Privacy Policy - Selfstorage Soho

This Privacy Policy explains how Selfstorage Soho collects, uses, stores, shares, and protects personal data when providing self-storage services. It applies to all Selfstorage Soho customers in the area, including prospective customers, current customers, former customers, and anyone who interacts with us in relation to our storage services, site access, invoicing, administration, or security arrangements.

1. Who We Are

Selfstorage Soho provides self-storage services to individuals and businesses. For the purposes of data protection law, we act as a data controller for the personal data we process about customers and others who use our services. This means we determine why and how personal data is used in connection with our business operations.

2. Personal Data We Collect

We collect only the personal data necessary to provide our services, manage accounts, ensure security, meet legal obligations, and maintain accurate business records. The categories of information we may collect include:

  • Identification details such as name, date of birth, and proof of identity where required.
  • Contact details such as postal address, email address, and telephone number.
  • Account and contract information including rental dates, storage unit details, payment status, and contract terms.
  • Payment information such as billing details, transaction records, and limited payment card information processed through secure payment systems.
  • Access and security information such as entry logs, CCTV images, alarm records, and records of site visits.
  • Communication records including emails, written correspondence, customer service notes, and complaint records.
  • Technical and usage data where relevant, such as device or system information linked to online account management.

We may also collect information indirectly from third parties where necessary, for example from payment providers, identity verification services, insurers, or legal and regulatory bodies.

3. How We Use Personal Data

We use personal data for lawful and legitimate business purposes, including:

  • setting up and managing storage agreements;
  • verifying identity and preventing fraud;
  • processing payments and managing account balances;
  • maintaining site safety, security, and access controls;
  • responding to enquiries, complaints, and customer requests;
  • meeting legal, tax, accounting, and regulatory obligations;
  • protecting our rights, property, staff, customers, and premises;
  • improving our services, internal procedures, and customer experience;
  • sending administrative notices related to the service, contracts, or policy updates.

We do not use personal data for purposes that are incompatible with the reasons it was collected, unless required or permitted by law.

4. Lawful Basis for Processing

Under the UK GDPR and applicable data protection laws, we must have a lawful basis to process personal data. Depending on the context, Selfstorage Soho may rely on one or more of the following legal bases:

Contract

We process personal data where it is necessary to enter into or perform a contract with you. This includes managing your storage account, providing access to your unit, collecting fees, and handling service-related administration.

Legal Obligation

We process personal data where necessary to comply with legal obligations, including accounting, tax, fraud prevention, compliance checks, and requests from public authorities where required by law.

Legitimate Interests

We process data where it is necessary for our legitimate interests and where those interests are not overridden by your rights and freedoms. These interests include site security, prevention of misuse, debt recovery, operational management, service improvement, and protecting our business and customers.

Consent

Where required, we will rely on your consent. For example, if certain optional marketing or non-essential communications are offered, we will only send them where you have clearly agreed to receive them. You can withdraw consent at any time where processing is based on consent.

5. Data Sharing and Processors

We may share personal data with trusted third parties who act as processors or independent controllers, depending on the service they provide. We only share the minimum information necessary and take appropriate measures to ensure it is handled securely and in line with data protection law.

Processors may include:

  • IT and software providers that host customer management systems, storage records, or security systems.
  • Payment processors that handle card transactions, direct debits, or other payment methods.
  • Identity verification providers used to confirm identity or support anti-fraud checks.
  • Security service providers supporting CCTV, alarms, monitoring, or access control systems.
  • Professional advisers such as accountants, auditors, insurers, and legal advisers.
  • Delivery, maintenance, or facilities providers where access or service support is required.

Where a processor acts on our behalf, they are bound by contract to process personal data only according to our instructions and to protect it using appropriate technical and organisational safeguards. If a third party acts as an independent controller, their own privacy policy and legal responsibilities will apply.

6. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, including for service delivery, legal compliance, dispute resolution, and record-keeping. Retention periods vary depending on the type of data and the legal or business need.

In general:

  • customer account and contract records are kept for the duration of the relationship and for a reasonable period afterwards;
  • financial and tax records are retained in line with legal requirements;
  • security records, such as access logs and CCTV footage, are kept for the shortest practical period unless needed for an incident, investigation, or legal claim;
  • complaints and correspondence may be retained for a period needed to handle the issue and support business records;
  • where data is no longer needed, it is securely deleted, anonymised, or destroyed.

We regularly review retention periods to ensure that personal data is not kept longer than necessary.

7. Security of Personal Data

We use appropriate technical and organisational measures to protect personal data against accidental loss, unlawful access, misuse, alteration, or disclosure. These may include restricted access, encryption, secure storage, role-based permissions, staff training, and monitoring of systems and premises.

While no system can be guaranteed to be completely secure, we take data security seriously and continuously assess our safeguards to reduce risk.

8. International Transfers

Where personal data is transferred outside the UK, we will ensure that suitable safeguards are in place, such as adequacy regulations, standard contractual clauses, or other legally approved transfer mechanisms. We will only transfer data where it is necessary and lawful to do so.

9. Your Rights

Under data protection law, you have a number of rights in relation to your personal data. These rights may be subject to legal limitations and exceptions, but we will always assess and respond to requests appropriately.

  • Right of access – to request confirmation of whether we process your data and to obtain a copy of it.
  • Right to rectification – to request correction of inaccurate or incomplete data.
  • Right to erasure – to request deletion of your data in certain circumstances.
  • Right to restriction – to request that we limit how we use your data in certain situations.
  • Right to object – to object to processing based on legitimate interests or direct marketing.
  • Right to data portability – to request transfer of data you provided, where processing is based on consent or contract and carried out by automated means.
  • Right to withdraw consent – where processing is based on consent, you may withdraw it at any time.

You also have the right to raise concerns with the relevant data protection supervisory authority if you believe your data has not been handled lawfully.

10. Automated Decision-Making

We do not normally make decisions based solely on automated processing that produce legal or similarly significant effects. If we ever use such methods, we will inform you and ensure that the processing complies with applicable law.

11. Children's Data

Our services are not primarily directed at children. We do not intentionally collect personal data from children unless it is necessary in connection with lawful storage arrangements or other legitimate business purposes and permitted by law.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or data protection practices. Any updated version will apply from the date it is published or otherwise communicated. We encourage customers to review this policy periodically.

13. Summary of Our Approach

Selfstorage Soho is committed to handling personal data lawfully, fairly, and transparently. We collect only what is needed, use it for clear and legitimate purposes, retain it only as long as necessary, and share it carefully with trusted processors and other third parties where appropriate. We respect your rights and aim to maintain a high standard of privacy and security for all customers in the area.

Call Now!
Call Now Get a Quote
Selfstorage Soho

GDPR-compliant privacy policy for Selfstorage Soho covering data collection, lawful basis, retention, processors, user rights, and security for all customers in the area.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.