Privacy Policy - Canonbury Storage

Effective date: This Privacy Policy applies to all Canonbury Storage customers in the area and explains how we collect, use, share, store, and protect personal data in accordance with the UK GDPR and the Data Protection Act 2018.

1. Introduction

Canonbury Storage is committed to handling personal data responsibly, lawfully, and transparently. This policy explains what information we collect from customers, prospective customers, visitors, suppliers, and other individuals who interact with our services, why we collect it, the legal grounds on which we rely, how long we keep it, who processes it on our behalf, and what rights you have in relation to your personal data.

For the purposes of this policy, personal data means any information relating to an identified or identifiable natural person. Special category data and criminal offence data are not generally sought by us, and we ask that you do not provide such information unless it is necessary and we have specifically requested it.

2. Data we collect

We may collect and process the following categories of personal data:

  • Identity information: name, title, date of birth, and, where necessary, proof of identity.
  • Contact details: address, email address, telephone number, and emergency contact details where appropriate.
  • Account and service information: booking details, storage unit allocation, access records, invoices, payment status, and communications relating to your storage arrangement.
  • Financial information: payment card details processed through secure payment providers, bank details, and transaction records.
  • Security information: CCTV footage, entry logs, alarm records, and incident reports collected for safety, loss prevention, and security management.
  • Technical information: IP address, device information, browser type, and usage data if you interact with our digital systems.
  • Correspondence: any information you provide when you contact us or respond to our communications.

We collect data directly from you, from third parties where lawful and appropriate, and automatically through security and operational systems. We may also receive data from identity verification providers, payment processors, insurers, legal advisers, and public authorities when permitted by law.

3. How we use your personal data

We use personal data for the following purposes:

  • to provide storage services and manage your account;
  • to verify identity and prevent fraud or misuse;
  • to process payments, refunds, and recover outstanding amounts;
  • to maintain site safety, security, and access control;
  • to communicate about your booking, contract, or service changes;
  • to deal with complaints, disputes, insurance matters, or legal claims;
  • to comply with legal and regulatory obligations;
  • to improve our operations, systems, and customer service;
  • to protect our property, customers, staff, and contractors.

We only use your data where we have a lawful basis to do so. We do not sell personal data.

4. Lawful basis for processing

Under data protection law, we must have a valid lawful basis for each processing activity. Canonbury Storage relies on the following bases:

Contract

We process personal data where it is necessary to enter into or perform a contract with you, such as setting up your storage account, managing access, issuing invoices, and providing customer support.

Legal obligation

We may process your data to meet legal requirements, including accounting, tax, regulatory compliance, fraud prevention, and responding to lawful requests from authorities.

Legitimate interests

We may process data where it is necessary for our legitimate interests or those of a third party, provided your interests and fundamental rights do not override those interests. This includes protecting premises, maintaining CCTV, detecting misuse, improving services, and managing business operations. We assess these activities carefully to ensure they are proportionate and fair.

Consent

Where we rely on consent, for example for certain optional communications or non-essential processing, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

Vital interests

In rare circumstances, we may process personal data to protect someone’s vital interests, such as in an emergency affecting health or safety.

5. Sharing personal data and processors

We may share your data with trusted third parties who process data on our behalf or as independent controllers. These may include:

  • IT and cloud service providers: who host systems, store records, and support security monitoring.
  • Payment service providers: who handle card transactions, refunds, and payment verification.
  • Security contractors: who support access control, alarm response, and CCTV-related services.
  • Accountants and auditors: who assist with financial reporting and compliance.
  • Legal and professional advisers: who help with disputes, contractual matters, and risk management.
  • Insurance providers and loss adjusters: where a claim or incident requires data review.
  • Public authorities and law enforcement: where disclosure is required or permitted by law.

Processors only act on our instructions, are bound by confidentiality and security obligations, and may not use your data for their own unrelated purposes. Where any third party acts as an independent controller, they are responsible for their own privacy practices.

6. International transfers

If any of our service providers store or access data outside the United Kingdom, we will ensure that appropriate safeguards are in place. These may include adequacy regulations, standard contractual clauses, or other lawful transfer mechanisms. We take reasonable steps to ensure that your data remains protected to a standard consistent with UK data protection law.

7. Data retention

We keep personal data only for as long as necessary for the purposes for which it was collected, including legal, accounting, insurance, and reporting requirements. Retention periods vary depending on the type of information and the legal basis for processing.

As a general approach:

  • contract and account records are kept for the duration of the relationship and for a reasonable period afterward;
  • financial and tax records are retained for the period required by law;
  • security logs and CCTV footage are retained for a limited period unless needed for an investigation, legal claim, or safety incident;
  • correspondence and complaint records are retained as long as necessary to handle the matter and defend legal rights.

When retention is no longer required, we will securely delete or anonymise the information.

8. Your rights

Subject to conditions and exemptions under data protection law, you have the following rights:

  • Right of access: to request a copy of the personal data we hold about you.
  • Right to rectification: to have inaccurate or incomplete data corrected.
  • Right to erasure: to request deletion of data in certain circumstances.
  • Right to restriction: to ask us to limit processing in certain situations.
  • Right to data portability: to receive certain data in a structured, commonly used format where applicable.
  • Right to object: to object to processing based on legitimate interests or direct marketing.
  • Right to withdraw consent: where consent is the basis for processing.
  • Right not to be subject to automated decision-making: where such decisions have legal or similarly significant effects, unless permitted by law.

We may need to verify your identity before responding to a rights request. We aim to respond within the time limits required by law.

9. Security of your data

We use appropriate technical and organisational measures to protect personal data against unauthorised access, loss, alteration, disclosure, or destruction. These measures may include access controls, encryption, secure storage, staff training, visitor controls, CCTV, and incident response procedures. While no system can be guaranteed completely secure, we work continuously to reduce risk and maintain a strong security posture.

10. Complaints and concerns

If you have concerns about how we process your personal data, you may raise them with us so that we can investigate and address the issue. You also have the right to lodge a complaint with the UK data protection supervisory authority if you believe your rights have been infringed.

11. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. Any updated version will apply from the date it is issued. We encourage you to review this policy periodically to stay informed about how we handle your personal data.

12. Summary

This policy explains how Canonbury Storage collects and uses customer data, the lawful bases we rely on, how long we retain information, the processors we use, and the rights available to you. We process data fairly, transparently, and only for legitimate business, contractual, and legal purposes.

Canonbury Storage respects your privacy and is committed to protecting your personal information.

Call Now!
Call Now Get a Quote
Canonbury Storage

GDPR-compliant Privacy Policy for Canonbury Storage covering data collection, lawful basis, retention, processors, and user rights for all local customers.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.