Privacy Policy - Stanmore Storage

This Privacy Policy explains how Stanmore Storage collects, uses, shares, stores, and protects personal data relating to our customers, prospective customers, visitors, suppliers, and other individuals whose information we process. It applies to all Stanmore Storage customers in area and to anyone who interacts with us in connection with our storage services, billing, account management, site access, or customer support.

1. Who We Are

Stanmore Storage is responsible for deciding how and why personal data is processed in connection with our storage services. For the purposes of applicable data protection laws, including the UK GDPR and the Data Protection Act 2018, Stanmore Storage acts as the data controller for the personal data described in this policy.

We are committed to handling personal data in a lawful, fair, and transparent manner. We only collect information that is necessary for legitimate business purposes and we take appropriate measures to keep it secure.

2. Data We Collect

We may collect and process the following categories of personal data:

  • Identity data such as name, date of birth, and proof of identity or address where required for verification.
  • Contact data such as billing address, correspondence address, email address, and telephone number.
  • Account and contract data such as account number, rental terms, payment status, storage unit details, and communication preferences.
  • Financial data such as payment details, transaction records, and information needed to process invoices, refunds, and deposits.
  • Access and security data such as entry logs, key or access code records, vehicle registration details where relevant, and CCTV footage recorded at our premises.
  • Communication data such as emails, letters, call notes, complaint records, and messages sent to us.
  • Technical data such as device information, IP address, browser type, and basic usage information if you interact with our digital systems.

In limited circumstances, we may also process information that is considered special category data if it is provided to us and is necessary for a specific purpose, such as supporting accessibility or resolving a legal issue. Where this occurs, we will only do so where a lawful basis and a valid condition for processing special category data applies.

3. How We Use Personal Data

We use personal data for the following purposes:

  • to set up and manage customer accounts;
  • to provide storage services and administer storage unit access;
  • to process payments, deposits, refunds, and invoices;
  • to verify identity and prevent fraud;
  • to respond to enquiries, complaints, and support requests;
  • to maintain security of our sites and protect staff, customers, and property;
  • to comply with legal and regulatory obligations;
  • to enforce agreements and resolve disputes;
  • to analyse service performance and improve operations;
  • to send essential service communications relating to your account or our services.

We do not use personal data for purposes that are incompatible with the reasons it was collected unless we have a lawful basis to do so and, where required, we have informed you.

4. Lawful Basis for Processing

We only process personal data where we have a lawful basis under data protection law. Depending on the activity, our lawful bases may include:

  • Contract – where processing is necessary to enter into or perform our storage agreement with you, such as managing your account, providing access, and billing.
  • Legal obligation – where we must process data to comply with laws, accounting rules, tax obligations, fraud prevention duties, or lawful requests from authorities.
  • Legitimate interests – where processing is needed for our legitimate business interests, provided your rights do not override those interests. This may include site security, operational management, customer service, and service improvement.
  • Consent – where we ask for your permission, such as for certain optional marketing activities or non-essential cookies, where applicable.
  • Vital interests – in rare situations where processing is necessary to protect someone’s life.

Where we rely on legitimate interests, we carry out a balancing test to ensure that our interests are not overridden by your rights and freedoms. Where we rely on consent, you may withdraw it at any time.

5. Sharing and Processors

We may share personal data with trusted third parties where necessary for the purposes described in this policy. These third parties act either as processors acting on our instructions, or as independent controllers where they determine their own purposes for processing.

Processors may include:

  • payment service providers and banking partners;
  • IT hosting, cloud storage, and software support providers;
  • customer relationship management and accounting service providers;
  • security and CCTV system providers;
  • maintenance, facilities, and operational support contractors;
  • professional advisers such as lawyers, auditors, and insurers.

We require our processors to protect personal data, use it only on our instructions, and maintain appropriate security. We do not sell personal data.

We may also disclose personal data where required by law, court order, law enforcement request, or to protect our rights, staff, customers, or property. If a business reorganisation, merger, or sale occurs, personal data may be transferred as part of that transaction, subject to appropriate safeguards.

6. Data Retention

We keep personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, tax, insurance, and dispute-resolution requirements. Retention periods vary depending on the type of data and the purpose of processing.

As a general approach:

  • customer account and contract records are retained for the duration of the relationship and for a reasonable period afterwards;
  • financial and tax records are retained for the period required by law;
  • security records such as access logs or CCTV footage are retained for a limited period unless needed for an investigation;
  • correspondence and complaint records are kept for as long as needed to manage the issue and any related follow-up;
  • marketing preferences are retained until you change them or ask us to delete them where applicable.

When data is no longer needed, we will securely delete, anonymise, or archive it in accordance with our retention procedures.

7. Security of Personal Data

We use appropriate technical and organisational measures to protect personal data from loss, misuse, unauthorised access, alteration, or disclosure. These measures may include access controls, encryption, secure storage, staff training, restricted permissions, and regular review of our procedures.

However, no system can be guaranteed to be completely secure. If a personal data breach occurs that is likely to result in a risk to your rights and freedoms, we will act in accordance with applicable law and, where required, notify the relevant authorities and affected individuals.

8. Your Rights

Subject to applicable law, you have the following rights in relation to your personal data:

  • Right of access – to request a copy of the personal data we hold about you.
  • Right to rectification – to ask us to correct inaccurate or incomplete data.
  • Right to erasure – to request deletion of your data in certain circumstances.
  • Right to restriction – to ask us to limit processing in certain situations.
  • Right to object – to object to processing based on legitimate interests or direct marketing.
  • Right to data portability – to receive certain data in a structured, commonly used format.
  • Right to withdraw consent – where processing is based on consent, you may withdraw it at any time.

You also have the right to lodge a complaint with the relevant supervisory authority if you believe your data protection rights have been infringed. We encourage you to contact us first so we can try to resolve any concern quickly and fairly.

9. Children’s Data

Our services are intended for adults and business use. We do not knowingly collect personal data from children unless it is necessary and lawful in a specific situation. If we become aware that we have collected such data without a valid basis, we will take steps to delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or data processing practices. Any updated version will apply from the date it is published. We encourage customers to review this policy periodically to stay informed about how we protect personal data.

Summary of Our Commitment

Stanmore Storage is committed to handling personal data with care, transparency, and accountability. We collect only what we need, process it on lawful grounds, retain it for appropriate periods, use trusted processors under strict controls, and respect your rights under data protection law.

Call Now!
Call Now Get a Quote
Stanmore Storage

GDPR-compliant Privacy Policy for Stanmore Storage covering data collection, lawful basis, retention, processors, rights, and application to all customers in area.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.