Privacy Policy - Aldwych Storage

This Privacy Policy explains how Aldwych Storage collects, uses, stores, shares, and protects personal data in connection with its storage services. It applies to all Aldwych Storage customers in the area, including prospective customers, account holders, authorised users, and individuals whose personal data is processed in the course of providing storage, access, billing, and related services.

1. Who We Are

Aldwych Storage is a storage services provider that processes personal data to manage customer accounts, administer storage facilities, maintain security, and support service delivery. For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, Aldwych Storage acts as the data controller for the personal data described in this policy where it determines the purposes and means of processing.

2. Personal Data We Collect

We collect only the personal data that is necessary for the purposes described in this policy. Depending on your relationship with Aldwych Storage, we may collect the following categories of data:

  • Identity data: name, title, date of birth, and identification details where required.
  • Contact data: postal address, email address, telephone number, and emergency contact information where provided.
  • Account data: customer reference numbers, booking details, tenancy or licence details, payment status, access permissions, and communication preferences.
  • Financial data: billing information, payment method details, transaction records, and evidence of payments received.
  • Verification data: copies or details of identity documents where necessary to verify identity, prevent fraud, or comply with legal obligations.
  • Security and access data: CCTV footage, entry logs, access card or code usage, and incident reports.
  • Correspondence data: records of calls, emails, written enquiries, complaints, and service-related communications.
  • Technical data: device or browser information collected through our systems where relevant to service administration or security.

We do not intentionally collect special category data unless it is required for a specific lawful purpose or disclosed by you in correspondence. If such data is provided, we handle it with appropriate safeguards and only where a lawful basis applies.

3. How We Collect Personal Data

Personal data may be collected directly from you when you complete a booking, sign a contract, make a payment, contact us, submit identification, or use our storage facility. We may also receive data from third parties such as payment providers, identity verification services, insurers, debt recovery agents, legal advisers, or security contractors where necessary for service administration, fraud prevention, or legal compliance.

4. Why We Use Personal Data

We use personal data for the following purposes:

  • to set up and manage customer accounts;
  • to provide storage services and administer access to units or premises;
  • to process payments, refunds, charges, and arrears;
  • to communicate about bookings, renewals, notices, and service updates;
  • to verify identity and prevent fraud or misuse;
  • to maintain site safety, security, and incident records;
  • to comply with legal, tax, accounting, and regulatory obligations;
  • to resolve disputes, enforce agreements, and manage claims;
  • to improve our services, systems, and customer experience;
  • to keep records for insurance and operational purposes.

5. Lawful Basis for Processing

We only process personal data where a lawful basis under the UK GDPR applies. The lawful bases we rely on are:

Contract

We process personal data when it is necessary to enter into or perform our contract with you, such as creating your account, managing access to storage, handling billing, and providing customer support.

Legal obligation

We process personal data where we must comply with legal requirements, including tax, accounting, fraud prevention, health and safety, and lawful requests from authorities.

Legitimate interests

We process personal data where it is necessary for our legitimate interests and where those interests are not overridden by your rights and freedoms. This includes securing our facilities, preventing misuse, managing customer relationships, maintaining business records, and improving our operations. Where legitimate interests are relied upon, we assess the impact on your privacy and apply safeguards.

Consent

In limited situations, we may rely on your consent, for example for optional marketing activities where required by law. If we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

6. Data Sharing and Processors

We may share personal data with trusted third parties that act as processors or, in some cases, separate controllers. These third parties may process data on our instructions or for their own legal purposes. We ensure that appropriate contractual and security measures are in place.

Examples of processors and service providers may include:

  • IT and hosting providers that store and secure our business systems and data;
  • payment processors that handle card and electronic payments;
  • customer communication providers that send service messages and notices;
  • security contractors that assist with premises safety and monitoring;
  • identity verification providers that help confirm identity and reduce fraud;
  • accountants, auditors, and professional advisers who support compliance and business administration;
  • debt recovery or legal service providers where necessary to enforce agreements or resolve disputes.

We may also disclose personal data to public authorities, regulators, courts, or law enforcement where required by law or where disclosure is necessary to protect our rights, our customers, or the public.

7. International Transfers

If any personal data is transferred outside the United Kingdom, we will only do so where appropriate safeguards are in place and where the transfer complies with applicable data protection laws. Such safeguards may include adequacy regulations or approved contractual protections.

8. Data Retention

We keep personal data only for as long as necessary to fulfil the purposes for which it was collected, including satisfying legal, accounting, insurance, and reporting requirements. Retention periods vary depending on the type of data and the context in which it is used.

In general:

  • customer account and contract records are retained for the duration of the relationship and for a reasonable period afterward;
  • financial records are kept for the period required by tax and accounting law;
  • security records, such as CCTV and access logs, are retained only for as long as needed for safety, incident investigation, or legal purposes;
  • correspondence and complaint records are retained for the time needed to handle queries, defend claims, or meet legal obligations;
  • verification records are retained only as long as necessary for compliance and anti-fraud purposes.

When personal data is no longer required, we will delete, anonymise, or securely archive it in accordance with our retention practices.

9. Data Security

We take appropriate technical and organisational measures to protect personal data against accidental loss, unlawful access, misuse, alteration, or disclosure. These measures may include access controls, secure storage, staff training, confidentiality obligations, monitoring, and vendor assessments. While no system can be guaranteed to be completely secure, we work to maintain a level of protection appropriate to the risk.

10. Your Rights

Under data protection law, you may have the following rights in relation to your personal data:

  • Right of access: to request a copy of the personal data we hold about you.
  • Right to rectification: to request correction of inaccurate or incomplete data.
  • Right to erasure: to request deletion of your data in certain circumstances.
  • Right to restrict processing: to request limited use of your data in certain cases.
  • Right to object: to object to processing based on legitimate interests or direct marketing.
  • Right to data portability: to receive certain data in a structured, commonly used format where applicable.
  • Right to withdraw consent: where processing is based on consent.

Please note that these rights are not absolute and may be subject to legal exceptions or limitations. We may need to retain or process certain information to comply with legal obligations or to establish, exercise, or defend legal claims.

11. Automated Decision-Making

Aldwych Storage does not rely on solely automated decision-making that produces legal or similarly significant effects about customers unless permitted by law and subject to appropriate safeguards. If this position changes, we will provide further information about the logic involved and your rights.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or data processing practices. Any updates will apply from the date they are published or otherwise communicated. We encourage customers to review this policy periodically to stay informed about how personal data is handled.

13. Summary of Our Commitment

Aldwych Storage is committed to handling personal data lawfully, fairly, and transparently. We collect only what we need, use it for clear and legitimate purposes, share it only where necessary, retain it for appropriate periods, and respect your data protection rights. This policy applies to all Aldwych Storage customers in the area and is intended to provide a clear explanation of how we protect personal information in the course of delivering our services.

Call Now!
Call Now Get a Quote
Aldwych Storage

GDPR-compliant privacy policy for Aldwych Storage covering data collection, lawful basis, retention, processors, and user rights for all local customers.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.