Privacy Policy - Newaddington Storage

This Privacy Policy explains how Newaddington Storage collects, uses, stores, shares, and protects personal data. It applies to all Newaddington Storage customers in the area, including prospective customers, active customers, former customers, visitors, and any person who contacts us or uses our services on behalf of a business or household.

1. Who We Are

Newaddington Storage provides storage services and related customer support. For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, Newaddington Storage acts as the data controller for the personal data described in this policy. This means we decide how and why your personal data is processed.

2. Personal Data We Collect

We collect only the data that is necessary for our legitimate business operations and legal obligations. The types of personal data we may collect include:

  • Identity information such as your name, date of birth, and title.
  • Contact details such as your postal address, email address, and telephone number.
  • Account and contract information such as rental details, unit numbers, billing records, payment status, and service history.
  • Financial information such as payment card details or bank account details, where needed to process payments. In many cases, payment data is handled by secure payment processors rather than stored directly by us.
  • Identification and verification data such as copies of identity documents, proof of address, or business registration details, where required for identity checks, fraud prevention, or compliance.
  • Security information such as CCTV images, access logs, key codes, and incident reports.
  • Communication records such as emails, letters, call notes, complaints, and service enquiries.

We may also collect limited technical data when you interact with our systems, such as device information or log data, if relevant to security, performance, or misuse prevention.

3. How We Use Your Data

We use personal data for the following purposes:

  • To set up and manage your storage account.
  • To provide access to storage facilities and related services.
  • To verify identity and prevent fraud.
  • To process payments, refunds, and account administration.
  • To communicate about contracts, invoices, service updates, and important notices.
  • To protect our facilities, staff, customers, and property.
  • To investigate incidents, disputes, or unauthorised activity.
  • To comply with legal, regulatory, tax, and accounting obligations.
  • To improve our services, systems, and security measures.

We will not use your personal data in ways that are incompatible with the purposes stated in this policy unless we have a lawful basis to do so.

4. Lawful Basis for Processing

Under data protection law, we must have a lawful basis for each type of processing. Newaddington Storage relies on the following lawful bases:

  • Contract – where processing is necessary to enter into or perform our storage agreement with you, including account management, billing, and service delivery.
  • Legal obligation – where we must process data to comply with laws relating to taxation, accounting, fraud prevention, or regulatory requirements.
  • Legitimate interests – where processing is necessary for our legitimate business interests, such as site security, prevention of misuse, managing customer communications, and protecting our legal rights, provided your interests and fundamental rights do not override those interests.
  • Consent – where we rely on your consent for a specific activity. If we do, you may withdraw consent at any time, and this will not affect the lawfulness of processing before withdrawal.

Where we process sensitive or special category data, we will only do so if a specific legal condition applies and additional safeguards are in place.

5. Sharing Your Data and Processors

We may share your personal data with trusted third parties who support our operations. These parties act either as independent controllers or as processors processing data on our behalf under contract. Processors may include:

  • Payment processors who handle card or bank transactions securely.
  • IT and cloud service providers who support our systems, data storage, and communications.
  • Security providers who assist with CCTV, alarm systems, and access control.
  • Professional advisers such as accountants, auditors, insurers, and legal advisers.
  • Maintenance and operational contractors who may access limited data when providing services to our premises or systems.
  • Public authorities where disclosure is required by law or necessary to respond to lawful requests.

All processors are required to protect your data, use it only for authorised purposes, and implement appropriate technical and organisational security measures. We do not sell your personal data.

6. International Transfers

If any processor or service provider stores or accesses your data outside the United Kingdom, we will ensure that appropriate safeguards are in place, such as adequacy regulations, standard contractual clauses, or equivalent legal protections. We will take reasonable steps to ensure that your data remains protected to a standard consistent with UK data protection law.

7. Data Retention

We keep personal data only for as long as necessary for the purposes for which it was collected, including legal, accounting, tax, and dispute-resolution requirements. Retention periods may vary depending on the type of data and the reason for holding it.

  • Contract and account records are generally retained for the duration of the customer relationship and for a reasonable period afterwards.
  • Financial and tax records are retained for the period required by law.
  • Security records such as CCTV footage and access logs are kept only as long as needed for safety, incident investigation, or legal purposes.
  • Enquiry and communication records are retained for customer service, audit, and dispute handling purposes.

When data is no longer required, we will securely delete, anonymise, or destroy it. We may retain certain records where needed to establish, exercise, or defend legal claims.

8. Security of Your Data

We take the security of your personal data seriously. We use appropriate technical and organisational measures designed to protect data against unauthorised access, loss, alteration, disclosure, or destruction. These measures may include access controls, password protection, encryption where appropriate, staff training, secure storage, and monitoring of systems and premises. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

9. Your Rights

Under data protection law, you have rights in relation to your personal data. These rights may apply depending on the circumstances and any legal exemptions. Your rights include:

  • Right of access – you may request a copy of the personal data we hold about you.
  • Right to rectification – you may ask us to correct inaccurate or incomplete data.
  • Right to erasure – in some cases, you may request deletion of your personal data.
  • Right to restriction – you may ask us to limit how we use your data in certain situations.
  • Right to object – you may object to processing based on legitimate interests or direct marketing.
  • Right to data portability – you may request that certain data be provided to you or another controller in a structured format, where applicable.
  • Right to withdraw consent – where we rely on consent, you may withdraw it at any time.

If you wish to exercise any of these rights, we will respond in accordance with legal requirements. We may need to verify your identity before acting on your request.

10. Automated Decision-Making

We do not generally make decisions about you solely by automated means that have legal or similarly significant effects. If this changes, we will inform you and explain the logic involved, as well as your rights in relation to such processing.

11. Children’s Data

Our storage services are not intended for children. We do not knowingly collect personal data from children except where a parent, guardian, or authorised adult provides it in connection with an account or service. If we become aware that we have collected such data without appropriate authority, we will take reasonable steps to delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. The updated version will apply from the date it is published or otherwise communicated. We encourage you to review it periodically so you remain informed about how we protect your personal data.

13. Complaints

If you have concerns about how we handle your personal data, we encourage you to raise them with us first so we can address them promptly. You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) if you believe your data protection rights have been infringed.

Summary of Our Commitments

Newaddington Storage is committed to handling personal data lawfully, fairly, and transparently. We collect only what we need, use it for clear and legitimate purposes, share it only with trusted processors and required authorities, retain it for no longer than necessary, and respect your rights under data protection law. We aim to keep your information safe, limited, and properly managed at all times.

Call Now!
Call Now Get a Quote
Newaddington Storage

GDPR-compliant Privacy Policy for Newaddington Storage covering data collection, lawful basis, retention, processors, and user rights for all local customers.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.