Privacy Policy - Sydenham Storage

Sydenham Storage is committed to protecting the privacy and personal data of all customers and prospective customers who use, enquire about, or otherwise interact with our storage services. This Privacy Policy explains how we collect, use, store, share, and protect personal data, and it applies to all Sydenham Storage customers in the area. We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who this policy applies to

This policy applies to individuals who:

  • Request a quote or make an enquiry;
  • Create an account, sign a storage agreement, or rent a unit;
  • Visit or use our premises and services;
  • Communicate with us by phone, email, form, or in person;
  • Are listed as an authorised contact, emergency contact, or business representative;
  • Appear in records that we must keep for legal, security, operational, or accounting reasons.

This policy is intended to give clear, accessible information about our data processing activities. It should be read alongside any specific notices provided at the point of collection, as well as any terms associated with your storage agreement.

2. Personal data we collect

We only collect personal data that is relevant and necessary for the provision of storage services, legal compliance, and the protection of our business, customers, and premises. Depending on your interactions with us, we may collect the following categories of data:

Identity and contact details

  • Full name;
  • Address;
  • Email address;
  • Telephone number;
  • Date of birth, where needed for identity verification or contractual purposes.

Account and contract information

  • Storage unit number and access details;
  • Billing and payment records;
  • Agreement start and end dates;
  • Insurance and customer declaration information;
  • Records of communication, complaints, and service requests.

Verification and security information

  • Photographic identification details where required;
  • Vehicle registration information for site access or deliveries;
  • CCTV footage and access logs, where applicable;
  • Visitor records and site entry information.

Technical and usage information

  • Device and browser information if you interact with our digital services;
  • IP address and usage logs;
  • Cookies or similar technologies, where in use and permitted by law.

Special category data

We do not intend to collect special category personal data, such as health, ethnicity, religion, or biometric data, unless you choose to provide it for a specific reason and we have a lawful basis to process it. If such data is ever provided, we will treat it with enhanced care and only process it where permitted by law.

3. How we collect your data

We collect personal data directly from you when you complete forms, sign agreements, make payments, contact us, or use our services. We may also receive information from third parties, such as payment providers, identity verification services, insurers, or contractors acting on your behalf. In some cases, data may be collected automatically through security systems, site access systems, or digital logs.

We ensure that data collection is fair, lawful, and transparent, and we do not collect more information than is reasonably needed for the stated purpose.

4. Lawful basis for processing

Under the UK GDPR, we must have a lawful basis for each use of personal data. Depending on the context, we rely on the following lawful bases:

Performance of a contract

We process personal data when it is necessary to enter into or perform a storage agreement. This includes creating customer records, managing access, issuing invoices, and delivering services requested by you.

Legal obligation

We process data where required to comply with legal and regulatory obligations, including accounting, tax, fraud prevention, health and safety, and lawful requests from authorities.

Legitimate interests

We may process data for our legitimate business interests, provided these interests are not overridden by your rights and freedoms. These interests include site security, prevention of misuse, customer service improvement, debt recovery, administration, and protection of property and staff. Where we rely on legitimate interests, we carry out a balancing test to ensure that processing remains proportionate.

Consent

In limited situations, we may rely on your consent, for example for certain optional marketing communications or specific non-essential processing. Where we use consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

5. How we use your data

We use personal data to:

  • Set up and manage your storage agreement;
  • Verify identity and prevent fraud;
  • Process payments and manage accounts;
  • Maintain site safety and security;
  • Communicate about services, notices, and account matters;
  • Handle disputes, complaints, and claims;
  • Meet legal, regulatory, tax, and insurance obligations;
  • Improve our services and internal operations.

We will only use your personal data for the purpose for which it was collected, unless we reasonably consider that we need to use it for another compatible purpose and that such use is permitted by law.

6. Sharing personal data and processors

We may share personal data with trusted third parties where necessary to operate our business and provide services. When these third parties process personal data on our behalf, they act as processors. We remain responsible for ensuring they only process data under our instructions and with appropriate safeguards.

