Privacy Policy - Sevensisters Storage

Effective date: This Privacy Policy applies to all Sevensisters Storage customers in area.

This Privacy Policy explains how Sevensisters Storage collects, uses, shares, stores, and protects personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. It also explains the rights available to individuals whose personal data we process.

For the purposes of this policy, “personal data” means any information relating to an identified or identifiable individual. We are committed to processing personal data lawfully, fairly, and transparently, and to respecting the privacy of all customers, visitors, suppliers, and other individuals whose data we handle.

1. Scope of this Policy

This policy applies to all Sevensisters Storage customers in area, including individuals using storage units, associated services, account holders, authorised users, and anyone who interacts with us in connection with our business. It also applies to data we receive from landlords, payment providers, contractors, insurers, legal advisers, and other third parties where relevant to our services.

By using our services, you acknowledge that personal data may be processed in the ways described in this policy. We only collect and use data where we have a lawful basis to do so and where such processing is necessary, proportionate, and secure.

2. Personal Data We Collect

We may collect and process the following categories of personal data:

  • Identity data: name, date of birth, and identification details used to verify identity.
  • Contact data: address, email address, telephone number, and correspondence details.
  • Account data: customer reference numbers, account status, booking details, storage unit details, and service preferences.
  • Payment data: billing information, transaction records, and payment confirmations. We do not store full card details where payment processing is handled by a payment provider.
  • Security data: CCTV images, access logs, alarm records, and vehicle registration information where used for site security and incident management.
  • Communications data: emails, messages, complaints, queries, and records of telephone or written communication.
  • Technical data: IP address, device information, browser details, and usage data where applicable to our systems.
  • Legal and compliance data: information required to comply with anti-fraud, insurance, tax, or regulatory obligations.

We generally collect personal data directly from you when you make an enquiry, sign an agreement, use our services, make payments, or communicate with us. In some cases, we may receive information from authorised representatives, insurers, credit reference agencies, law enforcement, or other third parties where permitted by law.

3. How We Use Personal Data

We use personal data for the following purposes:

  • to provide storage services and manage customer accounts;
  • to verify identity and prevent fraud;
  • to process payments, invoices, refunds, and account adjustments;
  • to maintain site safety, security, and access control;
  • to communicate with customers about bookings, renewals, service updates, or issues;
  • to handle complaints, claims, and disputes;
  • to comply with legal, tax, accounting, insurance, and regulatory obligations;
  • to protect our rights, property, staff, and customers;
  • to improve our services, processes, and customer experience;
  • to keep business records and manage internal administration.

We do not use personal data for purposes that are incompatible with the reasons it was collected unless we have a lawful basis to do so and, where required, notify you of that further use.

4. Lawful Basis for Processing

Under the UK GDPR, we must have a lawful basis to process personal data. Depending on the context, Sevensisters Storage relies on one or more of the following lawful bases:

Contract

We process personal data where it is necessary to enter into or perform a contract with you. This includes setting up an account, providing storage services, managing payments, and communicating about the agreement.

Legal Obligation

We may process data where necessary to comply with legal requirements, such as tax, accounting, consumer protection, fraud prevention, or lawful requests from public authorities.

Legitimate Interests

We process certain data where it is necessary for our legitimate business interests, provided these interests do not override your rights and freedoms. Examples include site security, CCTV monitoring, access logging, service improvement, debt recovery, and protecting against misuse of our services. Where we rely on legitimate interests, we ensure that the processing is proportionate and that appropriate safeguards are in place.

Consent

In limited cases, we may rely on your consent, for example for certain optional communications or specific uses that require permission. Where we rely on consent, you can withdraw it at any time. Withdrawal will not affect the lawfulness of processing carried out before consent was withdrawn.

5. Sharing and Processors

We may share personal data with trusted third parties where necessary for the operation of our business and the delivery of our services. These third parties may act as processors or, in some cases, independent controllers.

Examples of processors may include:

  • payment processors for handling card or electronic payments;
  • IT and cloud service providers for hosting, storage, email, and system support;
  • security providers for CCTV, alarms, access systems, and monitoring services;
  • customer management and booking system providers used to administer services;
  • accountants and professional advisers where they process data on our behalf;
  • maintenance and facilities contractors where access to limited data is required to perform work.

We require processors to handle personal data only on our instructions, to use appropriate technical and organisational security measures, and to comply with data protection law. We do not sell personal data.

We may also disclose personal data where necessary:

  • to comply with legal obligations or court orders;
  • to protect the rights, safety, or property of Sevensisters Storage, our customers, staff, or others;
  • in connection with insurance claims, audits, or disputes;
  • in the event of a business transfer, merger, or restructuring, subject to applicable law.

6. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, including to meet contractual, legal, accounting, insurance, and operational requirements. Retention periods may vary depending on the type of data and the reason for processing.

In general, we will retain:

  • customer account and contract records for the duration of the relationship and for a reasonable period afterwards;
  • financial and transaction records for the period required by tax and accounting laws;
  • CCTV and access records for a limited period unless an incident, claim, or investigation requires longer retention;
  • correspondence and complaints for as long as needed to resolve matters and maintain business records.

When personal data is no longer needed, it is securely deleted, anonymised, or otherwise disposed of in a safe manner. We will not keep data longer than is necessary for the purpose for which it was collected.

7. Security of Personal Data

We take appropriate technical and organisational measures to protect personal data against unauthorised access, unlawful processing, accidental loss, destruction, or damage. These measures may include access controls, encryption, secure storage, staff training, and restricted system permissions. While no system can be guaranteed to be completely secure, we work to maintain a level of protection appropriate to the risks associated with the data we process.

Where personal data is processed by third-party processors, we require them to implement similar safeguards.

8. International Transfers

If personal data is transferred outside the UK or EEA, we will ensure that suitable safeguards are in place, such as an adequacy decision, the UK International Data Transfer Agreement, the UK Addendum, or another legally recognised safeguard. We only allow international transfers where they are lawful and appropriate protections are available.

9. Your Rights

Under data protection law, individuals have rights regarding their personal data. Subject to certain conditions and exceptions, you may have the right to:

  • access the personal data we hold about you;
  • rectify inaccurate or incomplete data;
  • erase your data in certain circumstances;
  • restrict processing in certain situations;
  • object to processing based on legitimate interests or direct marketing;
  • data portability for data provided by you and processed by automated means on the basis of consent or contract;
  • withdraw consent where we rely on consent;
  • complain to the Information Commissioner’s Office (ICO) if you believe your data rights have been infringed.

We may need to verify your identity before responding to a rights request. We aim to respond without undue delay and within the time limits set by law.

10. Children’s Data

Our services are not designed for children, and we do not knowingly collect personal data from individuals under the age of 18 unless it is necessary in connection with a customer account or lawful arrangement. If we become aware that we have collected data from a child without appropriate authority, we will take steps to address it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. When we do so, we will publish the revised version and update the effective date where appropriate. We encourage customers to review this policy periodically to stay informed about how we process personal data.

12. Further Information

If you have questions about this Privacy Policy or how we handle personal data, you may request further information through our usual customer communication channels. We take privacy seriously and aim to handle all personal data in a lawful, transparent, and respectful manner.

Summary: Sevensisters Storage processes personal data lawfully, retains it only as needed, shares it with trusted processors, and respects customer rights under UK GDPR.

Call Now!
Call Now Get a Quote
Sevensisters Storage

GDPR-compliant privacy policy for Sevensisters Storage covering collection, lawful basis, retention, processors, and user rights.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.