Privacy Policy - Tooting Storage

This Privacy Policy explains how Tooting Storage collects, uses, shares, and protects personal data relating to its customers in the Tooting area. It applies to all Tooting Storage customers in the area, including prospective customers, current customers, and individuals who have previously used our services. We are committed to handling personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who this policy applies to

This policy applies to individuals who:

  • enquire about storage services;
  • create an account or enter into a storage agreement;
  • use our storage facilities or related services;
  • visit our premises in connection with storage services; or
  • otherwise interact with Tooting Storage in the course of business.

For the purposes of this policy, personal data means any information relating to an identified or identifiable person. This may include names, contact details, identification documents, payment information, and records of your use of our services.

2. Data we collect

We collect only the personal data that is necessary and relevant for operating our storage services, maintaining security, and meeting our legal obligations. Depending on how you interact with us, we may collect the following categories of information:

2.1 Information you provide directly

  • Identity details such as your name and date of birth;
  • Contact details such as your postal address, email address, and telephone number;
  • Account and contract details including storage unit number, agreement dates, and service preferences;
  • Payment information such as billing address, partial card details, bank account details, and payment history;
  • Identification data where required for security, fraud prevention, or legal compliance, such as copies of ID documents;
  • Correspondence including messages, complaints, claims, or enquiries you send to us;
  • Access and security information such as access codes, key records, and entry logs if applicable.

2.2 Information collected automatically

  • Site access records such as time, date, and location of entry or exit where access systems are in use;
  • CCTV images where cameras are installed for security and crime prevention;
  • Device and technical data where you interact with digital systems, including IP address, browser type, and usage logs;
  • Security incident data relating to suspicious activity, damage, theft, or misuse of the premises.

2.3 Information from third parties

  • identity verification providers;
  • payment service providers;
  • debt recovery or legal service providers where necessary;
  • public authorities, regulators, or law enforcement where required by law;
  • insurance providers, if relevant to a claim or incident.

We do not intentionally collect special category data unless it is necessary and permitted by law. If such data is provided to us, we will process it only where there is a lawful basis to do so and appropriate safeguards are in place.

3. How we use your data

We use personal data for the following purposes:

  • to assess enquiries and provide quotations;
  • to enter into and manage storage agreements;
  • to verify identity and prevent fraud;
  • to take payments and manage billing;
  • to maintain site security and control access;
  • to protect property, customers, and staff;
  • to handle customer service requests and complaints;
  • to comply with legal, tax, accounting, and regulatory requirements;
  • to establish, exercise, or defend legal claims;
  • to improve operations, facilities, and service quality.

We only process personal data for specified, explicit, and legitimate purposes. We do not use your data in ways that are incompatible with those purposes.

4. Lawful basis for processing

Under data protection law, we must have a lawful basis for each type of processing. We rely on the following bases where appropriate:

4.1 Performance of a contract

We process your personal data when it is necessary to provide storage services, manage your account, take payments, enforce the storage agreement, or respond to requests linked to your contract.

4.2 Legal obligation

We process personal data where required to comply with laws and regulations, including tax, accounting, anti-fraud, health and safety, and lawful requests from authorities.

4.3 Legitimate interests

We may process personal data where it is necessary for our legitimate interests or those of a third party, provided those interests are not overridden by your rights and freedoms. These interests include security, preventing crime, protecting property, managing business operations, and defending legal claims.

4.4 Consent

In limited circumstances, we may rely on your consent. If we do, you may withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing carried out before consent was withdrawn.

4.5 Vital interests and public task

These bases are unlikely to apply in ordinary storage operations, but where necessary in an emergency or lawful public interest context, we may rely on them in accordance with data protection law.

5. Sharing and processors

We may share your personal data with trusted third parties when necessary for the operation of our services or where required by law. We do not sell personal data.

5.1 Categories of recipients

  • Payment processors to complete transactions and manage billing;
  • IT and system providers that host, maintain, or secure our records and communications systems;
  • Identity verification providers used to confirm customer details;
  • CCTV, access control, and security service providers for premises protection;
  • Accountants, auditors, and legal advisers where professional support is required;
  • Debt recovery partners in relation to unpaid accounts;
  • Insurance providers and claims handlers where incidents or losses must be addressed;
  • Regulators, courts, and law enforcement where disclosure is legally required.

5.2 Processors

Where a third party processes personal data on our behalf, that party acts as a processor. We require processors to:

  • act only on our documented instructions;
  • keep personal data confidential;
  • implement appropriate technical and organisational security measures;
  • assist us with data subject rights requests where relevant;
  • delete or return personal data at the end of the service, unless retention is required by law.

If personal data is transferred outside the UK, we will ensure appropriate safeguards are in place, such as approved transfer mechanisms and contractual protections.

6. Data retention

We keep personal data only for as long as necessary for the purposes for which it was collected, including to meet legal, accounting, tax, insurance, and dispute-resolution requirements. Retention periods may vary depending on the type of data and the circumstances of collection.

  • Contract and account records are retained for the duration of the agreement and for a reasonable period afterwards;
  • Payment and accounting records are kept for the period required by tax and financial regulations;
  • Security and access records are retained only as long as necessary for site safety, incident investigation, or legal purposes;
  • CCTV footage is kept for a limited period unless needed for an investigation or legal claim;
  • Complaints, claims, and legal correspondence are kept until the matter is resolved and for any additional period required by law.

When personal data is no longer required, we will delete it securely, anonymise it, or otherwise ensure it is no longer identifiable.

7. Your rights

Subject to legal restrictions and exemptions, you have the following rights under data protection law:

  • Right of access to obtain a copy of your personal data;
  • Right to rectification to correct inaccurate or incomplete data;
  • Right to erasure in certain circumstances;
  • Right to restriction of processing in certain cases;
  • Right to object to processing based on legitimate interests;
  • Right to data portability where the legal conditions are met;
  • Right to withdraw consent where processing is based on consent;
  • Right to complain to the relevant data protection authority if you believe your rights have been infringed.

To protect your privacy, we may need to verify your identity before responding to your request. We aim to respond within the time limits required by law.

8. Security of your data

We take appropriate measures to protect personal data against unauthorised access, accidental loss, misuse, alteration, or disclosure. These measures may include access restrictions, encryption, staff training, secure storage, and monitoring of security systems. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

9. Children’s data

Our services are intended for adult customers and business users. We do not knowingly collect personal data from children unless it is necessary in connection with a lawful service arrangement and appropriate consent or authority has been provided where required.

10. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in law, technology, or our business operations. Any updated version will apply from the date it takes effect. We encourage customers to review this policy periodically so they remain informed about how we handle personal data.

By using Tooting Storage services, you acknowledge that your personal data will be handled in accordance with this Privacy Policy and applicable data protection law.

Call Now!
Call Now Get a Quote
Tooting Storage

GDPR-compliant privacy policy for Tooting Storage covering data collection, lawful basis, retention, processors, and user rights for all local customers.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.