Privacy Policy - Downham Storage

This Privacy Policy explains how Downham Storage collects, uses, stores, and protects personal data. It applies to all Downham Storage customers in the area, including prospective customers, current customers, former customers, and any individuals who interact with us in connection with storage services, access arrangements, billing, or customer administration.

We are committed to handling personal data in a lawful, fair, and transparent manner. This policy is written to reflect the requirements of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. It explains what data we collect, why we collect it, the lawful basis we rely on, how long we keep it, who may process it on our behalf, and the rights available to individuals under data protection law.

1. Data We Collect

We collect only the personal data necessary for the provision and management of our storage services. The type of data we may collect includes:

  • Identity data such as name, title, and date of birth where needed for verification purposes.
  • Contact data such as postal address, email address, and telephone number.
  • Account and contract data such as booking details, tenancy or storage agreements, payment records, service preferences, and communication history.
  • Financial data such as invoicing information, payment status, and limited payment transaction details.
  • Security and access data such as entry logs, CCTV recordings, vehicle registration details, and access records where relevant to site security and safety.
  • Correspondence data such as emails, forms, notes of calls, complaint records, and any other communications with us.
  • Technical data where we use online systems, such as IP address, device information, and basic usage data needed to support security and functionality.

We do not intentionally collect special category personal data unless you choose to provide it in the course of communication and there is a lawful reason for processing it. We ask customers not to share unnecessary sensitive information.

2. How We Use Personal Data

We use personal data for the following purposes:

  • To register and manage customer accounts and storage agreements.
  • To verify identity and prevent fraud.
  • To provide, administer, and improve our storage services.
  • To process payments, send invoices, and manage outstanding balances.
  • To communicate about access, security, availability, service updates, and operational matters.
  • To maintain site safety, protect property, and investigate incidents.
  • To comply with legal, tax, accounting, and regulatory obligations.
  • To handle complaints, disputes, and claims.
  • To exercise or defend legal rights.

We only use personal data for the purposes for which it was collected, unless we reasonably consider that we need to use it for a compatible purpose or where the law allows otherwise.

3. Lawful Basis for Processing

Under UK GDPR, we must have a lawful basis for processing personal data. Depending on the context, Downham Storage relies on the following lawful bases:

Contract

We process personal data where it is necessary to enter into or perform a contract with you. This includes setting up storage services, managing your account, collecting fees, and delivering services requested by you.

Legal Obligation

We process personal data where required to comply with the law. This may include tax record-keeping, accounting obligations, fraud prevention requirements, and responding to lawful requests from authorities.

Legitimate Interests

We process data where it is necessary for our legitimate interests, provided those interests are not overridden by your rights and freedoms. Our legitimate interests may include maintaining site security, protecting our property and customers, improving services, monitoring access, and managing business operations efficiently.

Consent

In limited situations, we may rely on consent, for example where it is appropriate for certain optional communications or marketing activities. Where consent is used, you may withdraw it at any time. Withdrawal of consent will not affect processing carried out before withdrawal.

Vital Interests

In rare circumstances, we may process personal data to protect someone’s vital interests, such as in an emergency situation.

4. Data Sharing and Processors

We may share personal data with trusted third parties where necessary for the purposes described in this policy. These parties may act as processors or, in some cases, as independent controllers. We only share data where there is a valid reason and, where required, a contractual or legal safeguard is in place.

Processors may include:

  • IT and hosting providers that support our systems, data storage, security, and communications.
  • Payment service providers that process card or electronic payments securely.
  • Accountancy and bookkeeping providers that assist with financial administration and statutory records.
  • Security service providers such as CCTV, alarm monitoring, or access-control support services.
  • Document management or archive providers where records are stored securely.
  • Professional advisers such as legal or insurance advisers, where needed.

We may also disclose data where necessary to law enforcement, regulators, courts, insurers, or other authorities if required by law or where we reasonably believe disclosure is necessary to protect rights, property, safety, or security.

Any processor engaged by Downham Storage is required to handle personal data only on our instructions, to use appropriate security measures, and to keep it confidential.

5. Retention of Personal Data

We keep personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, tax, insurance, and reporting requirements.

Retention periods depend on the type of information and the reason for holding it. In general:

  • Contract and account records are retained for the period of the service relationship and for a reasonable period afterwards.
  • Financial and tax records are retained for the period required by law and standard accounting practice.
  • Security records such as CCTV or access logs are retained for a limited period unless needed for an incident, investigation, or legal claim.
  • Correspondence and complaints are retained for as long as necessary to respond to the matter and for an appropriate period after closure.

When personal data is no longer required, we will delete it securely or anonymise it so that it can no longer identify an individual.

6. Data Security

We take the security of personal data seriously and use appropriate technical and organisational measures to protect it from loss, misuse, unauthorised access, alteration, or disclosure. These measures may include access controls, secure storage, restricted permissions, staff awareness, and monitoring of our systems and premises.

Although we do our best to protect personal data, no system can be guaranteed to be completely secure. If a personal data breach occurs, we will assess the risk and take any steps required by law, including notifying affected individuals and the relevant authorities where appropriate.

7. Your Rights

Under data protection law, individuals have several rights in relation to their personal data. These rights may not apply in every case, as exemptions and limits can apply. Subject to those limits, you may have the right to:

  • Access the personal data we hold about you.
  • Rectification of inaccurate or incomplete data.
  • Erasure of your data in certain circumstances.
  • Restriction of processing in certain circumstances.
  • Object to processing based on legitimate interests or direct marketing.
  • Data portability where processing is based on consent or contract and carried out by automated means.
  • Withdraw consent where processing is based on consent.

You also have the right to lodge a complaint with the Information Commissioner’s Office if you believe your data has been handled unlawfully or if you are dissatisfied with how your concerns have been addressed.

8. Automated Decision-Making

Downham Storage does not use personal data for decisions made solely by automated means that produce legal or similarly significant effects, unless we have informed you and the law permits such processing. If this changes, we will update this policy and provide the required information.

9. Children’s Data

Our services are intended for adults. We do not knowingly collect personal data from children unless it is necessary in a specific circumstance and with appropriate legal basis and safeguards. If we become aware that we have collected data from a child unlawfully, we will take steps to delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or data processing practices. The most recent version will apply to all Downham Storage customers in the area. We encourage individuals to review this policy periodically to stay informed about how personal data is handled.

11. Summary of Our Commitment

Downham Storage is committed to processing personal data lawfully, securely, and transparently. We collect only what we need, use it for clear and legitimate purposes, retain it for limited periods, and apply appropriate safeguards when working with processors. We also respect the rights of individuals and aim to respond properly to any request relating to personal data.

By using our services, you acknowledge that your personal data may be processed in accordance with this Privacy Policy, subject always to your rights under applicable law.

Call Now!
Call Now Get a Quote
Downham Storage

GDPR-compliant Privacy Policy for Downham Storage covering data collection, lawful basis, retention, processors, and user rights for all customers in the area.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.