Privacy Policy - Tootingbec Storage

This Privacy Policy explains how Tootingbec Storage collects, uses, stores, shares, and protects personal data when providing storage services. It applies to all Tootingbec Storage customers in the area, including prospective customers, account holders, authorised users, and anyone who interacts with our services. We are committed to handling personal data in a lawful, fair, and transparent manner in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

Tootingbec Storage is responsible for deciding how and why your personal data is processed in connection with our storage services. In data protection law, we are the data controller for the personal information collected for account management, service delivery, security, administration, and related business purposes. This Policy explains the categories of data we process, the reasons for processing, the legal bases we rely upon, how long we keep your data, the third parties that may process data on our behalf, and the rights available to you.

2. Personal Data We Collect

We may collect and process the following categories of personal data:

  • Identity details: name, title, date of birth, and identification information where required for verification.
  • Contact details: postal address, email address, telephone number, and emergency contact information where applicable.
  • Account information: customer reference numbers, booking details, payment status, service preferences, and communication history.
  • Payment data: billing information, transaction records, and limited payment details necessary to complete or verify payments.
  • Facility access data: entry records, access logs, CCTV footage, and other security-related information.
  • Storage-related information: unit allocations, inventory declarations, insurance details, and instructions relating to your stored items.
  • Correspondence: emails, notes, complaints, enquiries, and any other communication you send to us.
  • Technical data: device and usage information collected when you interact with our digital systems, where applicable.

We may also process data relating to special categories of personal data only where strictly necessary and where a lawful condition applies, for example if such information is incidentally disclosed in a complaint or support request. We do not deliberately seek to collect unnecessary sensitive information.

3. How We Collect Data

We collect personal data directly from you when you make an enquiry, sign a storage agreement, communicate with our team, pay for services, or use our facilities. We may also receive data from third parties such as payment providers, identity verification services, insurers, legal representatives, or public authorities where lawful and necessary. In some cases, data may be collected automatically through access control systems, security systems, or digital logs used to protect our premises and maintain accurate records.

4. Why We Use Your Data

We process personal data for the following purposes:

  • to register and manage your storage account;
  • to provide storage services and administer your booking;
  • to process payments, refunds, and account balances;
  • to verify identity and prevent fraud, misuse, or unauthorised access;
  • to maintain security of people, premises, and stored property;
  • to communicate with you about service changes, billing, or operational matters;
  • to handle complaints, disputes, or claims;
  • to meet legal, regulatory, tax, insurance, and accounting obligations;
  • to improve our services, systems, and operational processes;
  • to defend legal claims and establish, exercise, or protect legal rights.

We only use your personal data where it is necessary for a legitimate business or legal purpose and where your rights are not overridden by your interests and freedoms.

5. Lawful Basis for Processing

Under GDPR, we must have a lawful basis for each processing activity. Tootingbec Storage relies on the following lawful bases:

  • Contract: where processing is necessary to enter into or perform our storage agreement with you, including account setup, payments, and service delivery.
  • Legal obligation: where processing is required to comply with laws such as tax, accounting, fraud prevention, health and safety, or regulatory obligations.
  • Legitimate interests: where processing is necessary for our legitimate business interests, such as facility security, customer support, service improvement, and protecting against fraud or misuse, provided your rights do not override those interests.
  • Consent: where we rely on your clear consent for specific optional activities. You may withdraw consent at any time, without affecting the lawfulness of processing carried out before withdrawal.

Where required by law, we may also process data to protect vital interests or to perform tasks carried out in the public interest, although these bases are not expected to be the primary basis for our services.

6. Sharing Your Data and Processors

We may share personal data with trusted third-party service providers who act as processors on our behalf. These processors only act on our instructions and are subject to contractual obligations to keep your data secure and confidential. Processors may include:

  • payment processing providers;
  • IT hosting, cloud storage, and software support providers;
  • security and CCTV system providers;
  • maintenance and facilities management contractors;
  • accounting, audit, and professional advisers;
  • identity verification or fraud prevention providers;
  • insurers and claims handlers where necessary;
  • legal, regulatory, or law enforcement bodies where required by law.

We do not sell your personal data. Any sharing will be limited to what is necessary for the relevant purpose and carried out with appropriate safeguards. If data is transferred outside the UK, we ensure that suitable protections are in place, such as adequacy regulations or approved contractual safeguards.

7. Data Retention

We keep personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, insurance, and dispute-resolution requirements. The specific retention period may vary depending on the type of information and the reason for processing. For example:

  • account and contract records are typically retained for the duration of the relationship and for a period after it ends;
  • payment and transaction records are retained in line with tax and accounting obligations;
  • security logs and CCTV recordings are retained for a limited period unless needed for an investigation or legal claim;
  • correspondence and complaint records are retained for as long as required to resolve the issue and document outcomes.

When data is no longer needed, we will securely delete, anonymise, or archive it in accordance with our retention practices. Retention periods are reviewed regularly to ensure they remain appropriate and lawful.

8. Your Rights

Depending on the circumstances and the legal basis relied upon, you may have the following rights under data protection law:

  • Right of access: you can request a copy of the personal data we hold about you.
  • Right to rectification: you can ask us to correct inaccurate or incomplete data.
  • Right to erasure: you can request deletion of your data in certain situations.
  • Right to restriction: you can ask us to limit processing in certain circumstances.
  • Right to object: you can object to processing based on legitimate interests or direct marketing.
  • Right to data portability: you may request certain data in a structured, commonly used format.
  • Right to withdraw consent: where processing is based on consent, you can withdraw it at any time.

We will respond to rights requests within the time limits required by law and may need to verify your identity before acting on your request. Some rights may not apply in all cases, particularly where we must retain information to comply with legal obligations or defend legal claims.

9. Security of Your Data

We use appropriate technical and organisational measures to protect personal data against unauthorised access, loss, alteration, or disclosure. These measures may include access controls, password protection, staff confidentiality obligations, secure storage, monitoring systems, and regular review of security practices. While we take reasonable steps to safeguard information, no system is completely secure, and we encourage you to protect your account details and notify us promptly if you suspect any misuse.

10. Automated Decision-Making

We do not normally use fully automated decision-making that produces legal or similarly significant effects. If we ever introduce such processing, we will inform you and ensure that appropriate safeguards are in place. Where profiling or automated checks are used for security or fraud prevention, they are designed to support decision-making rather than replace human review.

11. Children

Our storage services are intended for adults and business users. We do not knowingly collect personal data from children unless it is necessary in connection with an authorised customer relationship, for example emergency contact information. If we become aware that we have collected data unlawfully, we will take steps to delete it where appropriate.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, business practices, or service arrangements. Any revised version will apply from the date it is issued. We encourage customers to review this Policy periodically so they remain informed about how their personal data is handled.

Summary of Our Commitments

  • Transparent collection: we collect only the data needed to provide and secure our storage services.
  • Lawful processing: we rely on contract, legal obligation, legitimate interests, and consent where appropriate.
  • Limited sharing: we share data only with trusted processors and legal recipients when necessary.
  • Controlled retention: we keep data only as long as needed and then securely dispose of it.
  • Respect for rights: we support your GDPR rights and handle requests appropriately.

By using Tootingbec Storage services, customers in the area acknowledge that their personal data may be processed as described in this Privacy Policy.

Call Now!
Call Now Get a Quote
Tootingbec Storage

GDPR-compliant Privacy Policy for Tootingbec Storage covering data collection, lawful basis, retention, processors, and user rights for all customers in the area.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.