Privacy Policy - Northharrow Storage

Effective date: This Privacy Policy applies to all Northharrow Storage customers in the area. It explains how we collect, use, share, store, and protect personal data when you use our storage services, facilities, and related customer support.

1. Who we are

Northharrow Storage provides storage services to individuals and businesses in the local area. For the purposes of data protection law, Northharrow Storage is the data controller for the personal data described in this Privacy Policy. This means we decide how and why your personal data is processed.

2. Personal data we collect

We collect only the information needed to provide and manage our services, maintain security, and meet our legal obligations. Depending on your relationship with us, we may collect the following categories of data:

  • Identity data: name, title, date of birth, and identification details where required for verification.
  • Contact data: address, email address, phone number, and emergency contact details if provided.
  • Account and contract data: customer references, service selections, tenancy or booking records, payment status, and agreement history.
  • Financial data: billing details, payment records, and limited transaction information. We do not store full card details where these are handled by payment processors.
  • Usage data: facility access logs, entry and exit records, unit access activity, and records relating to gate or alarm use where applicable.
  • Security data: CCTV images, incident reports, visitor logs, and key or access credential records.
  • Communications data: records of correspondence, queries, complaints, claims, and customer service interactions.
  • Technical data: IP address, device identifiers, browser information, and similar information if you interact with our digital systems.

We generally do not intentionally collect special category data. If such information is provided to us incidentally, we will handle it with additional care and only where lawful to do so.

3. How we use your data

We use personal data for the following purposes:

  • to set up and manage your customer account;
  • to provide storage services and manage access to facilities;
  • to process payments, invoices, and refunds where applicable;
  • to communicate about contracts, service changes, reminders, and service support;
  • to maintain safety, security, and fraud prevention measures;
  • to investigate incidents, damage, loss, or disputes;
  • to comply with legal, regulatory, tax, and accounting requirements;
  • to improve our services, systems, and customer experience;
  • to defend or establish legal claims.

We process data only to the extent necessary for these purposes and in a manner consistent with data protection law.

4. Lawful basis for processing

Under the UK GDPR and GDPR principles, we must have a lawful basis for each type of processing. We rely on the following bases:

Contract

We process personal data where it is necessary to perform our contract with you or to take steps at your request before entering into a contract. This includes account administration, service delivery, access management, billing, and customer support.

Legal obligation

We process data where needed to meet legal obligations, such as tax, accounting, fraud prevention, record keeping, and compliance with lawful requests from authorities.

Legitimate interests

We may process data where it is necessary for our legitimate interests, provided those interests are not overridden by your rights and freedoms. This includes protecting our premises, preventing misuse, improving operations, managing risk, and handling disputes. Where we rely on legitimate interests, we ensure that the processing is proportionate and relevant.

Consent

In limited cases, we may rely on your consent, for example where it is required for optional marketing communications or certain non-essential processing. Where we rely on consent, you can withdraw it at any time without affecting the lawfulness of processing before withdrawal.

5. Retention of personal data

We keep personal data only for as long as necessary for the purposes for which it was collected, including to meet legal, accounting, or reporting requirements. Retention periods vary depending on the type of data and the reason for processing.

  • Contract and account records: retained for the duration of the customer relationship and for a reasonable period afterwards.
  • Financial and tax records: retained for the period required by applicable law.
  • Security and incident records: retained for as long as needed to investigate, resolve, or defend claims and to maintain safety.
  • Marketing data: retained until you withdraw consent or object, where applicable.

When personal data is no longer required, we will delete it securely or anonymise it so that it can no longer identify you.

6. Sharing your personal data

We may share personal data with trusted third parties where necessary to run our business and provide services. These third parties act as processors or, in some cases, independent controllers.

Processors we may use

  • Payment providers: to process payments securely.
  • IT and cloud service providers: to host systems, store data, and support business operations.
  • Security service providers: to support CCTV, alarm, monitoring, or access control systems.
  • Professional advisers: such as accountants, auditors, insurers, and legal advisers.
  • Maintenance and operational contractors: where access or coordination is required to deliver services.

We require our processors to protect your data, use it only on our instructions, and comply with appropriate contractual and security obligations.

Other disclosures

We may disclose personal data if required by law, to enforce agreements, to protect our rights or the rights of others, or in connection with a business reorganisation, transfer, or sale of assets, subject to applicable legal safeguards.

7. International transfers

If any processor or service provider transfers personal data outside the UK or European Economic Area, we will ensure appropriate safeguards are in place. These may include adequacy regulations, standard contractual clauses, or other lawful transfer mechanisms. We do not transfer personal data without ensuring adequate protection.

8. Security of your data

We use reasonable technical and organisational measures to protect personal data against unauthorised access, accidental loss, misuse, or disclosure. These measures may include access controls, secure storage, staff training, encryption where appropriate, and monitoring of systems and facilities. While no system can be guaranteed to be completely secure, we take data protection seriously and review safeguards regularly.

9. Your rights

You have rights under data protection law in relation to your personal data. Subject to legal conditions and exceptions, these rights may include:

  • Right of access: to request a copy of the personal data we hold about you.
  • Right to rectification: to ask us to correct inaccurate or incomplete data.
  • Right to erasure: to request deletion of data in certain circumstances.
  • Right to restriction: to ask us to limit processing in certain situations.
  • Right to object: to object to processing based on legitimate interests or direct marketing.
  • Right to data portability: to receive certain data in a structured, commonly used format.
  • Right to withdraw consent: where processing is based on consent, you may withdraw it at any time.

Please note that these rights are not absolute and may be subject to legal limitations, especially where we must retain information for compliance, security, or contractual reasons.

10. Cookies and similar technologies

If you interact with any digital systems we operate, we may use cookies or similar technologies to help the systems function, improve performance, and understand usage patterns. Where required, we will provide appropriate information and obtain consent for non-essential technologies.

11. Children

Our services are generally intended for adults or businesses acting through adult representatives. We do not knowingly collect personal data from children unless it is necessary in connection with a lawful customer relationship and appropriate authority has been provided.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. The most recent version will apply from the date it is published or otherwise communicated. We encourage customers to review it periodically.

13. Summary of your privacy protections

In short, Northharrow Storage collects only the personal data needed to operate safely and effectively, uses it for clear lawful purposes, retains it only as long as necessary, and shares it only with trusted processors or where required by law. We respect your rights and aim to handle all personal data fairly, lawfully, and transparently.

By using Northharrow Storage services, you acknowledge that this Privacy Policy applies to all Northharrow Storage customers in the area.

Call Now!
Call Now Get a Quote
Northharrow Storage

GDPR-compliant Privacy Policy for Northharrow Storage covering data collection, lawful basis, retention, processors, and user rights for all local customers.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.