Privacy Policy - Haggerston Storage

This Privacy Policy explains how Haggerston Storage collects, uses, stores, shares, and protects personal data when providing storage services to customers in the Haggerston area. It applies to all Haggerston Storage customers in area, including individuals, households, sole traders, and business customers who use our storage facilities or related services. We are committed to handling personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who we are

For the purposes of data protection law, Haggerston Storage is the data controller for personal data collected in connection with our storage services, except where we act on behalf of another organisation or where a third-party service provider processes data under our instructions. This policy describes how we manage personal data in a fair, lawful, and transparent manner.

2. Personal data we collect

We only collect personal data that is necessary for providing storage services, managing accounts, maintaining security, and meeting legal obligations. The types of data we may collect include:

  • Identity data such as your name, date of birth, and proof of identity.
  • Contact data such as address, email address, and telephone number.
  • Account and contract data such as storage unit details, rental dates, payment status, and communications relating to your agreement.
  • Payment data such as billing information, payment confirmations, and limited transaction records. We do not usually store full card details where payments are handled by secure payment providers.
  • Security data such as access logs, CCTV images where used, and records of entry to protect property and facilities.
  • Correspondence data such as emails, letters, complaints, and service enquiries.
  • Usage data such as details of the services you use and how you interact with our storage systems.

In some cases, we may also collect special category data only where strictly necessary and permitted by law, for example if a customer voluntarily provides information relating to a health condition that affects access arrangements. We do not seek to collect such data routinely.

3. How we use personal data

We use personal data for the following purposes:

  • to set up and manage storage accounts;
  • to verify identity and prevent fraud;
  • to communicate with you about bookings, payments, renewals, access, and service updates;
  • to process payments and manage arrears;
  • to maintain site security and protect customers’ stored goods, staff, and facilities;
  • to respond to enquiries, complaints, and legal claims;
  • to comply with legal, accounting, and regulatory obligations;
  • to improve our services, systems, and customer experience;
  • to enforce contractual terms and manage risk.

We will only use your data for the purposes for which it was collected, unless we reasonably consider that we need to use it for a compatible purpose or where required or permitted by law.

4. Lawful basis for processing

We process personal data only where we have a valid lawful basis under the UK GDPR. Depending on the purpose, our lawful bases may include:

  • Contract – where processing is necessary to enter into or perform our storage agreement with you.
  • Legal obligation – where we must keep records or disclose data to comply with tax, accounting, fraud prevention, or other legal requirements.
  • Legitimate interests – where processing is necessary for our legitimate business interests, such as maintaining security, preventing misuse, managing facilities, and protecting property, provided your rights do not override those interests.
  • Consent – where we rely on your permission, such as for certain optional communications or specific uses that require consent. You may withdraw consent at any time where consent is the basis relied upon.
  • Vital interests – in rare situations where processing is necessary to protect someone’s life.

Where we rely on legitimate interests, we balance those interests against your privacy rights and only process data where this is fair and proportionate.

5. Data sharing and processors

We do not sell personal data. We may share personal data where necessary and lawful with trusted third parties who help us operate our storage services. These third parties act as processors or, in some cases, independent controllers. Processors may include:

  • IT and cloud service providers that host systems, backup data, or maintain secure databases;
  • payment processors that handle card or bank transactions;
  • security providers that support alarm systems, CCTV, or access control;
  • professional advisers such as accountants, auditors, legal advisers, and insurers;
  • maintenance and facilities contractors where access to limited data is needed to support operations;
  • public authorities where disclosure is required by law or necessary for legal proceedings.

All processors are required to act only on our instructions, protect personal data, use appropriate security measures, and process data only for the agreed purpose. If personal data is transferred outside the UK, we will ensure appropriate safeguards are in place in line with data protection law.

6. Data retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, and reporting requirements. Retention periods depend on the type of data and the reason for processing. In general:

  • customer account and contract records are kept for the duration of the relationship and for a reasonable period afterwards;
  • payment and invoicing records are retained for the period required by tax and financial regulations;
  • security logs and CCTV footage, where used, are retained only for a limited period unless needed for an incident investigation, legal claim, or regulatory request;
  • correspondence and complaint records are retained as long as needed to resolve the matter and support legal compliance.

When personal data is no longer needed, we will securely delete, anonymise, or destroy it.

7. Data security

We take appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure. These measures may include access controls, staff training, secure storage, encryption where appropriate, and regular review of our systems and procedures. While no system can be guaranteed completely secure, we work hard to keep data safe and limit access to authorised personnel only.

8. Your rights

Under data protection law, you have a number of rights in relation to your personal data. These rights may apply depending on the circumstances and the lawful basis for processing. They include:

  • Right of access – you can request a copy of the personal data we hold about you.
  • Right to rectification – you can ask us to correct inaccurate or incomplete data.
  • Right to erasure – you can ask us to delete your data in certain circumstances.
  • Right to restriction – you can ask us to limit how we use your data in certain situations.
  • Right to object – you can object to processing based on legitimate interests or direct marketing.
  • Right to data portability – you can ask for certain data to be provided in a structured, commonly used format where technically feasible.
  • Right to withdraw consent – where processing is based on consent, you may withdraw it at any time.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you believe your data protection rights have been infringed. We encourage customers to raise concerns with us first so we can try to resolve them promptly and fairly.

9. Children’s data

Our storage services are not directed at children, and we do not knowingly collect personal data from children unless it is necessary for a lawful storage arrangement involving a parent, guardian, or authorised representative. Where children’s data is incidentally involved, we handle it with particular care and only as permitted by law.

10. Automated decision-making

We do not normally use automated decision-making that produces legal or similarly significant effects. If we ever use automated tools in a way that affects you materially, we will provide appropriate information and safeguards as required by law.

11. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in the law, our services, or our data handling practices. Any updated version will apply from the date it is made available. We encourage customers to review this policy periodically to stay informed about how we protect personal data.

12. Summary of our commitment

Haggerston Storage respects your privacy and is committed to processing personal data fairly, lawfully, and transparently. We collect only what we need, use it for clear and legitimate purposes, keep it securely, and retain it only for as long as necessary. We also ensure that our processors are bound by appropriate contractual and security obligations. This policy applies to all Haggerston Storage customers in area and is intended to provide a clear explanation of your rights and our responsibilities under data protection law.

Call Now!
Call Now Get a Quote
Haggerston Storage

GDPR-compliant privacy policy for Haggerston Storage covering data collection, lawful basis, retention, processors, and user rights for all local customers.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.