Privacy Policy - Chasecross Storage

This Privacy Policy explains how Chasecross Storage collects, uses, stores, shares, and protects personal data when providing storage services to customers in our area. It applies to all Chasecross Storage customers in area, including individuals, household users, and business users who interact with our services, facilities, staff, booking systems, or support channels.

We are committed to handling personal data in a lawful, fair, and transparent manner in accordance with applicable data protection laws, including the UK GDPR and the Data Protection Act 2018. This policy sets out what information we collect, why we collect it, how long we keep it, who may process it on our behalf, and what rights you have over your data.

1. Data We Collect

We collect only the information necessary to operate our storage services, manage customer accounts, meet legal obligations, and maintain security. The categories of personal data we may collect include:

  • Identity information: name, date of birth, and identification details where required for verification.
  • Contact information: postal address, email address, and telephone number.
  • Account and contract details: booking records, rental agreements, payment status, service preferences, and correspondence.
  • Payment information: billing details, transaction records, and limited payment card information processed by secure payment providers.
  • Access and security information: key fob records, gate access logs, CCTV footage, alarm records, and incident reports.
  • Communications: enquiries, complaints, support requests, and any information you choose to provide to us.
  • Technical information: limited device, browser, or usage data if you interact with digital systems used to manage our services.

We do not intentionally collect special category data unless you choose to disclose it to us or it is required for a specific legal or security reason. If such information is provided, we handle it with additional care and only where lawful to do so.

2. How We Use Personal Data

We use personal data for the following purposes:

  • to register and manage customer accounts;
  • to provide storage space and related services;
  • to verify identity and prevent fraud;
  • to process payments, refunds, and billing;
  • to maintain site security, monitor access, and investigate incidents;
  • to communicate about service updates, contractual matters, and operational notices;
  • to comply with legal and regulatory requirements;
  • to manage disputes, claims, and debt recovery where necessary; and
  • to improve our services, systems, and customer experience.

We will only use personal data for the purposes for which it was collected unless we reasonably believe we need to use it for a compatible purpose or another lawful reason.

3. Lawful Basis for Processing

We process personal data only where we have a lawful basis under data protection law. The main lawful bases we rely on are:

Contract

We process personal data where it is necessary to enter into or perform a contract with you. This includes setting up an account, providing storage services, managing payments, and carrying out contractual obligations.

Legal Obligation

We may process data where necessary to comply with legal obligations, such as tax rules, accounting requirements, fraud prevention duties, and responses to lawful requests from authorities.

Legitimate Interests

We may process personal data where it is necessary for our legitimate interests or the legitimate interests of others, provided your rights and freedoms do not override those interests. Examples include protecting our premises, preventing misuse, managing internal administration, and improving our operations. Where we rely on legitimate interests, we assess the impact on your privacy and apply appropriate safeguards.

Consent

In limited situations, we may rely on your consent, for example where specific optional communications or services require it. If we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

4. Data Sharing and Processors

We do not sell personal data. We may share personal data with trusted third parties only when necessary and in accordance with this policy. These third parties may act as processors on our behalf or as independent controllers in limited situations.

Our processors may include:

  • payment service providers who handle secure transactions;
  • IT and cloud service providers who host and support our systems;
  • security contractors who help manage access control, alarms, and CCTV systems;
  • accounting and bookkeeping service providers;
  • maintenance and service providers who support site operations;
  • professional advisers such as lawyers, auditors, or insurers;
  • debt recovery or collection partners where accounts are in arrears and lawful action is required.

All processors are required to protect personal data, use it only on our instructions, and implement appropriate technical and organisational security measures. Where data is transferred outside the UK, we ensure that suitable safeguards are in place in line with applicable law.

5. Data Retention

We keep personal data only for as long as necessary for the purpose for which it was collected, to meet legal obligations, resolve disputes, and enforce agreements. Retention periods vary depending on the type of information and our legal duties.

As a general approach:

  • customer account and contract records are kept for the duration of the relationship and for a reasonable period afterward;
  • payment and accounting records are retained for the period required by tax and financial laws;
  • security records, including access logs and CCTV footage, are kept only for a short period unless needed for investigation, insurance, or legal proceedings;
  • complaints, incidents, and legal correspondence are retained for as long as necessary to manage the matter and defend or establish legal claims.

When personal data is no longer required, we will delete it securely or anonymise it so that it can no longer identify you.

6. Security Measures

We use appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, destruction, or alteration. These measures may include restricted access controls, secure storage, encryption where appropriate, staff confidentiality obligations, regular system maintenance, and monitoring of security-related incidents.

While we work to protect all information we hold, no system is completely secure. If a personal data incident occurs that is likely to result in a risk to your rights and freedoms, we will respond in accordance with legal requirements, including notification where required.

7. Your Rights

Under data protection law, you have several rights in relation to your personal data. Subject to certain conditions and exemptions, these may include:

  • Right of access: you can request a copy of the personal data we hold about you.
  • Right to rectification: you can ask us to correct inaccurate or incomplete data.
  • Right to erasure: you can request deletion of your data in certain circumstances.
  • Right to restriction: you can ask us to limit how we use your data in some situations.
  • Right to object: you can object to processing based on legitimate interests or direct marketing.
  • Right to data portability: you may request certain data in a structured, commonly used format where processing is based on consent or contract and carried out by automated means.
  • Right to withdraw consent: where processing is based on consent, you may withdraw it at any time.

You also have the right to lodge a complaint with the relevant supervisory authority if you believe your data has been handled unlawfully. We encourage you to raise concerns with us first so we can try to resolve them promptly and fairly.

8. Children’s Data

Our storage services are not designed for children. We do not knowingly collect personal data from children except where it is necessary in relation to a customer account, access arrangement, or legal obligation, and only where appropriate safeguards are in place.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, our operations, or the way we handle personal data. Any updated version will apply from the date it takes effect. We encourage customers to review this policy periodically to stay informed about how their information is handled.

10. Summary of Our Commitment

Chasecross Storage is committed to processing personal data lawfully, securely, and transparently. We collect only what we need, use it for clear and legitimate purposes, retain it for no longer than necessary, and take steps to ensure that our processors uphold the same standards of protection. We respect your rights and aim to respond to requests in a timely and compliant manner.

In all cases, this policy applies to all Chasecross Storage customers in area.

Call Now!
Call Now Get a Quote
Chasecross Storage

GDPR-compliant Privacy Policy for Chasecross Storage covering data collection, lawful basis, retention, processors, and user rights for all customers in area.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.