Privacy Policy - Grangepark Storage

This Privacy Policy explains how Grangepark Storage collects, uses, stores, shares, and protects personal data relating to its customers. It applies to all Grangepark Storage customers in the area, including prospective customers, current account holders, former customers, and individuals who interact with us in connection with storage services, payments, inquiries, and account administration. We are committed to handling personal data in a lawful, fair, and transparent manner in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Personal Data We Collect

We only collect personal data that is necessary for the provision and management of our storage services. Depending on your relationship with us, we may collect the following categories of information:

  • Identity information such as your name, date of birth, and, where applicable, proof of identity documents.
  • Contact information such as postal address, email address, and telephone number.
  • Account and contract details such as storage unit references, rental dates, payment status, and service preferences.
  • Financial information such as payment card details, bank account details, billing information, and transaction records.
  • Security and access information such as gate access records, entry logs, CCTV images, and incident reports.
  • Correspondence and communications such as emails, written requests, complaints, and notes from phone conversations.
  • Technical information where relevant, including device or system data generated through online forms or customer portals.

We do not intentionally collect special category data unless it is provided by you or is required in exceptional circumstances, for example where it is relevant to an insurance claim, legal matter, or safety incident. If such data is received, it will be handled with additional care and only where there is a lawful basis to do so.

2. How We Use Personal Data

We use personal data for the following purposes:

  • To set up and manage customer accounts.
  • To provide storage services and administer access to storage units and facilities.
  • To process payments, issue invoices, and manage debt recovery where necessary.
  • To verify identity and prevent fraud, misuse, or unauthorised access.
  • To maintain site security, monitor premises, and investigate incidents.
  • To communicate with customers about contracts, service changes, reminders, or account matters.
  • To meet legal, regulatory, tax, accounting, and insurance obligations.
  • To handle enquiries, complaints, disputes, and claims.
  • To improve our services, internal processes, and customer experience.

We will only use personal data for the purposes for which it was collected, unless we reasonably determine that we need to use it for another compatible purpose and that doing so is permitted by law.

3. Lawful Basis for Processing

We rely on one or more lawful bases under the UK GDPR to process your personal data. These include:

Contract

We process personal data where it is necessary to enter into or perform a contract with you. This includes setting up accounts, providing storage services, taking payments, and managing account administration.

Legal Obligation

We process personal data where necessary to comply with legal requirements, such as tax, accounting, fraud prevention, health and safety, insurance, and law enforcement obligations.

Legitimate Interests

We may process personal data where it is necessary for our legitimate business interests and where those interests are not overridden by your rights and freedoms. Examples include site security, CCTV monitoring, preventing unauthorised access, improving our services, and managing operational risks. When relying on legitimate interests, we assess the balance between our interests and your privacy rights.

Consent

In limited circumstances, we may rely on your consent, for example where consent is legally required for a specific type of communication or optional service. Where we rely on consent, you may withdraw it at any time.

Vital Interests and Public Task

These bases are unlikely to apply in ordinary storage operations, but may be relevant in exceptional cases involving urgent safety concerns or lawful requests from public authorities.

4. Data Sharing and Processors

We do not sell personal data. We may share personal data with trusted third parties when necessary to operate our business and provide services. These third parties act as processors or, in some cases, independent controllers.

Examples of processors and service providers may include:

  • Payment processors for handling card payments, direct debits, or electronic transfers.
  • IT and hosting providers for secure data storage, website functionality, and system maintenance.
  • Security providers for CCTV, alarm monitoring, access control, and site protection.
  • Accountancy and auditing providers for financial administration and compliance support.
  • Insurance and claims handlers where required for incident management or loss assessment.
  • Legal and professional advisers where necessary for dispute resolution, debt recovery, or legal compliance.
  • Delivery, maintenance, and operational contractors where their work requires limited access to customer data.

We require processors to act only on our instructions, to use appropriate security measures, and to protect personal data in accordance with data protection law. Where data is shared with independent controllers, they will be responsible for their own privacy practices.

5. Retention of Personal Data

We keep personal data only for as long as necessary for the purposes for which it was collected, and to meet legal, accounting, and business requirements. The length of time will depend on the type of data and the reason it is held.

  • Customer contract and account records are generally retained for the duration of the contract and for a further period after the relationship ends.
  • Financial and tax records are retained for the period required by applicable law, including accounting and tax regulations.
  • Security records such as access logs and CCTV may be retained for a shorter period unless needed for an investigation, claim, or legal dispute.
  • Correspondence and complaints may be retained for as long as necessary to respond to the issue and to evidence actions taken.

When data is no longer required, we will securely delete, anonymise, or destroy it in line with our retention procedures.

6. Your Rights

Under data protection law, you have several rights regarding your personal data. These rights may be subject to legal limitations in some circumstances.

  • Right of access: You may request a copy of the personal data we hold about you.
  • Right to rectification: You may ask us to correct inaccurate or incomplete information.
  • Right to erasure: You may request deletion of your data where there is no lawful reason for us to keep it.
  • Right to restriction: You may ask us to limit how we use your data in certain situations.
  • Right to object: You may object to processing based on legitimate interests, including direct marketing where applicable.
  • Right to data portability: You may request transfer of certain data in a structured, commonly used format where legally applicable.
  • Right to withdraw consent: Where we rely on consent, you may withdraw it at any time without affecting prior processing.

You also have the right to complain to the relevant data protection supervisory authority if you believe your personal data has been handled unlawfully. We encourage you to raise any concerns with us first so that we can address them promptly.

7. Data Security

We use appropriate technical and organisational measures to protect personal data from accidental loss, unauthorised access, misuse, alteration, or disclosure. These measures may include access controls, encryption where appropriate, secure storage, staff training, and restricted permissions. While we take data security seriously, no system can be guaranteed to be completely secure.

8. International Transfers

If personal data is transferred outside the UK, we will ensure that appropriate safeguards are in place, such as adequacy regulations, approved contractual clauses, or other lawful transfer mechanisms. These safeguards are intended to provide a level of protection consistent with UK GDPR requirements.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in law, operations, or service arrangements. The most current version will apply to all customers in the area. We encourage you to review this policy periodically so that you remain informed about how your personal data is used.

10. Summary of Our Commitment

Grangepark Storage is committed to processing personal data responsibly, securely, and transparently. We collect only the information needed to provide storage services, we rely on appropriate lawful bases, we retain information only as long as necessary, we use trusted processors under strict safeguards, and we respect your rights under data protection law. This policy is intended to provide a clear explanation of our practices for all Grangepark Storage customers in area, ensuring that your privacy is treated with care and respect.

Call Now!
Call Now Get a Quote
Grangepark Storage

GDPR-compliant Privacy Policy for Grangepark Storage covering data collection, lawful basis, retention, processors, user rights, and applies to all local customers.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.