Privacy Policy - Cranham Storage

This Privacy Policy explains how Cranham Storage collects, uses, shares, retains, and protects personal data in connection with its storage services. It applies to all Cranham Storage customers in the area, including prospective customers, current customers, former customers, visitors to our premises, and individuals who interact with us in relation to storage enquiries, agreements, invoices, access arrangements, or customer support.

We are committed to handling personal data in accordance with the UK GDPR and the Data Protection Act 2018. We aim to be transparent about what information we collect, why we collect it, and the choices and rights available to individuals.

1. Information We Collect

We collect only the personal data that is necessary to provide and manage our storage services, maintain security, administer agreements, and meet legal obligations. The information we collect may include:

  • Identity data such as name, date of birth, and proof of identity where required.
  • Contact data such as address, email address, and telephone number.
  • Account and contract data such as customer reference numbers, storage unit details, payment status, contract dates, and service preferences.
  • Financial data such as billing details, transaction records, and limited payment information needed to process payments and manage accounts.
  • Security data such as access logs, entry records, CCTV footage, incident reports, and alarm-related information.
  • Communication data such as enquiries, complaints, feedback, and correspondence.
  • Technical data where systems or devices used in providing services generate information such as IP addresses or log data.

We may also collect data from third parties where necessary, for example from payment processors, identity verification providers, or legal and regulatory sources. We do not collect more data than is reasonably needed for our legitimate business purposes or legal duties.

2. How We Use Personal Data

We use personal data for the following purposes:

  • to register customers and manage storage agreements;
  • to provide access to storage units and related services;
  • to process payments, invoices, refunds, and account administration;
  • to verify identity and prevent fraud, theft, or unauthorised access;
  • to maintain the safety and security of our premises, staff, customers, and stored property;
  • to communicate about bookings, renewals, changes to services, and customer support;
  • to comply with legal and regulatory obligations;
  • to manage disputes, claims, and debt recovery where necessary;
  • to improve our services, systems, and operational efficiency.

We only use personal data in ways that are compatible with the purposes for which it was collected, unless we have a lawful basis for a new purpose.

3. Lawful Basis for Processing

We process personal data only where we have a lawful basis under the UK GDPR. Depending on the circumstances, our lawful bases may include:

  • Contract – where processing is necessary to enter into or perform a storage agreement, such as managing your account, providing access, and administering payments.
  • Legal obligation – where we must process data to meet legal, tax, accounting, security, or regulatory requirements.
  • Legitimate interests – where processing is necessary for our legitimate business interests, provided these interests are not overridden by your rights and freedoms. This may include preventing fraud, protecting property, monitoring security, responding to enquiries, and improving services.
  • Consent – where we rely on your consent for specific optional processing, such as certain marketing activities, and you may withdraw consent at any time.

If we process special category data or criminal offence data, we will do so only where permitted by law and where an additional condition under the UK GDPR or Data Protection Act 2018 is satisfied.

4. Sharing and Processors

We may share personal data with trusted third parties who act as processors or independent controllers, but only where necessary and with appropriate safeguards in place. These may include:

  • Payment processors that handle card or electronic payments on our behalf.
  • IT and software providers that host systems, manage records, support communications, or provide security tools.
  • Identity verification services used to confirm customer identity where required.
  • Security providers including CCTV, alarm monitoring, and access control service providers.
  • Professional advisers such as accountants, auditors, insurers, and legal advisers.
  • Debt recovery or collection partners where necessary to recover unpaid amounts lawfully due.
  • Public authorities where disclosure is required by law, court order, or lawful request.

Where a third party processes data on our behalf, they are required to act only on our instructions, keep data confidential, and implement appropriate security measures. We do not sell personal data.

5. Data Retention

We keep personal data only for as long as necessary to fulfil the purposes for which it was collected, including to meet legal, accounting, insurance, and operational requirements. Retention periods may vary depending on the type of data and the reason for processing.

Typical retention periods

  • Customer and contract records are generally retained for the duration of the agreement and for a further period where needed for legal claims or accounting purposes.
  • Financial and transaction records are usually kept for the period required by tax and accounting laws.
  • Security records such as access logs and CCTV may be retained for a shorter period, unless required for investigating incidents, theft, damage, or legal claims.
  • Correspondence and complaint records are retained as long as necessary to handle the matter and any follow-up obligations.

When personal data is no longer needed, we will securely delete, anonymise, or destroy it. Retention is reviewed periodically to ensure we do not keep information longer than necessary.

6. Data Security

We use appropriate technical and organisational measures to protect personal data against unauthorised access, loss, alteration, disclosure, or destruction. These measures may include access controls, password protection, encryption where appropriate, staff confidentiality obligations, CCTV, secure storage of records, and supplier due diligence.

While no system can be guaranteed to be completely secure, we work to reduce risks and to respond promptly if a personal data incident occurs. Where required, we will notify affected individuals and regulators in accordance with legal obligations.

7. Your Rights

Under data protection law, you have a number of rights in relation to your personal data. These rights may be subject to conditions, exemptions, or limitations depending on the circumstances.

  • Right of access – to request a copy of the personal data we hold about you.
  • Right to rectification – to ask us to correct inaccurate or incomplete information.
  • Right to erasure – to request deletion of your data where there is no good reason for us to continue processing it.
  • Right to restrict processing – to ask us to limit the way we use your data in certain situations.
  • Right to data portability – to receive certain data in a structured, commonly used format where processing is based on contract or consent and carried out by automated means.
  • Right to object – to object to processing based on legitimate interests or to direct marketing.
  • Right to withdraw consent – where we rely on consent, you may withdraw it at any time.

If you wish to exercise any of these rights, we will respond within the time limits required by law. We may ask for information to verify your identity before responding to your request.

8. Cookies and Similar Technologies

If we use online systems, cookies or similar technologies may be used to support functionality, security, and performance. Where applicable, we will provide information about these technologies and any required choices at the point of use. This policy does not describe website-specific settings in detail, but any such tools will be used in line with applicable data protection rules.

9. International Transfers

Where personal data is transferred outside the UK, we will ensure that appropriate safeguards are in place, such as adequacy regulations, standard contractual clauses, or other lawful transfer mechanisms. We will take steps to protect the data to a standard consistent with UK data protection law.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or data handling practices. Any updated version will apply from the date it takes effect. We encourage customers to review this policy periodically so they remain informed about how their data is used.

11. Contact and Complaints

If you have questions about this Privacy Policy, wish to exercise your rights, or believe your personal data has been handled incorrectly, you should raise the matter through the usual customer support channels. You also have the right to complain to the UK Information Commissioner's Office if you are unhappy with how your data has been handled.

Summary of our commitment: Cranham Storage will collect and use personal data fairly, lawfully, and transparently; keep it secure; retain it only as long as necessary; and respect the rights of every customer in the area.

Call Now!
Call Now Get a Quote
Cranham Storage

GDPR-compliant Privacy Policy for Cranham Storage covering data collection, lawful basis, retention, processors, and user rights for all local customers.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.