Privacy Policy - Hendon Storage

This Privacy Policy explains how Hendon Storage collects, uses, stores, shares, and protects personal data in connection with its storage services. It applies to all Hendon Storage customers in the area, including prospective customers, account holders, and individuals whose information is provided to us in relation to a storage agreement, enquiry, or service request. We are committed to handling personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who we are

Hendon Storage provides storage-related services to individuals and businesses. In this Privacy Policy, “we”, “us”, and “our” refer to Hendon Storage as the data controller for the personal data described below. As data controller, we determine the purposes and means of processing personal data connected with our services.

2. Personal data we collect

We collect and process personal data that is necessary to provide our services, manage customer relationships, meet legal requirements, and protect our business and customers. The categories of personal data may include:

  • Identity data such as name, title, and date of birth where needed for verification.
  • Contact data such as address, email address, and telephone number.
  • Account and contract data such as service preferences, agreements, invoices, payment status, and storage unit details.
  • Financial data such as billing information, payment records, and transaction history.
  • Verification data such as documents or information used to confirm identity or authorisation.
  • Usage data such as access records, site attendance logs, and service interactions.
  • Communication data such as emails, call notes, complaints, enquiries, and support requests.
  • Security data such as CCTV footage, entry records, incident reports, and access control logs where applicable.

We generally do not seek to collect special category data. If such data is provided to us incidentally, we will process it only where a lawful basis exists and where appropriate safeguards are in place.

3. How we collect personal data

We may collect personal data directly from you when you:

  • make an enquiry or request a quotation;
  • enter into a storage agreement;
  • complete forms or provide documents;
  • make payments or manage your account;
  • contact us with questions, complaints, or support requests;
  • visit our premises where security systems operate.

We may also receive data from third parties where necessary, such as payment providers, identity verification services, contractors, insurers, professional advisers, or lawful authorities.

4. How we use personal data

We use personal data for the following purposes:

  • to provide storage services and manage your agreement;
  • to verify identity and prevent fraud;
  • to process payments, invoices, and account administration;
  • to communicate service updates, notices, and important account information;
  • to respond to enquiries and resolve complaints;
  • to maintain safety, security, and operational integrity;
  • to meet legal, regulatory, accounting, and tax obligations;
  • to protect our rights, property, customers, and staff;
  • to improve our services and internal processes.

We only use personal data for the purposes for which it was collected, unless we reasonably consider that another compatible purpose is appropriate and lawful.

5. Lawful basis for processing

We process personal data only where we have a valid lawful basis under the UK GDPR. Depending on the context, our lawful bases include:

Contract

We process personal data where it is necessary to enter into or perform a contract with you. This includes setting up your account, providing storage access, managing billing, and delivering agreed services.

Legal obligation

We may process personal data where necessary to comply with legal obligations, including tax, accounting, fraud prevention, safeguarding, regulatory, or record-keeping requirements.

Legitimate interests

We may process personal data where it is necessary for our legitimate interests or those of a third party, provided those interests are not overridden by your rights and freedoms. This may include business administration, service improvement, security monitoring, incident management, and debt recovery.

Consent

In limited cases, we rely on your consent, for example where it is required for specific communications or optional services. Where we rely on consent, you may withdraw it at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.

Vital interests

In rare situations, we may process personal data to protect someone’s vital interests, such as in an emergency involving safety or serious risk.

6. Sharing your data and processors

We may share personal data with trusted third parties that assist us in operating our business. These third parties act as processors where they process data on our behalf and only according to our instructions. Examples may include:

  • payment processing providers;
  • cloud storage and IT support providers;
  • customer management and communication platforms;
  • security and CCTV service providers;
  • accountants, auditors, and legal advisers;
  • identity verification or fraud prevention services;
  • maintenance and facilities contractors;
  • debt recovery or enforcement partners where necessary;
  • public authorities, regulators, or law enforcement when legally required.

We require processors to protect personal data through appropriate technical and organisational measures, confidentiality obligations, and contractual safeguards. We do not sell personal data.

7. International transfers

If personal data is transferred outside the UK, we will ensure that appropriate safeguards are in place, such as adequacy regulations, standard contractual clauses, or other lawful transfer mechanisms. We will only transfer data where necessary and where suitable protection is maintained.

8. Data retention

We keep personal data only for as long as necessary to fulfil the purposes for which it was collected, including any legal, accounting, or reporting obligations. Retention periods may vary depending on the nature of the data and the service relationship. In general:

  • contract and account records are retained for the duration of the relationship and for a reasonable period afterwards;
  • financial and tax records are retained for the period required by law;
  • security records may be retained for a shorter period unless needed for an investigation or legal claim;
  • enquiry data may be retained for a limited period if no contract is formed.

When personal data is no longer required, we will delete it securely or anonymise it so that it can no longer be associated with an identifiable individual.

9. Data security

We take appropriate technical and organisational measures to protect personal data against accidental loss, unauthorised access, alteration, disclosure, or destruction. These measures may include access controls, password protection, encryption, staff training, secure disposal, and monitoring of systems and premises. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

10. Your rights

Under data protection law, you have certain rights in relation to your personal data. These rights may be subject to legal conditions or exemptions. You may have the right to:

  • access your personal data and receive a copy of it;
  • rectify inaccurate or incomplete information;
  • erase your data in certain circumstances;
  • restrict how we process your data in certain circumstances;
  • object to processing based on legitimate interests or direct marketing;
  • data portability for information you have provided to us in certain cases;
  • withdraw consent where processing is based on consent;
  • lodge a complaint with the relevant supervisory authority if you believe your rights have been infringed.

We may need to verify your identity before responding to a rights request. We will respond within the time limits required by law.

11. Automated decision-making

We do not generally rely on fully automated decision-making that produces legal or similarly significant effects. If this changes, we will provide appropriate information about the logic involved and your rights in relation to such processing.

12. Children’s data

Our services are not directed at children, and we do not knowingly collect personal data from children unless it is provided lawfully in connection with a customer relationship. If we become aware that we have collected data unlawfully from a child, we will take appropriate steps to delete it.

13. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or data processing practices. The updated version will apply from the date it is published or otherwise communicated. We encourage customers to review it periodically.

14. Summary of key points

In summary, Hendon Storage collects only the personal data needed to provide and protect our services, processes that data on lawful grounds, shares it only where necessary with trusted processors or legal authorities, and retains it for limited periods. We respect your rights and aim to handle all personal data fairly, securely, and lawfully.

This policy is intended to provide clear and transparent information about how we use personal data for all Hendon Storage customers in the area.

Call Now!
Call Now Get a Quote
Hendon Storage

GDPR-compliant privacy policy for Hendon Storage covering data collection, lawful basis, retention, processors, rights, and applicability to all local customers.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.