Privacy Policy - Nottinghill Storage

This Privacy Policy explains how Nottinghill Storage collects, uses, stores, shares, and protects personal data. It applies to all Nottinghill Storage customers in the area, including prospective customers, current customers, former customers, and individuals who contact us about our services. We are committed to handling personal data in accordance with the UK GDPR and the Data Protection Act 2018.

1. Who this policy applies to

This policy applies to anyone whose personal data we process in connection with our storage services, account administration, billing, access control, customer support, site safety, and legal compliance. It also applies where we receive information from a customer’s representative, insurer, emergency contact, or authorised third party.

2. Personal data we collect

We only collect information that is relevant and necessary for providing secure storage services, managing our business, and meeting legal obligations. Depending on how you interact with us, we may collect the following categories of data:

  • Identity data: name, date of birth, and identification details where required for verification.
  • Contact data: address, email address, telephone number, and correspondence details.
  • Account and contract data: booking details, rental agreement information, storage unit reference, payment plan, and customer records.
  • Financial data: payment status, transaction records, billing information, and limited card or payment method details processed through secure payment systems.
  • Access and security data: entry logs, gate access records, CCTV footage, alarm records, and incident reports.
  • Communication data: emails, notes from calls, messages, complaints, and service requests.
  • Technical data: device or system information collected through our digital systems, such as IP address or browser details, where applicable.
  • Special category data: we do not intend to collect special category data. If such data is provided to us incidentally, we will handle it with additional care and only where a lawful basis exists.

We usually receive personal data directly from you, but we may also obtain it from authorised users, payment processors, insurers, debt recovery partners, or public authorities when lawful and necessary.

3. How we use your personal data

We use personal data for legitimate and necessary purposes connected to our storage operations. These include:

  • setting up and managing customer accounts;
  • verifying identity and preventing fraud;
  • processing reservations, agreements, renewals, and cancellations;
  • handling payments, invoices, refunds, and arrears;
  • providing customer support and responding to queries;
  • maintaining site security and protecting people, property, and assets;
  • monitoring access to storage facilities;
  • investigating incidents, disputes, theft, damage, or misuse;
  • meeting tax, accounting, insurance, and legal requirements;
  • improving our services, systems, and customer experience;
  • defending legal claims or enforcing our contractual rights.

We do not use your personal data for purposes that are incompatible with the reasons for which it was collected, unless we are required or permitted to do so by law.

4. Lawful basis for processing

Under data protection law, we must have a lawful basis for each processing activity. Nottinghill Storage relies on the following lawful bases:

  • Contract: where processing is necessary to enter into or perform our storage agreement, including account management, billing, and access control.
  • Legal obligation: where we must process data to comply with laws relating to tax, accounting, fraud prevention, health and safety, and record keeping.
  • Legitimate interests: where processing is necessary for our legitimate business interests, provided those interests are not overridden by your rights and freedoms. This may include security monitoring, CCTV use, service improvement, and managing disputes.
  • Consent: in limited situations where we rely on your permission, such as optional marketing communications or other uses requiring consent. You may withdraw consent at any time.

Where we rely on legitimate interests, we assess the necessity of the processing and the impact on your privacy to ensure your rights are respected.

5. Sharing personal data and processors

We may share personal data with trusted third parties that help us operate our business. These organisations act either as processors or independent controllers, depending on the service provided.

Processors we may use

  • Payment service providers: to process customer payments securely.
  • IT and cloud service providers: to host systems, store records, and support digital infrastructure.
  • Security providers: to support CCTV, alarm systems, access control, and security monitoring.
  • Accounting and bookkeeping providers: to support financial administration and compliance.
  • Customer management and communications providers: to manage booking systems, emails, and service messages.
  • Maintenance and operational contractors: where access to limited data is necessary to carry out services safely and effectively.

We require processors to handle personal data only on our instructions, to keep it secure, and to use it only for the agreed purpose. We do not allow them to use your data for their own independent purposes.

We may also disclose personal data where required by law, including to regulators, law enforcement, courts, insurers, or professional advisers. If a business restructure, transfer, or sale occurs, personal data may be shared with relevant parties in a way that remains protected by applicable data protection requirements.

6. Data retention

We keep personal data only for as long as necessary for the purpose for which it was collected, or for as long as required by law. Retention periods depend on the nature of the record and our legal obligations.

  • Customer and contract records: retained for the duration of the relationship and for a reasonable period afterwards to deal with disputes, claims, and administration.
  • Financial and accounting records: retained for the period required under tax and accounting law.
  • Security records, including CCTV and access logs: retained for a limited period unless needed longer for an investigation, insurance matter, or legal claim.
  • Correspondence and complaints: retained for as long as necessary to manage the issue and maintain business records.

When data is no longer required, it is securely deleted, anonymised, or destroyed in accordance with our retention procedures. In some cases, we may retain data longer where we need it to establish, exercise, or defend legal claims.

7. International transfers

Where personal data is transferred outside the UK, we will ensure that appropriate safeguards are in place so that the information remains protected to a standard consistent with UK data protection law. Such safeguards may include adequacy regulations or approved contractual protections.

8. Your rights

Under data protection law, you have a number of rights regarding your personal data. These rights may apply in full or in part depending on the circumstances and the legal basis used for processing.

  • Right of access: you can request confirmation of whether we process your data and receive a copy of that data.
  • Right to rectification: you can ask us to correct inaccurate or incomplete information.
  • Right to erasure: in certain situations, you can ask us to delete your personal data.
  • Right to restrict processing: you can request that we limit the way we use your data in specific cases.
  • Right to data portability: where applicable, you may request that we provide your data in a structured, commonly used format.
  • Right to object: you can object to processing based on legitimate interests, and to direct marketing at any time.
  • Right to withdraw consent: where we rely on consent, you may withdraw it without affecting the lawfulness of prior processing.

We will respond to valid requests within the time limits required by law. If we are unable to act on a request, we will explain the reason, subject to any legal restrictions.

9. Security of your data

We take the security of personal data seriously and use organisational and technical measures designed to protect it from unauthorised access, loss, misuse, alteration, or disclosure. These measures may include access controls, secure storage, staff training, monitoring procedures, and restricted permissions. While no system is completely secure, we continually review our safeguards to reduce risk.

10. Marketing

If we send marketing communications, we will do so in line with applicable law. Where consent is required, we will obtain it before sending such communications. You may opt out at any time, and we will respect any valid objection to direct marketing.

11. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or processing practices. Any revised version will apply from the date it is issued. We encourage customers to review the policy periodically to stay informed about how personal data is handled.

12. Summary of our commitment

Nottinghill Storage is committed to processing personal data fairly, lawfully, and transparently. We collect only what we need, use it for clear and justified purposes, keep it only as long as necessary, share it responsibly with trusted processors, and respect your rights. Our goal is to provide secure storage services while safeguarding privacy at every stage.

This policy applies to all Nottinghill Storage customers in area.

Call Now!
Call Now Get a Quote
Nottinghill Storage

GDPR-compliant Privacy Policy for Nottinghill Storage covering data collection, lawful basis, retention, processors, and user rights for all local customers.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.