Privacy Policy - Spitalfields Storage

This Privacy Policy explains how Spitalfields Storage collects, uses, stores, shares, and protects personal data. It applies to all Spitalfields Storage customers in the area, including prospective customers, current customers, former customers, and anyone who communicates with us about our storage services. We are committed to handling personal data in a lawful, fair, and transparent way in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who we are

Spitalfields Storage provides storage-related services and associated customer support. For the purposes of data protection law, we act as a data controller when we decide why and how personal data is processed. This means we are responsible for ensuring that your personal data is handled appropriately and that your rights are respected.

2. Personal data we collect

We only collect personal data that is relevant and necessary for providing storage services, managing our relationship with you, meeting legal requirements, and improving our operations. The types of data we may collect include:

  • Identity information such as your name, title, and date of birth where needed for verification
  • Contact information such as postal address, email address, and telephone number
  • Account and service information such as booking details, storage unit references, payment status, and service history
  • Transaction information such as invoices, receipts, payment records, and billing-related details
  • Access and security information such as entry logs, CCTV-related records, and site access records where applicable
  • Communication data such as messages, enquiries, complaints, and feedback
  • Technical data such as device or usage information if you interact with our online systems, where applicable

We do not intentionally collect special category data unless it is provided to us by you or is required for a specific legal or operational reason. If such data is processed, we will do so only where a lawful basis exists and additional safeguards are in place.

3. How we collect personal data

We may collect data directly from you when you:

  • make an enquiry or request a quotation
  • enter into a storage agreement
  • make payments or update your account details
  • contact us by phone, email, or in writing
  • visit our premises where access control or CCTV is in operation
  • use any forms or digital services we make available

We may also receive personal data from third parties where permitted by law, such as payment providers, insurers, debt recovery services, fraud prevention services, or public authorities.

4. Lawful basis for processing

We will only process personal data where we have a lawful basis under UK GDPR. Depending on the activity, we may rely on one or more of the following bases:

  • Contract: to enter into and perform our storage agreement with you, including managing bookings, access, billing, and service delivery
  • Legal obligation: to comply with laws and regulations, including tax, accounting, anti-fraud, and security obligations
  • Legitimate interests: to operate and improve our business, maintain security, manage risk, prevent fraud, and handle enquiries or complaints, provided our interests do not override your rights and freedoms
  • Consent: where required, for example for certain optional communications or specific uses of data not covered by another lawful basis

Where we rely on consent, you may withdraw it at any time. This will not affect the lawfulness of processing carried out before withdrawal.

5. How we use your data

We use personal data for the following purposes:

  • to register and manage your account
  • to provide storage services and related support
  • to process payments, refunds, and invoices
  • to verify identity where necessary
  • to maintain site safety and security
  • to respond to enquiries, complaints, and requests
  • to meet regulatory, accounting, and tax requirements
  • to protect our rights, property, customers, and staff
  • to improve service quality, systems, and operational efficiency

We will always seek to use your personal data in a way that is relevant, proportionate, and limited to what is necessary for the intended purpose.

6. Data sharing and processors

We may share personal data with trusted third parties where necessary to deliver our services, meet legal obligations, or operate our business securely. These third parties may act as processors or, in some cases, as independent controllers.

Processors we may use

  • Payment processors to handle card or electronic payments
  • IT and cloud service providers to host systems, store data, and support software
  • Security service providers to assist with access control, monitoring, and site protection
  • Accountancy or bookkeeping providers to support financial administration
  • Customer communication providers to help manage service messages and notifications
  • Legal, insurance, or debt recovery advisors where needed to protect our legitimate interests or enforce agreements

Where we use processors, we ensure they are contractually bound to process data only on our instructions, to keep it secure, and to comply with data protection law. We do not sell your personal data.

7. International transfers

If any personal data is transferred outside the UK, we will ensure appropriate safeguards are in place, such as adequacy regulations, standard contractual clauses, or equivalent legal protections. We will only transfer data where it is necessary and where the transfer can be made securely and lawfully.

8. Data retention

We retain personal data only for as long as it is necessary for the purposes for which it was collected, including legal, accounting, and reporting requirements. Retention periods vary depending on the type of data and the reason for processing.

  • Customer and contract records are kept for the duration of the agreement and for a reasonable period afterwards
  • Financial and tax records are retained for the period required by law
  • Security records such as access logs or CCTV may be retained for a shorter period unless needed for investigation or legal proceedings
  • Complaint or dispute records may be retained until the matter is resolved and for a further period where necessary to defend legal claims

When data is no longer required, we will delete it securely or anonymise it so that it can no longer identify you.

9. Data security

We use appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, misuse, or destruction. These measures may include access controls, secure storage, staff training, password protection, and monitoring of systems. While no system can be guaranteed to be completely secure, we work to maintain a high standard of protection.

10. Your rights

Under data protection law, you have a number of rights in relation to your personal data. These rights may be subject to conditions or exemptions in certain circumstances.

  • Right of access: you can request a copy of the personal data we hold about you
  • Right to rectification: you can ask us to correct inaccurate or incomplete data
  • Right to erasure: you can ask us to delete your data where there is no valid reason for us to keep it
  • Right to restriction: you can ask us to limit how your data is used in certain situations
  • Right to data portability: you can ask for certain data to be provided in a structured, commonly used format
  • Right to object: you can object to processing based on legitimate interests or to direct marketing
  • Right to withdraw consent: where we rely on consent, you may withdraw it at any time

If you wish to exercise any of these rights, we may need to verify your identity before responding. We aim to respond within the time limits required by law.

11. Complaints

If you have concerns about how we handle personal data, you may raise them with us first so that we can try to resolve the issue. You also have the right to make a complaint to the UK Information Commissioner’s Office (ICO) if you believe your data protection rights have been infringed.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. Any updated version will apply from the date it is published. We encourage you to review this policy periodically so that you remain informed about how we use personal data.

By using Spitalfields Storage services, you acknowledge that you have read this Privacy Policy and understand how we process personal data.

Call Now!
Call Now Get a Quote
Spitalfields Storage

GDPR-compliant Privacy Policy for Spitalfields Storage covering data collection, lawful basis, retention, processors, user rights, and customer scope.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.