Privacy Policy - Enfieldlock Storage

This Privacy Policy explains how Enfieldlock Storage collects, uses, stores, shares, and protects personal data relating to its customers and other individuals whose information we process. It applies to all Enfieldlock Storage customers in the area, including prospective customers, current customers, former customers, site visitors, contractors, and individuals who communicate with us in connection with storage services.

We are committed to handling personal data in a lawful, fair, and transparent manner in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy is intended to help you understand what information we collect, why we collect it, the legal grounds we rely on, how long we keep it, who may process it on our behalf, and what rights you have.

1. Personal Data We Collect

We may collect and process personal data directly from you, from your use of our services, and in some cases from third parties where permitted by law. The categories of information may include:

  • Identity details such as your name, date of birth, and title.
  • Contact details such as postal address, email address, and telephone number.
  • Account and contract information such as customer reference numbers, booking records, service preferences, payment history, and tenancy or storage agreements.
  • Financial information such as billing details, partial payment card information, bank account details, and records of transactions. We do not store card details unless required by a secure payment provider.
  • Verification information such as identity documents, proof of address, and documents required for fraud prevention, security, or regulatory checks.
  • Usage and access information such as entry logs, site access records, CCTV footage where used, alarm records, incident reports, and customer service communications.
  • Technical information such as device identifiers, IP address, browser type, and basic website or system activity if you interact with our digital services.
  • Special category data only where necessary and lawful, for example if disclosed voluntarily in support requests or incident investigations.

We aim to collect only what is necessary for the purposes described in this policy. We do not seek to collect excessive or irrelevant information.

2. How We Use Personal Data

We use personal data for the following purposes:

  • To provide and manage storage services.
  • To set up and administer customer accounts.
  • To verify identity and prevent fraud.
  • To process payments, refunds, and billing matters.
  • To communicate with you about your account, service changes, or security matters.
  • To maintain site safety, monitor access, and protect property.
  • To handle complaints, disputes, insurance-related matters, or legal claims.
  • To comply with legal, tax, accounting, and regulatory obligations.
  • To improve service quality, operations, and customer experience.
  • To enforce our contractual rights and protect our business, staff, customers, and facilities.

We will only use your data for the purposes for which it was collected, unless we reasonably consider that we need to use it for another compatible purpose.

3. Lawful Basis for Processing

Under GDPR, we must have a lawful basis to process personal data. Depending on the activity, Enfieldlock Storage relies on one or more of the following:

Contract

We process data where it is necessary to enter into or perform our contract with you, such as managing your storage unit, payment, account administration, and service delivery.

Legal Obligation

We process information where necessary to comply with applicable laws, including tax, accounting, fraud prevention, consumer protection, and other regulatory duties.

Legitimate Interests

We may process data where it is necessary for our legitimate business interests and where those interests are not overridden by your rights and freedoms. This includes site security, CCTV use where applicable, fraud prevention, service improvement, and business administration. We balance our interests against your privacy rights before relying on this basis.

Consent

In limited situations, we may ask for your consent, for example for certain optional communications or where consent is required by law. Where consent is used, you may withdraw it at any time.

Vital Interests

In rare circumstances, we may process data to protect someone’s vital interests, such as in an emergency involving safety or security.

4. Data Sharing and Processors

We do not sell personal data. However, we may share information with trusted third parties when necessary and lawful. These parties may act as processors or, in some cases, independent controllers. Processors only process data on our instructions and are required to protect it appropriately.

Examples of processors and service providers may include:

  • Payment service providers for secure transaction processing.
  • IT and cloud hosting providers for system storage, maintenance, and security.
  • Security providers for alarm monitoring, access control, and CCTV support where used.
  • Accountancy and bookkeeping providers for financial administration and compliance.
  • Customer service and communications platforms for managing enquiries and records.
  • Professional advisers such as lawyers, insurers, auditors, and compliance consultants.
  • Debt recovery or enforcement providers where necessary and lawful to recover outstanding sums.

We may also disclose personal data to public authorities, regulators, law enforcement bodies, courts, or other third parties where required by law or to protect our legal rights.

Where any processor processes personal data on our behalf, we require suitable contractual protections, confidentiality obligations, and security measures. All processors are expected to maintain appropriate technical and organisational safeguards.

5. International Transfers

In some cases, your personal data may be processed outside the UK. If this happens, we will take steps to ensure that appropriate safeguards are in place, such as adequacy regulations, standard contractual clauses, or other legally recognised transfer mechanisms. We only permit international transfers where they are lawful and necessary for business operations.

6. Data Retention

We keep personal data only for as long as necessary for the purposes for which it was collected, including satisfying legal, accounting, insurance, and reporting requirements. Retention periods depend on the type of information and the purpose for which it is used.

As a general approach:

  • Customer contract and account records are retained for the duration of the relationship and for a reasonable period afterwards.
  • Financial and tax records are kept for the period required by law, typically several years.
  • Security logs and access records are retained only as long as needed for safety, audit, or incident management.
  • CCTV footage, where used, is usually retained for a short period unless an incident requires longer retention.
  • Correspondence and complaint records are retained for as long as needed to resolve issues and defend legal claims.

When data is no longer required, we will delete it securely or anonymise it so that it can no longer identify you. Retention is never indefinite unless a lawful reason requires it.

7. Your Rights Under GDPR

You have a number of rights in relation to your personal data. Subject to legal conditions and exemptions, these include:

  • Right of access – to request a copy of the personal data we hold about you.
  • Right to rectification – to ask us to correct inaccurate or incomplete data.
  • Right to erasure – to request deletion of your data in certain circumstances.
  • Right to restriction – to ask us to limit how we use your data in certain situations.
  • Right to data portability – to receive certain data in a structured, commonly used format where applicable.
  • Right to object – to object to processing based on legitimate interests or direct marketing.
  • Right to withdraw consent – where processing is based on consent.
  • Right not to be subject to automated decision-making – where applicable, unless permitted by law.

If you wish to exercise any of these rights, we will respond in accordance with GDPR timeframes and legal requirements. We may need to verify your identity before responding to protect your privacy.

8. Security of Your Data

We use appropriate technical and organisational measures to safeguard personal data from unauthorised access, accidental loss, misuse, disclosure, or alteration. These measures may include access controls, encryption where appropriate, staff training, security monitoring, and incident response procedures.

No system is completely secure, but we regularly review our safeguards to reduce risk and maintain a high level of protection.

9. Children’s Data

Our services are not directed at children, and we do not knowingly collect personal data from children unless it is necessary in connection with a lawful service relationship and provided by or with the authority of a parent, guardian, or responsible adult. If we become aware that we have collected information improperly, we will take appropriate steps to delete or secure it.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in the law, our services, or how we process data. Any updates will be effective when published or otherwise communicated to you. We encourage you to review this policy periodically to stay informed.

11. Summary of Our Commitments

In summary, Enfieldlock Storage processes personal data carefully and only where necessary. We rely on clear lawful bases, keep data for no longer than needed, use trusted processors under strict controls, and respect your data protection rights. This policy applies to all Enfieldlock Storage customers in the area and is intended to ensure transparent and responsible handling of personal information.

Privacy matters to us, and we aim to keep your information secure, relevant, and properly managed at every stage of our services.

Call Now!
Call Now Get a Quote
Enfieldlock Storage

GDPR-compliant Privacy Policy for Enfieldlock Storage covering data collection, lawful bases, retention, processors, and user rights for all local customers.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.