Privacy Policy - Oldford Storage

This Privacy Policy explains how Oldford Storage collects, uses, stores, shares, and protects personal data in connection with our storage services. It applies to all Oldford Storage customers in the area, including individuals and business customers who use our facilities, request quotes, make reservations, or otherwise interact with us. We are committed to handling personal data in a lawful, fair, and transparent way and to respecting the rights of every customer under the UK GDPR and the Data Protection Act 2018.

1. Data We Collect

We collect only the data that is necessary to provide our services, manage our business, and meet legal obligations. The types of personal data we may collect include:

  • Identity data: name, title, date of birth, and identification details where required for security or verification.
  • Contact data: address, email address, and telephone number.
  • Account and contract data: booking details, unit size, start and end dates, payment terms, and customer reference numbers.
  • Payment data: billing information, transaction records, and payment status. We do not store full card details where payment processing is handled by a secure provider.
  • Usage data: access logs, site entry records, service requests, and communications relating to your storage unit or account.
  • Technical data: limited information collected from our systems, such as device or browser details, if applicable to security and service operation.
  • Security data: CCTV footage, sign-in records, and incident reports where necessary to protect people, property, and premises.

We may also collect information you choose to provide when you contact us, complete forms, make enquiries, or resolve a dispute. We do not intentionally collect more information than is needed for the relevant purpose.

2. How We Use Personal Data

We use personal data for the following purposes:

  • to set up and manage storage agreements;
  • to verify identity and protect against fraud or unauthorised access;
  • to process payments, invoices, deposits, and account administration;
  • to provide customer support and respond to enquiries;
  • to maintain site security and safeguard our property, customers, and staff;
  • to keep records for legal, accounting, and tax purposes;
  • to manage disputes, claims, or enforcement actions;
  • to improve our services, systems, and operational efficiency;
  • to comply with applicable laws, regulations, and lawful requests.

Where appropriate, we may use aggregated or anonymised information that does not identify any individual. Such information is not treated as personal data.

3. Lawful Basis for Processing

We process personal data only where we have a valid lawful basis under data protection law. Depending on the activity, our lawful bases may include:

Performance of a Contract

We process personal data when it is necessary to enter into or perform a storage agreement, provide access to a unit, take payment, and manage customer accounts.

Legitimate Interests

We may process personal data where it is necessary for our legitimate interests and those interests are not overridden by your rights and freedoms. Examples include site security, fraud prevention, business administration, service improvement, and limited direct communications about your contract or account.

Legal Obligation

We process data where necessary to comply with legal and regulatory obligations, including accounting, tax, safety, and record-keeping requirements.

Consent

In limited cases, we may rely on your consent, for example for certain optional communications or uses not covered by another lawful basis. Where consent is used, you may withdraw it at any time. Withdrawal will not affect the lawfulness of processing carried out before consent was withdrawn.

We do not rely on consent where a different lawful basis is more appropriate.

4. Sharing and Processors

We may share personal data with trusted third parties that help us operate our services. These parties act as processors when they handle data on our behalf and only according to our instructions. Examples may include:

  • payment service providers;
  • IT hosting, software, and maintenance providers;
  • security and surveillance service providers;
  • accounting, bookkeeping, and tax support services;
  • professional advisers such as lawyers or insurers;
  • public authorities, regulators, courts, or law enforcement where required by law.

We require our processors to implement appropriate technical and organisational measures to protect personal data and to process it only for the purposes we specify. We do not sell personal data.

Where data is shared with third parties that act as independent controllers, they are responsible for their own compliance with data protection law. We only share the minimum information necessary for the relevant purpose.

5. Data Retention

We keep personal data only for as long as necessary for the purposes for which it was collected, including to satisfy legal, accounting, security, and contractual requirements. Retention periods depend on the type of data and the reason it was collected.

  • Contract and account records: retained for the duration of the storage relationship and for a period afterwards to resolve queries, enforce rights, and meet legal obligations.
  • Payment and accounting records: retained for statutory and financial reporting purposes.
  • Security records and access logs: retained for a limited period unless needed longer for an investigation, claim, or legal requirement.
  • Enquiry data: retained only as long as necessary to respond to your request and maintain business records.

When data is no longer needed, we will delete it securely or anonymise it so that it can no longer identify you. Retention periods may vary depending on legal obligations and operational needs.

6. Data Security

We take appropriate measures to protect personal data from loss, misuse, unauthorised access, alteration, or disclosure. These measures may include access controls, role-based permissions, secure storage, staff training, monitoring, and physical security procedures at our facilities. While no system is completely secure, we work to reduce risks and respond promptly to any suspected incident.

7. Your Rights

You have a number of rights regarding your personal data, subject to certain legal limits. These rights include:

  • Right of access: to request confirmation of whether we process your data and to obtain a copy of it.
  • Right to rectification: to ask us to correct inaccurate or incomplete information.
  • Right to erasure: to ask us to delete your data where there is no valid reason to keep it.
  • Right to restrict processing: to ask us to limit how we use your data in certain circumstances.
  • Right to object: to object to processing based on legitimate interests or direct marketing.
  • Right to data portability: to receive certain data in a structured, commonly used format where processing is based on contract or consent and carried out by automated means.
  • Right to withdraw consent: where processing is based on consent, you may withdraw it at any time.

If you wish to exercise a right, we may need to verify your identity before responding. We will respond within the time limits required by law. You also have the right to lodge a complaint with the relevant data protection authority if you are unhappy with how your data has been handled.

8. Children’s Data

Our services are intended for adults and business customers. We do not knowingly collect personal data from children except where it is necessary and lawful in connection with a customer relationship or legal requirement. If we become aware that we have collected data unlawfully, we will take appropriate steps to delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, our services, or how we process personal data. Any updates will apply from the date they take effect. We encourage customers to review this policy periodically so they remain informed about how their data is handled.

10. Contact and Further Information

For privacy-related matters, including questions about this policy, the legal basis for processing, data retention, processors, or your rights, please refer to our internal customer support or privacy handling process. We will address requests in accordance with applicable data protection law.

This policy should be read together with any relevant terms of service or storage agreement. By using Oldford Storage services, you acknowledge that your personal data may be processed as described in this Privacy Policy.

Call Now!
Call Now Get a Quote
Oldford Storage

GDPR-compliant Privacy Policy for Oldford Storage covering data collection, lawful basis, retention, processors, and user rights for all customers in the area.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.