Privacy Policy - Cranford Storage

Cranford Storage is committed to protecting the privacy and personal data of all customers in our area. This Privacy Policy explains how we collect, use, store, share, and safeguard personal information in line with the UK GDPR and the Data Protection Act 2018. It applies to all Cranford Storage customers in area, including current customers, former customers, prospective customers, and any person who contacts us or uses our services.

1. Who We Are

Cranford Storage provides storage services to individuals and businesses. For the purposes of data protection law, Cranford Storage is the data controller for the personal information described in this policy. This means we determine the purposes and means of processing your personal data.

2. Personal Data We Collect

We collect and process only the information needed to provide our services, manage our relationship with customers, comply with legal obligations, and protect our business and customers. The types of data we may collect include:

  • Identity details such as your name, title, and date of birth where required for verification.
  • Contact details such as postal address, email address, and telephone number.
  • Account and contract information such as customer account references, service preferences, booking details, payment status, and storage unit records.
  • Payment information such as billing details and transaction records. We do not store full card details where payment processing is handled by a secure third-party provider.
  • Security information such as access logs, CCTV images, key or access control records, and incident reports where necessary for site security and safety.
  • Correspondence including complaints, enquiries, feedback, and any information you provide when communicating with us.
  • Verification documents where needed to confirm identity, address, or authority to act on behalf of another person.

We generally do not seek to collect special category data unless it is provided to us by you and is necessary for a specific and lawful purpose, such as handling an accessibility-related request or resolving a dispute. Where such data is processed, we apply additional safeguards.

3. How We Use Your Data

We use personal data for the following purposes:

  • To register and manage your storage account.
  • To provide, maintain, and administer our storage services.
  • To process payments, refunds, and invoices.
  • To communicate about contracts, service updates, notices, and customer support.
  • To monitor site security, prevent fraud, and protect property.
  • To investigate incidents, breaches of contract, or misuse of our facilities.
  • To comply with legal and regulatory obligations.
  • To defend or establish legal claims where necessary.

We only process personal data for specified, explicit, and legitimate purposes and do not use it in ways that are incompatible with those purposes.

4. Lawful Basis for Processing

Under the UK GDPR, we must have a lawful basis to process your personal data. Depending on the context, Cranford Storage relies on the following lawful bases:

Contract

We process personal data where it is necessary to enter into or perform a contract with you, such as setting up your storage agreement, managing payments, and delivering the services you request.

Legal Obligation

We process data where needed to comply with legal requirements, including accounting, tax, fraud prevention, health and safety, and lawful requests from public authorities.

Legitimate Interests

We may process data for our legitimate business interests, such as securing our premises, preventing theft or damage, managing disputes, improving our services, and maintaining accurate records. When we rely on legitimate interests, we consider whether our interests are overridden by your rights and freedoms.

Consent

In limited situations, we may rely on your consent, for example where consent is required for a particular optional communication or for certain types of processing. Where we rely on consent, you may withdraw it at any time.

Vital Interests

In rare situations, we may process data to protect someone’s life or physical safety.

Special category data, if processed, will be handled only where a specific lawful condition applies under Article 9 UK GDPR and additional protections are in place.

5. Sharing Your Personal Data

We may share personal data with trusted third parties where necessary and lawful. These may include:

  • Payment processors that handle card or electronic payments securely.
  • IT and cloud service providers that support our systems, data storage, and communications.
  • Security service providers that help manage access control, alarm monitoring, or CCTV systems.
  • Professional advisers such as accountants, insurers, legal advisers, and auditors.
  • Government bodies, law enforcement, or regulatory authorities where disclosure is required or permitted by law.
  • Debt recovery or dispute resolution services where needed to manage unpaid accounts or contractual issues.

All processors and service providers are required to handle personal data securely, act only on our instructions, and maintain appropriate confidentiality and data protection standards.

6. International Transfers

Where any of our processors or service providers are located outside the United Kingdom, we will ensure appropriate safeguards are in place before transferring personal data. These safeguards may include adequacy regulations, standard contractual clauses, or other lawful transfer mechanisms approved under applicable data protection law.

7. Data Retention

We keep personal data only for as long as necessary for the purposes for which it was collected, including to meet legal, accounting, and reporting obligations. Retention periods depend on the type of data and the reason for processing.

  • Customer account and contract records are generally retained for the duration of the relationship and for a period after it ends to manage claims and administrative matters.
  • Financial and tax records are retained for the period required by law.
  • Security records, including access logs and CCTV, are retained for a limited period unless needed for an investigation, legal claim, or regulatory requirement.
  • Enquiries and correspondence are retained for as long as necessary to resolve the matter and maintain accurate records.

When personal data is no longer required, we will securely delete, anonymise, or destroy it.

8. Data Security

We use appropriate technical and organisational measures to protect personal data against loss, misuse, unauthorised access, alteration, or disclosure. These measures may include restricted access controls, secure storage, staff confidentiality obligations, system monitoring, and supplier due diligence. Although no system can be guaranteed completely secure, we take reasonable steps to reduce risk and respond promptly to incidents.

9. Your Rights

Under data protection law, you have several rights in relation to your personal data. These rights may apply depending on the circumstances:

  • Right of access – you can request confirmation of whether we process your data and obtain a copy of it.
  • Right to rectification – you can ask us to correct inaccurate or incomplete data.
  • Right to erasure – you can request deletion of your data in certain situations.
  • Right to restrict processing – you can ask us to limit use of your data in certain cases.
  • Right to data portability – you can request that data you provided to us be transferred to you or another controller, where applicable.
  • Right to object – you can object to processing based on legitimate interests or direct marketing.
  • Right to withdraw consent – where processing is based on consent, you may withdraw it at any time.

You will not usually have to pay a fee to exercise your rights. We may need to verify your identity before responding. We aim to respond within the time limits set by law.

10. Complaints and Supervisory Authority

If you are unhappy with how we handle your personal data, you may raise a concern with us so we can review the issue. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) or another relevant supervisory authority if you believe your data protection rights have been breached.

11. Children’s Data

Our services are generally intended for adults and business customers. Where we become aware that we hold personal data relating to a child, we will only process it where lawful and necessary, and with suitable safeguards.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, our services, or our data handling practices. Any updated version will apply from the date it is published or otherwise communicated to customers. We encourage you to review this policy periodically to stay informed about how we protect your personal data.

Effective principles: data minimisation, purpose limitation, storage limitation, accuracy, integrity, confidentiality, and accountability guide how Cranford Storage handles personal data. We are committed to processing information fairly, lawfully, and transparently for all Cranford Storage customers in area.

Call Now!
Call Now Get a Quote
Cranford Storage

GDPR-compliant privacy policy for Cranford Storage covering data collection, lawful basis, retention, processors, and customer rights.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.