Privacy Policy - Sidcup Storage

Effective date: This Privacy Policy applies to all Sidcup Storage customers in the area and explains how personal data is collected, used, stored, shared, and protected when you use our storage services.

Sidcup Storage is committed to handling personal data in a lawful, fair, and transparent manner in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy is designed to help you understand what information we collect, why we collect it, how long we keep it, who may process it on our behalf, and what rights you have in relation to your data.

1. Information We Collect

We only collect personal data that is necessary for operating our storage services, maintaining security, fulfilling legal obligations, and managing customer relationships. The categories of data we may collect include:

  • Identity information such as your name, title, and date of birth where needed for verification.
  • Contact information such as postal address, email address, and telephone number.
  • Account and service information including booking details, unit access records, payment status, and service preferences.
  • Payment information such as billing details and transaction records. We do not generally store full card details where a third-party payment provider is used.
  • Security and access information including CCTV footage, alarm logs, gate entry logs, and incident reports where applicable.
  • Communications data such as correspondence, complaints, enquiries, and records of customer support interactions.
  • Technical information such as device and browser data when you interact with our digital systems, if used.

We may also collect limited information about third parties you provide to us, for example emergency contacts, authorised users, or alternative billing contacts. If you share someone else’s details with us, you should ensure that they are aware of this Privacy Policy.

2. How We Use Your Personal Data

We use personal data only where we have a valid reason to do so. The main purposes for which we process information include:

  • setting up and managing your storage agreement;
  • verifying identity and preventing fraud;
  • providing access to storage units and related services;
  • processing payments, invoices, refunds, and account administration;
  • communicating about service changes, renewals, notices, and support matters;
  • maintaining security, protecting property, and investigating incidents;
  • meeting legal, regulatory, insurance, and accounting obligations;
  • handling complaints, claims, or disputes;
  • improving our operations, systems, and customer service.

We do not use your personal data for purposes that are incompatible with the reasons for which it was collected unless we are permitted or required by law to do so.

3. Lawful Basis for Processing

Under data protection law, we must have a lawful basis for each use of personal data. Depending on the circumstances, we rely on one or more of the following:

Contract

We process personal data where it is necessary to enter into or perform a contract with you. This includes managing bookings, access, billing, renewals, and customer support connected with your storage agreement.

Legal Obligation

We may process data to comply with legal requirements, including tax rules, accounting obligations, fraud prevention duties, safeguarding obligations, and lawful requests from authorities.

Legitimate Interests

We may process personal data where it is necessary for our legitimate business interests, provided those interests are not overridden by your rights and freedoms. Examples include site security, CCTV monitoring, service administration, debt recovery, and improving our services. When relying on legitimate interests, we take steps to ensure the processing is proportionate and privacy-conscious.

Consent

In limited circumstances, we may ask for your consent to process certain information. Where consent is used, you may withdraw it at any time. Withdrawal of consent will not affect the lawfulness of processing carried out before consent was withdrawn.

Vital Interests

In rare situations, we may process personal data to protect someone’s life or physical safety.

4. Data Retention

We keep personal data only for as long as necessary to fulfil the purposes described in this policy, including any legal, accounting, insurance, or reporting requirements. Retention periods depend on the type of record and the reasons for keeping it.

In general:

  • customer contract and account records are kept for the duration of the service relationship and for a reasonable period afterwards;
  • financial and tax-related records are retained for the period required by law;
  • security records, such as CCTV or access logs, are kept for a shorter period unless needed for an investigation, claim, or legal matter;
  • complaints and correspondence may be retained for the time needed to resolve the issue and to support future reference or legal defence.

When personal data is no longer required, we will securely delete, anonymise, or otherwise dispose of it in a safe and lawful manner. Retention may be extended where necessary to deal with disputes, investigations, or regulatory requirements.

5. Processors and Data Sharing

We may share personal data with trusted third parties who process information on our behalf or independently for operational, legal, or service-related reasons. These parties may include:

  • IT and cloud service providers who support secure storage, data hosting, and system administration;
  • payment processors who handle card or electronic transactions;
  • accounting and bookkeeping providers who assist with financial records and compliance;
  • security providers who may support alarm systems, CCTV storage, or site monitoring;
  • professional advisers such as lawyers, insurers, and auditors;
  • debt recovery or enforcement partners where necessary and lawful;
  • public authorities where disclosure is required by law or to protect rights, property, or safety.

Where third parties process data on our behalf, they act as processors and are required to protect personal data, use it only for authorised purposes, and follow appropriate security and confidentiality obligations. Where a third party acts as an independent controller, their own privacy notice will apply in addition to this policy.

We do not sell personal data. We also do not share personal data for unrelated marketing purposes unless you have been informed and any required legal basis is in place.

6. Data Security

We take appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, misuse, alteration, or disclosure. These may include access controls, password protection, staff confidentiality obligations, secure storage, monitoring, and supplier due diligence.

While no system can be guaranteed to be completely secure, we work to reduce risks and to respond promptly to any suspected data incident.

7. Your Rights

Under data protection law, you have a number of rights in relation to your personal data. These rights may be subject to conditions or exemptions depending on the circumstances. Your rights include:

  • Right of access – to request a copy of the personal data we hold about you.
  • Right to rectification – to ask us to correct inaccurate or incomplete information.
  • Right to erasure – to request deletion of your data in certain cases.
  • Right to restriction – to ask us to limit how we use your data in certain situations.
  • Right to object – to object to processing based on legitimate interests or direct marketing, where applicable.
  • Right to data portability – to receive certain information in a structured, commonly used format where technically feasible.
  • Right to withdraw consent – where processing is based on consent, you may withdraw it at any time.

If you exercise any of these rights, we may need to verify your identity before responding. We aim to respond within the time limits required by law.

8. Automated Decision-Making

We do not generally use automated decision-making that produces legal or similarly significant effects about you. If this changes, we will provide appropriate information about the logic involved, the significance of the processing, and your available rights.

9. Children’s Data

Our storage services are not directed at children. We do not knowingly collect personal data from children except where it is necessary for security, emergency contacts, or where provided by an adult customer in connection with the service and permitted by law.

10. International Transfers

If personal data is transferred outside the United Kingdom, we will ensure that appropriate safeguards are in place so that the data remains protected in line with applicable data protection law. This may include recognised adequacy regulations, standard contractual clauses, or equivalent protections.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or operational practices. The most recent version will apply from the date it is issued. We encourage customers to review this policy periodically so they remain informed about how personal data is used.

12. Summary of Key Points

  • We collect only the data needed to run Sidcup Storage services safely and lawfully.
  • We use lawful bases such as contract, legal obligation, legitimate interests, and consent where appropriate.
  • We retain data only as long as necessary and then delete or anonymise it securely.
  • We use processors under strict confidentiality and data protection terms.
  • You have rights over your personal data and may contact us through the appropriate service channels to exercise them.

Privacy is important to us. We aim to handle all personal data with care, transparency, and respect, ensuring that our processing remains proportionate to the needs of our storage services and compliant with GDPR requirements.

Call Now!
Call Now Get a Quote
Sidcup Storage

GDPR-compliant privacy policy for Sidcup Storage covering data collection, lawful basis, retention, processors, user rights, and applicability to all customers in the area.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.