Privacy Policy - Sutton Storage

This Privacy Policy explains how Sutton Storage collects, uses, shares, stores, and protects personal data relating to our customers, prospective customers, and other individuals who interact with us. It applies to all Sutton Storage customers in area and to anyone whose personal data we process in connection with our storage services, administrative activities, security measures, and legal obligations.

We are committed to handling personal data in a lawful, fair, and transparent manner in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy is intended to help you understand what data we process, why we process it, how long we keep it, who may process it on our behalf, and what rights you have.

1. Personal Data We Collect

We only collect data that is necessary for operating our storage services, managing customer accounts, maintaining security, and meeting legal requirements. Depending on your relationship with us, we may collect the following categories of personal data:

  • Identity data such as your name, title, and date of birth where needed for identification or verification.
  • Contact data such as billing address, email address, and telephone number.
  • Account and contract data such as tenancy details, service preferences, payment status, and communication records.
  • Financial data such as bank account details or payment card information, where needed to process payments or refunds.
  • Verification data such as copies of identification documents, proof of address, and checks carried out to confirm identity or prevent fraud.
  • Security data such as CCTV footage, entry logs, access records, alarm records, and incident reports.
  • Technical data such as device or system information if you interact with our online systems, where applicable.
  • Correspondence data such as emails, letters, notes of calls, complaints, and other communications.

We do not seek to collect special category data unless it is voluntarily provided by you or is required in connection with a legal claim or another lawful purpose. If such information is shared with us, we will apply additional safeguards where appropriate.

2. How We Use Your Data

We use personal data for the following purposes:

  • to set up and manage customer accounts and storage agreements;
  • to verify identity and prevent fraud, misuse, or unauthorised access;
  • to process payments, refunds, and account administration;
  • to communicate with you about your account, service changes, notices, or queries;
  • to maintain the security of our premises, systems, and customers;
  • to investigate incidents, complaints, disputes, or insurance matters;
  • to comply with legal, regulatory, tax, accounting, and record-keeping obligations;
  • to establish, exercise, or defend legal claims;
  • to improve our services, processes, and customer experience in a privacy-respecting way.

We will always aim to process personal data in a way that is proportionate, relevant, and limited to what is necessary for the stated purpose.

3. Lawful Basis for Processing

Under data protection law, we must have a lawful basis before processing personal data. We rely on one or more of the following lawful bases:

Contract

We process personal data where it is necessary to enter into or perform a contract with you. This includes setting up a storage agreement, managing your account, taking payment, and communicating about your use of our services.

Legal obligation

We process certain data to comply with laws and regulations, including accounting rules, tax obligations, consumer law, fraud prevention requirements, and lawful requests from authorities.

Legitimate interests

We may process data where it is necessary for our legitimate interests, provided your interests and fundamental rights do not override those interests. These legitimate interests may include protecting our premises, preventing fraud, improving operations, managing risk, recovering debts, and defending legal claims. Where we rely on this basis, we consider the impact on your privacy and put safeguards in place.

Consent

In limited situations, we may rely on your consent, particularly where the law requires it. If we rely on consent, you may withdraw it at any time, without affecting the lawfulness of processing carried out before withdrawal.

4. Sharing Your Personal Data

We may share personal data with trusted third parties who support our operations. These recipients act as processors or, in some cases, independent controllers. We only share data when necessary and only under appropriate contractual or legal protections.

Examples of processors and service providers may include:

  • IT and cloud service providers that host systems, email, and data storage;
  • Payment service providers that process customer payments securely;
  • Professional advisers such as accountants, lawyers, auditors, and insurers;
  • Security and monitoring providers that support site safety, alarms, or CCTV infrastructure;
  • Maintenance and facilities contractors where access to limited information is needed to perform services;
  • Debt recovery or credit control providers where lawful and necessary;
  • Regulators, law enforcement, or public authorities where required by law or to protect rights, property, or safety.

Where processors handle personal data on our behalf, they are required to process it only in accordance with our instructions, to keep it secure, and to use it only for the agreed purpose.

5. Retention of Personal Data

We keep personal data only for as long as necessary for the purposes for which it was collected, including to meet legal, accounting, tax, and dispute-resolution requirements. The length of retention depends on the type of information and the reason it was collected.

As a general approach:

  • Customer account and contract records are retained for the duration of the relationship and for a reasonable period afterwards.
  • Payment and financial records are kept for the period required by tax and accounting law.
  • Identity verification records are retained only as long as needed for security, compliance, or fraud prevention.
  • CCTV and access records are normally kept for a limited period unless needed for an investigation, insurance matter, or legal claim.
  • Correspondence and complaint records are kept as long as needed to resolve the issue and meet record-keeping obligations.

When data is no longer required, we will delete it securely or anonymise it so that it can no longer identify you.

6. Data Security

We use appropriate technical and organisational measures to protect personal data against unauthorised access, loss, destruction, alteration, or disclosure. These measures may include access controls, secure storage, staff training, authentication procedures, and restricted access to sensitive information. While we take security seriously, no system can be completely guaranteed to be secure, and we therefore continue to review and improve our safeguards.

7. International Transfers

Where any processor or service provider transfers personal data outside the UK, we will ensure that appropriate safeguards are in place. These may include adequacy regulations, standard contractual clauses, or other lawful transfer mechanisms designed to protect your personal data.

8. Your Rights

Subject to applicable law, you have a number of rights in relation to your personal data. These rights include:

  • Right of access – you can request a copy of the personal data we hold about you.
  • Right to rectification – you can ask us to correct inaccurate or incomplete data.
  • Right to erasure – you can request deletion of your data in certain circumstances.
  • Right to restriction – you can ask us to limit how we use your data in certain situations.
  • Right to object – you can object to processing based on legitimate interests or direct marketing, where applicable.
  • Right to data portability – you can request certain data in a structured, commonly used, machine-readable format.
  • Right to withdraw consent – where processing is based on consent, you may withdraw it at any time.

You also have the right to make a complaint to the UK Information Commissioner's Office if you believe your data protection rights have been infringed. We encourage you to raise concerns with us first so that we can try to resolve them promptly and fairly.

9. Children’s Data

Our services are intended for adults and business users. We do not knowingly collect personal data from children except where it is unavoidably provided in the context of a lawful contract, legal obligation, or incident report. If we become aware that we have collected data from a child inappropriately, we will take steps to delete it or otherwise handle it lawfully.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in law, our services, or our operational practices. Any updated version will apply from the date it is issued. We encourage you to review it periodically so you remain informed about how your data is handled.

Privacy and trust are important to Sutton Storage. We are committed to processing personal data responsibly, securely, and transparently, while respecting your rights and meeting our legal duties.

Call Now!
Call Now Get a Quote
Sutton Storage

GDPR-compliant Privacy Policy for Sutton Storage covering data collection, lawful basis, retention, processors, and user rights for all customers in area.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.