Privacy Policy - Arnosgrove Storage

This Privacy Policy explains how Arnosgrove Storage collects, uses, stores, shares, and protects personal data in connection with our storage services. It applies to all Arnosgrove Storage customers in the area, including prospective customers, account holders, and individuals who communicate with us about our services. We are committed to handling personal data lawfully, fairly, transparently, and in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who we are

Arnosgrove Storage provides storage facilities and related services to individuals and businesses. In the course of operating these services, we may act as a data controller when we determine the purpose and means of processing personal data. This Policy sets out the standards we follow when processing personal data about customers, authorised users, visitors, and other individuals whose data we may receive.

2. Personal data we collect

We collect only the personal data necessary for the provision and management of our services, legal compliance, security, and customer support. Depending on your relationship with us, the data we collect may include:

  • Identity data, such as your name, title, date of birth, and identification details where needed for verification.
  • Contact data, such as your address, email address, and telephone number.
  • Account and transaction data, such as customer account details, service selections, payment status, and billing information.
  • Access and security data, such as entry logs, CCTV footage, gate access records, and incident reports.
  • Correspondence data, such as messages, enquiries, complaints, and support records.
  • Technical data, such as device identifiers, IP address, browser information, and limited usage information where relevant to online systems.
  • Verification and compliance data, such as proof of identity, proof of address, and information required for fraud prevention or legal compliance.

We do not intentionally collect special category personal data unless required by law or where you voluntarily provide it and we have a valid legal basis to process it. Please avoid sharing unnecessary sensitive information with us.

3. How we use personal data

We use personal data for the following purposes:

  • To provide and manage storage services.
  • To set up and administer customer accounts.
  • To process payments and manage invoices.
  • To verify identity and prevent fraud.
  • To maintain security, protect property, and monitor access to our premises.
  • To respond to enquiries, complaints, and service requests.
  • To comply with legal and regulatory obligations.
  • To establish, exercise, or defend legal claims.
  • To improve service quality and operational efficiency.

We only process personal data for specified, explicit, and legitimate purposes, and we do not use it in ways that are incompatible with those purposes.

4. Lawful basis for processing

Under data protection law, we must have a lawful basis for each use of personal data. Arnosgrove Storage relies on the following lawful bases, depending on the context:

Contract

We process personal data where it is necessary to enter into or perform a contract with you, such as creating an account, providing storage services, managing access, and handling payments.

Legal obligation

We may process data where required to comply with legal obligations, including accounting, tax, consumer protection, fraud prevention, health and safety, and law enforcement requests.

Legitimate interests

We may process data where necessary for our legitimate business interests, provided those interests are not overridden by your rights and freedoms. These interests may include operating our facilities securely, preventing misuse, managing customer relationships, and protecting our business from fraud or liability.

Consent

In limited circumstances, we may rely on your consent, for example where required for certain optional communications or specific processing activities. Where we rely on consent, you have the right to withdraw it at any time.

Vital interests

In rare situations, we may process data where necessary to protect someone’s life or physical safety.

5. Sharing your data and processors

We may share personal data with trusted third parties where necessary for the operation of our services, legal compliance, or legitimate business needs. These third parties may act as processors or, in some cases, independent controllers.

Our processors may include:

  • Payment service providers.
  • IT system and cloud hosting providers.
  • Customer management and communication service providers.
  • Security, surveillance, and access control providers.
  • Professional advisers such as accountants, auditors, insurers, and legal advisers.
  • Maintenance, facilities, and operational support providers where access to data is necessary.

Where we use processors, they are required to act only on our instructions, keep data secure, and comply with data protection law. We do not sell personal data. We may disclose data where required by law, court order, regulatory request, or to protect our rights, property, customers, or the public.

6. International transfers

Where personal data is transferred outside the UK, we will ensure appropriate safeguards are in place so that your data remains protected to a standard essentially equivalent to UK GDPR requirements. These safeguards may include adequacy regulations, standard contractual clauses, or equivalent lawful transfer mechanisms.

7. Retention of personal data

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, insurance, and reporting requirements. Retention periods may vary depending on the type of data and the reason for processing.

In general:

  • Customer account and contract data are retained for the duration of the relationship and for a reasonable period afterwards.
  • Financial records are retained for the period required by tax and accounting law.
  • Security and access records are retained for a limited period unless needed for investigation, legal claims, or safety purposes.
  • Correspondence and complaints are retained as long as needed to resolve the matter and demonstrate compliance.

When data is no longer needed, we will securely delete, anonymise, or archive it in line with applicable laws and internal retention schedules.

8. Security of personal data

We take the protection of personal data seriously and apply appropriate technical and organisational measures to reduce the risk of unauthorised access, loss, misuse, or alteration. These measures may include access controls, encryption where appropriate, staff training, secure storage, and restricted processing access. Although we take reasonable steps to protect data, no system can be guaranteed completely secure.

9. Your rights under data protection law

You have a number of rights in relation to your personal data, subject to legal conditions and exceptions. These rights include:

  • Right of access – to request confirmation of whether we process your data and obtain a copy of it.
  • Right to rectification – to request correction of inaccurate or incomplete data.
  • Right to erasure – to request deletion of your data in certain circumstances.
  • Right to restriction – to request limited processing in certain situations.
  • Right to object – to object to processing based on legitimate interests or direct marketing.
  • Right to data portability – to receive certain data in a structured, commonly used, machine-readable format.
  • Right to withdraw consent – where processing is based on consent, you may withdraw it at any time.

If you exercise any of these rights, we may need to verify your identity before responding. We will respond within the timeframe required by law, unless the request is complex or numerous. Some rights may not apply in all cases, particularly where we are required to retain data for legal reasons.

10. Automated decision-making

We do not use personal data for decisions based solely on automated processing that produce legal or similarly significant effects, unless we notify you and the law permits it. If this position changes, we will provide appropriate information and safeguards.

11. Children’s data

Our storage services are generally intended for adults. We do not knowingly collect data from children except where necessary and lawful in connection with service administration, authorised access, or legal obligations. Where we become aware that data has been collected incorrectly, we will take appropriate steps to address it.

12. Changes to this Policy

We may update this Privacy Policy from time to time to reflect changes in law, operations, or service requirements. Any revised version will apply from the date it is made available. We encourage customers to review this Policy periodically so they remain informed about how we process personal data.

13. Summary of our commitments

Arnosgrove Storage is committed to privacy, security, and transparency. We collect only the personal data needed to deliver our services, rely on lawful bases recognised by UK GDPR, retain data for no longer than necessary, work with processors under appropriate safeguards, and respect your rights over your personal data. This Policy applies to all Arnosgrove Storage customers in the area.

Call Now!
Call Now Get a Quote
Arnosgrove Storage

GDPR-compliant Privacy Policy for Arnosgrove Storage covering collection, lawful basis, retention, processors, rights, and scope for all local customers.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.