Privacy Policy - Whitecity Storage

This Privacy Policy explains how Whitecity Storage collects, uses, shares, stores, and protects personal data when providing storage services. It applies to all Whitecity Storage customers in the area, including prospective customers, current customers, former customers, visitors to our premises, and individuals who communicate with us in connection with our services. We are committed to handling personal data in a lawful, fair, and transparent manner in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

Whitecity Storage acts as the data controller for the personal data described in this Privacy Policy. This means we determine the purposes and means of processing personal data for our business operations, customer management, security, and compliance obligations.

We take privacy seriously and aim to collect only the information that is necessary, relevant, and limited to the purposes explained below.

2. Personal Data We Collect

We may collect and process different categories of personal data depending on how you interact with us. This may include:

  • Identity data such as your name, date of birth, and identification details where required for verification or security purposes.
  • Contact data such as address, telephone number, and email address.
  • Contract data such as storage unit details, tenancy dates, payment arrangements, and records of services provided.
  • Financial data such as billing information, payment status, and transaction records. We generally do not store full card details where payment processing is handled by a third party.
  • Security data such as CCTV footage, access logs, incident reports, and records relating to site safety and security.
  • Communication data such as messages, enquiries, complaints, and notes of telephone or in-person discussions.
  • Technical data such as device or browser information if you interact with our digital systems, where applicable.

We may also collect special category data only where strictly necessary and permitted by law, for example if it is required to protect your safety, support a legal claim, or comply with a legal obligation. Where such data is processed, we apply additional safeguards.

3. How We Use Personal Data

We use personal data for the following purposes:

  • to set up and manage storage agreements;
  • to verify identity and prevent fraud;
  • to provide access to storage facilities and related services;
  • to process payments, invoices, and account administration;
  • to communicate with customers about bookings, renewals, service updates, and operational matters;
  • to maintain security, including monitoring access and investigating incidents;
  • to comply with legal and regulatory duties;
  • to resolve disputes, enforce agreements, and establish or defend legal claims;
  • to improve our services, operations, and customer experience.

We will only use your personal data where we have a valid legal reason to do so.

4. Lawful Basis for Processing

Under UK GDPR, we must have a lawful basis for every processing activity. Whitecity Storage relies on the following lawful bases:

Contract

We process personal data where it is necessary to enter into or perform a contract with you. This includes managing your storage account, providing access to your unit, collecting fees, and carrying out customer administration.

Legal Obligation

We may process personal data to comply with legal requirements, such as tax obligations, record-keeping duties, health and safety requirements, fraud prevention laws, and lawful requests from authorities.

Legitimate Interests

We may process personal data where it is necessary for our legitimate interests, provided those interests are not overridden by your rights and freedoms. These interests include site security, CCTV monitoring, preventing theft or misuse, protecting our property, managing disputes, and improving service quality. Where we rely on legitimate interests, we assess the impact on your privacy and apply appropriate safeguards.

Consent

In limited circumstances, we may rely on your consent, for example for certain optional communications or specific uses of data that are not covered by another lawful basis. Where consent is used, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

5. Retention of Personal Data

We keep personal data only for as long as necessary for the purpose for which it was collected, including to meet legal, accounting, and reporting obligations. Retention periods vary depending on the type of data and the reason it is held.

  • Customer account and contract records are generally retained for the duration of the storage agreement and for a further period where required for legal or administrative purposes.
  • Financial and accounting records are retained in line with tax and accounting requirements.
  • Security records and CCTV footage are kept only for a limited period unless required longer for an incident investigation, insurance matter, or legal claim.
  • Enquiry and communication records may be retained for a reasonable period to manage follow-up, disputes, or service history.

When personal data is no longer required, we will delete it securely or anonymise it so that it can no longer identify you.

6. Sharing Personal Data and Processors

We may share personal data with trusted third parties who act as processors or, in some cases, as independent controllers. These parties process data only where necessary and under appropriate contractual or legal safeguards.

Examples of processors or service providers may include:

  • payment processing providers;
  • IT and cloud hosting providers;
  • security and CCTV service providers;
  • customer management or booking system providers;
  • professional advisers such as accountants, auditors, or legal advisers where required;
  • maintenance, inspection, and facilities management providers;
  • debt recovery or dispute resolution services where lawful and necessary.

We may also disclose personal data to public authorities, insurers, or law enforcement where required by law, or where necessary to protect our rights, the safety of individuals, or the security of our premises.

Where a processor is used, we ensure they are bound by written agreements requiring them to process personal data only on our instructions, protect it appropriately, and respect confidentiality obligations.

7. Data Security

We use appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, destruction, or alteration. These measures may include access controls, secure systems, staff training, monitoring, and restricted access to sensitive records. While no system is completely secure, we work to maintain a level of protection suitable to the risks involved.

8. Your Rights

Under data protection law, you have rights in relation to your personal data. These rights may apply depending on the circumstances and the legal basis for processing:

  • Right of access – you may request a copy of the personal data we hold about you.
  • Right to rectification – you may ask us to correct inaccurate or incomplete data.
  • Right to erasure – in certain cases, you may ask us to delete your data.
  • Right to restriction – you may request that we limit how we use your data in certain situations.
  • Right to object – you may object to processing based on legitimate interests, including direct marketing where applicable.
  • Right to data portability – where processing is based on consent or contract and carried out by automated means, you may request transfer of certain data in a structured format.
  • Right to withdraw consent – where we rely on consent, you may withdraw it at any time.

To exercise your rights, you should provide enough information for us to identify you and understand your request. We may need to verify your identity before responding. We will respond within the time limits required by law.

Please note that some rights are not absolute and may be limited where we must retain or process data for legal, security, or contractual reasons.

9. International Transfers

If personal data is transferred outside the UK, we will ensure that appropriate safeguards are in place to protect it. This may include the use of adequacy regulations, standard contractual clauses, or other lawful transfer mechanisms.

10. Complaints

If you have concerns about how we handle personal data, we encourage you to raise them so we can address the issue. You also have the right to lodge a complaint with the relevant data protection authority if you believe your rights have been infringed.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. Any revised version will apply from the date it is issued, and we encourage customers to review it periodically.

Summary: Whitecity Storage’s Privacy Policy explains data collection, lawful bases, retention, processors, and customer rights for all customers in the area.

Call Now!
Call Now Get a Quote
Whitecity Storage

Whitecity Storage’s Privacy Policy explains data collection, lawful bases, retention, processors, and customer rights for all customers in the area.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.