Privacy Policy - Uppernorwood Storage

This Privacy Policy explains how Uppernorwood Storage collects, uses, stores, shares, and protects personal data relating to its customers in the Uppernorwood area and any surrounding area where our services are offered. It applies to all Uppernorwood Storage customers in area, including prospective customers, current customers, account holders, authorised users, and individuals who interact with us in connection with storage services. We are committed to handling personal data in a lawful, fair, and transparent manner in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Personal Data We Collect

We collect only the data that is necessary to provide our storage services, manage accounts, maintain security, and meet legal obligations. Depending on your relationship with us, we may collect the following categories of data:

  • Identity data: full name, date of birth, and identification details where required for verification.
  • Contact data: postal address, email address, telephone number, and emergency contact details if provided.
  • Account data: customer reference numbers, storage unit information, booking history, payment status, and service preferences.
  • Financial data: billing information, bank details, and transaction records, where needed to process payments or refunds.
  • Security and access data: entry logs, access times, CCTV images or recordings, and key or access code records, where applicable.
  • Correspondence data: records of communications, complaints, requests, and any other interaction with our team.
  • Technical data: limited device and usage information if collected through our digital systems for security or service administration.

We may also collect personal data indirectly from third parties, such as identity verification providers, payment processors, debt recovery providers, or public authorities, where permitted by law.

2. How We Use Personal Data

Uppernorwood Storage uses personal data for the following purposes:

  • to provide and manage storage services;
  • to open, administer, and close customer accounts;
  • to verify identity and prevent fraud;
  • to process payments, deposits, refunds, and invoices;
  • to communicate about bookings, account status, service changes, or safety matters;
  • to manage site security, access control, and incident investigations;
  • to deal with complaints, claims, and disputes;
  • to meet legal, regulatory, tax, accounting, and insurance obligations;
  • to protect our business, customers, staff, and premises;
  • to establish, exercise, or defend legal rights.

We only use personal data for the purposes for which it was collected, unless we reasonably consider that we need to use it for another compatible purpose and the law allows it.

3. Lawful Basis for Processing

We process personal data only where we have a valid lawful basis under data protection law. The lawful bases we rely on may include:

  • Contract: where processing is necessary to enter into or perform a contract with you, such as managing your storage unit and related services.
  • Legal obligation: where processing is required to comply with legal or regulatory duties, including tax, accounting, and law enforcement requirements.
  • Legitimate interests: where processing is necessary for our legitimate business interests, provided those interests are not overridden by your rights and freedoms. This may include security monitoring, fraud prevention, account administration, and service improvement.
  • Consent: where we rely on your consent for specific activities, such as optional marketing where required. You may withdraw consent at any time.

In some cases, we may also process limited data to protect vital interests or to perform a task carried out in the public interest, although these bases are unlikely to apply in most storage customer relationships.

4. Sharing Data and Processors

We do not sell personal data. We may share personal data only where necessary and appropriate, and only with trusted third parties acting as processors or, in some cases, independent controllers. When processors act on our behalf, they are required to handle personal data securely and only in accordance with our instructions and applicable law.

Examples of processors and service providers

  • Payment processors: to take payments securely and manage refunds.
  • IT and cloud service providers: to store data, maintain systems, and support secure operations.
  • Security providers: to operate CCTV, alarms, or access control systems where used.
  • Identity verification providers: to confirm identity and reduce fraud risk.
  • Accountancy and professional advisers: to support compliance, finance, and legal matters.
  • Debt recovery or credit control providers: where required to pursue outstanding balances lawfully.

We may also disclose personal data to insurers, regulators, law enforcement agencies, courts, or other authorised bodies where necessary to comply with legal obligations or to protect our rights and property.

5. International Transfers

If any processor or service provider stores or accesses personal data outside the UK, we will ensure appropriate safeguards are in place. These safeguards may include adequacy regulations, standard contractual clauses, or other lawful transfer mechanisms approved under applicable data protection law.

6. Data Retention

We keep personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, insurance, and reporting requirements. Retention periods vary depending on the type of data and the purpose for which it is used.

  • Customer account and contract records: retained for the duration of the service relationship and for a reasonable period afterwards.
  • Financial and tax records: retained for the period required by law.
  • Security records, including access logs and CCTV: retained for a limited period unless required longer for investigation, insurance, or legal proceedings.
  • Correspondence and complaints: retained for as long as needed to resolve the matter and for evidential purposes.

When personal data is no longer needed, we will securely delete, anonymise, or archive it in accordance with our retention procedures and legal obligations.

7. Data Security

We take appropriate technical and organisational measures to protect personal data against loss, unauthorised access, misuse, alteration, or disclosure. These measures may include access restrictions, password protection, encryption where appropriate, secure storage, staff training, and regular review of our data handling practices. While no system can be guaranteed completely secure, we work to maintain a level of protection appropriate to the risks involved.

8. Your Rights

Under data protection law, you have a number of rights in relation to your personal data. These rights may be subject to certain conditions or exemptions.

  • Right of access: you may request confirmation of whether we process your personal data and receive a copy of that data.
  • Right to rectification: you may ask us to correct inaccurate or incomplete personal data.
  • Right to erasure: in some circumstances, you may ask us to delete your personal data.
  • Right to restriction: you may ask us to limit the way we use your data in certain situations.
  • Right to data portability: you may request your data in a structured, commonly used format where applicable.
  • Right to object: you may object to processing based on legitimate interests, and to direct marketing where relevant.
  • Right to withdraw consent: where processing is based on consent, you may withdraw it at any time.

If you exercise a right, we may need to verify your identity before responding. We will respond within the time limits set by law. Exercising your rights is free of charge in most cases, although we may charge a reasonable fee or refuse requests that are clearly unfounded or excessive, as permitted by law.

9. Children’s Data

Our services are intended for adults and business or domestic customers who can lawfully enter into storage agreements. We do not knowingly collect personal data from children for marketing or account purposes. If we become aware that we have collected data from a child without appropriate authority, we will take reasonable steps to delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, regulation, our services, or our data handling practices. Any revised version will apply from the date it is issued. We encourage customers to review this policy periodically so they remain informed about how their personal data is handled.

11. General Statement

This Privacy Policy is intended to provide a clear and lawful explanation of how Uppernorwood Storage manages personal data. By using our services, you acknowledge that your personal data may be processed as described in this policy and in accordance with applicable law. We are committed to respecting privacy, maintaining confidentiality, and using personal information responsibly and only where necessary.

Call Now!
Call Now Get a Quote
Uppernorwood Storage

GDPR-compliant Privacy Policy for Uppernorwood Storage covering data collection, lawful basis, retention, processors, security, and user rights.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.