Privacy Policy - Clerkenwell Storage

This Privacy Policy explains how Clerkenwell Storage collects, uses, stores, shares, and protects personal data relating to customers and prospective customers. It applies to all Clerkenwell Storage customers in the area, including individuals and businesses using our storage services, making enquiries, or otherwise interacting with us in connection with those services. We are committed to handling personal data in a lawful, fair, and transparent manner in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who this policy applies to

This policy applies to all Clerkenwell Storage customers in area, including account holders, authorised users, payment contacts, delivery contacts, visitors to our facilities where personal data is collected, and individuals who contact us about storage services. It also applies to people whose data we receive from customers, such as emergency contacts, business representatives, and third-party payers.

2. Information we collect

We only collect personal data that is relevant and necessary for the provision and management of our storage services. The types of information we may collect include:

  • Identity information: name, date of birth, and identification details where required.
  • Contact information: postal address, email address, telephone number, and billing address.
  • Account and contract information: storage unit details, service preferences, agreements, correspondence, and customer records.
  • Payment information: transaction records, payment status, and limited payment details processed through secure payment providers.
  • Security and access information: entry logs, CCTV footage, alarm records, and access credentials where applicable.
  • Communication data: emails, written messages, telephone notes, and any feedback or complaints.
  • Technical data: limited website or device data if you interact with our digital services, such as IP address, browser type, and usage data.

We do not intentionally collect special category data unless you voluntarily provide it and it is necessary for a specific lawful purpose. We ask that you do not send sensitive personal data unless specifically requested.

3. How we use personal data

We use personal data for the following purposes:

  • to provide storage services and manage customer accounts;
  • to verify identity and administer access to facilities;
  • to process payments, invoices, refunds, and account balances;
  • to communicate with customers about bookings, renewals, notices, and service updates;
  • to maintain security, prevent fraud, and protect property;
  • to comply with legal and regulatory obligations;
  • to handle complaints, disputes, and customer support;
  • to improve our services, systems, and internal operations;
  • to exercise or defend legal claims where necessary.

We will only use personal data in ways that are compatible with the purposes for which it was collected, unless we have a valid legal reason to do otherwise.

4. Lawful basis for processing

Under UK GDPR, we must have a lawful basis for processing personal data. Depending on the situation, Clerkenwell Storage relies on one or more of the following lawful bases:

Contract

We process personal data where it is necessary to enter into or perform a contract with you. This includes setting up storage services, managing your account, taking payment, and providing customer support.

Legal obligation

We may process personal data to comply with legal requirements, such as accounting, tax, fraud prevention, record keeping, or responses to lawful requests from authorities.

Legitimate interests

We may process personal data where it is necessary for our legitimate business interests, provided those interests are not overridden by your rights and freedoms. This includes maintaining site security, preventing misuse of our services, improving operations, and managing customer communications. We always balance our interests against your privacy rights.

Consent

In limited cases, we may rely on your consent, for example where we use optional marketing communications or certain non-essential technologies. Where consent is used, you may withdraw it at any time.

5. Sharing personal data and processors

We may share personal data with trusted third parties where necessary for the purposes described in this policy. These third parties act either as independent data controllers or as processors acting on our instructions. We only use processors that provide sufficient guarantees regarding security, confidentiality, and GDPR compliance.

Examples of processors and service providers may include:

  • Payment processors that handle card or online transactions securely;
  • IT and cloud service providers that host systems, software, or data storage;
  • Security providers that support monitoring, alarms, or CCTV systems;
  • Accountancy and bookkeeping providers that assist with financial administration;
  • Customer service and communications providers that help manage messaging and records;
  • Professional advisers such as lawyers, insurers, and auditors;
  • Public authorities where disclosure is required by law or to protect rights and safety.

Where processors handle data on our behalf, they are contractually required to process data only according to our instructions, keep it secure, and delete or return it when no longer needed. We do not sell personal data.

6. International transfers

If any personal data is transferred outside the UK, we will ensure appropriate safeguards are in place, such as an adequacy decision, standard contractual clauses, or another lawful transfer mechanism. This is done to ensure your information remains protected to a standard consistent with UK GDPR requirements.

7. Data retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including any legal, accounting, or reporting obligations. Retention periods vary depending on the type of information and the reason it is held.

  • Customer account and contract records: kept for the duration of the relationship and for a reasonable period afterwards.
  • Financial and tax records: kept for the period required by law.
  • Security records such as access logs or CCTV: retained for a limited period unless needed longer for investigation or legal reasons.
  • Enquiries and communication records: retained as long as needed to respond to the enquiry and manage follow-up matters.

When personal data is no longer required, we will securely delete, anonymise, or destroy it. Retention is determined by legal requirements, operational needs, and security considerations.

8. Your rights

As a data subject under UK GDPR, you have important rights in relation to your personal data. Subject to legal limitations, these rights include:

  • Right of access: you may request a copy of the personal data we hold about you;
  • Right to rectification: you may ask us to correct inaccurate or incomplete data;
  • Right to erasure: you may request deletion of data in certain circumstances;
  • Right to restriction: you may ask us to limit how we use your data;
  • Right to object: you may object to processing based on legitimate interests or direct marketing;
  • Right to data portability: you may request certain data in a structured, commonly used format;
  • Right to withdraw consent: where processing is based on consent, you may withdraw it at any time;
  • Right to complain: you may raise concerns with the UK Information Commissioner's Office if you believe your data rights have been infringed.

We may need to verify your identity before responding to a rights request. In some cases, legal obligations or legitimate business needs may mean we cannot fully comply with a request, but we will explain our position clearly.

9. Data security

We use appropriate technical and organisational measures to protect personal data against accidental loss, unauthorised access, misuse, alteration, or disclosure. These measures may include access controls, secure systems, staff training, encryption, and physical security measures. While no system is completely secure, we take data protection seriously and continually review our controls.

10. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in law, our services, or our internal practices. Any updates will apply from the date they are published or otherwise communicated. We encourage customers to review this policy periodically to stay informed about how their personal data is handled.

11. Summary of our commitments

Clerkenwell Storage is committed to processing personal data lawfully, fairly, and transparently. We collect only what we need, use it for clearly defined purposes, share it only with trusted processors or where required by law, and keep it only for as long as necessary. We respect your rights and aim to safeguard your information at every stage.

By using Clerkenwell Storage services, you acknowledge that your personal data will be processed in accordance with this Privacy Policy.

Call Now!
Call Now Get a Quote
Clerkenwell Storage

GDPR-compliant Privacy Policy for Clerkenwell Storage covering data collection, lawful basis, retention, processors, and user rights.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.