Privacy Policy - Primrosehill Storage

Primrosehill Storage is committed to protecting the privacy and personal data of all customers in the area. This Privacy Policy explains how we collect, use, store, and protect personal information in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. It applies to all Primrosehill Storage customers in area, including prospective customers, current customers, former customers, and any individuals who contact us in relation to storage services.

1. Who We Are

For the purposes of data protection law, Primrosehill Storage acts as the data controller for the personal information collected in connection with our storage services, customer administration, billing, access control, and related operational activities. This means we determine the purposes and means of processing personal data.

2. Personal Data We Collect

We only collect personal data that is necessary for delivering our services, maintaining our business, and meeting our legal obligations. The information we collect may include:

  • Identity data such as name, date of birth, and identification details where needed for security or verification.
  • Contact data such as address, email address, and telephone number.
  • Contract data such as account details, booking information, tenancy terms, storage unit allocation, and service history.
  • Financial data such as payment records, billing information, and transaction history.
  • Security data such as access logs, CCTV images, and records of site entry or exit where applicable.
  • Correspondence data such as emails, letters, or other communications with us.
  • Technical data where relevant, including limited device or usage information if you interact with our digital systems.

We do not intentionally collect special category data unless it is necessary and lawful to do so. Special category data includes information about health, racial or ethnic origin, religious beliefs, political opinions, or similar sensitive information.

3. How We Use Personal Data

We process personal data for the following purposes:

  • to register and manage customer accounts;
  • to provide storage services and allocate units;
  • to process payments, invoices, refunds, and account balances;
  • to communicate about bookings, account matters, or service changes;
  • to verify identity and prevent fraud;
  • to manage security, site access, and the protection of property;
  • to comply with legal and regulatory obligations;
  • to resolve complaints, disputes, or legal claims;
  • to improve our operations, systems, and customer experience.

We use your information only in ways that are compatible with the reasons it was collected. Where possible, we apply the principle of data minimisation, collecting only the information needed for a specific purpose.

4. Lawful Basis for Processing

Under GDPR, we must have a lawful basis for each processing activity. Depending on the context, Primrosehill Storage relies on one or more of the following lawful bases:

Contract

We process personal data where it is necessary to enter into or perform a contract with you. This includes setting up storage arrangements, administering your account, and delivering the services you have requested.

Legal Obligation

We may process personal data where we must comply with legal obligations, including tax, accounting, fraud prevention, and record-keeping requirements.

Legitimate Interests

We may process personal data where it is necessary for our legitimate business interests, provided those interests are not overridden by your rights and freedoms. Examples include site security, access management, service improvement, and internal administration. We balance our interests against your privacy rights before relying on this basis.

Consent

In limited cases, we may rely on your consent, for example where it is required for a specific optional activity. Where we rely on consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing carried out before consent was withdrawn.

5. Data Sharing and Processors

We may share personal data with trusted third parties that help us operate our business. These parties act as processors when they process data on our behalf and under our instructions, or as independent controllers where they determine their own purposes.

Examples of processors or service providers may include:

  • payment processing providers;
  • accounting and bookkeeping service providers;
  • IT and cloud hosting providers;
  • customer management or booking system providers;
  • security service providers, including CCTV support and access control systems;
  • professional advisers such as lawyers, insurers, and auditors.

We require processors to protect personal data, use it only for authorised purposes, and implement appropriate technical and organisational security measures. We do not sell personal data.

6. International Transfers

If any personal data is transferred outside the UK or the European Economic Area, we ensure that appropriate safeguards are in place. These may include adequacy regulations, standard contractual clauses, or equivalent legal protections designed to preserve a level of protection essentially equivalent to UK GDPR standards.

7. Data Retention

We keep personal data only for as long as necessary for the purposes for which it was collected, and to meet legal, accounting, or reporting obligations. Retention periods vary depending on the type of data and the reason it was collected.

  • Customer account and contract records are generally retained for the duration of the relationship and for a period afterwards where needed for legal claims or administration.
  • Financial and accounting records are retained in line with tax and accounting laws.
  • Security records, such as access logs or CCTV footage, are retained for a limited period unless needed for an investigation, dispute, or legal reason.
  • Correspondence and complaint records are retained for as long as necessary to manage the matter and any follow-up obligations.

When personal data is no longer needed, we securely delete, anonymise, or destroy it. We apply a retention-by-purpose approach so that information is not kept indefinitely without justification.

8. Data Security

We use appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, destruction, alteration, or disclosure. These measures may include access restrictions, secure storage, staff training, encryption where appropriate, and regular review of security controls. While no system is completely risk-free, we take reasonable steps to safeguard your information.

9. Your Rights

Under data protection law, you have several rights in relation to your personal data. These rights may apply depending on the circumstances:

  • Right of access – you can request a copy of the personal data we hold about you.
  • Right to rectification – you can ask us to correct inaccurate or incomplete information.
  • Right to erasure – in some cases, you may ask us to delete your personal data.
  • Right to restriction – you may request that we limit how we use your data in certain situations.
  • Right to data portability – where applicable, you may receive your data in a structured, commonly used format.
  • Right to object – you may object to processing based on legitimate interests or direct marketing.
  • Right to withdraw consent – where processing is based on consent, you may withdraw it at any time.

You also have the right to raise concerns about how we use your data. If you believe your data protection rights have been infringed, you may lodge a complaint with the relevant supervisory authority.

10. Automated Decision-Making

Primrosehill Storage does not make decisions that produce legal or similarly significant effects solely by automated means unless this is clearly explained to you and permitted by law. If any automated process is introduced in future, we will ensure it complies with applicable data protection requirements.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect legal, operational, or technical changes. Any updates will take effect when published in the revised version. We encourage customers to review this policy periodically so they remain informed about how their personal data is handled.

12. Summary of Our Commitment

Primrosehill Storage is committed to handling personal data fairly, lawfully, and transparently. We collect only what we need, use it for clear and legitimate purposes, retain it only for as long as necessary, and share it only with trusted processors or where the law requires it. We respect the rights of all Primrosehill Storage customers in area and aim to maintain the highest standards of privacy and security.

Call Now!
Call Now Get a Quote
Primrosehill Storage

GDPR-compliant Privacy Policy for Primrosehill Storage covering data collection, lawful basis, retention, processors, user rights, and all customers in area.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.