Privacy Policy - Mertonpark Storage

This Privacy Policy explains how Mertonpark Storage collects, uses, stores, shares, and protects personal data relating to its customers in the area. It applies to all Mertonpark Storage customers in area, including prospective customers, current customers, account holders, and any individuals whose personal data is processed in connection with storage services, billing, access management, security, or customer support.

We are committed to handling personal data in a way that is lawful, fair, transparent, and secure, in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy should be read together with any contractual terms that apply to our storage services.

1. Personal Data We Collect

We may collect and process the following categories of personal data:

  • Identity data: name, date of birth, and, where relevant, identification details used to verify identity.
  • Contact data: address, email address, telephone number, and emergency contact details if provided.
  • Account data: account references, storage unit details, move-in and move-out dates, payment status, and service preferences.
  • Financial data: billing details, transaction records, payment confirmations, and limited financial information needed to manage payments.
  • Technical and usage data: device information, access logs, IP address, and information about how our systems are used.
  • Security and access data: key codes, gate access records, CCTV recordings, and site entry or exit information where applicable.
  • Communication data: enquiries, complaints, correspondence, and records of interactions with customer support.

We generally collect personal data directly from customers when they open an account, use storage services, make payments, communicate with us, or otherwise interact with our systems. We may also receive data from third parties, such as payment providers, identity verification services, contractors, insurers, legal advisers, and other parties involved in providing or supporting our services.

2. How We Use Personal Data

We use personal data for the following purposes:

  • to create and manage customer accounts;
  • to provide storage services and maintain access control;
  • to process payments, invoices, refunds, and account balances;
  • to verify identity and prevent fraud, misuse, or unauthorised access;
  • to monitor site security and protect property, staff, customers, and facilities;
  • to respond to enquiries, complaints, and service requests;
  • to manage contract performance and enforce terms where necessary;
  • to comply with legal and regulatory obligations;
  • to improve services, systems, and operational efficiency;
  • to establish, exercise, or defend legal claims.

We only process personal data where we have a valid lawful basis to do so and where the processing is necessary for the stated purpose.

3. Lawful Basis for Processing

Under data protection law, we rely on one or more of the following lawful bases:

Contract

We process personal data where it is necessary to enter into or perform a contract with you. This includes creating your account, providing storage services, managing access, and processing payments.

Legal Obligation

We may process personal data where required to comply with legal obligations, such as accounting, tax, fraud prevention, health and safety, record keeping, or responding to lawful requests from authorities.

Legitimate Interests

We may process personal data where it is necessary for our legitimate business interests, provided those interests are not overridden by your rights and freedoms. Examples include site security, CCTV monitoring, service improvement, internal administration, and protection against misuse or unauthorised activity.

Consent

In limited cases, we may rely on your consent, for example for certain optional communications or non-essential processing. Where we rely on consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing carried out before consent was withdrawn.

4. Data Sharing and Processors

We may share personal data with third parties where necessary for the operation of our services, where required by law, or where we have another valid legal basis. These third parties may act as data processors or as separate controllers depending on the nature of the service they provide.

Typical processors and service providers may include:

  • Payment processors handling card payments and billing transactions;
  • IT and cloud service providers supporting storage, email, system hosting, and data backup;
  • Security providers managing alarms, surveillance systems, or access control solutions;
  • Professional advisers such as accountants, auditors, legal advisers, and insurers;
  • Maintenance and facilities contractors assisting with site operations;
  • Identity verification and fraud prevention providers where checks are necessary;
  • Debt recovery or legal service providers if account enforcement is needed.

Where we use processors, we require them to act only on our instructions, to keep personal data secure, and to use it only for the specific service they provide. We do not sell personal data.

5. International Transfers

If any processor or service provider stores or processes data outside the UK, we will ensure appropriate safeguards are in place. These may include adequacy regulations, standard contractual clauses, or other lawful transfer mechanisms recognised under applicable data protection law.

6. Data Retention

We keep personal data only for as long as necessary for the purposes for which it was collected, and in accordance with legal, contractual, and operational requirements. Retention periods may vary depending on the category of information and the reason for holding it.

  • Customer account and contract records: retained for the duration of the relationship and for a reasonable period after closure to manage disputes or legal claims.
  • Payment and invoicing records: retained for accounting, tax, and audit purposes in line with legal requirements.
  • Security and access records: retained for a limited period necessary for safety, fraud prevention, and incident management.
  • CCTV footage: retained for a short operational period unless required for investigation, enforcement, or legal proceedings.
  • Correspondence and complaints: retained as needed to resolve issues, document actions taken, and defend legal claims.

When data is no longer required, it is securely deleted, anonymised, or otherwise disposed of in accordance with our retention procedures.

7. Data Security

We take appropriate technical and organisational measures to protect personal data from unauthorised access, accidental loss, alteration, disclosure, or destruction. These measures may include access restrictions, secure systems, encryption, staff training, monitoring, and physical security controls. While we take reasonable steps to protect data, no system can be guaranteed to be completely secure.

8. Your Rights

Subject to applicable law, you may have the following rights in relation to your personal data:

  • Right of access: to request a copy of the personal data we hold about you.
  • Right to rectification: to request correction of inaccurate or incomplete data.
  • Right to erasure: to request deletion of data in certain circumstances.
  • Right to restrict processing: to request limits on how we use your data in certain situations.
  • Right to object: to object to processing based on legitimate interests or direct marketing, where applicable.
  • Right to data portability: to request transfer of certain data in a structured, commonly used format, where applicable.
  • Right to withdraw consent: where processing is based on consent, you may withdraw it at any time.

You may also have the right to challenge decisions made solely by automated means, although we do not generally use automated decision-making that has legal or similarly significant effects.

If you wish to exercise any of these rights, we may need to verify your identity before responding. We will respond within the time limits required by law unless an extension is permitted due to complexity or volume.

9. Children’s Data

Our services are intended for adults. We do not knowingly collect personal data from children unless it is provided incidentally in connection with an account or service arrangement and there is a lawful basis to process it. If we become aware that we have collected data from a child without proper authorisation or lawful basis, we will take appropriate steps to delete or protect it.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or data protection practices. Any updated version will apply from the date it is issued. We encourage customers to review this policy periodically so they remain informed about how personal data is handled.

11. Complaints and Further Information

If you have concerns about how your personal data is handled, you may raise them with us in accordance with our internal complaints process. You also have the right to lodge a complaint with the relevant data protection supervisory authority if you believe your rights have been infringed.

This policy is designed to provide clear information about our data practices in a concise and transparent way. Privacy, security, and accountability are central to how Mertonpark Storage operates, and we aim to treat all personal data with care and respect.

Call Now!
Call Now Get a Quote
Mertonpark Storage

GDPR-compliant Privacy Policy for Mertonpark Storage covering data collection, lawful basis, retention, processors, and user rights for all customers in area.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.