Privacy Policy - Westharrow Storage

This Privacy Policy explains how Westharrow Storage collects, uses, stores, shares, and protects personal data. It applies to all Westharrow Storage customers in the area, including prospective customers, current customers, former customers, and individuals who interact with us in connection with our storage services. We are committed to handling personal information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

Westharrow Storage provides storage-related services to individuals and businesses. In the course of operating our services, we may process personal data about customers, account holders, authorised representatives, payment contacts, emergency contacts, and visitors where necessary. This policy explains what we do with that information and the rights individuals have over it.

2. Personal Data We Collect

We only collect personal data that is relevant and necessary for our business activities. Depending on your relationship with us, we may collect the following categories of information:

  • Identity data such as name, title, date of birth, and identification details where required for security or verification.
  • Contact data such as address, email address, telephone number, and billing details.
  • Account and contract data including service preferences, storage unit information, booking records, access permissions, and contract history.
  • Payment data such as bank account details, card payment information, payment status, invoices, and transaction records.
  • Security and access data such as entry logs, gate access records, CCTV images, incident reports, and key or access code records where applicable.
  • Communication data including emails, letters, phone call notes, and messages relating to enquiries, complaints, or support requests.
  • Technical data such as limited device, browser, or system data if you interact with us electronically.

We may also receive personal data from third parties where necessary, for example from payment providers, identity verification providers, insurers, legal representatives, or emergency contacts supplied by a customer.

3. How We Use Personal Data

We use personal data for specific and lawful purposes connected to our storage services. These purposes include:

  • setting up and managing customer accounts;
  • entering into and performing storage agreements;
  • processing payments and issuing invoices or receipts;
  • verifying identity where required for security, fraud prevention, or legal compliance;
  • managing access to storage facilities and protecting property;
  • responding to enquiries, complaints, and service requests;
  • maintaining records, audit trails, and operational security;
  • complying with legal obligations, regulatory requirements, and lawful requests;
  • establishing, exercising, or defending legal claims;
  • improving our services, systems, and internal processes.

We will not use personal data for purposes that are incompatible with the reasons it was collected unless we have a lawful basis to do so.

4. Lawful Basis for Processing

Under data protection law, we must have a lawful basis before processing personal data. Westharrow Storage relies on one or more of the following lawful bases:

Contract

We process personal data where it is necessary to enter into or perform a contract with you. This includes managing storage bookings, billing, access arrangements, and customer service relating to your agreement with us.

Legal Obligation

We may process personal data when required to comply with applicable laws, including tax, accounting, consumer protection, health and safety, fraud prevention, and lawful requests from authorities.

Legitimate Interests

We may process personal data where it is necessary for our legitimate interests and those interests are not overridden by your rights and freedoms. This may include protecting our premises, preventing fraud, improving operational efficiency, maintaining records, and managing disputes.

Consent

In limited cases, we may rely on consent, for example for certain optional communications or where consent is required by law. Where we rely on consent, you may withdraw it at any time.

Vital Interests

In exceptional circumstances, we may process personal data where it is necessary to protect someone’s vital interests, such as in an emergency involving health or safety.

5. Data Sharing and Processors

We may share personal data with carefully selected third parties who help us operate our business. These third parties act as processors when they process data on our instructions, or as independent controllers where they determine their own purposes for processing. We only share information where necessary and only with appropriate safeguards.

Examples of processors and service providers may include:

  • payment processing providers;
  • accounting and bookkeeping services;
  • IT hosting, software, and system support providers;
  • security monitoring and CCTV maintenance providers;
  • customer communication and record-management platforms;
  • identity verification or fraud prevention services;
  • professional advisers such as legal or insurance advisers, where required.

Where processors are used, they are required to protect personal data, act only on our instructions, and implement appropriate technical and organisational security measures. We may also disclose information to public authorities, law enforcement, courts, or other parties where required by law or necessary to protect our rights, customers, or property.

6. International Transfers

If any service provider processes data outside the UK, we will ensure suitable safeguards are in place, such as adequacy regulations or approved contractual protections. We take steps to ensure any international transfers are handled securely and lawfully.

7. Data Retention

We keep personal data only for as long as necessary to fulfil the purposes for which it was collected, including satisfying legal, accounting, tax, and reporting requirements. Retention periods depend on the type of record and the reason for processing.

In general:

  • customer account and contract records are kept for the duration of the relationship and for a reasonable period afterwards;
  • payment and invoice records may be retained for statutory accounting and tax periods;
  • security records, including access logs and CCTV, are retained only for as long as needed for security, incident management, or legal purposes;
  • complaints, correspondence, and claim-related records may be retained until the matter is resolved and for any applicable limitation period.

When data is no longer required, we will delete it securely or anonymise it so that it can no longer identify an individual.

8. Data Security

We take appropriate technical and organisational measures to protect personal data from unauthorised access, loss, misuse, alteration, or disclosure. These measures may include access controls, secure storage, staff confidentiality obligations, system protections, and monitoring procedures. Although no system can be guaranteed to be completely secure, we regularly review our safeguards and improve them where necessary.

9. Your Rights

Under data protection law, individuals have important rights regarding their personal data. Subject to certain conditions and exemptions, you may have the right to:

  • access your personal data and receive a copy of the information we hold about you;
  • rectification of inaccurate or incomplete data;
  • erasure of your data in certain circumstances;
  • restriction of processing in certain situations;
  • object to processing based on legitimate interests or direct marketing;
  • data portability where processing is based on consent or contract and carried out by automated means;
  • withdraw consent where we rely on consent for processing;
  • complain to the Information Commissioner’s Office if you are unhappy with how your data is handled.

We may need to verify your identity before responding to a rights request. We aim to respond within the time limits required by law.

10. Children’s Data

Our services are not directed at children, and we do not knowingly collect personal data from children except where it is necessary in connection with a customer’s account or lawful safeguarding, emergency, or legal requirements. If we become aware that we have collected data inappropriately, we will take appropriate steps to delete or secure it.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or data handling practices. Any updated version will apply from the date it takes effect. We encourage customers to review this policy periodically to stay informed about how their personal data is used.

12. Summary of Our Commitment

Westharrow Storage is committed to processing personal data fairly, lawfully, and transparently. We collect only what we need, use it for clearly defined purposes, keep it secure, and retain it only as long as necessary. We also respect the rights of our customers and will respond to requests in line with applicable law. Protecting privacy is part of providing a trustworthy storage service. This policy applies to all Westharrow Storage customers in area.

Call Now!
Call Now Get a Quote
Westharrow Storage

GDPR-compliant Privacy Policy for Westharrow Storage covering data collection, lawful basis, retention, processors, rights, and applies to all customers in area.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.