Privacy Policy - Elmstead Storage

This Privacy Policy explains how Elmstead Storage collects, uses, stores, shares, and protects personal data relating to its customers. It applies to all Elmstead Storage customers in the area and sets out the rights individuals have under applicable data protection law, including the UK GDPR and the Data Protection Act 2018. By using Elmstead Storage services, customers acknowledge that their personal data may be processed in line with this policy.

1. Who We Are

Elmstead Storage provides storage services to individuals and businesses in the local area. For the purposes of data protection law, Elmstead Storage acts as a data controller in relation to the personal data collected directly from customers, prospective customers, visitors, and other individuals whose data is processed in connection with our services.

2. Personal Data We Collect

We collect only the personal data that is necessary for legitimate business and service purposes. The categories of personal data may include:

  • Identity data such as name, title, and date of birth where needed for identity verification.
  • Contact data such as postal address, email address, and telephone number.
  • Account and contract data such as customer reference numbers, storage unit details, rental dates, payment arrangements, and agreement history.
  • Financial data such as payment records, billing information, and limited transaction details necessary to manage charges and refunds.
  • Correspondence data including enquiries, complaints, and other communications with us.
  • Access and security data such as records of access to storage premises, CCTV images where used, and incident logs for safety and security purposes.
  • Technical data if customers use our online services, including basic device and usage information needed to maintain functionality and security.

We may also receive personal data from third parties where necessary, for example from payment processors, insurers, referencing providers, law enforcement authorities, or legal representatives. Where we receive data from another source, we will treat it in accordance with this policy.

3. How We Use Personal Data

Elmstead Storage uses personal data for the following purposes:

  • to register customers and manage storage agreements;
  • to verify identity and prevent fraud;
  • to process payments and manage accounts;
  • to provide access to storage units and related services;
  • to communicate about bookings, renewals, service updates, and operational matters;
  • to handle enquiries, complaints, disputes, and claims;
  • to maintain security, protect property, and investigate incidents;
  • to comply with legal, tax, accounting, and regulatory obligations;
  • to establish, exercise, or defend legal rights.

We will only process personal data for the specific purposes identified above or for compatible purposes that are reasonably expected and permitted by law.

4. Lawful Basis for Processing

Under data protection law, we must have a lawful basis for each type of processing. Elmstead Storage relies on the following lawful bases:

Contract

Processing is necessary for the performance of a contract with the customer or to take steps at the customer’s request before entering into a contract. This includes setting up storage services, managing accounts, taking payments, and providing access to rented space.

Legal Obligation

We may process data where it is necessary to comply with a legal obligation, such as tax, accounting, fraud prevention, or responding to lawful requests from public authorities.

Legitimate Interests

We may process personal data where it is necessary for our legitimate interests, provided those interests are not overridden by the rights and freedoms of the individual. Examples include protecting premises, preventing misuse, maintaining records, improving services, managing risk, and defending legal claims. Where we rely on legitimate interests, we will consider the impact on individuals and ensure appropriate safeguards are in place.

Consent

In limited circumstances, we may rely on consent, for example where it is needed for a particular optional service or marketing activity that requires prior permission. Where consent is used, customers may withdraw it at any time.

Vital Interests and Public Task

These bases are not expected to be commonly used by Elmstead Storage, but may apply in exceptional situations, such as emergencies involving serious harm, or where required by a public authority acting within its lawful powers.

5. Data Sharing and Processors

Elmstead Storage may share personal data with trusted third parties where necessary and lawful. These parties may act as processors or as independent controllers depending on the context. We only disclose data when there is a valid reason and appropriate safeguards are in place.

Examples of processors and service providers may include:

  • Payment processors who handle card or bank-related payment transactions;
  • IT and cloud service providers who support data storage, email, system administration, and security;
  • Customer management system providers who help operate booking and account records;
  • Professional advisers such as accountants, auditors, insurers, and legal advisers;
  • Security providers who support site protection, access control, and incident management;
  • Reference or verification providers used for identity checks or fraud prevention where necessary.

Where a service provider processes data on our behalf, we require them to act only on our instructions, keep data confidential, use appropriate security measures, and delete or return data when no longer needed. We do not sell personal data.

We may also disclose information where required by law, to protect our rights, to enforce our terms, or to respond to lawful requests from regulators, courts, or law enforcement agencies.

6. Data Retention

We keep personal data only for as long as necessary for the purposes for which it was collected, including any legal, accounting, or reporting requirements. Retention periods may vary depending on the type of data and the reason for processing.

In general:

  • customer account and contract records are kept for the duration of the relationship and for a further period after it ends;
  • financial and tax-related records are retained for the period required by law;
  • security logs and incident records are kept only as long as needed for safety, investigation, or legal protection;
  • enquiry and correspondence records are retained for a reasonable period to deal with follow-up issues, complaints, or disputes.

When personal data is no longer required, we will securely delete, anonymise, or archive it in accordance with our retention procedures.

7. Data Security

We take appropriate technical and organisational measures to protect personal data from accidental loss, unauthorised access, misuse, alteration, or disclosure. These measures may include access controls, password protection, staff confidentiality duties, secure storage, and supplier due diligence. While no system can be guaranteed to be completely secure, we continually review our safeguards and update them where appropriate.

8. International Transfers

Where personal data is transferred outside the UK, we will ensure that adequate protections are in place. This may include reliance on adequacy regulations, approved contractual clauses, or other lawful transfer mechanisms. We aim to ensure that any international transfer is handled in a way that maintains the protection of personal data.

9. Your Rights

Individuals whose personal data is processed by Elmstead Storage have certain rights under data protection law. These rights are not absolute and may be subject to legal limitations. Depending on the circumstances, you may have the right to:

  • Access your personal data and receive information about how it is used;
  • Rectification of inaccurate or incomplete personal data;
  • Erasure of personal data in certain situations;
  • Restriction of processing in certain circumstances;
  • Object to processing based on legitimate interests or direct marketing;
  • Data portability where processing is based on consent or contract and carried out by automated means;
  • Withdraw consent where processing is based on consent;
  • Complain to the Information Commissioner’s Office if you believe your rights have been infringed.

We may need to verify your identity before responding to a request. We aim to respond within the statutory timeframe and will keep you informed if we require further information to process your request.

10. Marketing Preferences

If we send marketing communications, we will do so only where permitted by law. You can opt out of marketing at any time where such communications are used. We will continue to send service-related messages that are necessary for contract administration, safety, or legal compliance, even where marketing has been declined.

11. Children’s Data

Elmstead Storage services are not directed at children, and we do not knowingly collect children’s personal data except where it is necessary for lawful administrative, legal, or emergency purposes. If we become aware that we have collected personal data inappropriately, we will take reasonable steps to delete it or handle it lawfully.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in legal requirements, operational practices, or service arrangements. The updated version will apply from the date it takes effect. Customers are encouraged to review this policy periodically to stay informed about how their data is handled.

13. Summary of Key Principles

Elmstead Storage is committed to processing personal data lawfully, fairly, and transparently. We collect only what we need, use it for defined purposes, retain it only as long as necessary, and share it only with trusted processors or where required by law. We respect individual rights and apply safeguards designed to protect personal information throughout its lifecycle.

Elmstead Storage will continue to handle personal data in accordance with applicable data protection law and in a manner that respects the privacy of all customers in the area.

Call Now!
Call Now Get a Quote
Elmstead Storage

GDPR-compliant privacy policy for Elmstead Storage covering data collection, lawful basis, processors, retention, security, and user rights for all area customers.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.