Privacy Policy - Surbiton Storage

This Privacy Policy explains how Surbiton Storage collects, uses, stores, shares, and protects personal data. It applies to all Surbiton Storage customers in the area, including prospective customers, current customers, former customers, website visitors, and anyone whose personal data is processed in connection with our storage services, site operations, account management, billing, security, or customer support.

We are committed to handling personal data in a lawful, fair, and transparent manner in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy describes the types of data we collect, the lawful bases we rely on, how long we keep data, the processors we may use, and the rights available to individuals.

1. Data We Collect

We collect only the personal data that is necessary to provide our services, manage our business, and comply with legal obligations. The categories of data we may collect include:

  • Identity information such as name, date of birth, and identification details where required for verification or security purposes.
  • Contact information such as address, email address, and telephone number.
  • Account and service information such as customer reference numbers, rental unit details, booking dates, move-in and move-out dates, and account status.
  • Payment and transaction information such as billing records, payment confirmation, and invoice history. We do not intentionally store full card details where payment processing is handled securely by third parties.
  • Security and access information such as entry logs, access timestamps, CCTV footage, incident reports, and records of site visits where applicable.
  • Communication records such as emails, written enquiries, complaints, support requests, and notes relating to account management.
  • Technical information such as device identifiers, IP address, browser type, and basic usage data when individuals interact with our digital services.
  • Verification information such as copies of identification documents or proof of address where needed to prevent fraud, verify identity, or meet legal requirements.

We normally collect personal data directly from the individual concerned. In some cases, we may receive information from third parties such as payment providers, insurers, legal representatives, contractors, or public authorities where this is necessary and lawful.

2. How We Use Personal Data

We use personal data for the following purposes:

  • to set up and manage customer accounts;
  • to provide storage services and maintain facility operations;
  • to verify identity and prevent unauthorised access, fraud, or misuse;
  • to process payments, refunds, and account adjustments;
  • to communicate about bookings, renewals, notices, invoices, and service updates;
  • to handle complaints, disputes, and customer support requests;
  • to maintain security, including monitoring access to premises and reviewing CCTV where appropriate;
  • to comply with legal and regulatory obligations;
  • to establish, exercise, or defend legal claims;
  • to improve our operations, systems, and customer experience;
  • to perform limited analytics relating to site use and service performance.

We do not use personal data for purposes that are incompatible with those described above unless we have a lawful basis to do so and, where required, have informed the individual.

3. Lawful Basis for Processing

Under the UK GDPR, we must identify a lawful basis for processing personal data. Depending on the context, Surbiton Storage may rely on one or more of the following:

  • Contract – when processing is necessary to enter into or perform a storage agreement, manage billing, provide access, or deliver agreed services.
  • Legal obligation – when processing is required to comply with accounting, tax, security, insurance, or other legal requirements.
  • Legitimate interests – when processing is necessary for our legitimate business interests, provided those interests are not overridden by the rights and freedoms of the individual. This may include site security, fraud prevention, customer service, and business administration.
  • Consent – where we rely on consent for a specific activity, such as certain optional communications. Individuals may withdraw consent at any time where consent is the lawful basis.
  • Vital interests – in rare cases where processing is necessary to protect someone’s life.
  • Public task – where processing is necessary for a task carried out in the public interest, if applicable.

Where we process special category data or criminal offence data, we will only do so if a separate legal condition applies and appropriate safeguards are in place.

4. Data Sharing and Processors

We may share personal data with carefully selected third parties that help us operate our services. These parties act as processors or, in some cases, independent controllers. They are required to handle data securely and only in accordance with applicable law and our instructions where they act as processors.

Types of processors may include:

  • Payment processors who handle card or electronic payments;
  • IT and cloud service providers who host systems, email services, or data storage;
  • Customer management and accounting providers who support invoicing, recordkeeping, and administration;
  • Security service providers who support alarm systems, site monitoring, or CCTV storage;
  • Maintenance and facilities contractors who may access limited information where needed to carry out work;
  • Professional advisers such as auditors, insurers, lawyers, and accountants;
  • Regulators, law enforcement, and public authorities where disclosure is required by law or necessary for legal proceedings.

