Privacy Policy - Hanwell Storage

This Privacy Policy explains how Hanwell Storage collects, uses, stores, shares, and protects personal data relating to its customers and service users. It applies to all Hanwell Storage customers in the area, including individuals and businesses who enquire about, book, access, or otherwise use our storage services. We are committed to processing personal data fairly, lawfully, and transparently in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

By using Hanwell Storage services, you acknowledge that your personal information may be processed as described in this Privacy Policy. We only collect data that is necessary for the purposes set out below and take steps to ensure it is kept secure, accurate, and retained only for as long as needed.

1. Personal Data We Collect

We may collect and process the following categories of personal data:

  • Identity information such as your name, date of birth, and proof of identity where required.
  • Contact information such as address, email address, and telephone number.
  • Account and booking information including reservation details, storage unit numbers, start and end dates, and payment references.
  • Financial information such as billing address, payment status, and limited transaction records. We do not normally store full card details where payment processing is handled by a third-party processor.
  • Access and security information such as keyholder records, access logs, CCTV footage, and site entry records where applicable.
  • Communication records including emails, written correspondence, complaint details, and service queries.
  • Technical information such as IP address, device details, and website usage data if you interact with our digital services.

We may also receive personal data from third parties when necessary, for example from payment providers, identity verification services, legal representatives, or public authorities. Where we receive data from another source, we will only use it for the lawful and stated purposes outlined in this Policy.

2. How We Use Personal Data

We use personal data for the following purposes:

  • To register customers and manage storage agreements.
  • To verify identity and prevent fraud, unauthorised access, or misuse of our services.
  • To process payments, issue invoices, and administer accounts.
  • To maintain security, monitor access to our premises, and protect customers, staff, property, and assets.
  • To communicate about bookings, service changes, payments, and operational matters.
  • To handle complaints, disputes, and legal claims.
  • To meet legal, regulatory, accounting, and insurance obligations.
  • To improve the quality, safety, and efficiency of our services.

We will not use personal data in a way that is incompatible with the original purpose for which it was collected unless we have a lawful basis to do so and have informed you where necessary.

3. Lawful Basis for Processing

Hanwell Storage processes personal data only where a lawful basis under the UK GDPR applies. Depending on the context, our lawful bases may include:

  • Contract - processing is necessary to enter into or perform a storage agreement, manage your booking, provide access, and administer payments.
  • Legal obligation - processing is necessary to comply with laws relating to taxation, accounting, fraud prevention, health and safety, or lawful requests from authorities.
  • Legitimate interests - processing is necessary for our legitimate business interests, such as protecting our site, preventing loss or fraud, maintaining records, improving services, and resolving disputes, provided your rights and freedoms do not override those interests.
  • Consent - in limited cases, such as certain marketing activities or optional data uses, we may rely on your consent. Where consent is used, you may withdraw it at any time.

Where we process special category data, if ever required, we will do so only where an additional condition under data protection law applies.

4. Data Sharing and Processors

We may share personal data with trusted third parties who act as processors or, in some cases, independent controllers. These parties process data only as needed to provide services on our behalf or to comply with legal duties.

Examples of processors may include:

  • Payment processing providers who handle secure transaction processing.
  • IT, cloud storage, and software providers who support our booking, account, and record-keeping systems.
  • Security service providers who may support CCTV, alarm monitoring, or access control systems.
  • Professional advisers such as accountants, auditors, insurers, and legal advisers where necessary.
  • Identity verification or fraud prevention services where required for lawful and secure service delivery.

We require all processors to protect personal data through appropriate technical and organisational measures and to act only on our documented instructions. We do not sell personal data.

We may also disclose personal information where required by law, court order, regulatory request, or to protect our rights, property, customers, or staff. If a business transfer occurs, such as a sale or restructuring, personal data may be transferred in line with applicable law and safeguards.

5. International Transfers

If any service provider processes personal data outside the UK, we will ensure appropriate safeguards are in place to protect the data to a standard required by data protection law. These safeguards may include adequacy regulations, standard contractual clauses, or equivalent approved mechanisms.

6. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including to meet legal, tax, insurance, and reporting requirements. Retention periods vary depending on the type of record and the reason for processing.

  • Customer and contract records are generally kept for the duration of the storage relationship and for a reasonable period afterwards to manage queries, disputes, and legal claims.
  • Financial and accounting records are retained for the period required by applicable tax and accounting law.
  • Security and access records are retained only as long as necessary for safety, site management, incident investigation, and loss prevention.
  • CCTV footage is typically retained for a limited period unless required for an investigation, legal claim, or lawful request.
  • Communication records are kept for as long as needed to respond to enquiries and maintain proper business records.

When personal data is no longer needed, we will securely delete, anonymise, or destroy it. Where deletion is not immediately possible due to technical or legal reasons, we will ensure the data remains securely stored and isolated until it can be removed.

7. Your Rights Under Data Protection Law

You have several rights under the UK GDPR, subject to certain legal limitations and exemptions:

  • Right of access - you may request a copy of the personal data we hold about you.
  • Right to rectification - you may ask us to correct inaccurate or incomplete information.
  • Right to erasure - you may request deletion of your data in certain circumstances.
  • Right to restriction - you may ask us to limit processing in certain situations.
  • Right to object - you may object to processing based on legitimate interests or direct marketing.
  • Right to data portability - you may request transfer of certain information in a structured, commonly used format where applicable.
  • Right to withdraw consent - where processing is based on consent, you may withdraw it at any time.

If you wish to exercise any of these rights, we may need to verify your identity before responding. We will respond within the timeframes required by law unless your request is complex or numerous, in which case we may extend the period as permitted.

8. Security of Personal Data

We use appropriate security measures to protect personal data against unauthorised access, alteration, disclosure, or loss. These measures may include access controls, encryption, secure storage, staff training, monitoring, and physical security at our premises. While we work hard to protect data, no system is completely secure, and we cannot guarantee absolute security.

9. Children’s Data

Our services are not designed for children, and we do not knowingly collect personal data from children unless it is necessary in connection with a lawful storage arrangement or another legitimate business purpose. If we become aware that we have collected data unlawfully, we will take reasonable steps to delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, technology, or our business practices. Any updated version will apply from the date it is published or otherwise communicated. We encourage you to review this Policy periodically so that you remain informed about how your information is handled.

Hanwell Storage is dedicated to handling personal data responsibly and in a manner that respects your privacy rights. By maintaining clear rules on collection, lawful basis, retention, processors, and user rights, we aim to provide a secure and transparent storage service for all customers in the area.

Call Now!
Call Now Get a Quote
Hanwell Storage

GDPR-compliant Privacy Policy for Hanwell Storage covering data collection, lawful basis, retention, processors, and user rights for all local customers.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.