Privacy Policy - Hampstead Storage

Last updated: This Privacy Policy explains how Hampstead Storage collects, uses, stores, shares, and protects personal data relating to its customers. It applies to all Hampstead Storage customers in the area, including prospective customers, current customers, former customers, and individuals who enquire about our services.

1. Introduction

Hampstead Storage is committed to handling personal data in a lawful, fair, and transparent manner in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy describes what information we collect, why we collect it, the legal grounds on which we rely, how long we keep it, who may process it on our behalf, and the rights available to individuals.

For the purposes of data protection law, Hampstead Storage acts as a data controller when determining why and how personal data is processed. This policy applies whether you contact us directly, make a booking, use our storage services, or otherwise interact with us in relation to storage arrangements.

2. Personal Data We Collect

We collect only the information that is necessary for legitimate business and legal purposes. The categories of data we may collect include:

  • Identity data: full name, title, and similar identifiers.
  • Contact data: postal address, email address, telephone number, and other communication details.
  • Account and booking data: storage unit references, booking history, tenancy details, move-in and move-out dates, payment status, and service preferences.
  • Payment data: transaction records, billing information, and limited payment details necessary to process or verify payments.
  • Verification data: information used to confirm identity, prevent fraud, and meet security requirements.
  • Security data: CCTV footage, access logs, gate entry records, alarm activity, and incident reports.
  • Correspondence data: records of communications with us, including enquiries, complaints, notices, and service-related requests.
  • Technical data: if you interact with digital systems used by Hampstead Storage, we may collect limited technical information such as device type, browser data, and system logs.

We do not intentionally collect special category data unless it is necessary for a lawful reason, such as where you voluntarily provide information relevant to a support request or where processing is required to protect legal rights.

3. How We Use Personal Data

We use personal data for the following purposes:

  • to set up and manage storage arrangements;
  • to verify identity and prevent unauthorised access;
  • to communicate about bookings, renewals, account matters, and service updates;
  • to process payments, refunds, and account reconciliation;
  • to manage security, monitor site activity, and protect property;
  • to handle complaints, incidents, and customer support requests;
  • to comply with legal, regulatory, tax, and accounting obligations;
  • to establish, exercise, or defend legal claims;
  • to improve our operations, systems, and customer experience;
  • to maintain records necessary for business administration and audit purposes.

We will not use personal data for purposes that are incompatible with those described in this policy without first ensuring that we have a valid lawful basis.

4. Lawful Basis for Processing

Under UK GDPR, we must have a lawful basis for each type of processing. Hampstead Storage relies on the following lawful bases, depending on the activity in question:

Contract

We process personal data where it is necessary to enter into or perform a contract with you. This includes creating accounts, managing your storage unit, issuing invoices, and delivering services you have requested.

Legal Obligation

We may process personal data to comply with legal requirements, including accounting, tax, fraud prevention, record-keeping, and other statutory obligations.

Legitimate Interests

We may process personal data where it is necessary for our legitimate interests, provided those interests are not overridden by your rights and freedoms. Our legitimate interests may include maintaining site security, preventing misuse, managing customer relationships, improving services, and protecting business assets. Where we rely on this basis, we consider the impact on individuals and ensure appropriate safeguards are in place.

Consent

In limited situations, we may rely on consent, for example where specific optional communications or certain non-essential processing activities require it. Where consent is used, you may withdraw it at any time. Withdrawal does not affect processing carried out before consent was withdrawn.

Vital Interests

In rare circumstances, we may process data to protect someone’s vital interests, such as in an emergency involving safety or serious harm.

5. How We Share Data and Processors

We may share personal data with trusted third parties where necessary and lawful. These parties act either as independent controllers or as processors processing data on our behalf under written agreements.

Processors may include:

  • IT and software service providers that support secure storage of records and business systems;
  • payment service providers that facilitate transactions;
  • accounting, bookkeeping, and auditing providers;
  • security service providers, including CCTV and access control support;
  • maintenance and facilities providers who need limited access for operational reasons;
  • professional advisers such as lawyers, insurers, and consultants;
  • delivery or collection contractors where relevant to site operations;
  • public authorities, regulators, law enforcement, or courts where disclosure is required by law.

We require processors to act only on our instructions, to keep personal data secure, to use it only for authorised purposes, and to implement appropriate technical and organisational safeguards. We do not sell personal data.

6. Data Retention

We keep personal data only for as long as necessary for the purposes for which it was collected, including satisfying legal, accounting, or reporting requirements. Retention periods vary depending on the category of data and the purpose of processing.

In general:

  • Customer and contract records are retained for the duration of the relationship and for a reasonable period afterwards for administration, dispute handling, and legal protection.
  • Financial and tax records are retained for the period required by law or accounting standards.
  • Security records, such as CCTV footage and access logs, are retained for a limited period unless required for an investigation or legal claim.
  • Correspondence and complaints may be retained for as long as necessary to resolve issues and demonstrate compliance.

When data is no longer required, it is securely deleted, anonymised, or otherwise disposed of in a controlled manner.

7. Data Security

We take appropriate technical and organisational measures to protect personal data against accidental loss, unauthorised access, misuse, alteration, or disclosure. These measures may include access controls, restricted permissions, secure storage, staff confidentiality obligations, and monitoring of systems and facilities.

While we make every reasonable effort to protect data, no system can be guaranteed to be completely secure. If a personal data breach occurs and we are required to notify affected individuals or the relevant authority, we will do so in accordance with applicable law.

8. Your Rights

Subject to certain legal limitations, you have rights under data protection law in relation to your personal data. These rights include:

  • Right of access: to request confirmation of whether we process your data and to receive a copy of it.
  • Right to rectification: to ask us to correct inaccurate or incomplete personal data.
  • Right to erasure: to request deletion of your data in certain circumstances.
  • Right to restriction: to request limited use of your data in certain situations.
  • Right to object: to object to processing based on legitimate interests, and to direct marketing where applicable.
  • Right to data portability: to receive certain data in a structured, commonly used format where the legal conditions are met.
  • Right to withdraw consent: where processing relies on consent, you may withdraw it at any time.

You also have the right to lodge a complaint with the UK Information Commissioner’s Office if you believe your data has been handled unlawfully. We encourage individuals to raise concerns directly so that we may address them promptly and transparently.

9. Children’s Data

Our storage services are intended for adults and business users. We do not knowingly collect personal data from children except where it is incidental and necessary for a lawful business purpose, such as emergency contact or proof of authority in a customer relationship.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, business practices, or service arrangements. Any updated version will apply from the date it is published or otherwise communicated. We encourage customers to review this policy periodically so they remain informed about how their data is handled.

Summary of our commitment: Hampstead Storage processes personal data lawfully, securely, and only for clear purposes, with retention limits, processor controls, and respect for individual rights.

Call Now!
Call Now Get a Quote
Hampstead Storage

GDPR-compliant privacy policy for Hampstead Storage covering data collection, lawful basis, retention, processors, security, and user rights.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.