Privacy Policy - Aldgate Storage

This Privacy Policy explains how Aldgate Storage collects, uses, shares, stores, and protects personal data relating to our customers and prospective customers. It applies to all Aldgate Storage customers in the area, including individuals and businesses that use our storage services, make enquiries, receive quotes, sign agreements, access our facilities, or otherwise interact with us. We are committed to handling personal data lawfully, fairly, transparently, and securely in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Personal Data We Collect

We may collect and process the following categories of personal data:

  • Identity data such as your name, title, and, where relevant, the name of your business or organisation.
  • Contact data such as your billing address, correspondence address, email address, and telephone number.
  • Contract and account data such as storage unit details, booking records, account references, payment status, and communication history.
  • Financial data such as bank details, payment card details, and transaction records, where needed for billing and payment processing.
  • Security and access data such as entry records, CCTV images, key or access code usage, and incident reports where applicable.
  • Usage data such as information about your interactions with our services, enquiries, complaints, and service preferences.
  • Verification data such as documents or information we may require to confirm identity, prevent fraud, or meet legal obligations.

We generally collect personal data directly from you when you submit an enquiry, complete a booking, sign a contract, make a payment, or communicate with us. In some cases, we may receive data from third parties such as payment providers, insurers, referring agents, debt recovery providers, or public authorities.

2. How We Use Personal Data

We use personal data for the following purposes:

  • to provide and administer storage services;
  • to create and manage customer accounts and contracts;
  • to process payments, refunds, and credit control activities;
  • to verify identity and prevent fraud, misuse, or unauthorised access;
  • to maintain site security and protect property, customers, and staff;
  • to communicate with customers about bookings, invoices, service updates, and account matters;
  • to handle complaints, disputes, claims, and legal proceedings;
  • to comply with legal, regulatory, tax, accounting, and insurance requirements;
  • to improve our services, systems, and customer experience;
  • to keep records, enforce agreements, and protect our legitimate business interests.

We will only process personal data when we have a valid lawful basis for doing so. We do not use personal data for purposes that are incompatible with those described in this policy unless required or permitted by law.

3. Lawful Basis for Processing

Under data protection law, we rely on one or more of the following lawful bases when processing personal data:

Contract

We process personal data where it is necessary to enter into or perform a contract with you. This includes setting up your storage agreement, managing your account, taking payments, providing access, and carrying out obligations under the contract.

Legal Obligation

We may process personal data where this is necessary to comply with a legal obligation. This may include accounting and tax requirements, record-keeping obligations, fraud prevention duties, responding to lawful requests from authorities, and complying with court orders or regulatory requirements.

Legitimate Interests

We may process personal data where it is necessary for our legitimate interests, provided these interests are not overridden by your rights and freedoms. Our legitimate interests include running and securing our business, preventing loss and crime, monitoring access to facilities, managing disputes, improving services, and protecting our legal rights.

Consent

In limited circumstances, we may rely on your consent, for example where we need permission for certain optional communications or specific uses not covered by another lawful basis. When we rely on consent, you may withdraw it at any time. Withdrawal of consent will not affect the lawfulness of processing carried out before the withdrawal.

4. Sharing Personal Data and Processors

We may share personal data with third parties where necessary and appropriate for the purposes described in this policy. These third parties may act as processors or independent controllers depending on the circumstances.

Processors are organisations that process personal data on our behalf and under our instructions. We use processors only where they provide sufficient guarantees regarding security and compliance. Typical processors may include:

  • payment service providers;
  • accounting and bookkeeping providers;
  • IT hosting, cloud storage, and software providers;
  • customer management and communication systems;
  • security monitoring and CCTV service providers;
  • professional advisers such as lawyers, insurers, auditors, and consultants;
  • debt recovery or claims-handling providers where needed;
  • delivery, maintenance, or support contractors acting on our instructions.

We may also disclose personal data to other parties where required by law, to protect our rights, to enforce our agreements, to prevent fraud or criminal activity, or in connection with a business restructuring, sale, or transfer of assets. Where a third party acts as an independent controller, that organisation will be responsible for its own compliance with data protection law.

5. International Transfers

Where personal data is transferred outside the United Kingdom, we will ensure that appropriate safeguards are in place, such as an adequacy decision, the UK International Data Transfer Agreement, or other legally recognised transfer mechanisms. We take reasonable steps to ensure that transferred data remains protected to a standard consistent with UK data protection law.

6. Data Retention

We keep personal data only for as long as necessary to fulfil the purposes for which it was collected, including to meet legal, accounting, tax, insurance, and reporting obligations. Retention periods depend on the type of data and the reason for processing.

In general:

  • contract and account records are retained for the duration of the relationship and for a reasonable period afterwards;
  • financial and tax records are retained for the period required by law;
  • security records such as access logs or CCTV footage are retained for a limited period unless needed for an investigation, claim, or legal purpose;
  • complaints, claims, and dispute records are kept as long as needed to resolve the issue and for any applicable limitation period;
  • enquiry records that do not lead to a contract are kept only for as long as necessary to assess and respond to the enquiry.

When personal data is no longer required, it will be securely deleted, anonymised, or archived in line with our retention practices.

7. Security of Personal Data

We use appropriate technical and organisational measures to protect personal data against loss, misuse, unauthorised access, alteration, or disclosure. These measures may include access controls, secure storage, encryption where appropriate, staff training, system monitoring, and restricted handling of sensitive information. No system is completely secure, but we continuously review our safeguards to reduce risk and maintain compliance.

8. Your Rights

Subject to certain legal limitations, you have the following rights in relation to your personal data:

  • Right of access - to request a copy of the personal data we hold about you.
  • Right to rectification - to request correction of inaccurate or incomplete data.
  • Right to erasure - to request deletion of your data in certain circumstances.
  • Right to restrict processing - to ask us to limit how we use your data in specific situations.
  • Right to data portability - to receive certain data in a structured, commonly used format or ask us to transmit it to another controller where feasible.
  • Right to object - to object to processing based on legitimate interests or to direct marketing.
  • Right to withdraw consent - where processing is based on consent, you may withdraw that consent at any time.

Where we receive a request, we may need to verify your identity before responding. We will aim to respond within the time limits required by data protection law. If we cannot fully comply with a request, we will explain the reason, subject to legal restrictions.

9. CCTV and Site Security

Where CCTV or other security systems are used, they are operated for the purposes of safety, crime prevention, protecting property, and managing incidents. Images, recordings, and access logs may be reviewed by authorised personnel and shared with law enforcement, insurers, or legal advisers where appropriate. We retain such data only for as long as needed for security and legal purposes.

10. Marketing Communications

We may send service-related communications that are necessary for the administration of your account or storage agreement. Where we send optional marketing communications, we will do so only in accordance with applicable law. You can opt out of marketing at any time, and we will respect your preferences.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal obligations, or operational requirements. Any updated version will apply from the date it is published or otherwise communicated. We encourage customers to review this policy periodically to stay informed about how personal data is handled.

12. Complaints

If you are concerned about how your personal data has been handled, you may raise your concerns with us and we will seek to resolve the issue in a fair and timely manner. You also have the right to lodge a complaint with the UK Information Commissioner’s Office if you believe your data protection rights have been infringed.

By using Aldgate Storage services, you acknowledge that your personal data will be processed as described in this Privacy Policy. This policy is intended to provide clear, lawful, and transparent information about our data practices for all Aldgate Storage customers in the area.

Call Now!
Call Now Get a Quote
Aldgate Storage

GDPR-compliant Privacy Policy for Aldgate Storage covering data collection, lawful basis, retention, processors, and user rights for all customers in the area.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.