Privacy Policy - Harefield Storage

This Privacy Policy explains how Harefield Storage collects, uses, stores, shares, and protects personal data. It applies to all Harefield Storage customers in the area, including prospective customers, current customers, former customers, and any individual who interacts with our services on behalf of a business or other organisation.

We are committed to handling personal data in a lawful, fair, and transparent manner in line with the UK GDPR and the Data Protection Act 2018. This policy is intended to help you understand what information we collect, why we collect it, how long we keep it, who may process it on our behalf, and what rights you have over your information.

1. Information We Collect

We may collect and process different categories of personal data depending on how you use our services. The information collected is limited to what is necessary for storage services, account administration, security, and legal compliance.

Information you provide directly

  • Identity information such as your name, title, and date of birth where required for verification.
  • Contact information such as postal address, email address, and telephone number.
  • Account and service information including booking details, unit preferences, access arrangements, invoices, payment status, and correspondence.
  • Verification information such as identification documents, proof of address, and business registration details where appropriate.
  • Special instructions you provide in relation to access, delivery, collection, or account administration.

Information collected automatically

  • Usage data relating to your interaction with our systems, booking records, and access logs where available.
  • Security information including CCTV footage, entry records, alarm records, and incident reports where used for security and safety purposes.
  • Technical data such as device type, browser type, and basic online activity data if you interact with our digital services.

Information from third parties

We may receive information from third parties where necessary, such as payment service providers, identity verification providers, debt recovery partners, insurers, or public authorities. We only collect such information where it is relevant to our service relationship or where we are legally permitted to do so.

2. How We Use Personal Data

We use personal data only for clear and legitimate purposes. These include:

  • Setting up and managing customer accounts.
  • Providing self-storage services and related administrative support.
  • Processing payments, refunds, invoicing, and credit control.
  • Verifying identity and preventing fraud.
  • Operating and securing our premises, facilities, and systems.
  • Communicating with customers about bookings, access, reminders, service notices, and account matters.
  • Handling complaints, disputes, and claims.
  • Meeting legal, regulatory, accounting, and insurance obligations.
  • Improving our services, processes, and security controls.

We do not use personal data for purposes that are incompatible with those described in this policy unless we are required or permitted by law to do so.

3. Lawful Basis for Processing

Under data protection law, we must have a lawful basis for each processing activity. Harefield Storage relies on the following lawful bases where appropriate:

Contract

We process personal data where it is necessary to enter into or perform a contract with you, such as managing your storage agreement, collecting fees, providing access, and administering your account.

Legal obligation

We process personal data where required to comply with legal obligations, including tax records, accounting requirements, anti-fraud measures, and responding to lawful requests from authorities.

Legitimate interests

We may process personal data where it is necessary for our legitimate interests or those of a third party, provided that your interests and fundamental rights do not override those interests. This may include security monitoring, preventing misuse of services, defending legal claims, and improving operations.

Consent

In limited situations, we may rely on your consent, for example where you choose to receive optional communications or where consent is required by law. Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

Vital interests

In rare circumstances, we may process information to protect someone’s vital interests, such as responding to an emergency or immediate safety concern.

4. Data Sharing and Processors

We may share personal data with trusted third parties who act as processors or independent controllers, depending on the purpose of the disclosure. We only share data where necessary and with appropriate safeguards in place.

Processors acting on our behalf

  • Payment processors that handle card or electronic payments securely.
  • IT and cloud service providers that host systems, email, record storage, and security tools.
  • Customer management and accounting providers that support invoicing, records, and administration.
  • Security service providers that support surveillance, alarm systems, or access control infrastructure.
  • Professional advisers such as accountants, auditors, insurers, and legal advisers.
  • Debt recovery or credit control providers where lawful and necessary for unpaid accounts.

All processors are required to act only on our instructions, apply suitable technical and organisational security measures, and process data only for the purposes we specify.

Other disclosures

We may also disclose personal data to courts, regulators, law enforcement agencies, insurers, or other parties where required by law, where necessary to establish, exercise, or defend legal claims, or where it is otherwise lawful to do so.

5. International Transfers

Where personal data is transferred outside the UK, we ensure that appropriate safeguards are in place. These may include adequacy regulations, standard contractual clauses, or other lawful transfer mechanisms. We take reasonable steps to protect your information wherever it is processed.

6. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, and to meet legal, accounting, insurance, and reporting requirements. Retention periods may vary depending on the type of data and the nature of the relationship.

  • Customer account records are generally kept for the duration of the storage relationship and for a reasonable period afterward.
  • Financial records are usually retained in line with statutory tax and accounting obligations.
  • Security records such as CCTV footage or access logs are kept only for a limited period unless required for an investigation, claim, or legal matter.
  • Correspondence and complaints may be retained for as long as needed to resolve issues and maintain evidence of actions taken.

When data is no longer required, we will delete, anonymise, or securely destroy it.

7. Security of Personal Data

We use appropriate technical and organisational measures to protect personal data from accidental loss, unauthorised access, misuse, alteration, or disclosure. These may include role-based access controls, password protection, secure storage, staff training, and monitoring of systems. While no method of transmission or storage is completely secure, we work to reduce risk and to respond appropriately to any suspected incident.

8. Your Rights

Data protection law gives you several rights in relation to your personal data. Subject to legal limits, you may have the right to:

  • Access the personal data we hold about you.
  • Rectification of inaccurate or incomplete information.
  • Erasure of your data in certain circumstances.
  • Restriction of processing in certain cases.
  • Object to processing based on legitimate interests or direct marketing.
  • Data portability for information you provided to us, where applicable.
  • Withdraw consent where processing is based on consent.
  • Challenge automated decisions if such decisions are used and affect you significantly, although we do not intend to rely on profiling in a way that produces legal or similarly significant effects.

You also have the right to lodge a complaint with the Information Commissioner’s Office if you believe your data protection rights have been infringed. We encourage you to raise concerns with us first so that we can try to resolve them promptly and fairly.

9. Children’s Data

Our services are intended for adults and business users. We do not knowingly collect personal data from children except where it is incidental and necessary in exceptional circumstances, such as emergency contact information. If we become aware that we have collected child data without appropriate justification, we will take steps to delete it or otherwise handle it lawfully.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, operational practice, or service arrangements. Any revised version will apply from the date it is published or otherwise communicated. We encourage customers to review this policy periodically so they remain informed about how their personal data is used.

11. Summary of Our Commitment

Harefield Storage is committed to protecting personal information and to using it responsibly. We collect only what we need, rely on lawful grounds for processing, retain data for no longer than necessary, and share it only with trusted processors or where the law requires it. Transparency, security, and respect for individual rights are central to how we manage personal data. This policy applies to all Harefield Storage customers in the area.

Call Now!
Call Now Get a Quote
Harefield Storage

GDPR-compliant Privacy Policy for Harefield Storage covering data collection, lawful basis, retention, processors, rights, and area-wide applicability.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.