Examples of processors may include:

  • Payment service providers that handle card or bank transactions;
  • IT and cloud hosting providers that store or secure customer records;
  • Customer management and communication platforms;
  • Security providers supporting CCTV, alarms, or access control systems;
  • Professional advisers such as accountants, auditors, insurers, or legal advisers;
  • Maintenance and facilities contractors where access records are needed for operational reasons.

We may also disclose personal data to law enforcement, regulators, courts, or public authorities where required or permitted by law. If Sydenham Storage undergoes a business reorganisation, sale, or transfer, customer data may be shared as part of that transaction, subject to applicable legal protections.

7. International transfers

Where any processor or service provider is located outside the UK, we will ensure that appropriate safeguards are in place before transferring personal data. These safeguards may include adequacy regulations, standard contractual clauses, or equivalent lawful protections. We take reasonable steps to ensure that overseas transfers do not reduce the security or legal protection of your data.

8. Data retention

We keep personal data only for as long as necessary to fulfil the purpose for which it was collected, including meeting legal, accounting, and reporting requirements. Retention periods depend on the type of data and our obligations.

  • Customer and contract records: retained for the duration of the agreement and for a period afterwards to resolve disputes, enforce rights, or comply with legal requirements;
  • Financial and billing records: retained for the period required by tax and accounting law;
  • Security records and CCTV: retained for a limited period unless required for incident investigation, legal claims, or regulatory purposes;
  • Enquiry and correspondence records: retained as long as necessary to manage the enquiry and for reasonable follow-up or record-keeping;
  • Marketing data: retained until you withdraw consent or object, where applicable.

When data is no longer needed, we will securely delete, anonymise, or otherwise dispose of it in accordance with our retention procedures. Our aim is to retain only what is necessary and no longer than necessary.

9. Security of your information

We apply appropriate technical and organisational measures to protect personal data against loss, misuse, unauthorised access, disclosure, alteration, or destruction. These measures may include access controls, encryption, secure storage, staff confidentiality obligations, and regular review of internal procedures. While no system can be guaranteed completely secure, we take reasonable and proportionate steps to reduce risk.

10. Your rights

Under data protection law, you have a number of rights in relation to your personal data. Subject to legal limits and exemptions, these rights may include:

  • Right of access: to request a copy of the personal data we hold about you;
  • Right to rectification: to ask us to correct inaccurate or incomplete data;
  • Right to erasure: to request deletion of your data in certain circumstances;
  • Right to restriction: to ask us to limit processing in specific situations;
  • Right to data portability: to receive certain data in a usable format, where applicable;
  • Right to object: to object to processing based on legitimate interests or direct marketing;
  • Right to withdraw consent: where processing is based on consent, you may withdraw it at any time;
  • Right to complain: to raise a concern with the Information Commissioner’s Office (ICO) if you believe your rights have been infringed.

We encourage you to contact us first if you wish to exercise any of these rights, so we can respond promptly and resolve the matter where possible. We may need to verify your identity before responding to protect your information.

11. Automated decision-making

We do not normally use fully automated decision-making that produces legal or similarly significant effects. If this position changes, we will provide appropriate notice and information about the logic involved, the significance of the processing, and your rights.

12. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in law, technology, service operations, or best practice. Any updated version will apply from the date of publication or from any later date stated in the revised policy. We recommend that you review this policy periodically to stay informed about how we protect personal data.

13. Summary of key principles

In processing personal data, Sydenham Storage follows the core principles of the UK GDPR: lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity, confidentiality, and accountability. We are committed to handling customer information responsibly and only for legitimate and necessary purposes.

By using Sydenham Storage services, you acknowledge that your personal data may be processed in accordance with this Privacy Policy and applicable data protection laws. We aim to ensure that all customer data is treated with respect, kept secure, and retained only as long as needed for clear and lawful reasons.

Call Now!
Call Now Get a Quote
Sydenham Storage

GDPR-compliant Privacy Policy for Sydenham Storage covering data collection, lawful basis, retention, processors, and user rights for all local customers.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.