Privacy Policy - Northwood Storage

This Privacy Policy explains how Northwood Storage collects, uses, stores, shares, and protects personal data. It applies to all Northwood Storage customers in the area, including prospective customers, current customers, account holders, authorised representatives, and other individuals whose personal data we process in connection with our storage services.

We are committed to handling personal data in a lawful, fair, and transparent manner in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR). This policy should be read carefully so that you understand how your information is processed and what rights you have.

1. Personal Data We Collect

We collect only the personal data that is necessary for our business operations and legal obligations. The types of personal data we may collect include:

  • Identity data: name, date of birth, title, and identification details where required for verification purposes.
  • Contact data: address, email address, telephone number, and billing address.
  • Account and contract data: customer account details, booking information, storage unit details, payment status, and contract records.
  • Payment data: payment card information, bank details, transaction records, and invoicing information. Payment processing is typically handled through secure third-party payment providers.
  • Security and access data: entry logs, access timestamps, key or access code records, CCTV recordings, and incident reports where applicable.
  • Communications data: correspondence with us by email, telephone, post, or other communication methods.
  • Technical data: internet protocol address, browser type, device information, and basic usage information if you interact with any online services we provide.

We may also process special category data only where strictly necessary and permitted by law, for example if it is included in correspondence relating to an accommodation request, complaint, or incident. We do not seek to collect such data routinely.

2. How We Collect Personal Data

We collect personal data directly from you when you:

  • make an enquiry;
  • sign up for storage services;
  • complete forms or provide documents;
  • make payments or set up billing arrangements;
  • communicate with our staff;
  • use access systems or visit our premises; or
  • submit a complaint, request, or support issue.

We may also collect data from third parties where lawful and appropriate, such as identity verification services, payment providers, debt recovery services, insurers, legal advisers, or public authorities. In some cases, information may be collected from CCTV or similar security systems to protect property, individuals, and premises.

3. Purposes of Processing

We process personal data for the following purposes:

  • to provide storage services and manage customer accounts;
  • to verify identity and assess eligibility for services;
  • to administer bookings, renewals, cancellations, invoices, and payments;
  • to maintain security, prevent fraud, and protect people and property;
  • to communicate about contracts, service updates, and operational matters;
  • to handle complaints, disputes, claims, and legal requests;
  • to comply with legal and regulatory obligations;
  • to enforce our terms and conditions; and
  • to improve our services, systems, and internal operations.

We do not use personal data for purposes that are incompatible with the reasons for which it was collected unless we have a lawful basis to do so and, where required, we notify you.

4. Lawful Basis for Processing

Under GDPR, we must have a lawful basis for processing personal data. Depending on the circumstances, we rely on one or more of the following bases:

Contract

We process personal data where it is necessary to enter into or perform a contract with you. This includes managing your storage agreement, processing payments, providing access to your unit, and maintaining account records.

Legal Obligation

We process personal data where required to comply with legal obligations, such as accounting requirements, tax rules, identity verification duties, fraud prevention measures, and responding to lawful requests from public authorities.

Legitimate Interests

We may process personal data where it is necessary for our legitimate business interests, provided that these interests are not overridden by your rights and freedoms. These interests include security management, CCTV monitoring, service improvement, record keeping, protecting property, preventing unauthorised access, and managing disputes or claims.

Consent

In limited situations, we may rely on your consent, for example where it is appropriate for optional communications or certain non-essential processing activities. Where we rely on consent, you have the right to withdraw it at any time, without affecting the lawfulness of processing carried out before withdrawal.

Vital Interests and Public Task

These bases are unlikely to apply in most storage service contexts, but we may rely on them in rare situations where necessary to protect someone’s life or where required by public authorities acting within legal powers.

5. Disclosure of Personal Data and Processors

We may share personal data with trusted third parties who act as data processors or, in some cases, independent controllers. These parties are only allowed to use personal data for the purposes we specify and must protect it appropriately. Processors may include:

  • IT and cloud service providers that host our systems or maintain secure data storage;
  • payment processors and banking partners that handle transactions;
  • security service providers, including CCTV and access control system suppliers;
  • professional advisers such as auditors, insurers, lawyers, and accountants;
  • customer support and administrative service providers;
  • debt recovery or enforcement agencies where lawful and necessary;
  • courts, regulators, law enforcement, or other public authorities where required by law.

Where personal data is transferred to a processor, we take reasonable steps to ensure that appropriate contractual and technical safeguards are in place. If data is transferred outside the UK or EEA, we only do so where permitted by law and where suitable protection measures are implemented.

6. Data Retention

We keep personal data only for as long as necessary to fulfil the purposes for which it was collected, including for legal, accounting, reporting, and dispute-resolution purposes. Retention periods vary depending on the nature of the data and the purpose for which it is processed.

As a general approach:

  • customer account and contract records are retained for the duration of the relationship and for a period after it ends;
  • payment and invoicing records are kept for the period required by tax and accounting laws;
  • security logs and CCTV footage are retained for a limited period unless needed for an incident, investigation, or legal claim;
  • correspondence and complaint records are retained for as long as necessary to manage the issue and maintain evidence of our dealings.

When personal data is no longer required, we will securely delete, anonymise, or archive it in accordance with our retention procedures and legal requirements.

7. Your Rights Under GDPR

You have important rights in relation to your personal data. Subject to certain legal conditions and exemptions, these rights include:

  • Right of access: you may request confirmation of whether we process your data and obtain a copy of it.
  • Right to rectification: you may ask us to correct inaccurate or incomplete data.
  • Right to erasure: you may request deletion of your data in certain circumstances, often referred to as the right to be forgotten.
  • Right to restriction: you may request that we limit how we use your data in specific situations.
  • Right to data portability: you may request that certain data be provided in a structured, commonly used format, where applicable.
  • Right to object: you may object to processing based on legitimate interests or direct marketing.
  • Right to withdraw consent: where processing is based on consent, you may withdraw it at any time.
  • Right to lodge a complaint: you may raise concerns with the relevant data protection authority if you believe your rights have been infringed.

We may need to verify your identity before responding to a request. This is to help protect your privacy and prevent unauthorised disclosure of personal data.

8. Data Security

We use appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, misuse, alteration, or disclosure. These measures may include access controls, secure storage, staff training, encryption, CCTV where appropriate, and periodic review of security practices. While no system is completely secure, we work to maintain a level of protection that is appropriate to the risks involved.

9. Automated Decision-Making

We do not generally rely on automated decision-making that produces legal or similarly significant effects about you. If this changes, we will provide clear information about the logic involved, the significance of the processing, and the rights available to you.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or data processing practices. Any revised version will apply from the date it is made effective. We encourage you to review this policy periodically so that you remain informed about how we protect your personal data.

By using Northwood Storage services, you acknowledge that your personal data may be processed as described in this Privacy Policy.

Call Now!
Call Now Get a Quote
Northwood Storage

GDPR-compliant privacy policy for Northwood Storage covering data collection, lawful basis, retention, processors, user rights, and security for all local customers.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.