Privacy Policy - Osterley Storage

Osterley Storage is committed to protecting the privacy and personal data of its customers. This Privacy Policy explains how we collect, use, store, share, and protect personal data in connection with our storage services. It applies to all Osterley Storage customers in the area, including individuals, households, businesses, and anyone who enquires about or uses our services.

This policy is intended to comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. It sets out what data we collect, the lawful basis for processing, how long we keep it, who may process it on our behalf, and the rights available to you.

1. Data We Collect

We collect personal data that is necessary to provide storage services, manage customer accounts, and operate our business. The exact information collected depends on the nature of your relationship with us and the services you use.

Information you provide directly

  • Identity details, such as your name and title.
  • Contact details, such as address, telephone number, and email address.
  • Account and contract information, including booking details, storage unit selection, billing preferences, and payment status.
  • Verification information, where needed to confirm identity or prevent fraud.
  • Correspondence, such as emails, letters, service requests, complaints, and feedback.
  • Payment-related information, such as transaction records and billing history. We do not store full card details unless necessary and lawfully permitted through secure payment systems.

Information collected automatically

  • Usage data, such as service interactions, access times, and administrative records.
  • Technical information, such as device type, browser type, IP address, and system logs where relevant for security and operational purposes.
  • Security information, such as CCTV or access control records, where used to protect premises, people, and property.

We do not intentionally collect special category data unless it is necessary and you have chosen to provide it, or we are legally required to handle it. If we do so, we will apply additional safeguards required by law.

2. How We Use Personal Data

We use personal data only where permitted by law and only for clear business purposes related to our services. These include:

  • setting up and managing storage agreements;
  • processing payments, invoices, and account administration;
  • communicating with customers about services, changes, or issues;
  • protecting our premises, staff, customers, and stored items;
  • carrying out identity checks and fraud prevention;
  • meeting legal, regulatory, tax, accounting, and insurance obligations;
  • handling complaints, claims, and dispute resolution;
  • improving our operations, systems, and customer experience.

We will always aim to ensure that any processing is fair, lawful, and transparent.

3. Lawful Basis for Processing

Under UK GDPR, we must have a lawful basis to process personal data. Depending on the context, we rely on one or more of the following bases:

Contract

We process personal data when it is necessary to enter into or perform a contract with you. This includes managing your storage unit, handling payments, and providing customer service relating to the agreement.

Legal obligation

We process some data because the law requires it, including records needed for tax, accounting, safeguarding, security, or compliance with other statutory obligations.

Legitimate interests

We may process data where it is necessary for our legitimate interests, provided those interests are not overridden by your rights and freedoms. This may include operating and securing our facilities, preventing fraud, maintaining service quality, and managing business administration.

Consent

Where required, we will rely on your consent, for example in relation to certain optional marketing activities or specific data uses. If we rely on consent, you may withdraw it at any time.

4. Sharing and Processors

We may share personal data with trusted third parties who help us deliver our services. These parties act as processors or, in some cases, independent controllers. We only share data where necessary and with appropriate safeguards.

Processors may include:

  • IT and hosting providers that support secure storage of business records and systems;
  • payment service providers that process transactions securely;
  • accounting and bookkeeping providers that support financial administration;
  • security service providers that assist with site protection, monitoring, and access control;
  • customer management software providers used for booking, administration, or communications;
  • professional advisers, such as lawyers, insurers, auditors, and consultants, where necessary;
  • public authorities or law enforcement, where required by law or to protect rights and safety.

All processors are required to act only on our instructions, keep data secure, and comply with applicable data protection obligations. Where a third party is an independent controller, they are responsible for their own privacy practices.

5. International Transfers

In most cases, we aim to keep personal data within the UK or jurisdictions with adequate protection. If data is transferred outside the UK, we will ensure appropriate safeguards are in place, such as adequacy regulations, standard contractual clauses, or equivalent legal mechanisms.

6. Data Retention

We keep personal data only for as long as necessary for the purposes for which it was collected, including any legal, accounting, or reporting obligations. Retention periods depend on the type of data and the reason we hold it.

  • Customer contract and account records are generally retained for the duration of the agreement and for a reasonable period afterwards.
  • Financial and tax records are retained for the period required by law.
  • Security records, such as access logs or CCTV where applicable, are retained only as long as necessary for security and incident management.
  • Enquiry records may be kept for a limited time if no contract is entered into, in order to manage follow-up, record keeping, or legal claims.

When data is no longer needed, we will securely delete, anonymise, or destroy it.

7. Your Rights

As a data subject, you have rights under UK GDPR in relation to your personal data. These rights may be limited in some circumstances, but we will always respond appropriately and lawfully.

Your rights include:

  • Right of access - to request a copy of the personal data we hold about you.
  • Right to rectification - to request correction of inaccurate or incomplete data.
  • Right to erasure - to request deletion of your data in certain circumstances.
  • Right to restriction - to request that we limit how we use your data in certain situations.
  • Right to data portability - to receive certain data in a structured, commonly used format where applicable.
  • Right to object - to object to processing based on legitimate interests or to direct marketing.
  • Right to withdraw consent - where processing is based on consent, you may withdraw it at any time.

You also have the right to raise concerns with the Information Commissioner's Office (ICO) if you believe your data protection rights have been infringed. We encourage you to contact us first so we can try to resolve any issue promptly.

8. Data Security

We take appropriate technical and organisational measures to protect personal data from loss, misuse, unauthorised access, disclosure, alteration, or destruction. These measures may include access restrictions, secure systems, staff training, confidentiality controls, and regular review of our data handling practices. While no system can be guaranteed to be completely secure, we work to maintain a high standard of protection.

9. Children

Our storage services are generally intended for adults and business users. We do not knowingly collect personal data from children unless it is necessary in connection with a customer arrangement and lawfully obtained.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, our services, or our data practices. Any revised version will apply from the date it is made available. We encourage customers to review the policy periodically to stay informed.

11. Summary of Our Commitment

We only collect personal data that is relevant, necessary, and handled responsibly. We use it for legitimate business and legal purposes, keep it secure, retain it for no longer than needed, and respect your rights under data protection law. Osterley Storage is committed to processing personal data in a way that is lawful, transparent, and proportionate for all customers in the area.

Call Now!
Call Now Get a Quote
Osterley Storage

GDPR-compliant Privacy Policy for Osterley Storage covering data collection, lawful basis, retention, processors, and user rights for all local customers.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.