Privacy Policy - Sudbury Storage

Effective date: This Privacy Policy applies to all Sudbury Storage customers in the Sudbury area and explains how personal data is collected, used, stored, shared, and protected in connection with our storage services.

1. Introduction

Sudbury Storage is committed to handling personal data in a lawful, fair, and transparent manner in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This Privacy Policy describes the categories of personal data we collect, the purposes for which we use it, the lawful bases on which we rely, the retention periods we apply, the types of processors or service providers we may use, and the rights available to individuals under data protection law.

By using our storage services, making an enquiry, entering into a storage agreement, or otherwise interacting with Sudbury Storage, you acknowledge that your personal data may be processed as described in this Policy.

2. Personal Data We Collect

We only collect personal data that is necessary for operating our business, providing storage services, maintaining security, and meeting legal obligations. The personal data we collect may include:

  • Identity information such as your name, date of birth, and identification details where required for verification purposes.
  • Contact details such as address, email address, and telephone number.
  • Account and contract information such as storage unit details, booking records, payment status, invoices, and correspondence related to your agreement.
  • Payment information such as billing information and transaction records. We do not intentionally store full card details where this can be avoided.
  • Security information such as CCTV recordings, access logs, and records of site entry or exit where applicable.
  • Communication records such as emails, letters, complaint submissions, and notes of telephone calls.
  • Technical information such as basic device or usage data collected through security or website systems, if applicable, for maintaining service integrity and preventing fraud.

We do not seek to collect special category data unless you choose to provide it voluntarily or it is required in a specific legal or dispute-resolution context. If such information is processed, we will do so only where permitted by law and with appropriate safeguards.

3. How We Use Personal Data

We process personal data for the following purposes:

  • To create and manage customer records.
  • To set up and administer storage agreements.
  • To verify identity and prevent unlawful use of our services.
  • To communicate with customers regarding bookings, access, billing, and account administration.
  • To process payments, issue invoices, and manage arrears.
  • To monitor the security of our premises, staff, customers, and property.
  • To detect, investigate, and prevent fraud, theft, damage, or other unlawful activity.
  • To comply with legal and regulatory obligations.
  • To handle complaints, disputes, claims, and insurance matters.
  • To maintain records necessary for business operations and audit purposes.

We use personal data only for specified, explicit, and legitimate purposes, and we do not process it in a manner incompatible with those purposes.

4. Lawful Basis for Processing

We rely on one or more lawful bases under UK GDPR depending on the context and the type of processing involved:

4.1 Contract

We process personal data where it is necessary to enter into or perform our storage contract with you. This includes setting up your account, administering your storage unit, collecting fees, and communicating about the service.

4.2 Legal Obligation

We process personal data where necessary to comply with legal obligations, including tax, accounting, security, fraud-prevention, and record-keeping requirements.

4.3 Legitimate Interests

We may process personal data where it is necessary for our legitimate interests, provided those interests are not overridden by your rights and freedoms. Our legitimate interests may include protecting property, maintaining site security, managing customer relationships, improving our services, and defending legal claims.

4.4 Consent

In limited circumstances, we may rely on your consent, for example where specific optional communications or certain non-essential processing activities are involved. Where consent is used, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

5. Who We Share Data With

We may share personal data with trusted third parties who help us operate our business and provide services on our behalf. These parties act as processors or independent controllers depending on the role they perform.

  • Payment processors that handle payment transactions and related fraud checks.
  • IT and cloud service providers that host or support our business systems, data storage, and communications tools.
  • Security providers that support CCTV, alarm systems, or monitoring services.
  • Maintenance and facilities contractors where access is required to perform work on our premises.
  • Professional advisers such as accountants, insurers, auditors, lawyers, or consultants.
  • Public authorities including law enforcement, courts, and regulatory bodies where disclosure is required by law or necessary to establish, exercise, or defend legal rights.

All processors are required to act on our instructions, keep personal data confidential, and implement appropriate technical and organisational measures to protect it. We do not sell personal data.

6. International Transfers

If any processor stores or accesses personal data outside the United Kingdom, we will ensure that appropriate safeguards are in place, such as adequacy regulations, standard contractual clauses, or equivalent lawful transfer mechanisms, together with supplementary measures where necessary.

7. Data Retention

We keep personal data only for as long as necessary for the purposes for which it was collected, including to satisfy legal, accounting, insurance, or reporting requirements. Retention periods may vary depending on the type of record and the nature of our relationship with you.

  • Customer and contract records are generally retained for the duration of the agreement and for a period after the relationship ends to manage claims, disputes, and legal obligations.
  • Financial records are retained for the period required by tax and accounting laws.
  • Security records such as CCTV footage are retained for a limited period unless needed for investigation, enforcement, or legal proceedings.
  • Communications and complaint records are retained for as long as needed to resolve the issue and to evidence the handling of the matter.

When data is no longer required, it will be securely deleted, destroyed, or anonymised.

8. Data Security

We take appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, destruction, disclosure, or alteration. These measures may include access controls, role-based permissions, encryption where appropriate, secure storage, staff confidentiality obligations, and regular review of our procedures. No system is completely secure, but we work to reduce risks and respond promptly to any suspected security incident.

9. Your Rights

Under data protection law, you may have the following rights in relation to your personal data:

  • Right of access to obtain a copy of the personal data we hold about you.
  • Right to rectification to correct inaccurate or incomplete data.
  • Right to erasure in certain circumstances, often known as the right to be forgotten.
  • Right to restriction of processing in certain situations.
  • Right to object to processing based on legitimate interests and to direct marketing, where applicable.
  • Right to data portability where processing is based on consent or contract and carried out by automated means.
  • Right to withdraw consent where consent is the lawful basis used.
  • Right to lodge a complaint with the UK Information Commissioner’s Office if you believe your data has been handled unlawfully.

We may need to verify your identity before responding to a rights request. Some rights may be limited where the law requires or permits us to retain or process data.

10. Children’s Data

Our storage services are not directed at children, and we do not knowingly collect personal data from individuals under 16 unless it is provided in connection with a lawful customer relationship and is necessary for administrative, legal, or security reasons.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal obligations, or operational requirements. Any updated version will apply from the date it is published or otherwise communicated. We encourage customers to review this Policy periodically to stay informed about how personal data is handled.

12. Summary of Key Points

In summary: Sudbury Storage collects only the personal data needed to provide storage services, protect our premises, and meet legal obligations. We rely on lawful bases such as contract, legal obligation, legitimate interests, and, in limited cases, consent. We share data only with trusted processors and authorities where necessary, retain information only for as long as needed, and respect your rights under UK data protection law.

This Privacy Policy applies to all Sudbury Storage customers in the Sudbury area.

Call Now!
Call Now Get a Quote
Sudbury Storage

GDPR-compliant Privacy Policy for Sudbury Storage covering data collection, lawful basis, retention, processors, and user rights.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.