Privacy Policy - Crayford Storage

This Privacy Policy explains how Crayford Storage collects, uses, stores, shares, and protects personal data. It applies to all Crayford Storage customers in the area, including prospective customers, account holders, service users, and any individual who interacts with us in connection with storage services, access arrangements, billing, or customer support.

We are committed to handling personal data in a lawful, fair, transparent, and secure manner in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy is intended to explain what information we process, why we process it, how long we keep it, who may process it on our behalf, and what rights you have.

1. Information We Collect

We collect and process personal data that is necessary to provide storage services, manage our relationship with customers, and meet legal and operational requirements. The types of information we may collect include:

  • Identity data such as your name, date of birth, and identification documents where required.
  • Contact data such as your address, email address, and telephone number.
  • Account and contract data including booking details, storage unit records, service selections, payment status, and contract history.
  • Financial data such as billing information, payment records, and transaction details.
  • Access and security data such as access logs, entry records, vehicle registration details where used, and security footage from monitored areas.
  • Correspondence data such as emails, messages, complaints, feedback, and notes from support interactions.
  • Technical data where relevant, such as device or browser information if you interact with digital systems used to manage services.

We generally collect personal data directly from you when you enquire about services, complete forms, sign an agreement, make payments, access your unit, or contact us. In some cases, we may also receive data from third parties, such as payment providers, identity verification services, insurers, debt recovery providers, or public authorities where lawful and appropriate.

2. How We Use Your Data

We use personal data only when we have a valid legal basis to do so. The main purposes for which we use your information are:

  • to provide and manage storage services;
  • to verify identity and prevent fraud;
  • to process payments, refunds, and account administration;
  • to maintain security of the site, premises, and stored items;
  • to communicate with you about your account, agreements, or service updates;
  • to handle complaints, disputes, and support requests;
  • to comply with legal, regulatory, tax, and accounting obligations;
  • to enforce contractual rights or recover debts;
  • to protect the rights, property, and safety of Crayford Storage, customers, staff, and visitors.

We do not use personal data for purposes that are incompatible with the reasons it was collected, unless required or permitted by law.

3. Lawful Basis for Processing

Under data protection law, we must have a lawful basis for each processing activity. Depending on the situation, Crayford Storage may rely on one or more of the following lawful bases:

Contract

We process data when it is necessary to enter into or perform a contract with you. This includes setting up your storage account, managing access, issuing invoices, and delivering the agreed service.

Legal Obligation

We may process data to meet legal or regulatory requirements, such as tax recordkeeping, accounting obligations, fraud prevention duties, or lawful requests from authorities.

Legitimate Interests

We may process data where it is necessary for our legitimate interests, provided your interests and fundamental rights do not override those interests. This may include site security, service administration, preventing misuse, managing risks, and improving our operations. We balance these interests carefully and only process what is necessary.

Consent

In limited cases, we may rely on your consent, for example where it is required for certain optional communications or specific processing activities. Where consent is used, you may withdraw it at any time, without affecting processing already carried out lawfully before withdrawal.

Vital Interests

In rare circumstances, we may process data to protect someone’s vital interests, such as in an emergency involving safety or security.

4. Retention of Personal Data

We keep personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, contractual, and security requirements. Retention periods vary depending on the type of data and the reason for processing.

  • Customer account and contract records are normally retained for the duration of the relationship and for a reasonable period afterwards.
  • Financial and tax records are retained for the period required by law and standard accounting practice.
  • Access records and security-related data are kept only as long as needed for security management, incident investigation, or legal compliance.
  • Correspondence and complaints are retained for as long as necessary to resolve the matter and maintain appropriate records.

When data is no longer required, we will delete, anonymise, or securely destroy it. We review retention periods regularly to ensure data is not kept longer than necessary.

5. Processors and Third Parties

We may share personal data with trusted third parties who process data on our behalf or independently for legitimate business purposes. These parties may act as processors or separate controllers depending on the service provided.

Examples of processors and service providers may include:

  • IT and hosting providers who support secure data storage and system maintenance;
  • payment processing providers who handle card or electronic payments;
  • security providers who assist with monitoring, alarms, or incident response;
  • accounting and administrative service providers who help manage financial records;
  • identity verification services where required to reduce fraud or confirm details;
  • professional advisers such as lawyers, insurers, auditors, or consultants;
  • debt recovery or enforcement providers when necessary to protect our legal rights;
  • public authorities where disclosure is required by law or a valid legal request.

We require processors to handle personal data securely, use it only for authorised purposes, and implement appropriate technical and organisational safeguards. Where data is transferred outside the UK, we will ensure appropriate legal protections are in place.

6. Data Security

We use appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure. These measures may include access controls, secure systems, encryption where suitable, staff confidentiality obligations, and physical security measures at our premises.

Although we take security seriously, no system can be guaranteed to be completely secure. If a personal data breach occurs and there is a risk to your rights and freedoms, we will act in accordance with legal obligations, which may include notifying the relevant authority and affected individuals where required.

7. Your Rights

Under data protection law, you have a number of rights in relation to your personal data. These rights are not absolute and may be subject to legal limits or exemptions.

  • Right of access – you may request a copy of the personal data we hold about you.
  • Right to rectification – you may ask us to correct inaccurate or incomplete data.
  • Right to erasure – in some circumstances, you may request deletion of your data.
  • Right to restriction – you may request limited processing in certain situations.
  • Right to data portability – you may request that data you provided to us be transferred to you or another controller, where applicable.
  • Right to object – you may object to processing based on legitimate interests or direct marketing.
  • Right to withdraw consent – where processing is based on consent, you may withdraw it at any time.

If you wish to exercise any of these rights, we may need to verify your identity before responding. We will respond within the time limits required by law and will provide explanations if we cannot fully comply with a request.

8. Complaints and Further Information

If you have concerns about how we handle personal data, we encourage you to raise them with us first so we can review and address the issue. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) or the relevant supervisory authority if you believe your data protection rights have been infringed.

This Privacy Policy may be updated from time to time to reflect changes in legal requirements, operational practices, or the way we provide services. Any updated version will apply from the date it is published or otherwise communicated.

By using Crayford Storage services, you acknowledge that your personal data will be processed in accordance with this Privacy Policy.

Call Now!
Call Now Get a Quote
Crayford Storage

GDPR-compliant Privacy Policy for Crayford Storage covering data collection, lawful basis, retention, processors, and user rights.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.