Privacy Policy - Totteridge Storage

This Privacy Policy explains how Totteridge Storage collects, uses, stores, shares, and protects personal data relating to its customers and prospective customers. It applies to all Totteridge Storage customers in the area, including individuals, businesses, and any authorised representatives who use our services or enquire about them. We are committed to handling personal data in a lawful, fair, and transparent way in accordance with the UK GDPR and the Data Protection Act 2018.

1. Who this policy applies to

This policy applies when you:

  • request a quote or make an enquiry;
  • open or manage an account;
  • use storage, access, delivery, collection, or related services;
  • communicate with us by phone, email, online form, or in person;
  • visit our premises or are otherwise recorded in connection with our services;
  • act on behalf of a customer, such as a business account holder, employee, family member, or authorised agent.

By using our services, you acknowledge that your personal data may be processed as described in this policy.

2. Personal data we collect

We collect only the data that is relevant and necessary for providing our services, managing our relationship with you, and meeting legal obligations. Depending on how you interact with us, we may collect the following categories of personal data:

Information you provide directly

  • name, address, and date of birth;
  • contact details such as email address and telephone number;
  • billing details and payment information;
  • identity verification documents where required;
  • account preferences, instructions, and correspondence;
  • details of items stored, declared value, or access authorisations;
  • complaints, feedback, or other communications.

Information collected automatically or generated during service use

  • records of calls, messages, or service requests;
  • dates and times of access or site visits;
  • vehicle registration details where relevant to site access and security;
  • security logs, CCTV images, and incident records where applicable;
  • transaction and account activity records;
  • technical data if you interact with digital systems, such as IP address or browser information.

Information from third parties

We may receive personal data from third parties where this is necessary and lawful, including:

  • payment providers and banks;
  • identity verification or fraud prevention services;
  • legal, regulatory, or law enforcement bodies;
  • business partners, agents, or referees acting on your behalf.

Special category data is not generally required. If such data is ever provided to us incidentally, we will only process it where a legal basis applies and where appropriate safeguards are in place.

3. How we use your personal data

We use personal data for the following purposes:

  • to provide storage services and manage your account;
  • to verify identity and prevent unauthorised access;
  • to process payments, refunds, and billing matters;
  • to communicate with you about your account, booking, or service updates;
  • to comply with legal and regulatory obligations;
  • to maintain security, protect property, and manage site access;
  • to investigate disputes, complaints, or incidents;
  • to improve our services, systems, and customer experience;
  • to establish, exercise, or defend legal claims.

We will not use your personal data for purposes that are incompatible with those listed above without informing you and, where required, obtaining a lawful basis for the new use.

4. Lawful basis for processing

Under data protection law, we must have a lawful basis to process your personal data. We rely on the following bases as appropriate:

Contract

We process personal data where it is necessary to enter into or perform a contract with you. This includes setting up your account, providing storage, managing access, and handling payments.

Legal obligation

We process data where we must do so to comply with legal requirements, such as accounting, tax, fraud prevention, health and safety, or responding to lawful requests from authorities.

Legitimate interests

We may process personal data where it is necessary for our legitimate interests or those of a third party, provided your interests and fundamental rights do not override those interests. This may include site security, service improvement, customer support, internal administration, and defending legal claims. Where we rely on this basis, we apply an appropriate balancing test.

Consent

In limited circumstances, we may rely on your consent, for example where it is required for a specific optional activity. Where consent is used, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

We only process personal data on a lawful basis and will explain, where appropriate, why a particular basis applies to a given activity.

5. Sharing your data and processors

We may share personal data with trusted third parties where necessary to provide our services, operate our business, or comply with the law. These third parties may act as data processors or independent controllers depending on their role.

Processors

Data processors are organisations that process personal data on our instructions and subject to contractual safeguards. They may include:

  • IT and hosting providers;
  • cloud storage and software providers;
  • payment processors and card service providers;
  • customer service and communications platforms;
  • security and surveillance service providers;
  • professional advisers assisting with legal, accounting, or compliance matters.

We require processors to:

  • process data only on our documented instructions;
  • use appropriate technical and organisational security measures;
  • keep data confidential;
  • assist with compliance where necessary;
  • delete or return data when no longer needed for the service.

Other recipients

We may also disclose data to:

  • law enforcement agencies, regulators, or courts where required;
  • insurers and dispute resolution bodies;
  • debt recovery services where lawful and proportionate;
  • business successors in the event of a restructure, transfer, or sale of assets.

We do not sell your personal data.

6. International transfers

Where personal data is transferred outside the UK, we will ensure that appropriate safeguards are in place, such as adequacy regulations, standard contractual clauses, or other lawful transfer mechanisms. We will take reasonable steps to protect your information wherever it is processed.

7. Retention of personal data

We retain personal data only for as long as necessary for the purposes for which it was collected, including to meet legal, accounting, insurance, or reporting requirements. Retention periods vary depending on the type of data and the reason for processing.

  • Account and contract records: kept for the duration of the contract and for a reasonable period afterwards to deal with queries, disputes, and compliance.
  • Payment and invoicing records: kept for the period required by tax and accounting law.
  • Security records: retained for a limited period unless needed longer for an investigation, claim, or legal requirement.
  • Correspondence and complaints: retained as long as needed to resolve the matter and maintain accurate records.
  • Legal claims or regulatory matters: retained until the matter is fully resolved and any related limitation period has expired.

When data is no longer required, we will delete, anonymise, or securely destroy it.

8. Data security

We use appropriate administrative, technical, and physical safeguards to protect personal data against accidental loss, unauthorised access, disclosure, alteration, or destruction. These measures may include access controls, staff confidentiality obligations, secure storage, and monitoring of systems and premises. While no system is completely secure, we take reasonable steps to reduce risks and respond appropriately to incidents.

9. Your rights

Subject to applicable law, you may have the following rights regarding your personal data:

  • Right of access – to request a copy of the personal data we hold about you;
  • Right to rectification – to ask us to correct inaccurate or incomplete data;
  • Right to erasure – to request deletion in certain circumstances;
  • Right to restriction – to ask us to limit processing in certain cases;
  • Right to object – to object to processing based on legitimate interests or direct marketing;
  • Right to data portability – to receive certain data in a structured, commonly used format where applicable;
  • Right to withdraw consent – where processing is based on consent;
  • Right to complain – to raise concerns with the relevant data protection authority.

We may need to verify your identity before responding to a rights request. In some cases, legal obligations or exemptions may mean we cannot fully comply with a request, but we will explain our decision where appropriate.

10. Children and vulnerable individuals

Our services are not directed at children, and we do not knowingly collect personal data from children except where necessary in connection with an account holder, authorised contact, or lawful instruction. Where we process data relating to vulnerable individuals, we apply additional care and safeguards as appropriate.

11. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in law, our services, or how we process personal data. Any updated version will apply from the date it takes effect. We encourage customers to review this policy periodically to stay informed.

12. Summary of our commitment

Totteridge Storage is committed to handling personal data responsibly, securely, and transparently. We collect only what is needed, use it for clear and lawful purposes, keep it only as long as necessary, and respect the rights of every customer. Your privacy matters to us, and we aim to process your information in a way that is fair, proportionate, and compliant with applicable data protection law.

Call Now!
Call Now Get a Quote
Totteridge Storage

GDPR-compliant Privacy Policy for Totteridge Storage covering data collection, lawful basis, retention, processors, and user rights for all local customers.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.