Privacy Policy - Goldersgreen Storage

This Privacy Policy explains how Goldersgreen Storage collects, uses, shares, stores, and protects personal data relating to our customers. It applies to all Goldersgreen Storage customers in the area, including prospective customers, current customers, former customers, and any individual who communicates with us in connection with our storage services. We are committed to handling personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

Goldersgreen Storage provides storage-related services to individuals and businesses. For the purposes of data protection law, we act as a data controller when deciding how and why personal data is processed. This means we are responsible for ensuring that personal data is handled lawfully, fairly, and transparently.

2. Personal Data We Collect

We collect only the data that is necessary for the operation of our services, account management, security, and compliance. Depending on your interaction with us, the personal data we may collect includes:

  • Identity data, such as your name and, where relevant, business name;
  • Contact data, such as postal address, email address, and telephone number;
  • Account and transaction data, including payment records, invoices, service history, and billing details;
  • Security and access data, such as keyholder information, access logs, or entry records where applicable;
  • Communication data, including enquiries, complaints, and correspondence with us;
  • Technical data, such as IP address, device information, and browser-related information if you interact with our digital systems;
  • Legal and verification data, where we are required to confirm identity or comply with legal obligations.

We do not intentionally collect special category data unless it is necessary and permitted by law. Special category data includes information about health, religion, ethnicity, political opinions, or similar sensitive details. If such data is ever provided to us, we will process it only where a lawful basis applies and additional protections are in place.

3. How We Use Your Data

We use personal data for the following purposes:

  • To provide and manage storage services;
  • To set up and administer customer accounts;
  • To process payments, invoices, refunds, and credit control;
  • To maintain security and prevent fraud or misuse;
  • To communicate service updates, notices, and important account information;
  • To handle enquiries, complaints, and customer support requests;
  • To meet legal, regulatory, accounting, and tax obligations;
  • To protect our property, our systems, our staff, and our customers;
  • To establish, exercise, or defend legal claims where necessary.

We will only process personal data for specified, explicit, and legitimate purposes, and we will not use it in ways that are incompatible with those purposes.

4. Lawful Basis for Processing

Under the UK GDPR, we must have a lawful basis for each type of processing. We rely on the following lawful bases:

Contract

We process personal data when it is necessary to enter into or perform a contract with you. This includes providing storage services, managing your account, issuing invoices, and fulfilling our obligations to you as a customer.

Legal Obligation

We process data where necessary to comply with laws and regulations, including tax, accounting, security, and record-keeping obligations.

Legitimate Interests

We may process personal data where it is necessary for our legitimate interests, provided your rights and interests do not override those interests. Examples include managing business operations, protecting against fraud, ensuring site security, improving our services, and defending legal claims. Where we rely on legitimate interests, we assess the impact on individuals and ensure the processing is proportionate.

Consent

In limited situations, we may rely on your consent, for example where the law requires consent for a specific type of communication or processing. If we rely on consent, you may withdraw it at any time. Withdrawal will not affect the lawfulness of processing carried out before consent was withdrawn.

5. Sharing Your Data and Processors

We may share personal data with trusted third parties who act as processors or, in some cases, independent controllers. Processors are organisations that process personal data on our behalf and only according to our instructions. We require all processors to maintain appropriate technical and organisational safeguards.

Examples of processors and service providers may include:

  • Payment processors for handling card and online payment transactions;
  • IT and cloud service providers for secure data storage, email, and system maintenance;
  • Customer management and accounting providers for invoicing, bookkeeping, and administrative support;
  • Security service providers where monitoring, alarm, or access-control systems are used;
  • Professional advisers such as lawyers, accountants, or insurers;
  • Public authorities, regulators, or law enforcement where disclosure is required by law.

We do not sell personal data. Where data is shared, it is shared only when necessary and under appropriate contractual or legal safeguards.

6. International Transfers

If any of our processors or service providers transfer personal data outside the UK, we will ensure that appropriate safeguards are in place. These may include adequacy regulations, the International Data Transfer Agreement, or other lawful transfer mechanisms recognised under UK data protection law.

7. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including satisfying legal, accounting, tax, and reporting requirements. The retention period depends on the type of data and the reason we hold it.

In general:

  • Customer account and transaction records may be retained for the duration of the customer relationship and for a further period after closure to meet legal obligations;
  • Communication records may be retained for as long as needed to respond to enquiries, resolve disputes, or maintain service history;
  • Security records and access logs may be retained for a shorter period unless they are needed for incident investigation or legal claims;
  • Records required for tax, accounting, or compliance purposes will be retained for the period required by applicable law.

When data is no longer needed, we will securely delete, anonymise, or otherwise dispose of it in a safe manner.

8. Data Security

We take appropriate measures to protect personal data against accidental loss, unauthorised access, alteration, disclosure, or destruction. These measures may include access controls, secure storage, staff training, encryption where appropriate, and ongoing monitoring of our systems and procedures. While no system can be guaranteed completely secure, we work to maintain a level of protection appropriate to the risks involved.

9. Your Rights

Under the UK GDPR, you have a number of rights in relation to your personal data. These rights are subject to certain conditions and exceptions. They include:

  • Right of access – you may request a copy of the personal data we hold about you;
  • Right to rectification – you may ask us to correct inaccurate or incomplete data;
  • Right to erasure – you may ask us to delete your data in certain circumstances;
  • Right to restriction – you may ask us to limit how we use your data in certain situations;
  • Right to data portability – you may request certain data in a structured, commonly used format;
  • Right to object – you may object to processing based on legitimate interests or direct marketing;
  • Right to withdraw consent – where processing is based on consent, you may withdraw that consent at any time.

You also have the right to make a complaint to the Information Commissioner’s Office (ICO) if you believe your data rights have been infringed. We encourage you to contact us first so that we can try to resolve any concerns promptly and fairly.

10. Automated Decision-Making

We do not generally make decisions about customers based solely on automated processing that produce legal or similarly significant effects. If this position changes, we will provide appropriate information about the logic involved and the rights available to you.

11. Children’s Data

Our services are intended for adults and business users. We do not knowingly collect personal data from children unless it is necessary in a specific legal or administrative context. If we become aware that we have collected data from a child without appropriate authority, we will take steps to delete it where required.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, our services, or our internal practices. Any updated version will apply from the date it is published or otherwise communicated. We recommend reviewing this policy periodically to stay informed about how we protect your information.

13. Summary of Our Commitment

Goldersgreen Storage is committed to processing personal data lawfully, fairly, and transparently. We collect only the information needed to provide our services, keep it secure, retain it only as long as necessary, and share it only with trusted processors or where the law requires it. We respect your rights and aim to handle all personal data responsibly for every customer in the area.

Call Now!
Call Now Get a Quote
Goldersgreen Storage

GDPR-compliant Privacy Policy for Goldersgreen Storage covering data collection, lawful basis, retention, processors, and user rights.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.