Privacy Policy - Surrey Storage

This Privacy Policy explains how Surrey Storage collects, uses, stores, shares, and protects personal data relating to all Surrey Storage customers in the area. It applies to all individuals who use our storage services, including prospective customers, current customers, account holders, authorised users, and anyone whose information we process in connection with providing storage, administration, security, billing, and support services.

1. Who We Are

Surrey Storage is responsible for deciding how and why personal data is processed for the purposes described in this Privacy Policy. We are committed to handling personal information in a lawful, fair, and transparent manner in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This policy applies to all Surrey Storage customers in the area, regardless of whether services are arranged in person, by telephone, or through other administrative channels.

2. Information We Collect

We collect only the personal data necessary to operate our services, manage our customer relationships, and meet legal and security obligations. The categories of data we may collect include:

  • Identity data such as name, date of birth, and identification details where needed for verification purposes.
  • Contact data such as postal address, email address, and telephone number.
  • Account and service data such as booking details, unit allocation, access records, payment status, and communication history.
  • Financial data such as billing information, payment method details, and transaction records.
  • Security data such as access logs, CCTV images where applicable, and records needed to protect our site, staff, customers, and stored property.
  • Correspondence data such as emails, written inquiries, complaints, and other communications.
  • Technical data where relevant, including device or usage information generated when systems or online tools are used.

We generally collect personal data directly from you when you enquire about our services, sign an agreement, make payments, communicate with us, or use the facility. We may also receive data from third parties such as payment providers, identity verification services, insurers, or legal and regulatory bodies where appropriate.

3. How We Use Your Data

We use personal data for the following purposes:

  • To register and manage customer accounts.
  • To provide storage services and allocate units.
  • To verify identity and prevent fraud.
  • To process payments, issue invoices, and maintain financial records.
  • To communicate about bookings, access, service updates, and administrative matters.
  • To maintain the safety and security of our premises and stored items.
  • To respond to enquiries, complaints, and requests.
  • To comply with legal, regulatory, tax, and accounting obligations.
  • To establish, exercise, or defend legal claims where necessary.

We only process personal data for legitimate and clearly defined purposes. Where a new purpose is materially different from the original one, we will ensure that we have a valid legal basis before using the data in that way.

4. Lawful Basis for Processing

Under data protection law, we must have a lawful basis for every processing activity. Surrey Storage relies on the following lawful bases:

Contract

We process personal data when it is necessary to enter into or perform a contract with you. This includes setting up accounts, managing access, taking payments, and providing storage services.

Legal Obligation

We may process and retain data where necessary to comply with legal obligations, including tax law, accounting requirements, fraud prevention, and responses to lawful requests from authorities.

Legitimate Interests

We process some data where it is necessary for our legitimate business interests and where those interests are not overridden by your rights and freedoms. This may include site security, access control, service administration, debt recovery, business record-keeping, and preventing misuse of our services. When relying on legitimate interests, we consider the nature of the data, the purpose of the processing, and the impact on you.

Consent

In limited situations, we may rely on your consent, for example where it is appropriate for optional communications or other non-essential processing. Where consent is used, you may withdraw it at any time. Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.

5. Data Sharing and Processors

We may share personal data with trusted third parties where necessary for the operation of our business and only to the extent required for the relevant purpose. These third parties may act as processors or independent controllers depending on the service they provide.

Examples of processors and service providers may include:

  • Payment processors that handle card or online payment transactions.
  • IT and cloud service providers that host systems, emails, backups, or administrative platforms.
  • Security providers that support alarm systems, access management, or CCTV storage.
  • Accountants and bookkeeping providers that assist with financial record management.
  • Insurance providers where claim handling or policy administration requires limited data sharing.
  • Professional advisers such as lawyers, auditors, and consultants where needed for compliance or dispute resolution.

We require our processors to act only on our instructions, keep personal data confidential, and implement appropriate technical and organisational safeguards. We do not sell personal data.

In certain circumstances, we may also disclose personal data to law enforcement, courts, regulators, or other public authorities if required or permitted by law.

6. International Transfers

If any processor or service provider stores or accesses data outside the UK, we will take steps to ensure that appropriate safeguards are in place. These may include adequacy regulations, standard contractual clauses, or other lawful transfer mechanisms designed to protect your information.

7. Data Retention

We keep personal data only for as long as necessary for the purposes for which it was collected, including the fulfilment of contractual obligations, legal compliance, dispute handling, and business administration. Retention periods vary depending on the type of data and the reason for processing.

Typical retention principles include:

  • Customer account and contract records are retained for the duration of the relationship and for a reasonable period afterwards.
  • Financial and tax records are retained for the period required by law and accounting practice.
  • Security records such as access logs and CCTV footage are kept only as long as needed for security purposes, incident review, or legal claims.
  • Correspondence and complaints may be retained for as long as needed to resolve issues and maintain business records.

When personal data is no longer required, we will securely delete, anonymise, or archive it in line with our retention procedures.

8. How We Protect Your Data

We take appropriate technical and organisational measures to protect personal data against accidental loss, misuse, unauthorised access, alteration, or disclosure. These measures may include access controls, restricted permissions, encryption where appropriate, secure storage, staff confidentiality obligations, and regular review of security practices.

However, no system is completely secure. While we work to protect your information, we cannot guarantee absolute security.

9. Your Rights

Under data protection law, you have several rights in relation to your personal data. Subject to legal limits, these include:

  • Right of access – to request a copy of the personal data we hold about you.
  • Right to rectification – to ask us to correct inaccurate or incomplete data.
  • Right to erasure – to request deletion of your data in certain circumstances.
  • Right to restriction – to ask us to limit processing in certain situations.
  • Right to object – to object to processing based on legitimate interests or direct marketing.
  • Right to data portability – to receive certain data in a structured, commonly used format where applicable.
  • Right to withdraw consent – where processing is based on consent.

If you exercise any of these rights, we may need to verify your identity before responding. We will aim to respond within the timeframes required by law.

Please note that some rights are not absolute and may be limited where we need to retain or process data for legal, contractual, or security reasons.

10. Children’s Data

Our services are intended for adults and business users. We do not knowingly collect personal data from children unless it is necessary in a specific legal or administrative context. If we become aware that we have collected such information without a valid basis, we will take appropriate steps to delete or protect it.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in the law, our services, or our operational practices. The latest version will apply to the processing of personal data from the date it is published or otherwise communicated to customers.

We encourage customers to review this policy periodically so they remain informed about how their personal data is handled.

12. Complaints

If you have concerns about how we handle your personal data, you should raise them with us so that we can review and address the issue. You also have the right to lodge a complaint with the UK Information Commissioner’s Office if you believe your data protection rights have been infringed.

Summary of our commitment: Surrey Storage will process personal data lawfully, securely, and transparently; retain it only as long as necessary; use trusted processors under contract; and respect the rights of all customers in the area.

Call Now!
Call Now Get a Quote
Surrey Storage

GDPR-compliant Privacy Policy for Surrey Storage covering data collection, lawful basis, retention, processors, and user rights for all local customers.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.