Privacy Policy - Sthelier Storage

Effective date: This Privacy Policy applies to all Sthelier Storage customers in the area and explains how we collect, use, share, retain, and protect personal data in accordance with the UK GDPR and the Data Protection Act 2018.

1. Who we are

Sthelier Storage provides storage services to individual and business customers. In order to manage storage agreements, protect our premises, maintain security, and comply with legal obligations, we process personal data relating to customers, authorised users, visitors, and other individuals connected with a storage account.

This Privacy Policy explains what data we collect, why we collect it, the legal grounds we rely on, how long we keep it, who we share it with, and what rights you have over your information.

2. Personal data we collect

We collect only the personal data necessary to provide and manage our services, keep our sites secure, and meet legal requirements. Depending on your relationship with Sthelier Storage, we may collect the following:

  • Identity data: name, title, date of birth, and, where relevant, proof of identity documents.
  • Contact data: postal address, billing address, email address, and telephone number.
  • Account and contract data: storage unit number, booking details, contract terms, renewal records, payment status, and correspondence relating to your account.
  • Payment data: payment card details processed through secure payment providers, bank details for direct debit or refunds, and transaction history.
  • Security and access data: CCTV footage, access logs, gate entry records, alarm records, key or fob issuance records, and incident reports.
  • Usage data: information about visits, access times, service preferences, and enquiries.
  • Technical data: limited device or website usage information where our systems collect it, such as IP address or browser data.
  • Special category data: we do not intentionally collect special category data unless you choose to provide it in a communication or it is required for a specific legal or safeguarding reason.

We may collect data directly from you, from your authorised representatives, from our security systems, from payment processors, or from publicly available and lawful verification sources where appropriate.

3. How we use your data

We use personal data for the following purposes:

  • to open and administer storage accounts;
  • to verify identity and prevent fraud;
  • to process bookings, payments, renewals, deposits, and refunds;
  • to provide access to storage facilities and manage security;
  • to communicate with you about your contract, account status, or service updates;
  • to respond to enquiries, complaints, and requests;
  • to maintain records of incidents, losses, and damage;
  • to comply with legal, regulatory, tax, accounting, and insurance obligations;
  • to establish, exercise, or defend legal claims;
  • to improve our operations, systems, and customer experience;
  • to protect the safety and property of customers, staff, and visitors.

We only process data for defined and legitimate purposes, and we do not use your personal data in ways that are incompatible with those purposes.

4. Lawful basis for processing

Under data protection law, we must have a lawful basis for each processing activity. We rely on the following bases:

Contract

We process personal data where it is necessary to enter into or perform our storage agreement with you, including account management, access control, billing, and service delivery.

Legal obligation

We process personal data where required to comply with legal obligations, such as tax records, accounting requirements, regulatory compliance, identity checks, fraud prevention, and lawful requests from public authorities.

Legitimate interests

We process personal data where it is necessary for our legitimate interests, provided your rights do not override those interests. These interests include securing our premises, preventing crime and misuse, managing business operations, resolving disputes, and improving services. Where we rely on legitimate interests, we apply appropriate safeguards and consider the impact on your privacy.

Consent

In limited cases, we may rely on your consent, for example where you choose to receive optional marketing communications or provide information that is not required for contract performance or legal compliance. Where consent is used, you may withdraw it at any time.

Vital interests and public interest

These bases are rarely used by Sthelier Storage, but may apply in exceptional circumstances involving safety, emergencies, or legal duties relating to public protection.

5. Sharing your data and processors

We do not sell personal data. We may share information only where necessary and lawful. We may disclose data to:

  • Payment processors that handle transactions securely on our behalf;
  • IT and cloud service providers that support storage, backup, email, and system maintenance;
  • Security providers supporting CCTV, alarm monitoring, access control, and site protection;
  • Professional advisers such as accountants, insurers, auditors, and legal advisers;
  • Debt recovery or collection providers where accounts are overdue and lawful recovery action is needed;
  • Regulators, courts, law enforcement, and public authorities where required by law or where disclosure is necessary to protect rights and safety.

Where third parties process personal data on our behalf, they act as processors and may only use the data according to our instructions and applicable law. We require processors to implement appropriate technical and organisational measures to safeguard your information and to keep it confidential.

Some processors may store data in systems located outside the UK. When this occurs, we ensure appropriate safeguards are in place, such as adequacy regulations or standard contractual protections, to protect your data to an equivalent standard.

6. Retention of personal data

We keep personal data only for as long as necessary for the purposes for which it was collected, including to satisfy legal, accounting, insurance, and dispute-resolution requirements. Retention periods depend on the type of data and the reason for processing.

  • Customer account and contract records: retained for the duration of the contract and for a reasonable period afterwards.
  • Financial and tax records: retained for periods required by law and accounting practice.
  • Security records and CCTV footage: retained for a limited period unless needed longer for an investigation, incident, or legal claim.
  • Complaints, incident, and claims records: retained while the matter is active and for a further period as necessary to defend or establish legal rights.
  • Marketing preferences: retained until you withdraw consent or object, or until the information is no longer needed.

When retention is no longer necessary, we securely delete, destroy, or anonymise the information.

7. Your rights

Subject to legal limits, you have rights over your personal data. These include:

  • Right of access: you may request confirmation of whether we process your data and obtain a copy of it.
  • Right to rectification: you may ask us to correct inaccurate or incomplete data.
  • Right to erasure: you may request deletion in certain circumstances, subject to legal retention obligations.
  • Right to restriction: you may request that we limit processing in specific situations.
  • Right to data portability: you may receive certain data in a structured, commonly used format where technically feasible.
  • Right to object: you may object to processing based on legitimate interests or direct marketing.
  • Right to withdraw consent: where processing is based on consent, you may withdraw it at any time.
  • Right to complain: you may raise concerns with the relevant data protection authority if you believe your data rights have been breached.

To protect your privacy, we may need to verify your identity before responding to a rights request. We aim to respond within the statutory timeframe and will let you know if more time is required due to complexity.

8. Security of your data

We use appropriate technical and organisational measures to protect personal data from unauthorised access, loss, alteration, disclosure, or destruction. These measures may include restricted access controls, secure storage, staff confidentiality obligations, system monitoring, and incident response procedures. However, no system is completely secure, and we cannot guarantee absolute protection.

9. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in law, operations, or security practices. The updated version will apply once published or otherwise communicated. We encourage you to review it periodically so that you remain informed about how your data is handled.

10. Summary of our approach

We process personal data fairly, lawfully, and transparently. We collect only what we need, use it for specific storage-related purposes, share it only with trusted processors and other permitted recipients, keep it only as long as necessary, and respect your rights under data protection law. Protecting your privacy is part of how we operate responsibly.

This policy applies to all Sthelier Storage customers in area.

Call Now!
Call Now Get a Quote
Sthelier Storage

GDPR-compliant Privacy Policy for Sthelier Storage covering data collection, lawful basis, retention, processors, and user rights for all customers in area.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.