Privacy Policy - Stepney Storage

This Privacy Policy explains how Stepney Storage collects, uses, stores, shares, and protects personal data. It applies to all Stepney Storage customers in the area, including prospective customers, current customers, former customers, and any other individuals whose personal data we process in connection with our storage services. We are committed to handling personal data in a lawful, fair, and transparent manner in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Stepney Storage respects your privacy and recognises the importance of keeping your personal information secure. This policy should be read carefully so you understand what data we collect, why we collect it, how long we keep it, and the rights you may exercise over your information.

1. Data Collection

We collect personal data directly from you, from third parties where appropriate, and automatically when you use our services or interact with our systems. The type of information we collect depends on the service you request and the way you interact with us.

Information you provide

  • Identity details such as your name, title, and date of birth where needed for verification.
  • Contact details such as postal address, email address, and telephone number.
  • Account and booking information including storage unit details, move-in and move-out dates, payment arrangements, and customer records.
  • Verification information such as proof of identity or address where required for fraud prevention, security, or regulatory compliance.
  • Payment information such as billing details and transaction records. We do not store more payment information than is necessary for processing and administration.
  • Communications including enquiries, complaints, feedback, and any correspondence you send to us.

Information we collect automatically

  • Technical data such as IP address, browser type, device information, and usage patterns when you interact with our digital systems.
  • Security records such as access logs, CCTV footage, and site entry records where applicable for safety and loss prevention.

Information from third parties

We may receive personal data from payment providers, identity verification services, fraud-prevention providers, legal advisers, insurers, or public authorities where lawful and appropriate. We may also receive information from someone acting on your behalf, such as an authorised representative.

2. How We Use Your Data

We use personal data only where we have a valid lawful basis and only for clearly defined purposes. These purposes include:

  • Providing and managing storage services.
  • Creating and maintaining customer records.
  • Processing payments and administering invoices or refunds.
  • Verifying identity and preventing fraud.
  • Maintaining security, including site access control and incident investigation.
  • Responding to enquiries, requests, disputes, and complaints.
  • Meeting legal, tax, accounting, and regulatory obligations.
  • Improving our services, systems, and customer experience.
  • Defending legal claims, enforcing agreements, or protecting our rights and property.

We do not use your personal data for purposes that are incompatible with the reasons for which it was collected unless we have a lawful basis to do so and you have been informed where required.

3. Lawful Basis for Processing

Under data protection law, we must identify a lawful basis for every use of personal data. Stepney Storage relies on the following bases:

Performance of a contract

We process personal data to enter into and perform our storage agreement with you. This includes setting up your account, providing access to storage services, managing bookings, and handling payments.

Legal obligation

We process personal data where needed to comply with legal duties, including tax recordkeeping, financial compliance, security obligations, and responses to lawful requests from authorities.

Legitimate interests

We process data where it is necessary for our legitimate business interests, provided your interests and rights do not override those interests. This may include fraud prevention, site security, service administration, customer support, internal auditing, and protecting against misuse of our services.

Consent

In limited situations, we may rely on your consent, for example where it is appropriate for optional communications or certain uses not covered by another lawful basis. Where processing is based on consent, you may withdraw it at any time, without affecting the lawfulness of processing carried out before withdrawal.

Vital interests and public task

These bases are unlikely to apply in ordinary storage services, but we may rely on them if necessary to protect someone’s vital interests or to comply with a public task under applicable law.

4. Data Retention

We keep personal data only for as long as necessary for the purposes for which it was collected, including to satisfy legal, accounting, dispute-resolution, and security requirements. Retention periods vary depending on the type of data and the reason it is held.

  • Customer account and contract records are generally kept for the duration of the relationship and for a reasonable period afterwards.
  • Financial records are retained for the period required by tax and accounting laws.
  • Security records such as access logs or CCTV footage are retained for a limited period unless needed for investigation, incident handling, or legal proceedings.
  • Correspondence and complaints may be retained while the matter is ongoing and for a further period to evidence resolution or defence of claims.

When personal data is no longer required, we will delete it securely or anonymise it so that it can no longer identify you. In some cases, we may retain limited data after account closure where required by law or where we have a legitimate reason to do so.

5. Processors and Data Sharing

We may share personal data with trusted third parties who act as processors or independent controllers, where necessary for the operation of our services or where required by law. These organisations may include:

  • Payment processors who handle card or electronic payments.
  • IT and cloud service providers who support our business systems, data storage, and security.
  • Identity verification and fraud-prevention providers who help protect customers and our business.
  • Accounting, audit, and professional advisers who support financial and legal compliance.
  • Insurers, law enforcement, courts, and public authorities where disclosure is required or permitted by law.

Where a third party acts as a processor, we require them to process personal data only on our instructions, to use appropriate security measures, and to keep information confidential. We do not sell your personal data.

If data is transferred outside the UK, we will ensure appropriate safeguards are in place, such as adequacy regulations, standard contractual clauses, or other lawful transfer mechanisms, so that your data continues to receive a high level of protection.

6. Your Rights

You have a number of rights in relation to your personal data. These rights are subject to legal conditions and exceptions, and they may not always apply in every situation.

  • Right of access – you may request confirmation of whether we process your personal data and receive a copy of it.
  • Right to rectification – you may ask us to correct inaccurate or incomplete information.
  • Right to erasure – you may request deletion of your data in certain circumstances.
  • Right to restrict processing – you may ask us to limit how we use your data in certain cases.
  • Right to object – you may object to processing based on legitimate interests or direct marketing where applicable.
  • Right to data portability – you may request certain data in a structured, commonly used, machine-readable format where the law allows.
  • Right to withdraw consent – where we rely on consent, you may withdraw it at any time.

You also have the right to lodge a complaint with the UK Information Commissioner’s Office if you believe your data protection rights have been infringed. We encourage you to raise concerns with us first so we can try to resolve them promptly and fairly.

7. Security of Your Data

We use appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, alteration, or disclosure. These measures may include access controls, encryption where appropriate, secure storage, staff confidentiality obligations, and regular review of security practices. However, no system can be guaranteed to be completely secure, and you should also take care to protect any information you share with us.

8. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, our services, or our data-handling practices. Any updated version will apply from the date it takes effect. We encourage you to review this policy periodically so you remain informed about how we process personal data.

Stepney Storage is committed to respecting privacy, safeguarding information, and ensuring that personal data is processed responsibly, transparently, and in line with data protection law.

Call Now!
Call Now Get a Quote
Stepney Storage

GDPR-compliant privacy policy for Stepney Storage covering data use, lawful basis, retention, processors, rights, and scope for all local customers.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.