Privacy Policy - Northkensington Storage

This Privacy Policy explains how Northkensington Storage collects, uses, stores, and protects personal data when providing storage-related services. It applies to all Northkensington Storage customers in the area, including prospective customers, current customers, and individuals who interact with us in connection with our services. We are committed to handling personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

Northkensington Storage provides storage services and related operational support. In the context of data protection law, we act as the data controller for the personal data we collect and determine how and why it is processed. This means we are responsible for ensuring that your information is handled lawfully, fairly, and securely.

2. Personal Data We Collect

We collect only the information necessary to manage our services, operate our business, and meet legal obligations. Depending on how you interact with us, we may collect the following categories of personal data:

  • Identity data such as name, date of birth, and identification details where verification is required.
  • Contact data such as postal address, email address, and telephone number.
  • Account and service data such as booking details, storage unit records, payment status, and service preferences.
  • Financial data such as payment confirmations, billing records, and limited transaction information necessary to process payments.
  • Security and access data such as site entry logs, key or access records, and CCTV footage where applicable.
  • Communication data such as correspondence and records of enquiries, complaints, or service requests.
  • Technical data such as device or browser information if you interact with our digital systems, where relevant for security and performance.

We do not intentionally collect more information than is required for the relevant purpose. Where special category data is not needed, we do not seek it. If such data is provided voluntarily, it will only be processed where a lawful basis exists and additional protections are in place.

3. How We Use Personal Data

We use personal data for the following purposes:

  • To register customers and manage storage agreements.
  • To provide access to storage units and related services.
  • To process payments, invoices, and account administration.
  • To communicate about bookings, service changes, reminders, and operational matters.
  • To maintain security, prevent fraud, and protect property, staff, and customers.
  • To comply with legal, regulatory, tax, and accounting requirements.
  • To manage disputes, claims, and record-keeping obligations.
  • To improve our services and ensure efficient business operations.

We only use personal data in ways that are compatible with the purposes for which it was collected, unless we determine that a new purpose is lawful and appropriate under data protection law.

4. Lawful Basis for Processing

Under the UK GDPR, we must have a lawful basis to process personal data. Northkensington Storage relies on the following lawful bases:

Contract

We process personal data where it is necessary to enter into or perform a contract with you. This includes managing your storage agreement, billing, access arrangements, and customer support.

Legal Obligation

We process data where needed to comply with legal obligations, including tax, accounting, regulatory, and record-keeping requirements.

Legitimate Interests

We may process personal data where it is necessary for our legitimate business interests and where those interests are not overridden by your rights and freedoms. This may include security monitoring, fraud prevention, internal administration, and service improvement. When we rely on legitimate interests, we assess the impact on individuals and use appropriate safeguards.

Consent

In limited situations, we may rely on your consent, for example where it is required for a specific optional activity. Where consent is used, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

Vital Interests or Public Task

These bases are unlikely to be used in routine storage operations, but they may apply in exceptional circumstances if necessary to protect someone’s vital interests or where required by law.

5. Sharing Data and Processors

We may share personal data with carefully selected third parties who assist us in operating our services. These parties act as processors when they process data on our behalf, and they are only permitted to act under our instructions and security requirements. Typical processors may include:

  • Payment service providers that process transactions.
  • IT and cloud service providers that host secure systems and data backups.
  • Security contractors or monitoring providers supporting site protection.
  • Accountants, auditors, or professional advisers assisting with compliance and business operations.
  • Maintenance and facility support providers where access to limited personal data is required.

We may also disclose personal data to public authorities, courts, law enforcement bodies, or regulators where required by law or necessary to protect our rights, property, customers, or staff.

All processors are required to handle personal data securely, use it only for authorised purposes, and apply appropriate technical and organisational measures. Where personal data is transferred outside the UK, we take steps to ensure adequate safeguards are in place.

6. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, including to satisfy legal, accounting, operational, and reporting requirements. Retention periods vary depending on the type of data and the reason for processing.

In general:

  • Customer account and service records are retained for the duration of the relationship and for a reasonable period afterwards.
  • Financial and tax records are kept for the period required by law.
  • Security logs and access records are retained only as long as necessary for safety, investigation, or operational purposes.
  • General communications are kept for as long as needed to resolve enquiries, administer services, or maintain records.

When personal data is no longer required, we will securely delete, destroy, or anonymise it, unless further retention is required by law or for legitimate dispute resolution.

7. Data Security

We use reasonable and appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, loss, or destruction. These measures may include access controls, secure storage, staff confidentiality obligations, system protections, and monitoring procedures. While no system is entirely risk-free, we continually review our controls to help protect your information.

8. Your Rights

Under data protection law, you have a number of rights in relation to your personal data. Subject to applicable legal conditions and exemptions, these rights include:

  • Right of access – to request a copy of the personal data we hold about you.
  • Right to rectification – to ask us to correct inaccurate or incomplete information.
  • Right to erasure – to request deletion of your data in certain circumstances.
  • Right to restriction – to ask us to limit how we use your data in certain situations.
  • Right to object – to object to processing based on legitimate interests or direct marketing, where applicable.
  • Right to data portability – to receive certain data in a structured, commonly used format where processing is based on consent or contract and carried out by automated means.
  • Right to withdraw consent – where we rely on consent, you may withdraw it at any time.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you believe your data protection rights have been breached. We encourage you to raise concerns with us first so that we can address them promptly and fairly.

9. Children’s Data

Our services are intended for adults and business customers. We do not knowingly collect personal data from children except where it is required for lawful business, safety, or legal reasons and appropriate safeguards are in place.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, business practices, or service requirements. Any updated version will apply from the date it is issued. We recommend reviewing this policy periodically to remain informed about how we process personal data.

11. Summary of Our Commitment

Northkensington Storage is committed to processing personal data lawfully, transparently, and securely. We collect only what we need, use it for clear and legitimate purposes, retain it for no longer than necessary, and respect the rights of every customer in the area who uses our services. Our aim is to maintain a trustworthy and privacy-conscious service experience for all individuals whose data we process.

Call Now!
Call Now Get a Quote
Northkensington Storage

GDPR-compliant Privacy Policy for Northkensington Storage covering data collection, lawful basis, retention, processors, user rights, and applicable to all area customers.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.