Privacy Policy - Northsheen Storage

This Privacy Policy explains how Northsheen Storage collects, uses, stores, shares, and protects personal data in connection with its storage services. It applies to all Northsheen Storage customers in the area, including individuals and businesses that use our storage facilities, related services, or make enquiries about our services. We are committed to handling personal data in a lawful, fair, and transparent way in accordance with the UK GDPR and the Data Protection Act 2018.

1. Who We Are

Northsheen Storage is responsible for deciding how and why personal data is processed for the purposes described in this Privacy Policy. In GDPR terms, we are the data controller for the personal data we collect from customers, prospects, suppliers, and visitors in relation to our storage services.

2. Personal Data We Collect

We only collect personal data that is necessary for providing and managing our services, meeting legal obligations, and improving our operations. The types of data we may collect include:

  • Identity data: name, date of birth, and identification details where required for verification.
  • Contact data: address, email address, telephone number, and correspondence details.
  • Account data: customer reference numbers, storage unit details, booking information, and service history.
  • Payment data: billing information, payment status, and transaction records. We do not retain full payment card details unless necessary and permitted by law.
  • Security and access data: CCTV images, access logs, key or entry records, and other information used to protect our premises and customers.
  • Enquiry data: information provided when you contact us, request a quotation, or ask about our services.
  • Technical data: device, browser, and usage information if you interact with our digital systems or online forms.

In limited cases, we may also process information relating to disputes, claims, insurance matters, or incidents involving goods stored with us.

3. How We Collect Your Data

We may collect personal data directly from you when you complete forms, enter into a storage agreement, communicate with us, make a payment, or use our premises. We may also receive data from third parties such as payment providers, identity verification services, insurance providers, legal advisers, or public authorities where appropriate and lawful.

4. Lawful Basis for Processing

We process personal data only where we have a lawful basis under GDPR. The main lawful bases we rely on are:

  • Contract: to enter into and perform our storage agreement, manage your account, provide access to a unit, and deliver related services.
  • Legal obligation: to comply with tax rules, accounting requirements, fraud prevention obligations, and other applicable laws.
  • Legitimate interests: to operate and secure our business, prevent misuse of our facilities, improve services, manage disputes, and protect customers, staff, and property. Where we rely on legitimate interests, we ensure that your interests and rights do not override ours.
  • Consent: where required, such as for certain optional marketing activities or specific uses of data that depend on your permission.

Where we process special category data or other sensitive information, we will only do so when a further condition under GDPR applies and additional safeguards are in place. We do not seek to collect such data routinely.

5. How We Use Personal Data

We use personal data for the following purposes:

  • to set up and manage storage accounts;
  • to verify identity and protect against fraud or unauthorised access;
  • to communicate about bookings, invoices, reminders, and service changes;
  • to manage payments, refunds, and account administration;
  • to monitor and secure our premises, vehicles, and storage areas;
  • to resolve complaints, incidents, and legal claims;
  • to meet regulatory, tax, and accounting obligations;
  • to analyse service performance and improve customer experience;
  • to send marketing information where permitted by law and, where needed, with your consent.

6. Sharing and Processors

We may share personal data with trusted third parties where necessary and lawful. These parties may act as processors or, in some cases, independent controllers. When using processors, we require them to process data only on our instructions and to apply appropriate security measures.

Examples of processors and service providers

  • payment processing providers;
  • IT, cloud storage, and software service providers;
  • security and CCTV system providers;
  • accountants and professional advisers acting on our behalf;
  • maintenance, facilities, and support contractors;
  • identity verification and fraud prevention services.

We may also disclose personal data to insurers, legal representatives, debt recovery providers, or public authorities where disclosure is necessary for legitimate business purposes or required by law. We do not sell personal data.

7. International Transfers

If any service provider processes personal data outside the United Kingdom, we will ensure that appropriate safeguards are in place. These may include adequacy regulations, standard contractual clauses, or other lawful transfer mechanisms recognised under data protection law.

8. Data Retention

We retain personal data only for as long as necessary for the purpose for which it was collected, including to satisfy legal, accounting, tax, insurance, and operational requirements. Retention periods vary depending on the type of record and the reason for processing.

  • Customer account and contract records: retained for the duration of the relationship and for a period after it ends to handle claims, disputes, or legal obligations.
  • Payment and financial records: retained for periods required by tax and accounting law.
  • Security records: retained for a limited period unless needed longer for an investigation, insurance claim, or legal matter.
  • Enquiry records: retained only as long as needed to respond and, where appropriate, follow up on legitimate business matters.

When data is no longer required, we will delete, anonymise, or securely destroy it.

9. Data Security

We use appropriate technical and organisational measures to protect personal data against loss, misuse, unauthorised access, alteration, or disclosure. These measures may include access controls, secure storage, staff training, and regular review of our systems and procedures. While no system is completely secure, we take our responsibility to safeguard data seriously.

10. Your Rights

Under data protection law, you have several rights in relation to your personal data. These rights may be subject to conditions or exemptions:

  • Right of access: to request a copy of the personal data we hold about you.
  • Right to rectification: to ask us to correct inaccurate or incomplete data.
  • Right to erasure: to request deletion of data in certain circumstances.
  • Right to restrict processing: to ask us to limit how we use your data in certain situations.
  • Right to object: to object to processing based on legitimate interests or direct marketing.
  • Right to data portability: to receive certain data in a structured, commonly used format where applicable.
  • Right to withdraw consent: where we rely on consent, you may withdraw it at any time.

You also have the right to lodge a complaint with the Information Commissioner’s Office if you believe your data protection rights have been infringed. We encourage you to contact us first so we can try to resolve any concerns promptly.

11. Marketing Communications

We may send service updates and important account-related information as part of our contractual relationship. If we send marketing communications, we will do so in compliance with applicable law and only where we have a valid lawful basis. You can opt out of marketing at any time where such communications are provided.

12. Cookies and Online Use

If you interact with our digital services, we may use cookies or similar technologies for essential functionality, security, and basic analytics. Where required by law, we will seek consent before placing non-essential cookies. Any such use will be limited to what is necessary and proportionate.

13. Children’s Data

Our services are not directed at children, and we do not knowingly collect personal data from individuals under the age of 18 except where it is necessary in connection with an account, booking, or lawful family or business arrangement. If we learn that we have collected data unlawfully, we will take appropriate steps to delete it.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or data processing practices. Any revised version will apply from the date it is issued. We encourage customers to review this policy periodically so they remain informed about how their data is handled.

15. Summary of Our Commitment

Northsheen Storage is committed to using personal data responsibly, transparently, and securely. We collect only what we need, use it for clear purposes, retain it for appropriate periods, and respect your rights under data protection law. Our approach is designed to ensure that all Northsheen Storage customers in the area can use our services with confidence that their personal information is treated with care and lawful purpose.

Call Now!
Call Now Get a Quote
Northsheen Storage

GDPR-compliant Privacy Policy for Northsheen Storage covering data collection, lawful basis, retention, processors, and user rights for all local customers.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.