Privacy Policy - Cockfosters Storage

This Privacy Policy applies to all Cockfosters Storage customers in the area. It explains how we collect, use, share, retain, and protect personal data in line with the UK GDPR and the Data Protection Act 2018. We are committed to handling personal information fairly, transparently, and securely.

1. Who We Are

Cockfosters Storage provides storage-related services to individuals and businesses in the local area. In this policy, “we”, “us”, and “our” refer to Cockfosters Storage. “You” means any customer, prospective customer, website visitor, tenant, account holder, authorised user, or other person whose personal data we process.

We act as a data controller for the personal data we determine the purposes and means of processing. In some circumstances, we may also act as a data processor where we handle information on behalf of another controller.

2. Personal Data We Collect

We only collect personal data that is necessary for our business and legal obligations. Depending on your relationship with us, we may collect:

  • Identity data: name, title, date of birth, and identification documents where required.
  • Contact data: address, email address, telephone number, and billing details.
  • Account and service data: storage unit number, booking details, service preferences, contract information, and communications with us.
  • Payment data: payment method details, transaction history, and records of payments received or due.
  • Access and security data: entry logs, CCTV images, security incident records, and authorised access information.
  • Technical data: device, browser, and usage information if you interact with our digital services.
  • Correspondence data: complaints, enquiries, claims, notices, and other messages you send to us.

We do not intentionally collect special category data unless you provide it to us for a specific reason, such as an accommodation request or a complaint. If this happens, we will only process it where permitted by law and with appropriate safeguards.

3. How We Collect Data

We may collect personal data directly from you when you:

  • request a quote or make a booking;
  • enter into a storage agreement;
  • make a payment or update your details;
  • contact us by phone, email, or in person;
  • use access-controlled areas or security systems;
  • provide documents for verification or compliance purposes.

We may also receive data from third parties, including payment providers, identity verification services, insurers, debt recovery services, legal representatives, and public authorities where lawful and appropriate.

4. Lawful Basis for Processing

We process personal data only when we have a lawful basis under data protection law. The main lawful bases we rely on are:

  • Contract: to provide storage services, manage your account, process payments, and perform our obligations under the storage agreement.
  • Legal obligation: to comply with tax laws, accounting requirements, fraud prevention duties, and lawful requests from authorities.
  • Legitimate interests: to operate and secure our business, protect property, prevent crime, recover debts, improve services, and maintain records. We ensure these interests do not override your rights and freedoms.
  • Consent: where required, such as for certain marketing activities or optional uses of personal data. You may withdraw consent at any time.
  • Vital interests: in rare cases where processing is necessary to protect someone’s life.
  • Public task: where processing is necessary for a task carried out in the public interest, if applicable.

Where we rely on legitimate interests, we assess the necessity of the processing and consider the impact on your privacy.

5. How We Use Your Data

We use personal data for the following purposes:

  • to set up and manage storage services;
  • to verify identity where needed;
  • to take payments, issue invoices, and manage refunds;
  • to communicate with you about your account or service;
  • to maintain site safety and security;
  • to detect and prevent fraud, theft, or misuse;
  • to comply with legal and regulatory obligations;
  • to handle disputes, claims, and complaints;
  • to improve our operations and customer experience;
  • to send marketing communications where lawful and permitted.

We will never sell your personal data.

6. Sharing Your Data and Processors

We may share personal data where necessary and lawful with trusted third parties who assist us in delivering our services. These may include processors and other service providers acting on our instructions. Examples include:

  • Payment processors: to handle card or electronic payments securely;
  • IT and cloud service providers: to host systems, store data, and support business operations;
  • Security providers: to manage alarms, access control, and CCTV systems;
  • Accountants and auditors: to support financial reporting and compliance;
  • Legal and professional advisers: to obtain advice or manage disputes;
  • Debt recovery and credit control services: where payment issues arise;
  • Identity verification providers: where checks are necessary;
  • Insurers and claims handlers: where incidents or claims need to be processed.

We may also disclose personal data to law enforcement, regulators, courts, or other public bodies when required by law or where disclosure is necessary to protect our rights, customers, or property.

Where we use processors, we ensure they are subject to written contracts requiring them to process data only on our instructions, maintain confidentiality, use appropriate security measures, and assist us in meeting our GDPR obligations.

7. Data Retention

We keep personal data only for as long as necessary for the purposes set out in this policy and to meet legal, accounting, or reporting obligations. Retention periods vary depending on the type of information and the reason we hold it.

  • Contract and account records: kept for the duration of the customer relationship and for a reasonable period afterwards.
  • Payment and accounting records: retained for the period required by tax and financial regulations.
  • Security records and CCTV: retained for limited periods unless needed for an investigation or legal claim.
  • Correspondence and complaint records: kept as long as necessary to resolve the matter and demonstrate compliance.
  • Marketing preferences: retained until you opt out or withdraw consent.

When data is no longer needed, we will securely delete, anonymise, or archive it in accordance with our retention procedures.

8. International Transfers

If any personal data is transferred outside the UK, we will ensure appropriate safeguards are in place, such as adequacy regulations, standard contractual clauses, or other lawful mechanisms. We take steps to ensure your information remains protected wherever it is processed.

9. Data Security

We use organisational and technical measures to protect personal data from loss, misuse, unauthorised access, alteration, or disclosure. These may include access controls, encryption, staff training, physical security, and monitoring of systems. No method of transmission or storage is completely secure, but we work to reduce risks to an appropriate level.

10. Your Rights

Under data protection law, you may have the following rights in relation to your personal data:

  • Right of access: to request a copy of the personal data we hold about you.
  • Right to rectification: to ask us to correct inaccurate or incomplete data.
  • Right to erasure: to request deletion of your data in certain circumstances.
  • Right to restriction: to ask us to limit processing in certain situations.
  • Right to object: to object to processing based on legitimate interests or direct marketing.
  • Right to data portability: to receive certain data in a structured, commonly used format.
  • Right to withdraw consent: where processing is based on consent.
  • Rights related to automated decision-making: to avoid decisions made solely by automated means where applicable.

These rights are not absolute and may be subject to legal exceptions. We will respond to valid requests in accordance with GDPR requirements.

11. Children’s Data

Our services are intended for adults and business customers. We do not knowingly collect personal data from children except where it is necessary and lawful, for example in relation to authorised contacts or legal matters.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, regulation, or our operations. The latest version will apply to your use of our services. We encourage you to review it periodically.

Summary of Key Principles

Transparency: we explain what we collect and why. Purpose limitation: we use data only for legitimate, specified purposes. Data minimisation: we collect only what we need. Security: we protect information with appropriate safeguards. Accountability: we keep records and contracts to show compliance.

This policy is designed to ensure Cockfosters Storage customers in the area understand how their personal data is handled.

Call Now!
Call Now Get a Quote
Cockfosters Storage

GDPR-compliant Privacy Policy for Cockfosters Storage covering data collection, lawful basis, retention, processors, rights, and all area customers.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.