Privacy Policy

Selfstorage Crystalpalace is committed to protecting the privacy and personal data of all customers in the Crystal Palace area. This Privacy Policy explains how we collect, use, share, retain, and safeguard personal information when you use our storage services, visit our premises, or interact with us in connection with a storage agreement. This policy applies to all Selfstorage Crystalpalace customers in the area and is designed to meet the requirements of the UK GDPR and the Data Protection Act 2018.

1. Who We Are

For the purposes of data protection law, Selfstorage Crystalpalace acts as the data controller for the personal data we process about our customers, prospective customers, visitors, and other individuals who interact with our services. This means we determine the purposes and means of processing personal data in connection with our storage operations.

2. Personal Data We Collect

We only collect personal data that is necessary for the provision and management of our storage services, for legal compliance, and for the protection of our business, staff, and customers. Depending on your relationship with us, we may collect the following categories of data:

  • Identity information such as your name, date of birth, and proof of identity documents where required.
  • Contact details such as address, email address, and telephone number.
  • Account and contract information such as storage unit details, rental terms, move-in and move-out dates, payment status, and correspondence related to your account.
  • Financial information such as payment records, billing details, and transaction references. We do not ordinarily store full payment card information unless necessary for a specific transaction handled by a secure payment provider.
  • Security information such as CCTV images, access logs, vehicle registration details, alarm events, and records of site entry and exit where applicable.
  • Communications such as emails, written messages, call notes, complaints, service requests, and other interactions with us.
  • Technical data such as limited device and website usage information if you interact with our digital systems, where applicable.

We do not intentionally collect special category data unless it is provided by you or required by law and there is a lawful basis to process it. If such data is shared with us, we will handle it with appropriate safeguards.

3. How We Use Your Data

We use personal data only where it is necessary and lawful to do so. Our main purposes include:

  • setting up and administering your storage agreement;
  • verifying identity and preventing fraud or misuse;
  • processing payments, deposits, refunds, and outstanding balances;
  • managing access to storage units and site security;
  • communicating with you about your account, service changes, or operational matters;
  • responding to enquiries, complaints, and claims;
  • maintaining accurate business records;
  • meeting legal, regulatory, tax, and insurance obligations;
  • protecting the rights, property, and safety of our customers, staff, and visitors;
  • operating and improving our services, processes, and security controls.

We will not use your personal data for unrelated purposes without informing you where required by law.

4. Lawful Basis for Processing

Under the UK GDPR, we must have a lawful basis for each use of personal data. Depending on the context, Selfstorage Crystalpalace relies on the following lawful bases:

Contract

We process personal data where it is necessary to enter into or perform a contract with you. This includes setting up your storage account, verifying your identity, managing access, and handling billing and service delivery.

Legal Obligation

We process certain data to comply with legal and regulatory requirements, such as tax rules, accounting obligations, fraud prevention duties, and requests from lawful authorities.

Legitimate Interests

We may process personal data where it is necessary for our legitimate interests, provided that those interests are not overridden by your rights and freedoms. Legitimate interests may include site security, loss prevention, business administration, customer support, service improvement, and evidence preservation in the event of disputes.

Consent

Where consent is required, we will ask for it clearly and separately. For example, consent may be used for certain optional communications or activities not covered by other lawful bases. You may withdraw consent at any time, without affecting the lawfulness of processing carried out before withdrawal.

5. Sharing Your Personal Data

We may share your data only when necessary and only with appropriate safeguards. The types of recipients may include:

  • Service providers and processors who help us run our storage business, such as payment processors, IT and software support providers, secure data hosting providers, communications platforms, and security service providers.
  • Professional advisers such as accountants, auditors, insurers, legal advisers, and debt recovery advisers where needed.
  • Public authorities where required by law or where disclosure is necessary to protect our legal rights or those of others.
  • Third parties involved in a dispute or incident where disclosure is necessary to investigate, defend, or resolve a claim.

We require processors to act only on our instructions, to protect personal data, and to use it only for the agreed purpose. Where we use processors, we have appropriate contracts in place that meet GDPR requirements.

6. International Transfers

If any of our processors transfer personal data outside the UK, we will ensure that appropriate safeguards are in place, such as adequacy regulations, standard contractual clauses, or equivalent legally recognised protections. We will take steps to ensure that transferred data remains protected to a standard consistent with UK GDPR requirements.

7. Data Retention

We keep personal data only for as long as necessary for the purposes for which it was collected, and to satisfy legal, accounting, insurance, and operational requirements. Retention periods vary depending on the type of data and the reason we hold it.

  • Customer account and contract records are retained for the duration of the agreement and for a period afterwards where necessary for legal claims, audits, or financial records.
  • Payment and invoicing records are kept in line with tax and accounting obligations.
  • Security records such as CCTV or access logs are kept only for a limited period unless needed for an investigation, incident response, or legal matter.
  • Communications and complaints may be kept for as long as needed to respond, resolve issues, and maintain records of decisions.

When data is no longer required, we will delete it securely or anonymise it where deletion is not immediately possible. Retention is based on necessity, not convenience.

8. Data Security

We use appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure. These measures may include access controls, secure storage, restricted permissions, monitoring, staff training, and contractual controls with processors. While no system can be guaranteed 100% secure, we take data protection seriously and continuously review our safeguards.

9. Your Rights

Subject to certain legal conditions and exemptions, you have the following rights in relation to your personal data:

  • Right of access – to request a copy of the personal data we hold about you.
  • Right to rectification – to ask us to correct inaccurate or incomplete data.
  • Right to erasure – to request deletion of your data where there is no legal reason for us to keep it.
  • Right to restrict processing – to ask us to limit how we use your data in certain circumstances.
  • Right to object – to object to processing based on legitimate interests or direct marketing.
  • Right to data portability – to receive certain data in a structured, commonly used format, where applicable.
  • Right to withdraw consent – where processing is based on consent, you may withdraw it at any time.

These rights are not absolute. In some cases, we may retain or continue processing data where permitted or required by law.

10. Automated Decision-Making

We do not make decisions about you solely by automated means that produce legal or similarly significant effects, unless we have informed you and such processing is lawful. If automated tools are used for security, fraud prevention, or operational support, we will ensure appropriate human oversight where required.

11. Children’s Data

Our storage services are intended for adults. We do not knowingly collect personal data from children unless it is necessary for a lawful purpose connected with an adult customer’s account, such as emergency contact information, and only where appropriate safeguards apply.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or data protection practices. Any revised version will apply from the date it is published or otherwise communicated. We encourage customers to review this policy periodically to stay informed about how we protect personal data.

13. Summary of Key Principles

Selfstorage Crystalpalace follows these core principles when processing personal data:

  • lawfulness, fairness, and transparency;
  • purpose limitation and data minimisation;
  • accuracy and storage limitation;
  • integrity, confidentiality, and accountability.

By using our services, you acknowledge that we may process personal data as described in this Privacy Policy, subject always to applicable law. We are committed to handling customer data responsibly, transparently, and in a way that respects individual rights while enabling us to provide secure and reliable storage services in the Crystal Palace area.

Call Now!
Call Now Get a Quote
Selfstorage Crystalpalace

GDPR-compliant Privacy Policy for Selfstorage Crystalpalace covering data collection, lawful basis, retention, processors, and user rights for all local customers.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.