Privacy Policy - Islington Storage

This Privacy Policy explains how Islington Storage collects, uses, shares, stores, and protects personal data for all customers in the Islington area. It applies to all Islington Storage customers in area, including prospective customers, current customers, former customers, and any individuals who interact with us in connection with storage services, facility access, payments, deliveries, or customer support.

We are committed to handling personal data in a lawful, fair, and transparent manner and in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy also explains the rights available to individuals and the choices they can make about their personal information.

1. Personal Data We Collect

We collect only the data we need to provide storage services, manage our business, and meet legal obligations. Depending on how you interact with us, we may collect the following categories of data:

  • Identity data: name, date of birth, and identification details where required for verification.
  • Contact data: address, email address, and telephone number.
  • Account data: customer reference numbers, booking details, facility access records, and service history.
  • Payment data: billing information, transaction records, and payment status. We do not store full card details if payment is handled by a secure payment provider.
  • Security data: CCTV images, access logs, alarm records, and incident reports where applicable.
  • Communications data: correspondence with us, including enquiries, complaints, and service requests.
  • Technical data: device and browser information collected through our systems for security, troubleshooting, and service administration.
  • Special category data: we do not routinely collect special category data. If such data is provided to us incidentally, we will protect it under applicable law and only process it where a valid legal basis exists.

We may collect personal data directly from you, from your use of our services, from third parties acting on your behalf, or from authorised processors that support our operations.

2. How We Use Personal Data

We use personal data for the following purposes:

  • to create and manage customer accounts;
  • to provide storage services and related administration;
  • to process payments, refunds, and invoices;
  • to verify identity where needed for security or legal compliance;
  • to manage access to storage facilities and protect property;
  • to communicate about bookings, service changes, reminders, and issues;
  • to handle complaints, disputes, and customer support requests;
  • to monitor security, prevent fraud, and detect unauthorised access;
  • to comply with legal and regulatory obligations;
  • to maintain business records and improve our services.

We only use data in ways that are compatible with the reason it was collected, unless we have a lawful basis for a new purpose.

3. Lawful Basis for Processing

Under UK GDPR, we must have a lawful basis to process personal data. We rely on the following lawful bases:

Contract

We process personal data when it is necessary to enter into or perform a contract with you. This includes setting up storage agreements, managing customer accounts, providing access to units, and handling payments.

Legal Obligation

We process personal data when required to comply with legal obligations, such as accounting rules, tax requirements, fraud prevention duties, or requests from authorities where permitted by law.

Legitimate Interests

We may process personal data where it is necessary for our legitimate interests, provided those interests are not overridden by your rights and freedoms. Examples include protecting our premises, preventing misuse of our services, improving operations, and managing business records. When relying on legitimate interests, we consider the impact on individuals and use appropriate safeguards.

Consent

In limited cases, we may rely on consent, for example for certain optional communications or non-essential uses. Where consent is used, it will be freely given, specific, informed, and unambiguous. You may withdraw consent at any time, without affecting the lawfulness of processing carried out before withdrawal.

4. Sharing and Processors

We may share personal data with trusted third parties who act as processors or, where applicable, independent controllers. These parties help us deliver services and manage our operations. Examples include:

  • payment service providers that handle secure transactions;
  • IT and cloud service providers that support our systems, data storage, and security;
  • security providers that assist with surveillance, alarms, or access control;
  • accounting and professional advisers who support financial or legal obligations;
  • maintenance and facilities contractors where access is needed to carry out work;
  • regulatory, law enforcement, or public authorities when disclosure is required or permitted by law.

Where we use processors, they are only allowed to process personal data on our instructions and must protect it using appropriate technical and organisational measures. We require processors to keep data confidential, secure, and limited to the agreed purpose.

If personal data is transferred outside the UK, we ensure appropriate safeguards are in place, such as adequacy regulations, standard contractual clauses, or equivalent protections approved under applicable law.

5. Retention of Personal Data

We retain personal data only for as long as necessary for the purposes set out in this policy, including for legal, accounting, reporting, and dispute resolution requirements. Retention periods vary depending on the type of data and why it was collected.

  • Customer and contract records: kept for the duration of the customer relationship and for a reasonable period after it ends.
  • Payment and accounting records: kept for the period required by tax and financial regulations.
  • Security logs and CCTV data: kept for a limited period unless needed longer for an investigation or legal claim.
  • Complaints and communications: kept while the matter is active and for a period after resolution where needed for record-keeping.

When data is no longer needed, we will delete it, anonymise it, or securely destroy it in accordance with our retention practices.

6. Data Security

We use appropriate measures to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure. These measures may include access controls, password protection, encrypted systems where appropriate, staff training, and secure storage practices. While no system can be guaranteed to be completely secure, we take data protection seriously and review our safeguards regularly.

7. Your Rights

Depending on the circumstances and the lawful basis used, you may have the following rights under data protection law:

  • Right of access: to request a copy of the personal data we hold about you.
  • Right to rectification: to ask us to correct inaccurate or incomplete data.
  • Right to erasure: to request deletion of your data where legally permitted.
  • Right to restriction: to ask us to limit how we use your data in certain situations.
  • Right to data portability: to receive certain data in a structured, commonly used, machine-readable format.
  • Right to object: to object to processing based on legitimate interests or direct marketing, where applicable.
  • Right to withdraw consent: where processing is based on consent, you may withdraw it at any time.

You also have the right to raise concerns about how your personal data is handled. We encourage you to contact us with any data protection questions or requests so we can help resolve them promptly.

8. Automated Decision-Making

We do not generally use fully automated decision-making that produces legal or similarly significant effects. If this changes, we will inform you and explain the logic involved, the significance of the processing, and your rights.

9. Children’s Data

Our services are intended for adults. We do not knowingly collect personal data from children unless it is provided by a parent, guardian, or authorised adult in connection with a storage arrangement and only where lawful and necessary.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal duties, or data protection practices. Any updates will apply from the date they take effect. We encourage customers to review this policy periodically to stay informed about how personal data is handled.

11. Summary of Key Commitments

  • We collect only the data needed to provide and secure storage services.
  • We use data only where we have a valid lawful basis.
  • We share data only with trusted processors or where required by law.
  • We keep data only as long as necessary and dispose of it securely.
  • We respect your legal rights and handle requests in line with UK GDPR.

Islington Storage is committed to protecting personal data and maintaining trust with customers in the Islington area. Our approach is designed to be transparent, proportionate, and compliant with applicable data protection law. By using our services, you acknowledge that your personal data will be processed in accordance with this Privacy Policy and the legal bases described above.

Call Now!
Call Now Get a Quote
Islington Storage

GDPR-compliant privacy policy for Islington Storage covering data collection, lawful bases, retention, processors, rights, and security for all Islington area customers.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.