Privacy Policy - Catford Storage

This Privacy Policy explains how Catford Storage collects, uses, stores, shares, and protects personal data in connection with our storage services. It applies to all Catford Storage customers in the area, including prospective customers, account holders, authorised users, and individuals who interact with us in relation to our services. We are committed to handling personal data in a lawful, fair, and transparent manner in line with the UK GDPR and the Data Protection Act 2018.

1. Who We Are

For the purposes of data protection law, Catford Storage acts as the data controller for the personal data we collect and process in the ordinary course of providing storage services. This means we decide how and why your personal data is used. In some limited cases, we may also act as a data processor where we process data on behalf of another organisation under its instructions.

2. Personal Data We Collect

We only collect data that is necessary for delivering and managing our services, meeting legal obligations, and protecting our legitimate business interests. The categories of personal data we may collect include:

  • Identity information such as your name, title, date of birth, and proof of identity.
  • Contact details such as address, email address, and telephone number.
  • Account and service information such as booking details, unit allocation, payment status, access records, and service preferences.
  • Financial information such as billing address, payment method details, and transaction records.
  • Security information such as CCTV images, access logs, alarm records, and incident reports.
  • Communications such as messages, complaints, enquiries, and notes relating to customer support or account management.
  • Technical data such as IP address, device information, and system usage information where you interact with digital systems linked to our services.

We do not intentionally collect special category data unless you choose to provide it or it is incidentally included in communications or supporting documents. Where such data is received, we will only process it where there is a lawful basis and appropriate safeguards in place.

3. How We Collect Personal Data

We may collect personal data directly from you when you complete forms, enter into a storage agreement, make a payment, contact us, or use our premises and related services. We may also collect data automatically through security systems, access controls, and device-based logs. In some cases, we receive personal data from third parties, for example identity verification providers, payment service providers, debt recovery agencies, insurers, legal advisers, or public authorities where required by law.

4. Why We Use Your Data

We use personal data for the following purposes:

  • to provide and manage storage services;
  • to create and administer customer accounts;
  • to verify identity and prevent fraud;
  • to take payments and manage billing;
  • to communicate with you about your account, contract, or service issues;
  • to maintain site safety, security, and access control;
  • to monitor for misuse, damage, theft, or unlawful activity;
  • to comply with legal and regulatory obligations;
  • to establish, exercise, or defend legal claims;
  • to improve our services, systems, and customer experience;
  • to manage operational risk and internal record keeping.

We will only use your personal data for the purposes for which it was collected, unless we reasonably consider that another compatible purpose applies.

5. Lawful Basis for Processing

Under data protection law, we must have a lawful basis to process your personal data. Depending on the activity, our lawful bases may include:

  • Contract — processing necessary to enter into or perform our storage agreement with you, such as managing bookings, billing, access, and customer support.
  • Legal obligation — processing needed to comply with laws and regulatory requirements, including tax, accounting, fraud prevention, and safeguarding obligations.
  • Legitimate interests — processing required for our legitimate business interests, such as protecting premises, preventing loss or damage, managing incidents, improving services, and maintaining operational security, provided your rights do not override those interests.
  • Consent — where we rely on your consent, for example for optional marketing communications or certain non-essential uses. You may withdraw consent at any time.

We do not rely on consent where another lawful basis is more appropriate. If we process special category data or criminal offence data, we will do so only where permitted by law and subject to additional safeguards.

6. Data Sharing and Processors

We may share personal data with trusted third parties who act as processors or, in some cases, as separate controllers. Processors only act on our instructions and are required to protect personal data appropriately. These may include:

  • Payment service providers to process transactions and refunds.
  • IT and cloud service providers to host data, support systems, and maintain digital security.
  • Identity verification providers to confirm identity and reduce fraud risk.
  • Security providers such as CCTV monitoring, alarm maintenance, or access-control contractors.
  • Professional advisers including accountants, legal advisers, insurers, and auditors.
  • Debt recovery and collection agents where accounts remain unpaid and appropriate notice has been given.
  • Public authorities and law enforcement where required by law or necessary to protect rights, property, or safety.

We require processors to implement appropriate technical and organisational measures, to process data only on documented instructions, and not to use your personal data for their own purposes.

7. International Transfers

If any of our processors or service providers transfer personal data outside the UK, we will take steps to ensure that appropriate safeguards are in place. These safeguards may include adequacy regulations, standard contractual clauses, or other approved transfer mechanisms.

8. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, including for legal, accounting, tax, contractual, and security reasons. Retention periods vary depending on the type of data and the context in which it is used. For example:

  • account and contract records may be retained for the duration of the relationship and for a period afterwards;
  • payment and invoicing records may be retained to meet tax and accounting requirements;
  • security logs and CCTV footage may be retained for a shorter period unless needed for investigation or legal purposes;
  • complaints, incident reports, and legal correspondence may be kept longer where necessary to resolve disputes or defend claims.

When personal data is no longer required, we will delete it securely or anonymise it so that it can no longer identify you.

9. How We Protect Your Data

We use appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, misuse, alteration, or disclosure. These measures may include restricted access controls, password protection, encryption where appropriate, staff training, physical security measures, and secure disposal processes. While no system can be guaranteed completely secure, we work to reduce risks to a reasonable and proportionate level.

10. Your Rights

Under data protection law, you have several rights in relation to your personal data. These rights may be subject to legal limitations and exemptions. They include:

  • Right of access — to request a copy of the personal data we hold about you.
  • Right to rectification — to ask us to correct inaccurate or incomplete data.
  • Right to erasure — to request deletion of your data in certain circumstances.
  • Right to restriction — to ask us to limit processing in certain situations.
  • Right to object — to object to processing based on legitimate interests or to direct marketing.
  • Right to data portability — to receive certain data in a structured, commonly used format where technically feasible.
  • Right to withdraw consent — where processing is based on consent, you may withdraw it at any time.

You also have the right to lodge a complaint with the UK data protection supervisory authority if you believe your rights have been infringed. We encourage you to raise concerns with us first so we can address them promptly.

11. Automated Decision-Making

We do not use personal data to make decisions that produce legal or similarly significant effects solely by automated means unless we have notified you and ensured that such processing is lawful and appropriately safeguarded. If this changes, we will provide clear information about the logic involved and your rights.

12. Marketing

We may send you service-related messages that are necessary for the administration of your account, such as reminders, invoices, or updates about your storage unit. We will only send optional marketing communications where permitted by law and, where required, with your consent. You can opt out of marketing at any time without affecting your use of our services.

13. Children’s Data

Our services are not aimed at children. We do not knowingly collect personal data from children except where it is necessary in relation to a customer’s account or where provided by a parent, guardian, or authorised representative. If we become aware that we have collected data unlawfully from a child, we will take appropriate steps to delete or restrict it.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, our services, or our data-handling practices. Any revised version will take effect when published or otherwise communicated to customers. We encourage you to review it periodically to stay informed about how we protect your information.

15. Summary of Your Privacy Commitment

Catford Storage is committed to using personal data responsibly, transparently, and securely. We collect only what we need, use it for clear and lawful purposes, share it only when necessary, and retain it for no longer than required. We respect your rights and aim to provide a service that is both practical and privacy-conscious. By using our storage services, you can expect your personal data to be handled with care and in accordance with the principles of fairness, necessity, and accountability.

Last updated: This policy should be reviewed regularly and amended where necessary to remain compliant.

Call Now!
Call Now Get a Quote
Catford Storage

GDPR-compliant Privacy Policy for Catford Storage covering data collection, lawful basis, retention, processors, user rights, and security for all customers in the area.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.