Privacy Policy - Elephantandcastle Storage

Effective date: This Privacy Policy applies to all Elephantandcastle Storage customers in the area and explains how we collect, use, store, share, and protect personal data in accordance with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Elephantandcastle Storage is committed to handling personal data fairly, lawfully, and transparently. We only collect information that is necessary for running our storage services, managing customer accounts, meeting legal obligations, and improving our operations. This policy applies to customers, prospective customers, authorised users, and other individuals whose personal data we process in connection with our services.

1. Personal Data We Collect

We collect personal data directly from you, automatically through your use of our services, and from third parties where permitted by law. The categories of data we may process include:

  • Identity data: name, date of birth, and identification details where needed for verification.
  • Contact data: address, email address, and telephone number.
  • Account and contract data: customer reference numbers, booking details, tenancy or storage agreement information, payment status, and service preferences.
  • Financial data: payment card details, bank account information, billing records, and transaction history, where applicable.
  • Security data: CCTV footage, access logs, vehicle registration details, visitor records, alarm or incident reports, and other security-related information.
  • Communication data: correspondence, complaints, queries, feedback, and notes relating to customer support.
  • Technical data: device information, IP address, browser type, and usage data if you interact with digital systems we use to manage our services.
  • Special category data: in most cases we do not intentionally collect this type of data. If it is provided to us, we will only process it where lawful and necessary, and with appropriate safeguards.

We do not collect more data than is necessary for the purposes described in this policy. Where possible, we encourage customers to provide only accurate and up-to-date information.

2. How We Use Personal Data

We use personal data for the following purposes:

  • to create and manage customer accounts;
  • to provide storage services and maintain our contractual relationship with customers;
  • to verify identity and prevent fraud or misuse;
  • to process payments, deposits, refunds, and invoices;
  • to manage site access, security, and incident response;
  • to communicate service information, reminders, and operational updates;
  • to handle complaints, disputes, and customer enquiries;
  • to comply with legal, regulatory, accounting, and insurance requirements;
  • to maintain records, improve service quality, and support internal business administration;
  • to protect our rights, property, staff, customers, and premises.

We may also use aggregated or anonymised data for reporting and operational analysis. This information does not identify you personally and is not subject to the same data protection obligations once properly anonymised.

3. Lawful Basis for Processing

Under data protection law, we must have a lawful basis for each processing activity. Elephantandcastle Storage relies on the following lawful bases:

Contract

We process personal data where it is necessary to enter into or perform a contract with you, including managing bookings, providing access to storage, billing, and account administration.

Legal obligation

We process certain data to comply with legal obligations, such as accounting, tax, record-keeping, safety, fraud prevention, and lawful requests from authorities.

Legitimate interests

We may process data where it is necessary for our legitimate business interests, provided these interests are not overridden by your rights and freedoms. These interests include security monitoring, protecting property, preventing crime, managing customer relations, service improvement, and maintaining internal records. Where we rely on legitimate interests, we assess the impact on your privacy and use appropriate safeguards.

Consent

In limited cases, we rely on your consent, for example where required for optional communications or certain uses of information. Where consent is used, you may withdraw it at any time, without affecting the lawfulness of processing carried out before withdrawal.

Vital interests and public task

These bases are unlikely to apply in ordinary circumstances, but may be used if necessary in exceptional situations involving health or safety, or where required by law.

4. Retention of Personal Data

We keep personal data only for as long as necessary to fulfil the purposes for which it was collected, including satisfying legal, accounting, and operational requirements. Retention periods depend on the type of information and the reason we hold it.

  • Customer account and contract records: retained for the duration of the service relationship and for a reasonable period after closure to manage disputes, legal claims, and administrative matters.
  • Payment and accounting records: retained in line with tax and financial record-keeping obligations.
  • Security records, such as CCTV and access logs: retained only for as long as needed for safety, incident investigation, fraud prevention, or legal purposes.
  • Complaints and correspondence: retained for the period necessary to resolve issues and evidence how we handled them.
  • Marketing preferences or consent records: retained until you withdraw consent or object, or until the data is no longer required.

When personal data is no longer needed, we will delete it securely or anonymise it so that it can no longer identify you. In some cases, we may retain data for longer if required by law or to establish, exercise, or defend legal claims.

5. Processors and Data Sharing

We may share personal data with trusted third parties who act as data processors on our behalf. These processors only handle personal data under our instructions and are required to protect it appropriately. Examples may include:

  • IT and system providers: for secure hosting, maintenance, and data storage.
  • Payment service providers: to process transactions and prevent payment fraud.
  • Security service providers: to support premises monitoring, alarm response, or CCTV systems.
  • Customer service and administrative providers: for operational support, document management, and communications.
  • Professional advisers: such as accountants, insurers, auditors, or legal advisers where necessary.

We may also disclose data to public authorities, courts, law enforcement, or regulatory bodies when required by law or when necessary to protect our legal rights.

Where data is shared with processors or other third parties, we take reasonable steps to ensure that appropriate contractual, technical, and organisational safeguards are in place. We do not sell personal data.

6. International Transfers

If any personal data is transferred outside the UK or the European Economic Area, we will only do so where permitted by law and where appropriate safeguards are in place. These safeguards may include adequacy regulations, standard contractual clauses, or equivalent legal mechanisms designed to protect your information.

7. Your Rights

Under data protection law, you have several rights in relation to your personal data. These rights may be subject to legal exceptions or limitations.

  • Right of access: you can request confirmation of whether we process your personal data and obtain a copy of that data.
  • Right to rectification: you can ask us to correct inaccurate or incomplete information.
  • Right to erasure: in certain circumstances, you can request deletion of your data.
  • Right to restrict processing: you can ask us to limit how we use your data in some situations.
  • Right to data portability: where applicable, you can request that we provide your data in a structured, commonly used format.
  • Right to object: you can object to processing based on legitimate interests or direct marketing.
  • Right to withdraw consent: where processing is based on consent, you can withdraw it at any time.

If you wish to exercise any of these rights, we may need to verify your identity before responding. We aim to respond within the time limits set by law.

You also have the right to lodge a complaint with the relevant supervisory authority if you believe your data protection rights have been infringed.

8. Data Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure. These measures may include access controls, staff training, secure storage, monitoring, and restricted permissions. While no system can be guaranteed to be completely secure, we work to reduce risk and respond promptly to any suspected incident.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in law, operational practice, or our services. Where appropriate, we will revise the policy so that it remains accurate and transparent. We encourage customers to review it periodically to stay informed about how personal data is handled.

10. Summary of Our Commitment

Elephantandcastle Storage is committed to respecting privacy, limiting data collection to what is necessary, using data only for clear and lawful purposes, and retaining it only as long as required. We rely on documented lawful bases, use vetted processors, and support the rights of all customers in the area. Our approach is designed to keep personal data secure, relevant, and properly managed at every stage of the customer relationship.

Call Now!
Call Now Get a Quote
Elephantandcastle Storage

GDPR-compliant privacy policy for Elephantandcastle Storage covering data collection, lawful basis, retention, processors, and user rights.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.