Self Storage Richmond Privacy Policy
This Privacy Policy explains how Self Storage Richmond collects, uses, stores and protects personal data about its customers and prospective customers in the Richmond area, in accordance with the United Kingdom General Data Protection Regulation and the Data Protection Act 2018. It applies to all individuals who enquire about, use or have used storage or related services provided by Self Storage Richmond in the Richmond area.
Who we are and scope of this policy
Self Storage Richmond is a self storage service provider operating in the Richmond area. For the purposes of data protection law, Self Storage Richmond is the data controller for the personal data described in this Privacy Policy. This policy applies to all Self Storage Richmond customers, former customers and individuals who make enquiries or otherwise interact with us in the Richmond area, whether in person, by telephone, by post or online.
Personal data we collect
We may collect and process the following categories of personal data:
Identification and contact details, such as name, postal address, billing address, contact address, and communication preferences.
Verification information, such as date of birth, nationality, identification document details and copies, and any information required to comply with legal or regulatory obligations such as anti money laundering or crime prevention checks.
Contract and account information, such as storage unit number, access permissions, contract start and end dates, services purchased, payment terms, correspondence relating to your contract, and records of your interactions with us.
Payment and transaction information, such as billing history, payment status, amount paid, payment method details, and records of invoices, refunds and credits. We do not store full card details when payments are processed through secure third party payment processors.
Security and access information, such as CCTV recordings on and around our premises, access control data, entry and exit logs, and information relating to security incidents or investigations.
Communication and enquiry data, such as information you provide when contacting us with questions or complaints, feedback you provide, and records of our communications with you by phone, in writing or in person.
How we collect personal data
We collect personal data directly from you when you make an enquiry, request a quote, visit our premises, sign a storage agreement, make or attempt to make a payment, or contact us with questions or feedback.
We may also collect data automatically when you visit our premises, for example through CCTV and access control systems, and through logs of your use of our facilities.
In limited circumstances, we may receive personal data about you from third parties, such as credit reference agencies, fraud prevention agencies, law enforcement bodies, or other individuals you authorise to act on your behalf.
Lawful bases for processing
We only process your personal data when we have a lawful basis under data protection law. Depending on the context, we may rely on the following lawful bases:
Contract. We process personal data where it is necessary to enter into, perform or manage a contract with you, including setting up your account, providing storage services, processing payments, communicating with you about your agreement and handling customer service matters.
Legal obligation. We process personal data where it is necessary to comply with legal and regulatory obligations, such as tax and accounting requirements, crime prevention and detection, responding to lawful requests from public authorities, and health and safety obligations.
Legitimate interests. We process personal data where it is necessary for our legitimate business interests and these are not overridden by your data protection rights. This includes ensuring the security of our premises and property, preventing and investigating fraud or misuse, managing our business operations, improving our services, and contacting customers about service related updates.
Consent. In limited situations, we may rely on your consent, for example where required by law before sending certain types of marketing communications. Where we rely on consent, you may withdraw it at any time.
How we use personal data
We use the personal data we collect for the following purposes:
To provide storage and related services, including setting up your contract, granting access to units, administering your account, managing bookings and handling customer service queries.
To take and process payments, manage billing, handle debt recovery and deal with disputes or complaints relating to payments.
To maintain the security and safety of our premises, staff, customers and property, using CCTV, access control and incident records to monitor access and investigate security issues.
To comply with legal, regulatory and law enforcement requirements, including record keeping, responding to lawful requests and assisting with investigations.
To manage our business operations, including internal reporting, audit, risk management, service improvement and training.
To communicate with you about your use of our services, including contract notices, service changes, important information about your storage unit, and responses to your enquiries.
To send marketing communications where permitted by law and, where required, with your consent. You can opt out of marketing communications at any time.
Data sharing and processors
We do not sell your personal data. We may share personal data with carefully chosen third parties where necessary for the purposes described in this policy or where we are required to do so by law.
We may use third party service providers as data processors who act on our instructions to help us operate our business and deliver services. These can include payment processing providers, IT and cloud service providers, security and CCTV system providers, document storage and shredding services, professional advisers such as accountants or lawyers, and debt collection agencies.
Where we engage processors, we require them to keep your data secure, to use it only in accordance with our instructions, and to comply with applicable data protection laws.
We may also share personal data with law enforcement agencies, regulators, courts or other public authorities where we are legally required to do so or where it is necessary to protect our rights, property, customers or staff.
International transfers
If we transfer personal data outside the United Kingdom or the European Economic Area, we will ensure that appropriate safeguards are in place to protect your data, such as using standard contractual clauses approved by relevant authorities or transferring to countries that have been recognised as providing an adequate level of data protection.
Data retention
We keep personal data only for as long as necessary for the purposes for which it was collected, and in line with legal, regulatory and operational requirements.
In general, we retain contract and billing records for a number of years after the end of your relationship with us, to comply with tax, accounting and legal obligations and to resolve potential disputes. CCTV recordings and access logs are kept for shorter periods, unless they are required for the investigation of an incident, in which case they may be retained for longer as necessary.
When personal data is no longer required, we will delete it or anonymise it so that it can no longer be linked to an identifiable individual.
How we protect personal data
We take appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing, accidental loss, destruction or damage. These measures may include access controls, physical security for our premises, secure storage of paper records, encryption and security controls for digital systems, staff training and procedures for managing data protection and security incidents.
Your data protection rights
Under data protection law, you have certain rights in relation to your personal data, subject to applicable conditions and exemptions. These rights include:
The right of access, which allows you to request confirmation that we process your personal data and to receive a copy of the data we hold about you.
The right to rectification, which allows you to request correction of inaccurate or incomplete personal data.
The right to erasure, sometimes known as the right to be forgotten, which allows you to request deletion of your personal data in certain circumstances.
The right to restrict processing, which allows you to request that we limit our use of your personal data in certain situations.
The right to data portability, which allows you to receive certain personal data in a structured, commonly used and machine readable format and to request that we transmit such data to another controller where technically feasible.
The right to object, which allows you to object to certain types of processing based on legitimate interests, and to object at any time to the use of your personal data for direct marketing.
Where we rely on consent as the lawful basis for processing, you have the right to withdraw consent at any time, without affecting the lawfulness of processing carried out before consent was withdrawn.
Exercising your rights and contacting us
If you wish to exercise any of your data protection rights or have questions about this Privacy Policy or how we handle personal data, you can contact Self Storage Richmond using the contact details provided on our website or at our premises. When you make a request, we may need to verify your identity before responding in order to protect your privacy and security.
You also have the right to raise concerns or lodge a complaint with the UK data protection supervisory authority if you believe your data protection rights have been infringed. However, we encourage you to contact us first so that we can try to resolve your concerns.
Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our services, legal or regulatory developments, or how we process personal data. The most current version of the policy will be available at our premises or on our website, and the date of the latest update will be indicated. We encourage you to review this policy periodically to stay informed about how we protect your personal data.
