Privacy Policy - Bexleyheath Storage

This Privacy Policy explains how Bexleyheath Storage collects, uses, stores, shares, and protects personal data in connection with our storage services. It applies to all Bexleyheath Storage customers in the area, including prospective customers, current customers, former customers, and any individual who contacts us or otherwise interacts with our services.

We are committed to handling personal data in a lawful, fair, and transparent manner in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We encourage you to read this policy carefully so you understand how your information is managed.

1. Personal Data We Collect

We collect only the personal data that is necessary for providing our services, managing our business operations, and meeting our legal obligations. The types of information we may collect include:

  • Identity data such as your name, date of birth, and proof of identity where required.
  • Contact data such as your address, email address, and telephone number.
  • Account and service data such as booking details, unit allocation, access records, payment status, and contract information.
  • Financial data such as billing information and payment transaction details. We do not store full payment card details unless processed through a secure payment provider.
  • Verification data such as documents provided for identity, address, or business verification.
  • Security data such as CCTV footage, access logs, incident reports, and alarm records where applicable.
  • Communications data such as emails, messages, complaints, queries, and any other correspondence you send to us.
  • Technical data such as IP addresses or device information if collected through our digital systems or online forms.

We may also receive personal data from third parties where necessary, for example from payment processors, identity verification services, insurers, legal representatives, or public authorities. If you provide information about another person, you should ensure that you have the authority to do so and that they are aware of this policy.

2. How We Use Your Personal Data

We use personal data only where the law allows us to do so. The main purposes for which we use your information are:

  • to register you as a customer and manage your storage agreement;
  • to verify identity and assess eligibility for our services;
  • to allocate, manage, and administer storage units and access arrangements;
  • to process payments, fees, deposits, refunds, and outstanding balances;
  • to communicate with you regarding your account, service updates, and administrative matters;
  • to manage security, prevent fraud, and protect our property, customers, and staff;
  • to investigate complaints, disputes, incidents, or suspected misuse of our services;
  • to comply with legal, regulatory, tax, insurance, and accounting obligations;
  • to establish, exercise, or defend legal claims;
  • to improve our operations, systems, and customer service;
  • to send service-related notices and, where permitted, limited marketing communications.

We do not sell your personal data. We only use it for legitimate business purposes connected to our storage services and legal responsibilities.

3. Lawful Basis for Processing

Under data protection law, we must have a lawful basis for each use of personal data. Depending on the context, Bexleyheath Storage may rely on one or more of the following lawful bases:

  • Contract – where processing is necessary to enter into or perform our storage contract with you, such as setting up your account, providing access, and managing billing.
  • Legal obligation – where processing is necessary for compliance with laws, regulations, tax rules, anti-fraud requirements, or lawful requests from public authorities.
  • Legitimate interests – where processing is necessary for our legitimate business interests, provided those interests are not overridden by your rights and freedoms. This may include security monitoring, service improvement, debt recovery, or handling disputes.
  • Consent – where we ask for your permission, such as for certain types of marketing or optional communications. You may withdraw consent at any time where processing is based on consent.

Where special category data is processed, such as health-related information if you voluntarily provide it in relation to an access issue or vulnerability, we will only do so where a lawful condition under the UK GDPR is satisfied and where it is strictly necessary.

4. Retention of Personal Data

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including satisfying legal, accounting, tax, insurance, and reporting requirements. The exact retention period depends on the type of data and the purpose of processing.

In general:

  • customer account and contract records are kept for the duration of the relationship and for a reasonable period afterwards;
  • payment and invoicing records are retained in line with tax and accounting obligations;
  • security records such as CCTV footage or access logs are kept for a limited period unless required for an investigation, insurance matter, or legal claim;
  • complaints, correspondence, and dispute records may be retained for as long as needed to resolve the issue and defend our legal position;
  • marketing preferences are retained until you withdraw consent or object, as applicable.

When personal data is no longer required, it will be securely deleted, anonymised, or otherwise disposed of in accordance with our retention procedures. We regularly review data retention to avoid keeping information longer than necessary.

5. Processors and Third Parties

We may share personal data with trusted third parties who act as data processors or independent controllers, but only where necessary and with appropriate safeguards in place. These may include:

  • IT and cloud service providers that host, maintain, or support our systems and data storage;
  • payment service providers that process transactions securely;
  • accounting and bookkeeping providers that assist with financial administration;
  • identity verification or fraud prevention providers where checks are required;
  • security and CCTV monitoring providers where applicable;
  • legal, insurance, and professional advisers who support us in managing claims, disputes, or compliance matters;
  • government bodies, regulators, law enforcement, and courts where disclosure is required by law or necessary to protect rights and safety.

Processors are only permitted to act on our instructions and must implement appropriate technical and organisational security measures. Where a third party acts as an independent controller, it will be responsible for its own compliance and privacy practices.

Where personal data is transferred outside the UK, we will ensure that appropriate safeguards are in place, such as adequacy regulations or approved contractual protections, to protect your information to the standard required by law.

6. Security of Your Information

We take the security of personal data seriously and use reasonable measures to protect it from unauthorised access, loss, misuse, alteration, or disclosure. These measures may include access controls, encryption, staff training, secure storage, restricted permissions, and monitoring of systems and premises.

Although we work hard to protect your data, no system can be guaranteed to be completely secure. If a personal data breach occurs and it is likely to result in a risk to your rights and freedoms, we will take appropriate action and notify the relevant supervisory authority and affected individuals where required by law.

7. Your Data Protection Rights

As a data subject, you have a number of rights under data protection law. Subject to certain legal conditions and exemptions, these may include:

  • Right of access – to request a copy of the personal data we hold about you.
  • Right to rectification – to request correction of inaccurate or incomplete data.
  • Right to erasure – to request deletion of your data in certain circumstances.
  • Right to restrict processing – to ask us to limit how your data is used in specific situations.
  • Right to data portability – to receive certain data in a structured, commonly used format and, where feasible, have it transferred to another controller.
  • Right to object – to object to processing based on legitimate interests or direct marketing.
  • Right to withdraw consent – where processing relies on your consent, you may withdraw it at any time.

If you wish to exercise any of these rights, we may need to verify your identity before responding. We aim to respond within the time limits required by law. In some cases, we may not be able to fulfil a request if an exemption applies or if the law allows us to retain or continue processing the data.

8. Marketing Preferences

Where permitted, we may send you limited marketing communications about relevant storage offers or service updates. You can object to direct marketing at any time, and we will stop using your data for that purpose. If we rely on consent, you may withdraw it without affecting the lawfulness of processing carried out before withdrawal.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, our services, or our internal practices. Any updated version will apply from the date it is made available. We encourage you to review this policy periodically to stay informed about how we protect your information.

By using Bexleyheath Storage services, you acknowledge that your personal data will be processed in accordance with this Privacy Policy. We remain committed to respecting your privacy and handling your information responsibly.

Call Now!
Call Now Get a Quote
Bexleyheath Storage

GDPR-compliant Privacy Policy for Bexleyheath Storage covering data collection, lawful basis, retention, processors, security, and user rights.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.