information you provided to us in certain structured formats.
  • The right to object to processing based on legitimate interests or direct marketing.
  • Rights relating to automated decision-making, where applicable.

If you wish to exercise any of these rights, we will respond in line with applicable legal requirements. We may need to verify your identity before acting on a request. Where requests are complex or numerous, we may need additional time, but we will always keep you informed.

9. Security Measures

We use appropriate physical, administrative, and technical safeguards to protect personal data. These measures may include access controls, password protection, staff training, encryption where appropriate, secure storage, and restricted access to sensitive records.

Although we take reasonable steps to secure information, no system can be guaranteed as completely secure. In the event of a personal data breach, we will assess the risk and take appropriate action, including notification where required by law.

10. Data Accuracy and Your Responsibility

We rely on accurate personal data to deliver our services effectively. Please keep your details up to date and inform us of changes where relevant. Accurate information helps ensure correct billing, effective communication, and proper account administration.

11. Children

Our storage services are not directed at children. We do not knowingly collect personal data from children except where necessary in connection with lawful business activities and where appropriate safeguards are in place.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, regulation, operational practices, or service delivery. The latest version will apply from the date it is published or otherwise communicated. We encourage customers to review it periodically.

13. Summary of Key Principles

In summary, Rotherhithe Storage processes personal data only where there is a valid lawful basis, uses information for clear and limited purposes, retains it only as long as necessary, and relies on trusted processors under appropriate safeguards. We aim to ensure that all customers in the area can use our services with confidence that their personal data is treated responsibly and in accordance with GDPR principles.

Privacy, fairness, and security are central to how we operate. By using our services, customers can expect their personal data to be handled with care, respect, and legal compliance.

Call Now!
Call Now Get a Quote
Rotherhithe Storage

GDPR-compliant privacy policy for Rotherhithe Storage covering data collection, lawful basis, retention, processors, user rights, and applicable to all local customers.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.