Privacy Policy - Wennington Storage

Last updated: This Privacy Policy explains how Wennington Storage collects, uses, stores, shares, and protects personal data in connection with the services we provide. It applies to all Wennington Storage customers in the area, including prospective customers, current customers, former customers, and anyone who interacts with us in relation to storage services.

1. Introduction

Wennington Storage is committed to handling personal data fairly, lawfully, and transparently. We respect your privacy and recognise our responsibilities under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy explains what information we collect, why we collect it, the legal grounds we rely on, how long we keep it, who may process it on our behalf, and what rights you have over your personal data.

By using our services, making enquiries, or otherwise providing personal data to us, you acknowledge that your information will be handled in accordance with this policy. We only process personal data where we have a lawful basis to do so and only for specified, explicit, and legitimate purposes.

2. Personal Data We Collect

We may collect and process the following categories of personal data:

  • Identity information such as your name, title, date of birth, and identification details where required for security or verification purposes.
  • Contact information such as your address, email address, and telephone number.
  • Account and service information including your customer reference, booking details, storage unit details, payment status, and service preferences.
  • Payment information such as billing details, payment records, and limited transaction information. We do not store full card details unless necessary and permitted through secure payment systems.
  • Security and access information such as entry logs, CCTV footage, incident reports, alarm records, and other information collected to protect people and property.
  • Communications including emails, letters, messages, complaints, queries, and notes relating to support or account management.
  • Technical information where relevant, such as device information or usage data collected through our systems for security, service improvement, or fraud prevention.

We may also receive personal data from third parties, including payment providers, contractors, fraud prevention services, insurers, or public authorities, where this is lawful and necessary for our operations.

3. How We Use Your Data

We use personal data for the following purposes:

  • to provide storage services, manage bookings, and administer customer accounts;
  • to verify identity and carry out security checks where needed;
  • to process payments, issue invoices, and manage arrears or refunds;
  • to maintain site safety, prevent theft, and protect against misuse or unauthorised access;
  • to communicate with you about your account, service changes, notices, and operational matters;
  • to respond to enquiries, complaints, and requests;
  • to comply with legal, regulatory, insurance, and tax obligations;
  • to investigate suspected fraud, damage, or misconduct;
  • to improve our services, systems, and customer experience;
  • to establish, exercise, or defend legal claims.

We ensure that any use of personal data is relevant and proportionate. We do not use your information for purposes incompatible with the reasons it was originally collected unless we have a lawful basis to do so.

4. Lawful Basis for Processing

Under data protection law, we must have a lawful basis for each processing activity. Depending on the circumstances, Wennington Storage may rely on one or more of the following lawful bases:

Contract

We process personal data when it is necessary to enter into or perform a contract with you. This includes managing bookings, providing access to storage units, issuing invoices, and delivering the services you request.

Legal Obligation

We process information where we must comply with a legal duty, such as tax records, accounting requirements, health and safety obligations, or lawful requests from authorities.

Legitimate Interests

We may process personal data where it is necessary for our legitimate interests, provided your interests and fundamental rights do not override those interests. This may include site security, CCTV monitoring, fraud prevention, service administration, internal record keeping, and protection of business property. When relying on legitimate interests, we assess the potential impact on your privacy and apply appropriate safeguards.

Consent

In some limited situations, we may rely on your consent, for example where it is required for a particular optional service. If we rely on consent, you may withdraw it at any time. Withdrawal will not affect processing already carried out before consent was withdrawn.

Vital Interests and Public Task

These bases are unlikely to apply in normal storage operations, but may be used in exceptional circumstances where necessary to protect someone’s life or where required by law.

5. Sharing and Processors

We may share personal data with trusted third parties where necessary and lawful. These may include:

  • Payment processors that handle card transactions or direct payments securely;
  • IT and cloud service providers that host systems, data storage, communications, and backup services;
  • Security providers supporting alarms, CCTV systems, access controls, and incident management;
  • Accountants and auditors assisting with financial administration, reporting, and compliance;
  • Legal advisers, insurers, and debt recovery providers where necessary to manage risk, claims, disputes, or unpaid balances;
  • Contractors and maintenance providers who require limited access for operational reasons;
  • Public authorities such as regulators, courts, or law enforcement where disclosure is required or permitted by law.

