Privacy Policy - Bromley Storage

Effective Date: This Privacy Policy applies to all Bromley Storage customers in area and explains how we collect, use, store, share, and protect personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

We are committed to handling personal information lawfully, fairly, and transparently. This policy applies to current, former, and prospective customers, as well as individuals who contact us, use our storage services, visit our premises, or otherwise interact with Bromley Storage.

1. Who We Are

Bromley Storage provides storage-related services to individuals and businesses in the Bromley area. For the purposes of data protection law, Bromley Storage acts as the data controller for the personal data described in this policy, meaning we determine how and why your information is processed.

2. What Personal Data We Collect

We collect only the information necessary to provide our services, manage our relationship with you, and comply with our legal obligations. Depending on your interaction with us, we may collect the following categories of personal data:

  • Identity data: name, title, date of birth, and, where relevant, business or company name.
  • Contact data: postal address, email address, telephone number, and other communication details.
  • Account and contract data: customer records, storage unit details, payment arrangements, agreements, and service history.
  • Financial data: billing information, payment status, transaction records, and limited payment card or bank details where needed for processing payments.
  • Verification data: identification documents or proof of address where required to verify identity or prevent fraud.
  • Access and security data: entry logs, CCTV images, and records of access to premises or storage facilities.
  • Communication data: correspondence, call notes, complaints, feedback, and customer service interactions.
  • Technical data: IP address, browser information, device information, and cookie-related data if you interact with our digital systems.

We do not intentionally collect special category data unless it is strictly necessary and you have provided it, or another lawful condition applies. If such information is received, we handle it with additional care and only where permitted by law.

3. How We Use Your Data

We use personal data for specific and legitimate purposes, including:

  • setting up and managing storage agreements;
  • processing payments and issuing invoices;
  • verifying identity and preventing fraud;
  • providing customer support and responding to enquiries;
  • monitoring access to our premises for security and safety;
  • maintaining records, accounts, and operational logs;
  • meeting legal and regulatory obligations;
  • handling disputes, claims, or complaints;
  • improving our services, systems, and customer experience;
  • sending service-related communications, such as contract updates or important notices.

We will not use your data for purposes that are incompatible with the original reason for collection unless we have a lawful basis to do so and, where required, notify you.

4. Lawful Basis for Processing

Under UK GDPR, we must have a lawful basis for each processing activity. Bromley Storage relies on the following lawful bases:

Contract

We process personal data where it is necessary to enter into or perform a contract with you. This includes creating accounts, managing storage services, collecting payments, and delivering agreed services.

Legal obligation

We process data where we are required to comply with applicable laws, including tax, accounting, fraud prevention, health and safety, and regulatory obligations.

Legitimate interests

We may process data where it is necessary for our legitimate interests, provided those interests are not overridden by your rights and freedoms. This may include protecting premises, maintaining business records, improving operations, and managing customer relationships. We always consider whether such processing is necessary and whether it is proportionate.

Consent

In limited circumstances, we may rely on your consent, for example where it is needed for optional communications or certain digital tracking tools. Where consent is used, you may withdraw it at any time.

5. How We Share Your Data

We may share personal data with trusted third parties where necessary for the purposes described in this policy. These third parties act as processors or, in some cases, independent controllers. We only share what is required and ensure appropriate safeguards are in place.

Processors we may use

  • Payment processors: to handle card or bank transactions securely.
  • IT and cloud service providers: to host systems, store records, and support communication tools.
  • Security providers: to support CCTV systems, access control, alarms, or monitoring services.
  • Professional advisers: such as accountants, insurers, auditors, and legal advisers when necessary.
  • Customer support or administrative service providers: where they assist with operational tasks on our behalf.

Each processor is required to act only on our instructions, keep data secure, and use it solely for the agreed purpose. We do not sell your personal data.

6. International Transfers

If any personal data is transferred outside the United Kingdom, we will ensure that appropriate safeguards are in place, such as adequacy regulations, standard contractual clauses, or equivalent legal protections. We take steps to ensure your information remains protected wherever it is processed.

7. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including satisfying legal, accounting, or reporting requirements. Retention periods vary depending on the type of data and the reason for processing.

  • Contract and account records: kept for the duration of the customer relationship and for a further period where needed to resolve disputes or meet legal obligations.
  • Financial and tax records: kept in line with legal requirements.
  • Security records, including CCTV: kept for a limited period unless required for investigation, enforcement, or legal proceedings.
  • Enquiry and correspondence records: retained for as long as necessary to manage the query and follow-up actions.

When data is no longer needed, we securely delete, anonymise, or archive it in line with our retention procedures.

8. Data Security

We use appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, loss, or destruction. These measures may include access controls, secure storage, staff training, and regular review of our policies and systems. While no system can be guaranteed to be completely secure, we work continuously to reduce risks.

9. Your Rights

Under data protection law, you have a number of rights in relation to your personal data. These rights may be subject to legal limitations, but we will always explain our response clearly and promptly.

  • Right of access: you can request a copy of the personal data we hold about you.
  • Right to rectification: you can ask us to correct inaccurate or incomplete data.
  • Right to erasure: you may request deletion of your data in certain circumstances.
  • Right to restrict processing: you may ask us to limit how we use your data in certain cases.
  • Right to object: you may object to processing based on legitimate interests or direct marketing.
  • Right to data portability: you may request certain data in a reusable format where applicable.
  • Right to withdraw consent: where processing is based on consent, you may withdraw it at any time.

You also have the right to make a complaint to the Information Commissioner’s Office if you believe your data has been handled unlawfully. We encourage you to raise any concerns with us first so we can try to resolve them.

10. Cookies and Similar Technologies

If we use websites or digital services that employ cookies or similar tools, we do so to support functionality, improve performance, and understand how services are used. Where consent is required, we will request it before placing non-essential cookies. You can manage cookie preferences through your browser settings or any provided consent tools.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal obligations, or services. Any updated version will apply from the date it is published. We encourage you to review this policy periodically to stay informed.

12. Summary of Our Commitment

Bromley Storage is committed to protecting personal data, respecting privacy rights, and using information responsibly. We collect only what we need, process it on clear lawful grounds, retain it for limited periods, and require our processors to maintain appropriate safeguards. This policy applies to all Bromley Storage customers in area and is intended to provide a transparent explanation of how we handle personal data throughout the customer relationship.

Call Now!
Call Now Get a Quote
Bromley Storage

GDPR-compliant privacy policy for Bromley Storage covering data collection, lawful basis, retention, processors, and user rights for all customers in area.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.