Privacy Policy - Southwimbledon Storage

Southwimbledon Storage is committed to protecting the privacy and personal data of its customers, visitors, suppliers, and other individuals whose information we handle. This Privacy Policy explains how we collect, use, disclose, store, and protect personal data in line with the UK GDPR and the Data Protection Act 2018.

This policy applies to all Southwimbledon Storage customers in the area, including individuals and business customers who use our storage services, enquire about our services, or otherwise interact with us.

1. Who We Are

For the purposes of data protection law, South Wimbledon Storage acts as the data controller for the personal data described in this Privacy Policy. This means we determine the purposes and means of processing personal data collected through our storage operations, customer administration, and related services.

We are committed to processing personal data lawfully, fairly, and transparently. We only collect data that is necessary for specific, explicit, and legitimate purposes.

2. Personal Data We Collect

We may collect and process the following categories of personal data:

  • Identity data such as name, title, date of birth, and identification details where needed for verification purposes.
  • Contact data such as postal address, email address, and telephone number.
  • Account and transaction data such as payment records, invoices, service usage, booking details, and account references.
  • Security data such as CCTV images, access logs, alarm records, and visit records where our security systems are in operation.
  • Communication data such as correspondence, complaints, feedback, and notes from customer service interactions.
  • Technical data such as device information, IP address, browser details, and website usage data, if you interact with our digital services.
  • Special category data only where strictly necessary and where a valid legal condition applies, for example if you voluntarily provide information relating to health or disability for access or assistance purposes.

We generally do not seek to collect special category data unless it is necessary to provide a service or meet a legal obligation.

3. How We Collect Personal Data

We collect personal data in several ways:

  • Directly from you when you make an enquiry, sign up for storage, complete forms, make payments, or communicate with us.
  • Automatically through security systems, access controls, or technical systems when you use our facilities or digital services.
  • From third parties such as payment providers, identity verification services, insurers, legal advisers, or law enforcement where appropriate and lawful.

We aim to collect only the data needed for the relevant purpose and to limit access to those who require it.

4. Why We Use Your Data

We use personal data for the following purposes:

  • To provide storage services and manage customer accounts.
  • To verify identity and prevent fraud.
  • To process payments, refunds, and invoices.
  • To maintain security, monitor access, and protect property.
  • To respond to enquiries, complaints, and service requests.
  • To meet legal, regulatory, tax, and accounting obligations.
  • To improve our services, systems, and customer experience.
  • To pursue or defend legal claims.

We do not use personal data in ways that are incompatible with the purposes for which it was collected, unless we have a lawful basis to do so.

5. Lawful Basis for Processing

Under GDPR, we must have a lawful basis for every processing activity. Depending on the context, we rely on one or more of the following:

Contract

We process personal data where it is necessary to enter into or perform a contract with you, such as managing storage agreements, payments, and customer support.

Legal obligation

We may process data where necessary to comply with legal requirements, including accounting, tax, fraud prevention, and lawful requests from authorities.

Legitimate interests

We may process data where it is necessary for our legitimate interests or those of a third party, provided your rights and freedoms do not override those interests. This may include security monitoring, service improvement, business administration, and the prevention of misuse.

Consent

In limited circumstances, we may rely on your consent, particularly for optional communications or certain types of processing. Where consent is used, you may withdraw it at any time.

Vital interests or public task

These bases are unlikely to apply in most cases, but we may rely on them if necessary in exceptional circumstances.

6. Sharing and Processors

We may share personal data with trusted third parties who act as processors on our behalf. These parties only process data according to our instructions and are required to keep it secure and confidential.

Examples of processors and recipients may include:

  • Payment service providers and banking partners.
  • IT and cloud storage providers.
  • Security, CCTV, and access control service providers.
  • Professional advisers such as accountants, auditors, lawyers, and insurers.
  • Delivery, maintenance, and facility management providers.
  • Public authorities, regulators, courts, or law enforcement where required by law.

Where a third party acts as an independent controller, it will be responsible for its own compliance with data protection law. We only share data when there is a valid reason to do so and when appropriate safeguards are in place.

7. International Transfers

If personal data is transferred outside the UK, we will ensure that appropriate safeguards are in place, such as adequacy regulations, standard contractual clauses, or equivalent protective measures. We take steps to ensure that transferred data receives a level of protection substantially similar to that under UK GDPR.

8. Retention of Personal Data

We keep personal data only for as long as necessary for the purpose for which it was collected, including satisfying legal, accounting, or reporting requirements. Retention periods vary depending on the type of data and the purpose of processing.

In general:

  • Customer account and contract records are kept for the duration of the relationship and for a further period where necessary for legal claims or record-keeping.
  • Financial and tax records are retained for the period required by law.
  • Security records such as CCTV footage are kept for a limited period unless needed for an investigation, incident, or legal matter.
  • Enquiry and correspondence records are retained for as long as needed to handle the matter and support internal administration.

When data is no longer needed, we securely delete, anonymise, or archive it in accordance with our retention procedures.

9. Security of Personal Data

We use appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure. These measures may include access restrictions, encryption, staff training, secure storage, and regular monitoring of systems.

While no system is completely secure, we take reasonable and proportionate steps to safeguard the information we hold.

10. Your Rights

Under data protection law, you have a number of rights in relation to your personal data, subject to certain conditions and exceptions. These rights include:

  • Right of access – you may request a copy of the personal data we hold about you.
  • Right to rectification – you may ask us to correct inaccurate or incomplete information.
  • Right to erasure – in certain circumstances, you may ask us to delete your data.
  • Right to restrict processing – you may ask us to limit how we use your data in certain situations.
  • Right to object – you may object to processing based on legitimate interests or direct marketing.
  • Right to data portability – you may request certain data in a structured, commonly used format where technically feasible.
  • Right to withdraw consent – where processing is based on consent, you may withdraw that consent at any time.

If you exercise a right, we may need to verify your identity before responding. We will respond within the time limits required by law.

11. Automated Decision-Making

We do not normally use automated decision-making that produces legal or similarly significant effects. If this changes, we will provide appropriate information about the logic involved and your rights.

12. Children’s Data

Our services are not directed at children, and we do not knowingly collect personal data from children except where necessary and lawful. If we become aware that we have collected data from a child without appropriate consent or lawful basis, we will take steps to address it.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, our services, or our data handling practices. The most current version will apply to your use of our services.

14. Complaints

If you have concerns about how we handle personal data, you may raise them with us in the first instance. You also have the right to lodge a complaint with the relevant data protection authority if you believe your rights have been infringed.

Summary: South Wimbledon Storage explains how it collects, uses, shares, retains, and protects customer data, the lawful bases it relies on, and the rights available under GDPR.

Call Now!
Call Now Get a Quote
Southwimbledon Storage

GDPR-compliant Privacy Policy for South Wimbledon Storage covering data collection, lawful basis, retention, processors, user rights, and security.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.