Where a third party processes personal data on our behalf, that party acts as a processor and is only permitted to use the data according to our instructions. We require processors to implement appropriate technical and organisational security measures and to protect personal data from unauthorised access, loss, or misuse. Where a third party determines its own purposes for processing, it acts as an independent controller and is responsible for its own compliance.

We do not sell personal data. We will not disclose your information to unrelated third parties for their own marketing purposes without a lawful basis.

6. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, including satisfying legal, accounting, operational, insurance, and reporting obligations. Retention periods vary depending on the nature of the data and the reason we hold it.

In general:

  • customer account and contract records are kept for the duration of the relationship and for a reasonable period afterwards;
  • financial and tax records are usually retained for the period required by law;
  • security records, including CCTV and access logs, are retained only for as long as necessary for security monitoring, incident investigation, or legal purposes;
  • complaints and correspondence are retained for as long as required to manage the issue and maintain records of our handling;
  • records relating to legal claims may be retained until the matter is resolved and any applicable limitation period has expired.

When data is no longer required, we will securely delete, anonymise, or archive it in accordance with our retention practices. We apply retention controls to reduce the amount of personal data we keep to the minimum necessary.

7. Security of Personal Data

We take appropriate technical and organisational measures to protect personal data against accidental loss, unlawful access, destruction, alteration, or disclosure. These measures may include access controls, encryption, secure storage, staff training, and restricted permissions.

Although we work to safeguard information, no system can be guaranteed to be completely secure. If a personal data breach occurs that is likely to result in a risk to your rights and freedoms, we will take appropriate steps in line with legal requirements, which may include notifying the relevant authorities and affected individuals where necessary.

8. Your Rights

Depending on the circumstances and the legal basis for processing, you may have the following rights in relation to your personal data:

  • Right of access – to request a copy of the personal data we hold about you.
  • Right to rectification – to ask us to correct inaccurate or incomplete data.
  • Right to erasure – to request deletion of your data in certain situations.
  • Right to restriction – to ask us to limit how we use your data in some circumstances.
  • Right to object – to object to processing based on legitimate interests or direct marketing.
  • Right to data portability – to receive certain data in a structured, commonly used, machine-readable format where applicable.
  • Right to withdraw consent – where processing relies on consent.
  • Right to complain – to raise concerns with the supervisory authority if you believe your data has been mishandled.

We may need to verify your identity before responding to a rights request. Some rights are not absolute and may be limited by legal obligations, security needs, or the rights of others. Where a request cannot be fully met, we will explain why.

9. International Transfers

Where personal data is transferred outside the UK, we will ensure that appropriate safeguards are in place to protect it. These safeguards may include adequacy regulations, standard contractual clauses, or equivalent legal mechanisms recognised under data protection law.

10. Children’s Data

Our storage services are generally intended for adults and business or household customers. We do not knowingly collect personal data from children unless it is necessary and lawful in connection with our services, for example where a parent or guardian provides information on a child’s behalf. If we become aware that we have collected data unlawfully from a child, we will take appropriate steps to remove it.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect legal, operational, or service changes. Any revised policy will apply from the date it is published or otherwise communicated. We encourage customers to review this policy periodically so they remain informed about how their personal data is handled.

12. Summary of Our Commitment

Wennington Storage is committed to responsible data handling. We collect only the information we need, use it for clear and lawful purposes, share it only when necessary, and retain it for no longer than required. We also respect your rights and aim to respond to any privacy concerns promptly and fairly. Your trust matters to us, and we will continue to process personal data in a way that is secure, transparent, and consistent with GDPR principles.

Call Now!
Call Now Get a Quote
Wennington Storage

GDPR-compliant privacy policy for Wennington Storage covering data collection, lawful basis, retention, processors, and user rights for all local customers.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.