Privacy Policy - Hillingdon Storage

This Privacy Policy explains how Hillingdon Storage collects, uses, stores, shares, and protects personal data when providing storage-related services. It applies to all Hillingdon Storage customers in area, including individuals and businesses that enquire about, book, manage, or use our services. We are committed to handling personal data in a fair, lawful, transparent, and secure manner in line with the UK GDPR and the Data Protection Act 2018.

1. Who This Policy Applies To

This policy applies to customers, prospective customers, authorised users, account holders, and anyone else whose personal data we process in connection with our storage services in the area. It also applies to individuals whose details may be provided to us by a customer, such as emergency contacts, alternative contact persons, vehicle drivers, or business representatives.

2. Data We Collect

We only collect personal data that is necessary for legitimate business and operational purposes. Depending on how you interact with us, we may collect the following categories of data:

  • Identity data: name, title, date of birth, and identification information where required.
  • Contact data: address, email address, telephone number, and mailing details.
  • Account and service data: booking details, storage unit information, payment status, contract records, access permissions, and customer correspondence.
  • Financial data: payment records, billing information, transaction details, and limited payment verification data.
  • Verification data: copies or details of identification documents where needed to prevent fraud, meet legal obligations, or confirm identity.
  • Technical data: device and browser information, IP address, log files, and access records relating to our systems or site security.
  • CCTV and security data: images, video recordings, entry logs, and other security-related records collected to protect our premises, staff, customers, and property.
  • Communication data: records of emails, calls, messages, complaint submissions, and service requests.

We may also receive personal data from third parties, such as payment providers, fraud prevention services, contractors, insurers, or public authorities, where lawful and appropriate.

3. How We Use Personal Data

We use personal data for the following purposes:

  • to register customers and manage storage agreements;
  • to verify identity and prevent fraud, misuse, or unauthorised access;
  • to process payments, issue invoices, and maintain financial records;
  • to provide customer support and respond to enquiries;
  • to manage access to storage facilities and safeguard stored property;
  • to maintain security, including CCTV monitoring and incident investigation;
  • to comply with legal, tax, regulatory, and insurance requirements;
  • to administer disputes, claims, and complaints;
  • to improve our services, systems, and customer experience;
  • to defend legal claims or enforce contractual rights.

We will not use personal data for purposes that are incompatible with those listed above unless we inform you and, where required, obtain a new lawful basis.

4. Lawful Basis for Processing

Under data protection law, we must have a lawful basis to process personal data. We rely on the following lawful bases, depending on the context:

  • Contract: when processing is necessary to enter into or perform a storage agreement, manage a booking, provide access, or deliver related services.
  • Legal obligation: when we must retain records, verify identity, prevent fraud, or comply with tax, accounting, health and safety, or other legal duties.
  • Legitimate interests: when processing is necessary for our legitimate business interests, such as security monitoring, customer account management, fraud prevention, service improvement, and protection of property, provided those interests do not override your rights and freedoms.
  • Consent: where we rely on your consent for optional activities, we will make this clear and you may withdraw consent at any time without affecting the lawfulness of prior processing.

Where special category data is involved, or where processing is otherwise more sensitive, we will only process it if a specific legal condition under data protection law applies.

5. Data Sharing and Processors

We may share personal data with trusted third parties who act as processors or independent controllers, but only when necessary and with appropriate safeguards. Processors are service providers that process data on our behalf and under our instructions. They may include:

  • payment processors and banking service providers;
  • IT hosting, cloud storage, and software support providers;
  • CCTV, alarm, and security system providers;
  • professional advisers such as accountants, auditors, insurers, or legal advisers;
  • maintenance, cleaning, and facilities contractors where access to limited personal data is necessary;
  • identity verification, fraud prevention, and compliance service providers;
  • regulators, law enforcement agencies, courts, or other public authorities where required by law.

All processors are required to handle personal data securely, use it only for specified purposes, and maintain confidentiality. Where data is transferred outside the UK, we will ensure appropriate safeguards are in place in accordance with applicable law.

6. Data Retention

We keep personal data only for as long as necessary for the purposes for which it was collected, and for any additional period required by law, contract, or legitimate business need. Retention periods vary depending on the type of data and the reason for processing.

In general:

  • customer account and contract records are retained for the duration of the relationship and for a reasonable period afterwards;
  • financial and tax records are retained in line with statutory accounting requirements;
  • security records, including CCTV footage, are retained only for a limited period unless needed for investigation, insurance, or legal proceedings;
  • correspondence and complaint records are kept long enough to resolve matters and demonstrate compliance;
  • identity verification records are kept only as long as necessary for compliance and fraud prevention purposes.

When data is no longer required, we will delete it securely or anonymise it so that it can no longer identify an individual.

7. Security of Personal Data

We take reasonable technical and organisational measures to protect personal data from unauthorised access, accidental loss, destruction, misuse, or alteration. These measures may include access controls, staff confidentiality duties, secure systems, monitoring, encryption where appropriate, and restricted retention practices. While no system can be guaranteed completely secure, we work to reduce risks and to respond appropriately to any incident.

8. Your Rights

Under data protection law, you have rights in relation to your personal data. These rights may include:

  • Right of access: you can request a copy of the personal data we hold about you.
  • Right to rectification: you can ask us to correct inaccurate or incomplete data.
  • Right to erasure: in certain circumstances, you can ask us to delete your data.
  • Right to restriction: you can ask us to limit how we use your data in certain situations.
  • Right to object: you can object to processing based on legitimate interests or direct marketing.
  • Right to data portability: where applicable, you can request certain data in a portable format.
  • Right to withdraw consent: where processing is based on consent, you may withdraw it at any time.

These rights are not absolute and may be subject to legal limitations. If we cannot action a request, we will explain why where permitted by law.

9. How We Handle Rights Requests

We will respond to rights requests within the timeframes required by law, usually within one month unless the request is complex or numerous. We may need to verify your identity before acting on a request to protect your privacy and prevent unauthorised disclosure. Please note that some data may be retained where required by law or where we have a compelling lawful reason to keep it.

10. Automated Decision-Making

We do not rely on fully automated decision-making that produces legal or similarly significant effects about customers without human involvement. If this changes, we will update this policy and explain the relevant logic, significance, and consequences.

11. Children

Our services are intended for adults and business users. We do not knowingly collect personal data from children in connection with our storage services. If we become aware that such data has been collected without appropriate authorisation, we will take steps to delete it where required.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, regulation, operational practices, or service arrangements. Any updated version will apply from the date it takes effect. We encourage customers to review this policy periodically so they remain informed about how we handle personal data.

13. Summary of Our Commitment

Hillingdon Storage is committed to processing personal data lawfully, fairly, and transparently. We collect only what we need, use it for clearly defined purposes, share it only with trusted processors or where required by law, and keep it only for as long as necessary. We respect the rights of our customers in the area and take privacy seriously in every stage of our service.

By using our services, you acknowledge that this Privacy Policy applies to your relationship with Hillingdon Storage in the area.

Call Now!
Call Now Get a Quote
Hillingdon Storage

GDPR-compliant Privacy Policy for Hillingdon Storage covering data collection, lawful basis, retention, processors, and user rights.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.