Privacy Policy - Hammersmith Storage

This Privacy Policy applies to all Hammersmith Storage customers in the area. It explains how we collect, use, store, share, and protect personal data in line with the UK GDPR and the Data Protection Act 2018. We are committed to handling personal information fairly, lawfully, and transparently. Please read this policy carefully so you understand how your data is managed when you use our storage services.

1. Who We Are

Hammersmith Storage provides storage services to customers in the local area. For the purposes of data protection law, we act as a data controller when we decide why and how your personal data is used. In some cases, we may also act as a data processor if we process personal data on behalf of another party. We take our responsibility to protect your privacy seriously.

2. Information We Collect

We collect only the personal data needed to provide our services, manage customer accounts, maintain security, and meet legal obligations. The types of information we may collect include:

  • Identity details such as your name, title, and date of birth.
  • Contact details such as your address, email address, and telephone number.
  • Account and contract information such as booking details, payment records, service preferences, and storage unit information.
  • Verification information such as copies of identification documents, proof of address, or other information required for security and compliance purposes.
  • Payment data such as billing records and transaction details. Payment card information may be processed by secure third-party payment providers rather than stored directly by us.
  • Security and access records such as CCTV images, entry logs, alarm events, and site access records where applicable.
  • Communication records such as emails, messages, complaint records, and notes from customer service interactions.

We may also collect limited technical information if you interact with our digital systems, such as IP address, device information, and usage logs, where this is necessary for security or system operation.

3. How We Use Your Data

We use personal data for the following purposes:

  • To provide storage services and manage your customer account.
  • To verify identity and prevent fraud or unauthorised access.
  • To process payments, send invoices, and manage arrears.
  • To communicate with you about your booking, account status, or service matters.
  • To operate site security, including monitoring access and investigating incidents.
  • To comply with legal, regulatory, tax, and insurance obligations.
  • To handle complaints, disputes, and customer enquiries.
  • To improve our services, systems, and customer experience.

We only use your data where we have a valid legal reason to do so. We do not use your data for purposes that are incompatible with the reasons it was collected, unless we are allowed or required by law.

4. Lawful Basis for Processing

Under UK GDPR, we must have a lawful basis for every activity involving personal data. Depending on the situation, we rely on one or more of the following legal bases:

Contract

We process your personal data where it is necessary to enter into or perform our contract with you. This includes creating your account, managing storage access, taking payment, and providing the services you requested.

Legal Obligation

We may process data to meet legal requirements, including tax rules, accounting obligations, identity verification requirements, fraud prevention, and compliance with law enforcement or regulatory requests where valid.

Legitimate Interests

We may process data where it is necessary for our legitimate interests, provided your rights do not override those interests. This includes maintaining site security, preventing misuse, managing business operations, improving services, and resolving disputes. When we rely on this basis, we consider and balance your privacy rights carefully.

Consent

In limited situations, we may ask for your consent to process personal data, for example for optional communications or certain marketing activities. Where we rely on consent, you may withdraw it at any time.

5. Sharing Your Information

We do not sell your personal data. We may share information with trusted third parties only where necessary and lawful. These parties may include:

  • Payment providers who securely process transactions.
  • IT and cloud service providers who support our systems, data storage, and security.
  • Professional advisers such as accountants, insurers, auditors, or legal advisers.
  • Security providers involved in alarm monitoring, access control, or CCTV support.
  • Public authorities where disclosure is required by law, court order, or lawful request.

Where processors handle data on our behalf, they are required to act only on our instructions, keep data secure, and comply with data protection law. We use written contracts to ensure they protect your data appropriately.

6. Processors

A processor is an organisation that processes personal data for us but does not decide how it is used. We may appoint processors for tasks such as hosting systems, sending administrative communications, processing card payments, maintaining security infrastructure, and archiving records. All processors are selected carefully and are only permitted to use personal data for the services they provide to us. They must apply appropriate technical and organisational measures to protect data from loss, misuse, or unauthorised access.

7. Data Retention

We keep personal data only for as long as necessary for the purpose it was collected, unless a longer retention period is required or permitted by law. The length of time depends on the type of data and why we hold it. For example:

  • Customer account and contract records are usually retained for the duration of the service relationship and for a reasonable period afterwards.
  • Financial and accounting records are retained for the period required by law.
  • Identity verification records are retained only as long as needed for compliance and security purposes.
  • Security records, including access logs and CCTV, are retained for a limited period unless needed for an investigation, insurance claim, or legal issue.
  • Complaint and correspondence records may be kept for as long as necessary to deal with the matter and demonstrate proper handling.

When data is no longer required, we will delete it securely or anonymise it so it can no longer identify you. Retention periods may vary depending on legal obligations and operational needs.

8. Data Security

We use appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, destruction, or damage. These measures may include restricted access controls, encryption where appropriate, secure storage, staff training, and monitoring of systems and premises. While no system is completely secure, we work continuously to reduce risks and improve our safeguards.

9. Your Rights

Under data protection law, you have a number of rights regarding your personal data. These rights may apply in full or in part depending on the circumstances and legal exemptions. Your rights include:

  • The right of access to request a copy of the personal data we hold about you.
  • The right to rectification to correct inaccurate or incomplete data.
  • The right to erasure in certain situations, sometimes called the right to be forgotten.
  • The right to restriction to limit how we use your data in specific circumstances.
  • The right to object to processing based on legitimate interests or direct marketing.
  • The right to data portability to receive certain data in a structured, commonly used format where applicable.
  • The right to withdraw consent where we rely on consent to process your data.

If you wish to exercise any of these rights, we will respond within the required legal timeframes. We may need to verify your identity before completing your request. In some cases, we may not be able to comply fully if an exemption applies, such as where we must keep records for legal reasons.

10. Children’s Data

Our services are not intended for children under the age of 18 unless they are acting with the involvement or consent of an adult customer where appropriate. We do not knowingly collect children’s personal data beyond what is necessary to provide the service lawfully and safely.

11. International Transfers

Where personal data is transferred outside the UK, we ensure suitable safeguards are in place. These may include adequacy regulations, standard contractual clauses, or equivalent protective measures required by law. We only transfer data where necessary and where it can be protected to an appropriate standard.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, our services, or how we process data. Any updated version will apply from the date it is published or otherwise communicated. We encourage you to review this policy periodically to stay informed about how we protect your information.

13. Summary of Our Commitment

Hammersmith Storage is committed to treating your personal data with care, respect, and legal compliance. We collect only what we need, use it for clear and lawful purposes, keep it only for as long as necessary, and share it only with trusted parties under proper safeguards. Your privacy matters to us, and we aim to handle your information in a way that is fair, secure, and transparent.

Call Now!
Call Now Get a Quote
Hammersmith Storage

GDPR-compliant privacy policy for Hammersmith Storage covering data collection, lawful basis, retention, processors, rights, and security for all local customers.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.