Privacy Policy - Brockley Storage

This Privacy Policy explains how Brockley Storage collects, uses, stores, shares, and protects personal data. It applies to all Brockley Storage customers in the area, including prospective customers, account holders, tenants, visitors, suppliers, and anyone who interacts with our services in connection with storage facilities, bookings, payments, access arrangements, and customer support.

We are committed to handling personal data in a lawful, fair, and transparent manner in accordance with the UK GDPR and the Data Protection Act 2018. This policy should be read carefully so you understand what information we collect, why we collect it, how long we keep it, and what rights you have.

1. Data We Collect

We may collect and process several types of personal data depending on how you use our services. The information we collect may include:

  • Identity information such as your name, date of birth, and title.
  • Contact information such as postal address, email address, and telephone number.
  • Account and contract details including booking records, tenancy agreements, service preferences, and correspondence.
  • Payment information such as billing details and transaction records. We do not routinely store full card details where payment processing is handled by a secure third party.
  • Verification information such as identity documents or proof of address where required for fraud prevention, compliance, or account setup.
  • Access and security records including entry logs, CCTV images, gate access records, alarm records, and incident reports where applicable.
  • Communications including emails, phone notes, complaints, feedback, and support requests.
  • Technical and usage data if you interact with digital systems, including device details, IP address, and service logs.

We normally collect data directly from you when you make an enquiry, sign a contract, complete a payment, submit a form, or communicate with us. We may also receive data from third parties such as payment providers, insurers, debt recovery partners, identity verification services, or public sources where lawful and necessary.

2. How We Use Personal Data

We use personal data only when we have a valid reason to do so. Typical uses include:

  • Setting up and managing your storage account.
  • Processing bookings, renewals, payments, and refunds.
  • Verifying identity and preventing fraud.
  • Providing customer support and handling enquiries.
  • Managing access to storage facilities and maintaining security.
  • Recording incidents, enforcing contractual terms, and recovering unpaid sums where necessary.
  • Meeting legal, tax, accounting, and regulatory obligations.
  • Improving our services, systems, and customer experience.
  • Sending service-related messages, such as reminders, notices, and updates.

We will not use your personal data for purposes that are incompatible with the reasons for which it was collected unless we have a lawful basis to do so and have informed you where required.

3. Lawful Basis for Processing

Under data protection law, we must identify a lawful basis for each processing activity. We rely on the following lawful bases:

Contract

We process personal data where it is necessary to enter into or perform a contract with you. This includes managing your storage agreement, arranging access, processing payments, and providing agreed services.

Legal Obligation

We may process data where needed to comply with laws and regulations, including accounting, tax, health and safety, fraud prevention, and lawful record-keeping obligations.

Legitimate Interests

We may process data where it is necessary for our legitimate interests or those of a third party, provided your interests and rights do not override those interests. This may include protecting our premises, preventing misuse, maintaining business records, handling disputes, and improving operations. We always consider whether the impact on your privacy is proportionate.

Consent

In limited cases, we may rely on your consent, for example where it is required for certain optional communications or non-essential data uses. Where we rely on consent, you may withdraw it at any time.

Vital Interests

In exceptional circumstances, we may process personal data to protect someone’s vital interests, such as in an emergency or serious safety incident.

4. Sharing and Processors

We may share personal data with trusted third parties where necessary for the operation of our business and the delivery of services. These third parties act as processors or independent controllers depending on the nature of the service. Processors only act on our instructions and are required to protect your data.

Examples of processors and recipients may include:

  • Payment processors for card or electronic payment handling.
  • IT and cloud service providers for storage, backup, email, and system maintenance.
  • Security service providers for CCTV management, alarm monitoring, and access control systems.
  • Accountants and professional advisers for financial, audit, or legal support.
  • Debt recovery or credit control providers where accounts become overdue.
  • Identity verification providers where checks are required.
  • Insurance providers or claims handlers when dealing with incidents.
  • Regulators, law enforcement, or public authorities where disclosure is required by law.

We do not sell your personal data. If data is transferred outside the UK, we will ensure appropriate safeguards are in place, such as adequacy regulations or approved contractual protections.

5. Data Retention

We keep personal data only for as long as necessary to fulfil the purposes for which it was collected, including satisfying legal, accounting, and reporting requirements. Retention periods vary depending on the type of information and the context in which it is used.

In general:

  • Contract and account records are retained for the duration of the relationship and for a reasonable period after it ends.
  • Financial and tax records are kept for the period required by law.
  • Security records, such as CCTV footage, are kept only as long as needed for security and incident management unless required for an investigation.
  • Communications and support records are retained while needed to manage enquiries, disputes, and service history.

When personal data is no longer needed, it will be securely deleted, anonymised, or destroyed. We regularly review retention requirements to ensure data is not kept longer than necessary.

6. Data Security

We take appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, destruction, alteration, or disclosure. These measures may include access controls, password protection, secure storage, encryption where appropriate, staff training, and limited access on a need-to-know basis.

Although no system is completely secure, we work to maintain a level of security appropriate to the nature of the data we hold and the risks involved.

7. Your Rights

You have a number of rights under data protection law. These rights are not absolute and may be subject to legal limits. Your rights include:

  • Right of access – to request a copy of the personal data we hold about you.
  • Right to rectification – to ask us to correct inaccurate or incomplete data.
  • Right to erasure – to request deletion of your data in certain circumstances.
  • Right to restriction – to ask us to limit how we use your data in certain situations.
  • Right to data portability – to receive certain data in a structured, commonly used format where applicable.
  • Right to object – to object to processing based on legitimate interests or direct marketing.
  • Right to withdraw consent – where processing is based on consent.

If you wish to exercise any of these rights, we may need to verify your identity before responding. We will respond within the time limits required by law.

8. Complaints and Further Information

If you believe your personal data has been handled unlawfully or unfairly, you may raise a complaint with the relevant data protection authority. You may also contact us through the appropriate service channels for assistance with data concerns, corrections, or access requests.

This policy may be updated from time to time to reflect changes in legal requirements, business operations, or data handling practices. Any changes will take effect when published or otherwise communicated as required.

9. Summary of Key Points

  • We collect only the data needed to provide storage services, manage security, and meet legal obligations.
  • We process personal data under lawful bases such as contract, legal obligation, legitimate interests, consent, and vital interests where appropriate.
  • We share data only with trusted processors and other parties where necessary and lawful.
  • We keep data only as long as needed and dispose of it securely.
  • You have rights over your personal data, including access, correction, deletion, objection, and portability.

This Privacy Policy applies to all Brockley Storage customers in the area and is intended to provide clear, transparent information about our handling of personal data.

Call Now!
Call Now Get a Quote
Brockley Storage

GDPR-compliant Privacy Policy for Brockley Storage covering data collection, lawful basis, retention, processors, user rights, and local customer scope.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.