Privacy Policy - Oldoakcommon Storage

This Privacy Policy explains how Oldoakcommon Storage collects, uses, shares, stores, and protects personal data in connection with our storage services. It applies to all Oldoakcommon Storage customers in the area, including prospective customers, existing customers, account holders, authorised users, and individuals who interact with us in relation to storage services, billing, access, or support.

We are committed to handling personal data in a lawful, fair, and transparent manner in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy is intended to help you understand what we do with personal data and what rights you have.

1. Data We Collect

We collect only the information that is necessary to provide storage services, manage our relationship with customers, and comply with legal obligations. Depending on how you interact with us, we may collect the following categories of personal data:

  • Identity details such as name, title, date of birth, and identification documents where needed for verification.
  • Contact details such as postal address, email address, and telephone number.
  • Account and contract details such as customer reference numbers, storage unit details, rental dates, payment status, and service preferences.
  • Financial details such as bank account information, payment card information, invoices, and transaction records.
  • Access and security data such as entry logs, gate access records, CCTV images, and incident reports where relevant to site security.
  • Communication records such as emails, telephone notes, complaint records, and support requests.
  • Technical data where applicable, such as device or usage information collected through online systems used to manage accounts or bookings.

We may also collect information from third parties where permitted by law, for example from payment providers, credit reference or identity verification services, emergency contacts provided by a customer, or legal and regulatory authorities.

2. How We Use Personal Data

We use personal data for the following purposes:

  • to register customers and create storage agreements;
  • to manage access to storage units and maintain site safety;
  • to process payments, issue invoices, and manage arrears;
  • to verify identity and prevent fraud;
  • to communicate about service matters, contract changes, and important notices;
  • to handle complaints, disputes, claims, and insurance-related matters;
  • to comply with legal, tax, accounting, and regulatory obligations;
  • to protect the rights, property, and safety of our business, customers, staff, and visitors;
  • to monitor and improve our services, security controls, and customer experience.

We only use personal data where we have a valid legal reason to do so and where the use is compatible with the original purpose for which the data was collected.

3. Lawful Basis for Processing

Under data protection law, we must have a lawful basis to process personal data. Oldoakcommon Storage relies on the following bases:

Performance of a Contract

We process personal data when it is necessary to enter into or perform a storage agreement, manage your account, provide access to your unit, or take steps requested by you before entering a contract.

Legal Obligation

We may process personal data to comply with statutory duties, including accounting, tax, record-keeping, identity verification, fraud prevention, and responding to lawful requests from authorities.

Legitimate Interests

We may process personal data where it is necessary for our legitimate interests, provided those interests are not overridden by your rights and freedoms. These interests include protecting our premises, preventing unauthorised access, managing debts, improving services, and defending legal claims.

Consent

In limited situations, we may rely on consent, for example where it is required for a particular optional service. Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

Special category data is not usually required for our services. If such data is ever collected, it will only be processed where a lawful condition under data protection law applies and additional safeguards are in place.

4. Sharing and Processors

We do not sell personal data. We may share data only when necessary and appropriate for the purposes described in this policy. Recipients may include:

  • Payment processors and banking service providers to handle payments and refunds;
  • IT and cloud service providers that host systems, email services, booking tools, and secure data storage;
  • Security providers supporting CCTV, alarm monitoring, access control, or site security;
  • Professional advisers such as accountants, auditors, insurers, and legal advisers;
  • Debt recovery or collection services where payment obligations remain unpaid;
  • Public authorities or regulators where disclosure is required by law or necessary to protect rights and safety.

Where we use third-party service providers who process personal data on our behalf, they act as processors. They are only permitted to process data on our instructions, must keep it secure, and are subject to appropriate contractual safeguards. We take steps to ensure processors are selected carefully and provide adequate protection for personal data.

5. Data Retention

We keep personal data only for as long as necessary for the purpose for which it was collected and to meet legal, regulatory, accounting, or reporting requirements. Retention periods may vary depending on the type of data and the context in which it is used.

  • Customer contract and account records are generally retained for the duration of the contract and for a reasonable period afterwards.
  • Financial and tax records are kept for the period required by law, typically several years after the end of the relevant financial year.
  • Security records such as access logs or CCTV footage are retained for limited periods unless needed for an investigation, claim, or legal process.
  • Correspondence and complaints may be retained while the matter is active and for a further period to evidence outcomes and manage disputes.

When personal data is no longer required, we will securely delete, anonymise, or archive it in accordance with our retention procedures.

6. Data Security

We use appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure. These measures may include access controls, password protection, staff training, secure storage, restricted permissions, and monitoring of systems and premises. While no system can be guaranteed to be completely secure, we work to maintain a level of protection appropriate to the risks involved.

7. International Transfers

If personal data is transferred outside the United Kingdom or the European Economic Area, we will ensure that appropriate safeguards are in place in line with data protection law. These may include adequacy regulations, standard contractual clauses, or other lawful transfer mechanisms designed to protect your information.

8. Your Rights

Under data protection law, you have a number of rights regarding your personal data. These rights may be subject to legal limitations and exemptions.

  • Right of access – you may request a copy of the personal data we hold about you.
  • Right to rectification – you may ask us to correct inaccurate or incomplete information.
  • Right to erasure – in certain cases, you may request deletion of your personal data.
  • Right to restriction – you may ask us to limit processing in specific circumstances.
  • Right to data portability – you may request certain data in a structured, commonly used format.
  • Right to object – you may object to processing based on legitimate interests, including direct marketing where applicable.
  • Right to withdraw consent – where processing is based on consent, you may withdraw it at any time.

You also have the right to raise a concern with the relevant data protection supervisory authority if you believe your data has been handled unlawfully. We encourage you to raise concerns with us first so that we can try to resolve them promptly.

9. Children’s Data

Our storage services are not intended for children as direct customers. We do not knowingly collect personal data from children unless it is provided incidentally in connection with an authorised contact, emergency contact, or legal matter. Where this occurs, we will only process such data where it is necessary and lawful.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in legal requirements, operational practices, or service arrangements. Any updated version will apply from the date it is issued. We recommend reviewing this policy periodically so you remain informed about how we use personal data.

11. Summary of Our Commitment

Oldoakcommon Storage is committed to respecting privacy, minimising data collection, using personal data only for clear and lawful purposes, retaining it for no longer than necessary, and safeguarding it through appropriate controls. We aim to process personal data in a way that is transparent, secure, and consistent with the rights and expectations of our customers in the area.

Call Now!
Call Now Get a Quote
Oldoakcommon Storage

GDPR-compliant privacy policy for Oldoakcommon Storage covering data collection, lawful basis, retention, processors, and user rights.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.