Privacy Policy - Orpington Storage

Orpington Storage is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, share, store, and protect personal information relating to our customers, prospective customers, visitors, and other individuals whose data we process in connection with our storage services. This policy applies to all Orpington Storage customers in the area, including individuals and businesses using our services locally.

1. Who We Are

For the purposes of data protection law, Orpington Storage is the data controller for the personal information described in this policy. This means we decide how and why personal data is processed when you use our services, interact with us, or otherwise provide information to us. We are responsible for ensuring that your data is handled in accordance with the UK GDPR and the Data Protection Act 2018.

2. Personal Data We Collect

We may collect and process different categories of personal data depending on how you interact with us. The information we collect may include:

  • Identity data such as your name, title, date of birth, and identity verification details.
  • Contact data such as address, email address, and telephone number.
  • Account and contract data such as tenancy details, booking information, payment status, and service preferences.
  • Payment data such as billing information, transaction records, and payment method details, where required.
  • Communications data such as correspondence, enquiries, complaints, and support requests.
  • Security and access data such as CCTV recordings, access logs, key or passcode records, and site entry information.
  • Technical data such as IP address, browser type, device information, and usage data if you interact with our digital systems.
  • Compliance data such as documentation needed for legal, regulatory, fraud prevention, or insurance purposes.

We aim to collect only the personal data that is relevant and necessary for the services we provide. Where possible, we avoid collecting information that is not needed.

3. How We Use Your Data

We use personal data for the following purposes:

  • To provide and manage storage services.
  • To create and administer customer accounts and agreements.
  • To process payments, refunds, and billing-related matters.
  • To verify identity and prevent fraudulent use of our services.
  • To manage access to storage units and secure our premises.
  • To respond to enquiries, complaints, and customer requests.
  • To meet legal, regulatory, accounting, and tax obligations.
  • To maintain records, monitor site safety, and protect our property, customers, and staff.
  • To improve our services, systems, and customer experience.
  • To establish, exercise, or defend legal claims.

We will only use your personal data for the purposes explained in this policy or for compatible purposes where permitted by law.

4. Lawful Basis for Processing

Under data protection law, we must have a lawful basis for processing your personal data. Depending on the circumstances, we rely on the following legal bases:

Contract

We process personal data where it is necessary to enter into or perform a contract with you, such as providing storage services, managing bookings, handling payments, and delivering customer support.

Legal obligation

We may process your data where we are required to comply with legal obligations, including tax, accounting, health and safety, fraud prevention, or lawful requests from authorities.

Legitimate interests

We may process personal data where it is necessary for our legitimate business interests, provided those interests are not overridden by your rights and freedoms. Examples include protecting our premises, preventing misuse, managing risk, maintaining records, and improving service delivery.

Consent

In limited cases, we may rely on your consent, for example where you choose to receive certain marketing communications. Where consent is used, you may withdraw it at any time.

Vital interests

In rare situations, we may process data to protect someone’s vital interests, such as where there is an emergency or serious safety concern.

5. Data Sharing and Processors

We may share personal data with trusted third parties where necessary to operate our business and provide our services. These third parties act as processors or, in some cases, independent controllers.

Examples of processors may include:

  • Payment service providers that process transactions securely.
  • IT and cloud service providers that host systems, store data, or support operational software.
  • Security providers that manage alarms, access control, or CCTV systems.
  • Accountants and auditors who assist with financial records and compliance.
  • Professional advisers such as lawyers, insurers, or consultants where necessary.
  • Customer support and communication providers that help manage service requests.

We require our processors to handle personal data only on our instructions, to keep it secure, and to comply with applicable data protection laws. We do not sell your personal data.

We may also disclose data if required by law, by a court order, or to public authorities where we are legally obliged to do so. In addition, data may be shared where necessary to protect our legal rights, prevent crime, or address security risks.

6. International Transfers

Where personal data is transferred outside the UK, we will take appropriate steps to ensure an adequate level of protection. This may include using approved transfer mechanisms and contractual safeguards required by law.

7. Data Retention

We keep personal data only for as long as necessary for the purposes for which it was collected, and in line with legal, tax, insurance, contractual, and operational requirements. Retention periods vary depending on the type of data and the purpose of processing.

  • Customer and contract records are generally retained for the duration of the service relationship and for a reasonable period afterwards.
  • Financial and tax records are retained for the periods required by law.
  • Security records such as access logs or CCTV footage are kept only as long as necessary for safety, security, investigation, or incident handling.
  • Communications and complaint records may be retained to resolve disputes, support service history, and meet compliance needs.

When personal data is no longer needed, we will delete it securely or anonymise it so that it can no longer identify you.

8. Data Security

We use appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, destruction, alteration, or disclosure. These measures may include access controls, secure storage, staff confidentiality obligations, monitoring, and regular review of our safeguards. While no system can be guaranteed to be completely secure, we work to maintain a level of protection appropriate to the risks involved.

9. Your Rights

Subject to conditions and exceptions under data protection law, you have the following rights in relation to your personal data:

  • Right of access – to request a copy of the personal data we hold about you.
  • Right to rectification – to ask us to correct inaccurate or incomplete data.
  • Right to erasure – to request deletion of your data in certain circumstances.
  • Right to restriction – to ask us to limit how we use your data in certain cases.
  • Right to object – to object to processing based on legitimate interests or direct marketing.
  • Right to data portability – to request transfer of certain data to you or another provider where applicable.
  • Right to withdraw consent – where processing is based on consent, you may withdraw it at any time.

You also have the right to lodge a complaint with the Information Commissioner’s Office if you believe your data rights have been infringed. We encourage you to raise any concern with us first so that we can try to resolve it promptly and fairly.

10. Cookies and Similar Technologies

If we operate online systems or digital tools, we may use cookies or similar technologies to support functionality, improve performance, and analyse usage. Where required, we will obtain consent before placing non-essential cookies. You can manage cookie preferences through your browser settings or other available controls.

11. Children’s Data

Our storage services are not intended for children as independent customers. We do not knowingly collect personal data from children except where it is necessary in connection with a lawful contract or service arrangement and only where appropriate safeguards are in place.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in law, our services, or how we process personal data. Any updated version will apply from the date it is issued. We encourage customers to review this policy periodically so they remain informed about how their information is used.

13. Summary of Our Commitments

Orpington Storage will process personal data lawfully, fairly, and transparently. We collect only what we need, use it for clear and legitimate purposes, retain it for no longer than necessary, and share it only with trusted processors or where required by law. We respect your rights and aim to maintain the highest reasonable standards of privacy and security for all customers in the area.

This Privacy Policy is designed to reflect core GDPR principles, including data minimisation, purpose limitation, storage limitation, accountability, and security.

Call Now!
Call Now Get a Quote
Orpington Storage

GDPR-compliant privacy policy for Orpington Storage covering data collection, lawful basis, retention, processors, and user rights for all local customers.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.