Privacy Policy - Wembley Storage

This Privacy Policy explains how Wembley Storage collects, uses, stores, shares, and protects personal data. It applies to all Wembley Storage customers in the area, including prospective customers, current customers, former customers, visitors who make enquiries, and any individual whose personal data is processed in connection with storage services. Wembley Storage is committed to handling personal data in a lawful, fair, and transparent manner in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

Wembley Storage provides storage-related services and related customer support. In order to deliver these services, we may collect and process personal data about individuals who interact with us. This Policy describes the types of information we process, why we process it, how long we keep it, who we share it with, and the rights available to individuals under data protection law.

2. Personal Data We Collect

We only collect data that is relevant and necessary for operating our services, managing customer accounts, meeting legal obligations, and improving our business operations. The categories of information we may collect include:

  • Identity details, such as full name and title;
  • Contact information, such as postal address, email address, and telephone number;
  • Account and transaction information, such as billing records, payment status, invoices, and service history;
  • Identification data, where needed for security, fraud prevention, or legal compliance;
  • Service usage data, such as unit allocation, access logs, and correspondence relating to the storage service;
  • Technical data, such as device information, browser type, and basic log data where systems record it;
  • Communication data, including enquiries, complaints, feedback, and support interactions;
  • Security and incident data, such as CCTV-related records, access records, or reports of damage, theft, or safety issues where applicable.

We do not seek to collect special category personal data unless there is a clear legal basis for doing so and it is necessary for a specific purpose. If such data is provided to us, we will treat it with additional care and only process it where permitted by law.

3. How We Use Personal Data

We use personal data for the following purposes:

  • To register and manage customer accounts;
  • To provide storage services and manage access to units or premises;
  • To process payments, refunds, deposits, and invoices;
  • To communicate with customers about bookings, service changes, reminders, or account matters;
  • To verify identity and help prevent fraud or misuse;
  • To maintain security, safeguard property, and investigate incidents;
  • To comply with legal, tax, accounting, and regulatory obligations;
  • To respond to enquiries, complaints, and requests;
  • To improve services, internal processes, and customer experience;
  • To establish, exercise, or defend legal claims.

We will not use personal data for purposes that are incompatible with the reasons it was collected, unless we have a valid lawful basis and have informed individuals where required.

4. Lawful Basis for Processing

We process personal data only where the law allows us to do so. Depending on the context, our lawful bases for processing include:

Contract

We process personal data where it is necessary to enter into or perform a contract with a customer. This includes setting up accounts, managing storage units, taking payments, and providing the agreed services.

Legal Obligation

We may process personal data to comply with legal requirements, including tax, accounting, business recordkeeping, fraud prevention, safety, and other statutory duties.

Legitimate Interests

We may process personal data where it is necessary for our legitimate interests or those of a third party, provided our interests are not overridden by the interests or fundamental rights of the individual. This may include service improvement, security monitoring, internal administration, and protecting against misuse or unlawful activity.

Consent

In limited situations, we may rely on consent, for example for certain optional communications or specific processing activities. Where consent is used, individuals may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

Vital Interests and Legal Claims

In exceptional cases, we may process personal data to protect someone’s vital interests or to establish, exercise, or defend legal claims.

5. Data Sharing and Processors

We may share personal data with carefully selected third parties that help us run our services. These parties act as processors when they process personal data on our instructions, or as independent controllers where they determine their own purposes. We require appropriate contractual protections and expect them to handle data securely and lawfully.

Examples of processors and other recipients may include:

  • Payment service providers for handling card and electronic payments;
  • IT and cloud service providers for hosting, storage, email, and systems support;
  • Security service providers where monitoring, alarm, or access systems are used;
  • Professional advisers such as accountants, auditors, insurers, and legal advisers;
  • Maintenance and facilities contractors where access is necessary for repairs or operational support;
  • Regulatory, law enforcement, or public authorities where disclosure is required by law or necessary to protect rights, property, or safety.

Where personal data is transferred to a third party, we take steps to ensure that appropriate safeguards are in place. We do not sell personal data.

6. Data Retention

We keep personal data only for as long as necessary for the purposes for which it was collected, including to meet legal, accounting, tax, and reporting requirements. Retention periods depend on the type of data, the purpose of processing, and any statutory obligations that apply.

In general:

  • Customer account and contract records are kept for the duration of the relationship and for a reasonable period afterwards;
  • Financial and transaction records are retained for the period required by law and accounting rules;
  • Security records are retained only for as long as necessary for safety, incident handling, or investigation;
  • Enquiry and correspondence records are kept while needed to respond to the matter and for internal recordkeeping;
  • Legal claim-related records may be retained until the relevant limitation period expires or longer if necessary.

When personal data is no longer required, we will delete it securely or anonymise it so that it can no longer identify an individual. Retention decisions are reviewed periodically to ensure data is not kept longer than necessary.

7. Data Security

We use appropriate technical and organisational measures to protect personal data against accidental loss, unauthorised access, alteration, disclosure, or destruction. These measures may include access controls, secure systems, restricted permissions, staff training, and monitoring of systems where appropriate. While no system can be guaranteed completely secure, we work to maintain a level of protection appropriate to the risks involved.

8. International Transfers

If personal data is transferred outside the UK, we will ensure that suitable safeguards are in place to protect it, such as an adequacy regulation or approved contractual protections. Where required, additional risk assessments and controls may be applied.

9. Your Rights

Individuals have rights in relation to their personal data. Depending on the circumstances, these rights may include:

  • The right of access to request a copy of the personal data we hold;
  • The right to rectification to correct inaccurate or incomplete data;
  • The right to erasure in certain cases, also known as the right to be forgotten;
  • The right to restrict processing in certain situations;
  • The right to object to processing based on legitimate interests or direct marketing;
  • The right to data portability where processing is based on consent or contract and carried out by automated means;
  • The right to withdraw consent where processing relies on consent;
  • The right to complain to the relevant data protection supervisory authority if you believe your data has been mishandled.

Some rights may not apply in all situations, as data protection law includes exemptions and limitations. We will assess each request carefully and respond in accordance with applicable law.

10. How We Respond to Rights Requests

Where an individual exercises a data protection right, we may need to verify identity before responding. We aim to respond within the statutory timeframe and will keep the individual informed if more time is required. Requests may be refused or limited where the law allows, for example if disclosure would adversely affect the rights of others or if retention is required for legal reasons.

11. Children

Our services are not directed at children. We do not knowingly collect personal data from children unless it is necessary for a lawful service arrangement or another permitted reason. If we become aware that we have collected data from a child without a valid legal basis, we will take appropriate steps to delete or restrict it.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, our operations, or the way we process data. Any updated version will apply from the date it is published or otherwise communicated. We encourage individuals to review this Policy periodically so they remain informed about how we handle personal data.

13. Summary of Our Commitment

Wembley Storage is committed to handling personal data responsibly, securely, and transparently. We collect only what is needed, use it for clear and lawful purposes, keep it only as long as necessary, and work with processors who meet appropriate data protection standards. We also respect the rights of individuals and will act on valid requests in accordance with GDPR requirements.

This Privacy Policy applies to all Wembley Storage customers in the area.

Call Now!
Call Now Get a Quote
Wembley Storage

GDPR-compliant Privacy Policy for Wembley Storage covering data collection, lawful basis, retention, processors, and user rights for all local customers.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.