Privacy Policy - Plumstead Storage

This Privacy Policy explains how Plumstead Storage collects, uses, stores, shares, and protects personal data relating to all Plumstead Storage customers in the area. It applies whether you are an existing customer, a prospective customer, a visitor making an enquiry, or someone otherwise interacting with us in connection with storage services. We are committed to handling personal information in a lawful, fair, and transparent way in accordance with applicable data protection laws, including the UK GDPR and the Data Protection Act 2018.

1. Who this policy applies to

This policy applies to all Plumstead Storage customers in the area and to individuals who interact with our services on behalf of a business, household, or organisation. It covers data collected through in-person interactions, telephone, email, written correspondence, online forms, account administration, service delivery, and security and operational systems associated with storage services.

2. Personal data we collect

We collect only the data we need to provide storage services, manage our relationship with you, maintain security, and comply with legal obligations. The categories of personal data we may collect include:

  • Identity data such as your name, title, and identification details where required for verification.
  • Contact data such as address, email address, and telephone number.
  • Account and contract data such as booking details, agreement information, billing status, payment history, and storage unit records.
  • Financial data such as payment card or bank details where necessary to process transactions securely.
  • Usage data such as records of access, service usage, communication history, and customer support interactions.
  • Security data such as CCTV footage, access control logs, incident reports, and site entry records where applicable.
  • Technical data such as device or browser information if you interact with digital systems we use to manage services.

We do not seek to collect unnecessary personal data. Where we request information that is required by law or needed to provide a service, we will explain the purpose at the point of collection.

3. How we use personal data

We use personal data for legitimate operational and legal purposes connected to storage services. These purposes include:

  • setting up and managing customer accounts;
  • verifying identity where appropriate;
  • processing payments and issuing invoices or receipts;
  • providing customer support and responding to enquiries;
  • maintaining the safety and security of our premises and customers;
  • administering access to storage units and associated services;
  • preventing fraud, misuse, or unlawful activity;
  • meeting legal, tax, accounting, and regulatory obligations;
  • handling disputes, claims, or enforcement actions;
  • improving service quality and operational efficiency.

We only use personal data in ways that are compatible with the original purpose for which it was collected, unless a compatible or lawful new purpose applies.

4. Lawful basis for processing

Under data protection law, we must have a lawful basis for each processing activity. Plumstead Storage relies on the following lawful bases, depending on the nature of the activity:

Contract

We process personal data where it is necessary to enter into or perform a storage agreement with you. This includes account setup, billing, access management, and customer service linked to your contract.

Legal obligation

We process certain data to comply with laws and regulations, including tax, accounting, anti-fraud, health and safety, and record-keeping obligations.

Legitimate interests

We may process personal data where it is necessary for our legitimate interests, provided those interests are not overridden by your rights and freedoms. Examples include protecting our premises, preventing misuse, managing internal administration, improving services, and maintaining operational security.

Consent

In limited cases, we may rely on your consent, for example where a specific optional communication or feature requires it. If we rely on consent, you can withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

We do not rely on consent where another lawful basis is more appropriate.

5. Sharing personal data and processors

We may share personal data with trusted third parties where necessary to run our business, provide services, or comply with legal requirements. These third parties act either as processors or, in some cases, as independent controllers.

Processors are service providers that process personal data on our instructions. They may include:

  • payment service providers that process transactions securely;
  • IT and cloud storage providers that support data hosting, software, and system security;
  • accounting and invoicing providers;
  • security and monitoring providers, including CCTV and access-control system suppliers;
  • customer relationship and communications service providers;
  • professional advisers such as auditors, insurers, legal advisers, and consultants where necessary.

We require processors to handle data in accordance with data protection law, to use it only on our instructions, and to maintain appropriate security. Where data is shared with independent controllers, such as law enforcement or regulatory bodies, we will only do so where required or permitted by law.

We do not sell personal data.

6. Data retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, reporting, dispute-resolution, and operational requirements. Retention periods vary according to the type of data and the reason it is held.

As a general approach:

  • contract and account records are retained for the duration of the customer relationship and for a reasonable period afterwards;
  • billing and tax records are retained for the periods required by law;
  • security records, including CCTV or access logs, are retained for a limited period unless they are needed in relation to an incident, claim, or investigation;
  • enquiry records are retained only as long as needed to respond and manage follow-up;
  • where personal data is no longer required, it is securely deleted, anonymised, or otherwise disposed of.

If legal claims, disputes, or investigations arise, certain records may be retained for longer than usual until those matters are resolved. Retention is reviewed periodically to ensure we keep no more data than necessary.

7. Data security

We use appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, destruction, alteration, or disclosure. These measures may include access restrictions, password controls, staff training, secure storage, supplier due diligence, and monitoring of systems and premises. While no system can be guaranteed to be completely secure, we work to maintain a level of protection appropriate to the risks involved.

8. Your rights under data protection law

You have rights over your personal data. These rights may apply in full or in part depending on the lawful basis for processing and the circumstances of the request.

  • Right of access to obtain a copy of the personal data we hold about you.
  • Right to rectification to correct inaccurate or incomplete data.
  • Right to erasure in certain circumstances, sometimes called the right to be forgotten.
  • Right to restriction to limit how we use your data in certain cases.
  • Right to object to processing based on legitimate interests or direct marketing.
  • Right to data portability where processing is based on consent or contract and carried out by automated means.
  • Right to withdraw consent at any time where consent is the lawful basis.
  • Right to complain to the relevant supervisory authority if you believe your data has been handled unlawfully.

We may need to verify your identity before responding to a rights request. Some rights may not apply in all circumstances, for example where we are required to keep data for legal reasons or where processing is necessary for the establishment, exercise, or defence of legal claims.

9. International transfers

If any personal data is transferred outside the UK, we will ensure that appropriate safeguards are in place to protect it. These safeguards may include adequacy regulations, standard contractual clauses, or equivalent legal protections recognised by law. We only transfer data where necessary and where suitable protections exist.

10. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in law, our services, or our data handling practices. Any updated version will apply from the date it is made available. We encourage customers to review this policy periodically so they remain aware of how their data is processed.

11. Summary of our approach

Plumstead Storage is committed to processing personal data lawfully, fairly, and transparently. We collect only what is necessary, use it for clear business and legal purposes, share it only with trusted processors or other authorised recipients, and keep it only for as long as needed. We also respect the rights of our customers and aim to handle all requests and concerns responsibly. This policy applies to all Plumstead Storage customers in the area and forms part of our commitment to privacy, security, and compliance.

Call Now!
Call Now Get a Quote
Plumstead Storage

GDPR-compliant privacy policy for Plumstead Storage covering data collection, lawful basis, retention, processors, rights, and applying to all local customers.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.