Privacy Policy - Enfield Storage

This Privacy Policy explains how Enfield Storage collects, uses, stores, shares, and protects personal data relating to customers, prospective customers, and other individuals whose information we process in connection with our services. It applies to all Enfield Storage customers in the area and to anyone who interacts with us in relation to storage, billing, account management, access control, security, or related administrative services.

We are committed to handling personal data in a lawful, fair, and transparent manner in line with the UK GDPR and the Data Protection Act 2018. This policy should be read carefully so that you understand what information we collect, why we process it, how long we keep it, and what rights you have over it.

1. Information We Collect

We may collect and process the following categories of personal data:

  • Identity data such as name, date of birth, title, and identification details.
  • Contact data such as address, email address, telephone number, and emergency contact details where provided.
  • Account and contractual data such as booking details, unit number, rental terms, payment status, invoices, and communication records.
  • Financial data such as bank account details, card payment information, billing records, and transaction history.
  • Security and access data such as CCTV images, entry logs, gate access records, alarm records, and incident reports.
  • Correspondence data such as emails, complaints, service requests, and any information you share with us during support or account management.
  • Technical data where applicable, including device information, IP address, and usage data from digital systems used to manage services.

We generally collect this information directly from you when you complete an application, sign a contract, make a payment, contact us, visit a site, or otherwise interact with our services. We may also receive information from third parties such as payment processors, credit reference agencies, identity verification providers, insurers, or legal and regulatory bodies where necessary and lawful.

2. How We Use Personal Data

We use personal data only where we have a lawful basis to do so. Typical purposes include:

  • setting up and managing customer accounts;
  • providing storage services and allowing access to rented units;
  • processing payments, deposits, refunds, and outstanding balances;
  • verifying identity, preventing fraud, and protecting security;
  • maintaining records for contractual, administrative, and audit purposes;
  • responding to enquiries, complaints, and service requests;
  • meeting legal and regulatory obligations;
  • protecting property, staff, customers, and visitors through security measures;
  • handling disputes, insurance claims, or legal proceedings where required.

We do not use personal data for purposes that are incompatible with the reasons for which it was collected unless we have a valid legal basis and have taken appropriate steps to inform you.

3. Lawful Basis for Processing

Under data protection law, we rely on the following lawful bases:

Contract

We process personal data where it is necessary to enter into or perform a contract with you. This includes account creation, service delivery, billing, access control, and account administration.

Legal obligation

We may process data to comply with legal requirements such as tax, accounting, fraud prevention, and lawful requests from authorities.

Legitimate interests

We may process information where it is necessary for our legitimate interests and those interests are not overridden by your rights and freedoms. This may include site security, CCTV monitoring, incident investigation, internal administration, service improvement, and protection against misuse or loss.

Consent

Where required, we will ask for your consent before processing your information. For example, this may apply to optional marketing communications or certain non-essential uses. You may withdraw consent at any time where processing is based on consent.

Vital interests and public tasks

In rare situations, we may process information where it is necessary to protect someone’s vital interests or where required for a public task carried out under law.

4. Sharing Your Data and Processors

We may share personal data with trusted third parties who act as processors or independent controllers depending on the service provided. Processors are only permitted to process data on our instructions and must apply appropriate security measures.

Examples of processors and recipients may include:

  • Payment service providers who handle card or bank payments;
  • IT and cloud service providers who support our systems, storage, and secure backups;
  • Security providers who assist with CCTV, alarms, monitoring, and access systems;
  • Identity verification and fraud prevention providers where checks are necessary;
  • Professional advisers such as accountants, auditors, insurers, and legal advisers;
  • Public authorities where disclosure is required by law or in connection with legal proceedings.

We do not sell personal data. Where data is shared, it is limited to what is necessary and subject to appropriate confidentiality and security arrangements. If personal data is transferred outside the UK, we will ensure appropriate safeguards are in place, such as adequacy regulations or approved contractual protections.

5. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes described in this policy and to comply with legal, accounting, or reporting requirements. Retention periods vary depending on the type of data and the reason it was collected.

  • Contract and account records are typically kept for the duration of the relationship and for a reasonable period afterwards.
  • Financial and tax records are retained in line with statutory obligations.
  • Security records, including CCTV, are kept only for as long as necessary for security, incident investigation, or evidential purposes.
  • Correspondence and complaints may be stored for a period needed to handle the matter and support record-keeping.

When personal data is no longer required, we will securely delete, anonymise, or destroy it.

6. Security of Personal Data

We take appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, destruction, or alteration. These measures may include access controls, secure storage, encryption where suitable, staff training, and restricted permissions. While no system can be guaranteed to be completely secure, we work to maintain a level of protection appropriate to the risks involved.

7. Your Rights

Depending on the circumstances and applicable law, you may have the following rights regarding your personal data:

  • Right of access – to obtain a copy of the personal data we hold about you;
  • Right to rectification – to correct inaccurate or incomplete information;
  • Right to erasure – to request deletion of your data in certain situations;
  • Right to restriction – to request limited processing in certain circumstances;
  • Right to data portability – to receive certain information in a portable format;
  • Right to object – to object to processing based on legitimate interests or direct marketing;
  • Right to withdraw consent – where processing is based on consent;
  • Right to complain – to raise concerns with the relevant supervisory authority if you believe your rights have been infringed.

These rights are not absolute and may be subject to legal exceptions. If you exercise a right, we may need to verify your identity before responding. We will respond within the time limits required by law.

8. Marketing Communications

Where permitted, we may send you service-related communications that are necessary for account management or contract administration. We will only send marketing communications where we have a lawful basis to do so, such as consent or legitimate interests where appropriate. You can object to direct marketing at any time, and we will stop such communications as required by law.

9. Children

Our services are not directed to children, and we do not knowingly collect personal data from children except where it is necessary and lawful in the context of a contract, legal obligation, or authorised arrangement. Where information relating to a child is provided, it will be handled in accordance with applicable data protection requirements.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, our services, or our data handling practices. Any updated version will take effect when published or otherwise communicated to you. We encourage customers to review this policy periodically so they remain informed about how personal data is handled.

By using Enfield Storage services, you acknowledge that your personal data may be processed as described in this Privacy Policy. This policy is intended to provide clear and transparent information to customers in the area and to demonstrate our commitment to lawful, secure, and responsible data processing.

Call Now!
Call Now Get a Quote
Enfield Storage

GDPR-compliant Privacy Policy for Enfield Storage covering data collection, lawful bases, retention, processors, and user rights for all local customers.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.