Privacy Policy - Westkensington Storage

This Privacy Policy explains how Westkensington Storage collects, uses, stores, shares, and protects personal data relating to customers, prospective customers, and other individuals who interact with us. It applies to all Westkensington Storage customers in the area and to anyone whose personal data is processed by us in connection with our storage services, account administration, billing, and related operations.

1. Who We Are

Westkensington Storage is the data controller for the personal data described in this policy. This means we determine the purposes and means of processing personal data in connection with our services. We are committed to handling personal data in accordance with the UK GDPR and the Data Protection Act 2018, and to applying the principles of lawfulness, fairness, transparency, data minimisation, accuracy, storage limitation, integrity, and confidentiality.

2. Personal Data We Collect

We may collect and process the following categories of personal data:

  • Identity information such as your name, title, and date of birth where required for verification.
  • Contact information such as address, email address, and telephone number.
  • Account and contract information including tenancy or storage unit details, service preferences, payment arrangements, and communications about your account.
  • Financial information such as payment records, billing details, and transaction history.
  • Identification and verification data such as copies or references of identity documents where legally necessary or reasonably required to prevent fraud.
  • Security and access data including CCTV footage, access logs, gate entries, incident reports, and records of visits to our premises.
  • Communications data including emails, messages, complaints, and notes from customer service interactions.
  • Technical or device data where you interact with digital systems used in our operations, such as basic usage logs and system records.

We generally do not seek to collect special category data. If such data is inadvertently provided to us, we will handle it only where there is a lawful basis and appropriate safeguard.

3. How We Use Your Data

We use personal data for the following purposes:

  • To create and manage customer accounts and storage agreements.
  • To verify identity and help prevent fraud, misuse, and unauthorised access.
  • To process payments, issue invoices, and manage arrears or disputes.
  • To provide storage services, allocate units, and manage site access and security.
  • To communicate about service updates, policy changes, reminders, or operational matters.
  • To monitor and protect the safety and security of our premises, property, staff, and customers.
  • To respond to enquiries, complaints, and legal or regulatory requests.
  • To maintain records, assess service performance, and improve our operations.

We only use personal data for purposes that are compatible with the original reason for collection or where otherwise permitted by law.

4. Lawful Basis for Processing

We process personal data only where we have a lawful basis under data protection law. Depending on the activity, our lawful bases may include:

  • Contract — where processing is necessary to enter into or perform a storage agreement, manage your account, or provide services.
  • Legal obligation — where processing is required to comply with tax, accounting, security, fraud prevention, or other legal duties.
  • Legitimate interests — where processing is necessary for our legitimate business interests, such as site security, service improvement, record keeping, debt recovery, and prevention of misuse, provided your rights do not override those interests.
  • Consent — where we rely on your consent for specific optional processing. You may withdraw consent at any time, without affecting the lawfulness of processing before withdrawal.

Where we process personal data based on legitimate interests, we carry out an assessment to ensure the processing is necessary, proportionate, and respectful of your privacy rights.

5. Data Sharing and Processors

We may share personal data with trusted third parties who act as processors on our behalf or, in some cases, as independent controllers. These parties may include:

  • Payment service providers for handling card or bank transactions.
  • IT and cloud service providers for secure hosting, data storage, backup, and system administration.
  • Security providers for CCTV, access control, alarm monitoring, and site protection.
  • Professional advisers such as accountants, auditors, insurers, and legal advisers.
  • Debt recovery or enforcement providers where necessary to recover outstanding sums or protect our rights.
  • Public authorities where required by law or to assist with investigations, compliance, or safety matters.

All processors are required to handle personal data only in accordance with our instructions, to keep it secure, and to use appropriate technical and organisational measures. We seek to ensure that any processor engaged by us provides sufficient guarantees that your data will be protected in compliance with applicable law.

6. International Transfers

If personal data is transferred outside the UK, we will ensure appropriate safeguards are in place. These may include adequacy regulations, approved contractual clauses, or other lawful transfer mechanisms. Where such transfers occur, we remain committed to protecting your data to a standard equivalent to that required under UK data protection law.

7. Data Retention

We keep personal data only for as long as necessary for the purpose for which it was collected, including for legal, accounting, reporting, and operational requirements. Retention periods may vary depending on the category of data and the reason for processing.

Typical retention principles include:

  • Account and contract records are retained for the duration of the relationship and for a period after termination.
  • Financial and tax records are retained for the period required by law.
  • Security records, including CCTV and access logs, are retained for a limited period unless needed longer for an investigation or legal claim.
  • Correspondence and complaints may be retained for as long as needed to resolve the matter and for record-keeping purposes.

When personal data is no longer required, it is securely deleted, anonymised, or otherwise disposed of in a safe and appropriate manner.

8. Security of Personal Data

We use appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, destruction, alteration, or disclosure. These measures may include access controls, encryption, secure storage, staff training, and restricted permissions. While no system can be guaranteed completely secure, we regularly review our practices to reduce risk and maintain confidentiality.

9. Your Rights

Under data protection law, you may have the following rights in relation to your personal data:

  • Right of access — to request a copy of the personal data we hold about you.
  • Right to rectification — to ask us to correct inaccurate or incomplete data.
  • Right to erasure — to request deletion of your data in certain circumstances.
  • Right to restriction — to ask us to limit processing in certain cases.
  • Right to data portability — to receive certain data in a structured, commonly used format where applicable.
  • Right to object — to object to processing based on legitimate interests or to direct marketing, where applicable.
  • Right to withdraw consent — where processing is based on consent.

You may also have the right to lodge a complaint with the UK Information Commissioner’s Office if you are concerned about how your data is handled. We encourage you to raise any concerns with us first so that we can address them promptly and fairly.

10. Automated Decision-Making

We do not generally use automated decision-making that produces legal or similarly significant effects. If this changes, we will provide clear information about the logic involved, the significance of the processing, and your rights relating to it.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, our services, or our data handling practices. Any updated version will apply from the date it takes effect. We encourage customers to review this policy periodically so they remain informed about how their personal data is handled.

Summary of Our Commitment

Westkensington Storage is committed to transparent, lawful, and secure processing of personal data. We collect only what we need, use it fairly, retain it only as long as necessary, and respect the rights of all customers in the area.

Last reviewed: This policy is intended as a general privacy notice for Westkensington Storage customers in the area and should be read together with any relevant terms of service or notices provided at the point of data collection.

Call Now!
Call Now Get a Quote
Westkensington Storage

GDPR-compliant privacy policy for Westkensington Storage covering data collection, lawful basis, retention, processors, rights, and scope for local customers.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.