Privacy Policy - Leytonstone Storage

This Privacy Policy explains how Leytonstone Storage collects, uses, stores, shares, and protects personal data in connection with storage services provided to customers in the Leytonstone area. It applies to all Leytonstone Storage customers in the area, including individuals, sole traders, and business users who use our storage services, make enquiries, or otherwise interact with us.

We are committed to handling personal data lawfully, fairly, and transparently in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Information We Collect

We collect personal data that is necessary to manage customer accounts, provide storage services, meet legal obligations, and improve our operations. The categories of data we may collect include:

  • Identity details: name, title, date of birth, and identification information where required.
  • Contact details: address, email address, and telephone number.
  • Account and contract details: booking information, tenancy or storage agreement details, payment records, and service preferences.
  • Financial information: payment methods, transaction records, and billing information.
  • Security and access data: CCTV records, site access logs, key or access code records, and incident reports.
  • Communications: correspondence, complaints, support requests, and notes of relevant interactions.
  • Technical information: limited device or usage data where you interact with our systems, for example through online forms or digital booking tools.

We do not collect more personal data than is necessary for the purposes explained in this policy.

2. How We Use Personal Data

Leytonstone Storage uses personal data for the following purposes:

  • to set up and manage storage accounts;
  • to verify identity and prevent fraud;
  • to process payments and maintain accurate records;
  • to provide customer support and handle enquiries;
  • to manage access to storage facilities and improve site security;
  • to comply with legal, regulatory, tax, and accounting obligations;
  • to resolve disputes, enforce agreements, and protect our rights and property;
  • to monitor and improve the quality and safety of our services;
  • to administer claims, complaints, and insurance-related matters where applicable.

We only use personal data where we have a valid lawful basis for doing so.

3. Lawful Basis for Processing

Under GDPR, we must have a lawful basis for every processing activity. Depending on the context, Leytonstone Storage relies on one or more of the following lawful bases:

Contract

We process personal data where it is necessary to enter into or perform a storage agreement, manage your account, provide access to services, and carry out related administrative tasks.

Legal Obligation

We may process personal data to comply with applicable laws and regulations, including tax, accounting, anti-fraud, health and safety, and security requirements.

Legitimate Interests

We may process personal data where it is necessary for our legitimate interests, provided those interests are not overridden by your rights and freedoms. These interests may include protecting our facilities, preventing misuse, improving services, managing risk, and maintaining secure records.

Consent

In limited cases, we may rely on consent, for example where the law requires it or where we request permission for a specific optional activity. Where we rely on consent, you may withdraw it at any time.

Vital Interests

In rare circumstances, we may process personal data to protect someone’s vital interests, such as in an emergency involving safety or serious harm.

4. Data Sharing and Processors

We may share personal data with carefully selected third parties where necessary to operate our business and provide services. These third parties act as processors or independent controllers depending on the circumstances.

Processors may include:

  • payment service providers and banking partners;
  • IT hosting, software, and cloud storage providers;
  • security and CCTV service providers;
  • maintenance and facilities management contractors;
  • professional advisers such as accountants, auditors, or legal advisers;
  • debt recovery or enforcement partners where lawful and necessary;
  • delivery or logistics providers where relevant to service administration.

We require processors to act only on our instructions, to keep personal data secure, and to use it only for the purposes we specify. We do not sell personal data.

We may also disclose personal data to public authorities, regulators, law enforcement agencies, or courts where required by law or where necessary to establish, exercise, or defend legal claims.

5. International Transfers

If a processor stores or accesses personal data outside the UK, we ensure appropriate safeguards are in place. These may include adequacy regulations, standard contractual clauses, or other legally approved transfer mechanisms. We take reasonable steps to ensure that data transferred internationally remains protected to a standard consistent with UK data protection law.

6. Data Retention

We keep personal data only for as long as necessary to fulfil the purposes for which it was collected, including satisfying legal, accounting, insurance, or reporting requirements.

Retention periods depend on the type of data and the reason for processing. For example:

  • contract and account records may be kept for the duration of the relationship and for a period afterwards to handle claims or disputes;
  • financial and tax-related records may be retained for the period required by law;
  • security records such as CCTV footage may be kept only for a limited period unless needed for an incident investigation or legal matter;
  • enquiry records may be retained for a reasonable period if no contract is formed.

When personal data is no longer required, we securely delete, anonymise, or destroy it.

7. Data Security

We use appropriate technical and organisational measures to protect personal data against unauthorised access, loss, alteration, disclosure, or destruction. These measures may include access controls, encryption, secure storage, staff confidentiality obligations, and regular review of security practices. While no system can be guaranteed completely secure, we take data protection seriously and work to reduce risk wherever possible.

8. Your Rights

As a data subject, you have rights under data protection law. Subject to legal conditions and exemptions, you may have the right to:

  • Access your personal data and obtain a copy of it;
  • Rectification of inaccurate or incomplete data;
  • Erasure of data in certain circumstances;
  • Restriction of processing in certain cases;
  • Object to processing based on legitimate interests or direct marketing;
  • Data portability for data you provided to us, where applicable;
  • Withdraw consent where processing is based on consent;
  • Challenge automated decisions if such decisions have legal or similarly significant effects.

You also have the right to make a complaint to the UK Information Commissioner’s Office (ICO) if you believe your data protection rights have been infringed.

9. How We Handle Special Categories of Data

We do not normally seek special category data, such as information about health, religion, or ethnicity. If such data is provided to us incidentally, for example within a complaint or support request, we will only process it where lawful and necessary, and with appropriate safeguards. We treat sensitive information with particular care.

10. Children’s Data

Our services are intended for adults. We do not knowingly collect personal data from children as primary customers. If we become aware that we have collected a child’s personal data without appropriate authorisation, we will take steps to delete it or otherwise handle it in accordance with the law.

11. Automated Decision-Making

We do not use personal data to make decisions based solely on automated processing that produce legal or similarly significant effects, unless we have informed you and such processing is permitted by law. If automated tools are used for service administration or fraud prevention, they are subject to human oversight where required.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or data protection practices. Any revised version will apply from the date it is made available. We encourage customers to review this policy periodically to stay informed about how their data is handled.

13. Summary of Our Commitments

  • We collect only the personal data needed to provide and manage storage services.
  • We process data on lawful bases including contract, legal obligation, legitimate interests, and consent where appropriate.
  • We retain data only for as long as necessary and dispose of it securely when no longer needed.
  • We use trusted processors under contract and do not sell personal data.
  • We respect your rights and aim to handle all personal information fairly, securely, and transparently.

This Privacy Policy applies to all Leytonstone Storage customers in the area.

Call Now!
Call Now Get a Quote
Leytonstone Storage

GDPR-compliant Privacy Policy for Leytonstone Storage covering collection, lawful basis, retention, processors, and user rights for all customers in the area.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.