Privacy Policy - Eastbarnet Storage

This Privacy Policy explains how Eastbarnet Storage collects, uses, stores, shares, and protects personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. It applies to all Eastbarnet Storage customers in the area, including prospective customers, current customers, former customers, and individuals who communicate with us in connection with storage services.

1. Who We Are

Eastbarnet Storage provides storage-related services to individuals and businesses. For the purposes of data protection law, Eastbarnet Storage is the data controller of the personal data collected and processed in connection with our services. This means we determine the purposes and means of processing your personal information.

2. Personal Data We Collect

We only collect personal data that is necessary for the provision and management of our services. The categories of information we may collect include:

  • Identity details such as your name, title, and date of birth where required;
  • Contact details such as address, email address, and telephone number;
  • Account and contract information including booking details, storage unit details, payment status, and service history;
  • Billing and payment data such as invoicing information and transaction records;
  • Identification documents where required for security, fraud prevention, or legal compliance;
  • Communications you send to us, including enquiries, complaints, and feedback;
  • Access and security records where applicable, such as entry logs, key access records, or CCTV-related information;
  • Technical information if you interact with our digital systems, including IP address and device data, when necessary for security and system administration.

We do not intentionally collect special category data unless it is necessary for a specific legal obligation or you choose to provide it. If such information is provided, it will be handled with appropriate safeguards.

3. How We Use Personal Data

We use personal data for the following purposes:

  • To register you as a customer and manage your storage agreement;
  • To provide, maintain, and administer storage services;
  • To process payments, invoices, refunds, and account records;
  • To communicate with you about your account, service changes, and operational matters;
  • To verify identity and prevent fraud or misuse;
  • To comply with legal and regulatory obligations;
  • To protect our business, staff, customers, property, and assets;
  • To resolve disputes, enforce contracts, and establish or defend legal claims;
  • To improve our operations, security, and customer service.

We will only use your personal data where we have a lawful basis to do so. We do not use your personal information for unrelated purposes without informing you where required.

4. Lawful Basis for Processing

Under UK GDPR, we rely on one or more of the following lawful bases:

Contract

Processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract. This includes creating your account, managing storage services, issuing invoices, and handling service-related communications.

Legal Obligation

We may process data where it is necessary to comply with the law, such as tax, accounting, fraud prevention, security, and record-keeping obligations.

Legitimate Interests

We may process data where it is necessary for our legitimate interests or those of a third party, provided your interests and fundamental rights do not override those interests. This may include maintaining security, preventing fraud, improving services, and protecting our legal position.

Consent

In limited situations, we may rely on your consent, for example where the law requires it. If we do, you may withdraw your consent at any time, without affecting the lawfulness of processing carried out before withdrawal.

5. Sharing Your Data and Processors

We may share personal data with carefully selected third parties where necessary to run our business and deliver services. These third parties act as processors or independent controllers depending on the circumstances. Processors only process data on our instructions and must protect it appropriately.

Examples of processors may include:

  • IT and cloud service providers;
  • Payment processing providers;
  • Accounting and invoicing systems;
  • Customer relationship or booking management providers;
  • Security, monitoring, or CCTV service providers;
  • Professional advisers such as lawyers, insurers, or auditors;
  • Delivery, maintenance, or facilities support providers where relevant.

We may also disclose data where required by law, court order, regulator request, or to protect the rights, property, or safety of Eastbarnet Storage, our customers, or others. Where possible, we limit the information shared to what is necessary for the relevant purpose.

6. International Transfers

If any processor or service provider stores or accesses data outside the United Kingdom, we will ensure appropriate safeguards are in place, such as adequacy regulations, standard contractual clauses, or equivalent lawful transfer mechanisms. These safeguards are designed to protect your personal data to a standard consistent with UK GDPR.

7. Data Retention

We keep personal data only for as long as necessary for the purposes for which it was collected, including any legal, accounting, or reporting requirements. Retention periods depend on the type of data and the purpose for which it is processed.

  • Customer and contract records are generally retained for the duration of the customer relationship and for a reasonable period afterwards;
  • Financial and tax records are retained for the period required by applicable law;
  • Security records, such as access logs or CCTV-related data, are retained only as long as necessary for security and incident handling;
  • Correspondence is retained for as long as needed to manage enquiries, complaints, or legal matters.

When personal data is no longer required, we will delete it securely or anonymise it so it can no longer be linked to you. If retention is required by law or for the establishment, exercise, or defence of legal claims, we may retain relevant data for longer.

8. Data Security

We take appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, destruction, alteration, or disclosure. These measures may include access controls, encryption where appropriate, staff confidentiality obligations, secure storage, and regular review of security practices. While no system can be guaranteed completely secure, we work to maintain a level of security appropriate to the risk.

9. Your Rights

As a data subject, you have a number of rights under data protection law. Subject to certain conditions and exemptions, you may have the right to:

  • Access the personal data we hold about you;
  • Rectification of inaccurate or incomplete data;
  • Erasure of your data, sometimes called the right to be forgotten;
  • Restriction of processing in certain circumstances;
  • Object to processing based on legitimate interests or direct marketing;
  • Data portability where processing is based on consent or contract and carried out by automated means;
  • Withdraw consent where processing is based on consent;
  • Challenge automated decision-making if applicable.

You also have the right to make a complaint to the Information Commissioner’s Office if you believe your data has not been handled properly. We encourage you to raise any concerns with us first so we can try to resolve them.

10. Children’s Data

Our services are not directed to children, and we do not knowingly collect personal data from children except where it is necessary in connection with a lawful customer arrangement and the appropriate legal basis exists. Where child-related data is processed, we apply suitable safeguards and limit use to what is required.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in law, operational practices, or the services we provide. The latest version will apply from the date it is made available. We encourage customers to review this policy periodically so they remain informed about how their data is handled.

12. Summary of Key Points

  • Eastbarnet Storage collects only the data needed to provide and manage storage services;
  • We process data under lawful bases including contract, legal obligation, legitimate interests, and where needed consent;
  • Data may be shared with processors such as IT, payment, security, and accounting providers;
  • We retain data only as long as necessary and delete it securely when no longer needed;
  • You have rights to access, correct, erase, restrict, object, port, and withdraw consent.

Thank you for reading this Privacy Policy. By using Eastbarnet Storage services, you acknowledge that personal data may be processed as described above, in line with applicable data protection laws and the legitimate needs of our business and customers.

Call Now!
Call Now Get a Quote
Eastbarnet Storage

GDPR-compliant Privacy Policy for Eastbarnet Storage covering data collection, lawful basis, retention, processors, and user rights for all customers in the area.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.