Privacy Policy - Elmpark Storage

Elmpark Storage is committed to protecting the privacy and personal data of all customers in our area. This Privacy Policy explains how we collect, use, share, store, and protect personal information in accordance with the General Data Protection Regulation (GDPR) and applicable data protection laws. It applies to all Elmpark Storage customers in area, including prospective customers, current customers, former customers, and individuals who enquire about our services.

1. Personal Data We Collect

We collect only the personal data that is necessary for lawful and legitimate business purposes. The information we may collect includes:

  • Identity details: full name, title, and date of birth where needed for verification.
  • Contact details: address, email address, telephone number, and emergency contact information where appropriate.
  • Account and service details: rental agreement information, unit number, access records, payment records, and service history.
  • Identification data: copies of identification documents when required for identity checks or fraud prevention.
  • Financial information: billing details, payment status, and transaction records. We do not intentionally store full card details unless handled securely by a payment provider.
  • Security and usage data: CCTV footage, access logs, site entry records, and event reports where necessary for safety and security.
  • Communication data: records of emails, phone calls, messages, complaints, service requests, and other correspondence.

We may also receive information from third parties such as payment processors, identity verification providers, debt recovery services, or public authorities where permitted by law. We do not collect more data than is needed for the intended purpose.

2. How We Use Personal Data

We use personal data to provide storage services and manage our business operations. This includes:

  • setting up and administering customer accounts;
  • verifying identity and preventing fraud;
  • processing payments and managing billing;
  • providing access to storage units and site facilities;
  • communicating about bookings, renewals, notices, and service changes;
  • ensuring security, safety, and site protection;
  • handling disputes, complaints, and claims;
  • complying with legal and regulatory obligations;
  • improving our services, systems, and customer experience.

Where possible, we use anonymised or aggregated information for internal reporting and service improvement.

3. Lawful Basis for Processing

We process personal data only when we have a lawful basis under GDPR. Depending on the circumstances, our lawful bases may include:

Contract

We process information that is necessary to enter into or perform our storage agreement with you. This includes account setup, payment processing, access management, and service communication.

Legal Obligation

We may process data where required to comply with laws, court orders, tax rules, accounting obligations, anti-fraud requirements, or requests from authorities.

Legitimate Interests

We may process data for legitimate business interests, such as site security, loss prevention, improving services, business administration, and protecting our legal rights. When relying on legitimate interests, we ensure that our interests do not override your rights and freedoms.

Consent

In limited cases, we may rely on your consent, for example for certain optional communications or uses that are not necessary for the contract. Where consent is used, you may withdraw it at any time.

Vital Interests

In rare circumstances, we may process data to protect someone’s vital interests, such as responding to an emergency or serious incident.

4. Sharing and Processors

We may share personal data with trusted third parties that support our operations. These parties act as data processors or independent controllers depending on the service provided. They are required to handle personal data securely and in line with GDPR. Examples may include:

  • Payment processors: to handle secure payments and refunds;
  • IT and cloud service providers: to host systems, store data, and support communications;
  • Security providers: to manage CCTV systems, alarms, and site protection;
  • Identity verification providers: to confirm identity and reduce fraud risk;
  • Professional advisers: such as accountants, auditors, legal advisers, and insurers;
  • Debt recovery or collection services: where payment issues require formal recovery action;
  • Public authorities: where disclosure is required by law or necessary to protect rights, property, or safety.

We do not sell personal data. If personal data is transferred outside the UK or EEA, we ensure appropriate safeguards are in place, such as standard contractual clauses or other lawful transfer mechanisms.

5. Data Retention

We keep personal data only for as long as necessary for the purposes for which it was collected, unless a longer retention period is required or permitted by law. Retention periods depend on the type of data and the reason for processing. For example:

  • Customer account and contract records: retained for the duration of the agreement and for a reasonable period afterward for legal, tax, and contractual purposes;
  • Payment and accounting records: retained in line with financial and tax obligations;
  • Security records and CCTV: retained only for as long as needed for security, incident investigation, or legal claims;
  • Enquiry and correspondence records: retained for business administration and customer support purposes;
  • Legal claims or disputes: retained until the matter is resolved and any related limitation period has expired.

When data is no longer needed, we will securely delete, anonymise, or archive it in accordance with our retention practices. Retention is limited to what is necessary and proportionate.

6. Data Security

We apply appropriate technical and organisational measures to protect personal data against accidental loss, unauthorised access, misuse, disclosure, alteration, or destruction. These measures may include access controls, encryption, secure storage, staff training, and limited access permissions. While no system can be guaranteed completely secure, we work to maintain a high standard of protection and regularly review our safeguards.

7. Your Rights Under GDPR

As a data subject, you have rights in relation to your personal data. Subject to legal conditions and exemptions, these rights include:

  • Right of access: you can request a copy of the personal data we hold about you;
  • Right to rectification: you can ask us to correct inaccurate or incomplete data;
  • Right to erasure: you can request deletion of your data in certain circumstances;
  • Right to restriction: you can ask us to limit how we use your data in certain cases;
  • Right to object: you can object to processing based on legitimate interests or direct marketing;
  • Right to data portability: you can request a copy of certain data in a structured, commonly used format;
  • Right to withdraw consent: if processing is based on consent, you may withdraw it at any time;
  • Right to lodge a complaint: you may raise concerns with the relevant data protection authority if you believe your rights have been infringed.

We will respond to valid requests in line with GDPR timeframes and requirements. In some cases, we may need to verify your identity before acting on a request.

8. Cookies and Similar Technologies

Where applicable, we may use cookies or similar technologies on our systems to support functionality, security, and service improvement. Any such use will be limited to what is necessary and will be managed in line with applicable law. If consent is required for any non-essential cookies, it will be obtained appropriately.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or services. Any updates will take effect when published or otherwise communicated. We encourage customers to review the policy periodically to stay informed.

10. Scope of This Policy

This Privacy Policy applies to all Elmpark Storage customers in area and to individuals whose personal data is processed by us in connection with our storage services. By using our services, making an enquiry, or entering into an agreement with us, you acknowledge that your information will be handled in accordance with this policy and applicable data protection law.

Elmpark Storage respects your privacy and is committed to processing personal data fairly, lawfully, transparently, and securely. We will only use information for clearly defined purposes and will protect your rights throughout the lifecycle of the data we hold.

Call Now!
Call Now Get a Quote
Elmpark Storage

GDPR-compliant Privacy Policy for Elmpark Storage covering data collection, lawful basis, retention, processors, rights, and security.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.