We do not sell personal data. If personal data is transferred outside the UK, we will ensure appropriate safeguards are in place in accordance with applicable data protection law.

5. Data Retention

We keep personal data only for as long as necessary for the purposes for which it was collected, including to satisfy legal, accounting, reporting, and security requirements. Retention periods depend on the type of data and the reason for holding it.

In practice, this means:

  • Customer account and contract records are usually kept for the duration of the relationship and for a reasonable period afterwards to deal with queries, disputes, and legal claims.
  • Financial and tax records are retained for the period required by law or relevant accounting rules.
  • Security records and CCTV footage are generally retained for a limited period unless an incident requires longer retention.
  • Communication records may be kept for as long as needed to manage the enquiry or demonstrate what was agreed.
  • Verification records are retained only as long as necessary for fraud prevention, compliance, or identity checks.

When data is no longer required, it will be securely deleted, destroyed, or anonymised.

6. Data Security

We take appropriate technical and organisational measures to protect personal data against loss, misuse, unauthorised access, alteration, and disclosure. These measures may include access controls, encryption, secure storage, staff confidentiality obligations, physical security measures, and routine review of our systems and suppliers.

While we work hard to protect personal data, no system can be guaranteed completely secure. If a personal data breach occurs and presents a risk to rights and freedoms, we will take the steps required by law, which may include notifying affected individuals and the relevant supervisory authority.

7. User Rights

Individuals whose personal data we process have rights under data protection law. These rights may not always apply in every situation, but we will assess each request carefully and respond in line with the law. The rights include:

  • Right of access – to request a copy of the personal data we hold and information about how we process it.
  • Right to rectification – to ask us to correct inaccurate or incomplete personal data.
  • Right to erasure – to ask us to delete personal data in certain circumstances.
  • Right to restriction – to ask us to limit processing in certain situations.
  • Right to data portability – to request data provided to us in a structured, commonly used format where the legal conditions apply.
  • Right to object – to object to processing based on legitimate interests or direct marketing.
  • Right to withdraw consent – where processing is based on consent, to withdraw that consent at any time.
  • Rights related to automated decision-making – to object to decisions based solely on automated processing where applicable.

To protect privacy, we may need to verify identity before responding to a request. We aim to respond within the time limits set by law.

8. Children’s Data

Our services are intended for adults, and we do not knowingly collect personal data from children except where it is incidental to a legitimate service arrangement or required by law. If we become aware that we have collected data from a child without a valid basis, we will take appropriate steps to delete or protect that data.

9. Cookies and Similar Technologies

Where we use digital tools that rely on cookies or similar technologies, they may be used for essential site functionality, security, performance monitoring, and basic analytics. Where consent is required, we will seek it in advance. Individuals can manage browser settings to restrict cookies, although some services may not function properly without them.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or data handling practices. Any updated version will apply from the date it is published or otherwise communicated. We encourage customers to review this policy periodically to stay informed about how personal data is handled.

11. Fair Processing Commitment

Surbiton Storage is committed to treating personal data with care and respect. We aim to be transparent, accountable, and proportionate in every stage of processing. We only collect data that is relevant, we keep it only for as long as needed, and we take steps to ensure that our processors meet appropriate data protection standards. Our approach is designed to support customers while upholding the principles of lawfulness, fairness, transparency, data minimisation, accuracy, storage limitation, integrity, and confidentiality.

If there is any conflict between this policy and applicable data protection law, the law will prevail. This Privacy Policy applies to all Surbiton Storage customers in the area and forms part of our commitment to responsible information handling.

Call Now!
Call Now Get a Quote
Surbiton Storage

GDPR-compliant Privacy Policy for Surbiton Storage covering data collection, lawful basis, retention, processors, user rights, and security.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.