Privacy Policy - Newburypark Storage

This Privacy Policy explains how Newburypark Storage collects, uses, stores, shares, and protects personal data relating to customers, prospective customers, visitors, and other individuals whose information is processed in connection with our storage services. It applies to all Newburypark Storage customers in area, including individuals and business customers using our facilities or interacting with us in relation to storage services. We are committed to handling personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable privacy laws.

1. Personal Data We Collect

We only collect personal data that is necessary for the operation of our services, the management of our customer relationships, and the security of our facilities. The types of personal data we may collect include:

  • Identity information such as your name, date of birth, and, where relevant, business name or authorised representative details.
  • Contact information such as billing address, postal address, email address, and telephone number.
  • Account and service information such as rental details, unit allocation, payment status, move-in and move-out dates, and correspondence relating to your storage agreement.
  • Payment information such as bank details, card-related information processed by payment providers, invoicing records, and transaction history.
  • Security and access information such as access logs, CCTV footage, gate entry records, incident reports, and facility monitoring data where permitted by law.
  • Communication records including emails, messages, complaints, maintenance requests, and notes from phone or in-person conversations.
  • Technical information where you use digital systems linked to our services, such as device identifiers, IP address, and usage records.

We may also receive personal data from third parties, such as payment processors, reference providers, insurers, debt recovery partners, or public sources, where this is lawful and appropriate. We do not seek to collect sensitive personal data unless it is required for a specific legal or operational purpose and permitted by law.

2. How We Use Personal Data

We use personal data for specific and legitimate purposes connected with providing storage services. These include:

  • setting up and managing customer accounts;
  • processing bookings, payments, and refunds;
  • verifying identity and preventing fraud;
  • granting and managing access to storage facilities;
  • communicating about contracts, service updates, and account matters;
  • maintaining safety, security, and incident records;
  • handling complaints, disputes, and claims;
  • complying with legal, regulatory, insurance, and tax obligations;
  • protecting our property, staff, customers, and other users of our facilities.

We will only use your personal data where we have a valid legal reason to do so and where the use is fair, necessary, and proportionate.

3. Lawful Basis for Processing

Under GDPR, we must have a lawful basis to process personal data. Depending on the context, we rely on one or more of the following lawful bases:

Contract

We process personal data where it is necessary to enter into or perform our storage agreement with you. This includes setting up your account, managing access to your unit, taking payment, and carrying out our contractual obligations.

Legal Obligation

We may process personal data where required to comply with legal duties, including tax rules, accounting obligations, health and safety requirements, law enforcement requests, and obligations under consumer or data protection law.

Legitimate Interests

We may process personal data where it is necessary for our legitimate interests or those of a third party, provided your rights and interests do not override those interests. This may include fraud prevention, security monitoring, service improvement, debt recovery, and the protection of our premises and assets.

Consent

In limited circumstances, we may rely on your consent, for example for certain optional communications or uses not covered by another lawful basis. Where consent is used, you may withdraw it at any time.

Vital Interests

In rare circumstances, we may process personal data to protect someone’s vital interests, such as in a serious emergency affecting health or safety.

4. Sharing Personal Data and Processors

We may share personal data with trusted third parties where necessary and lawful. These organisations may act as processors, meaning they process personal data on our instructions and under appropriate contractual safeguards, or as independent controllers where they determine their own purposes for processing.

Examples of processors and service providers may include:

  • IT and hosting providers that support our systems, data storage, and communications infrastructure;
  • payment service providers that process transactions and manage payment verification;
  • accounting and administrative providers assisting with invoicing, reporting, and record keeping;
  • security service providers supporting CCTV, access control, alarms, and facility monitoring;
  • maintenance and facilities contractors who may access limited personal data when resolving operational issues;
  • debt recovery or legal advisers where necessary for enforcement, dispute resolution, or legal claims;
  • insurance providers and claims handlers in connection with incidents, liability, or loss events.

We require all processors to protect personal data, process it only for authorised purposes, and implement suitable technical and organisational security measures. We do not sell personal data.

5. International Transfers

Where personal data is transferred outside the UK or the European Economic Area, we will ensure that appropriate safeguards are in place. These may include adequacy regulations, standard contractual clauses, or other lawful transfer mechanisms. We take steps to ensure that any international transfer offers a level of protection consistent with GDPR requirements.

6. Data Retention

We keep personal data only for as long as necessary for the purposes for which it was collected, including the purposes of satisfying legal, accounting, insurance, and reporting requirements. Retention periods depend on the type of information and the reason for processing.

  • Contract and account records are generally retained for the duration of the customer relationship and for a reasonable period afterward to deal with queries, disputes, and audits.
  • Financial and tax records are typically retained for the period required by law.
  • Security records such as access logs and CCTV footage are retained for shorter periods unless needed for investigation, legal claims, or incident response.
  • Correspondence and complaints are retained as necessary to resolve issues and demonstrate compliance.

When personal data is no longer required, we will delete it securely or anonymise it so that it can no longer identify you.

7. Security of Personal Data

We use reasonable and appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, disclosure, alteration, or destruction. These measures may include access controls, secure systems, staff confidentiality obligations, monitoring, and restricted physical access to records and facilities. While no system can be guaranteed to be completely secure, we take data protection seriously and review our safeguards regularly.

8. Your Rights

Subject to conditions and exceptions under data protection law, you have the following rights in relation to your personal data:

  • Right of access to obtain a copy of the personal data we hold about you;
  • Right to rectification to correct inaccurate or incomplete data;
  • Right to erasure in certain circumstances, sometimes called the right to be forgotten;
  • Right to restrict processing in specific situations;
  • Right to data portability for data you have provided to us, where applicable;
  • Right to object to processing based on legitimate interests or direct marketing;
  • Right to withdraw consent where processing is based on consent;
  • Right to complain to the relevant data protection authority if you believe your rights have been infringed.

We may need to verify your identity before responding to a rights request. We will respond within the time limits required by law and will provide reasons if we are unable to fully comply with a request.

9. Children’s Data

Our services are intended for adults and business customers. We do not knowingly collect personal data from children unless it is necessary in exceptional circumstances, such as where a parent, guardian, or authorised representative provides details relevant to a service or legal matter.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or data handling practices. Any revised version will apply from the date it is issued or otherwise made available. We encourage customers to review this policy periodically so they remain informed about how their personal data is handled.

11. Summary of Our Commitment

Newburypark Storage is committed to processing personal data lawfully, fairly, and transparently. We collect only what we need, use it for clear and legitimate purposes, retain it for no longer than necessary, and protect it with appropriate safeguards. We also recognise and respect your privacy rights. If you are a customer in the area served by Newburypark Storage, this policy explains how your personal data is managed whenever you use our storage services or interact with us in connection with them.

Call Now!
Call Now Get a Quote
Newburypark Storage

GDPR-compliant Privacy Policy for Newburypark Storage covering data use, lawful bases, retention, processors, and user rights for all local customers.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.