Privacy Policy - Shirley Storage

This Privacy Policy explains how Shirley Storage collects, uses, stores, shares, and protects personal data when providing storage-related services. It applies to all Shirley Storage customers in the area, including prospective customers, current customers, former customers, and individuals who interact with us on behalf of a business account. We are committed to processing personal data in a lawful, fair, and transparent way in line with the UK GDPR and the Data Protection Act 2018.

1. Who We Are

Shirley Storage provides storage services and related customer support. In the course of our business, we may collect and process personal data about individuals who enquire about, purchase, manage, or use our services. For the purposes of data protection law, Shirley Storage is the data controller for the personal data described in this policy, unless we clearly state otherwise.

2. Personal Data We Collect

We only collect personal data that is necessary for the purposes explained in this policy. The types of data we may collect include:

  • Identity data: name, title, and, where relevant, business role or account holder details.
  • Contact data: address, email address, telephone number, and billing address.
  • Account and contract data: storage unit details, booking information, customer reference numbers, service preferences, and contract records.
  • Payment data: payment status, transaction records, and limited payment-related information necessary to process fees and refunds. We do not store unnecessary card details where payment processors handle them directly.
  • Security and access data: access logs, entry records, CCTV-related data where applicable, and incident reports.
  • Communications data: messages, complaints, feedback, and records of customer service interactions.
  • Technical data: limited information such as device or browser details if collected through online systems used to manage enquiries or accounts.

We may also receive personal data from third parties, such as payment providers, identity verification services, insurance providers, agents acting on a customer’s behalf, or public sources where necessary for fraud prevention or legal compliance.

3. How We Use Personal Data

Shirley Storage uses personal data for specific and legitimate purposes, including:

  • providing storage services and managing customer accounts;
  • processing bookings, payments, renewals, and cancellations;
  • communicating with customers about their services, contracts, or account matters;
  • verifying identity and preventing fraud or misuse;
  • maintaining site security, safeguarding stored property, and controlling access;
  • handling complaints, claims, disputes, and customer support requests;
  • meeting legal, regulatory, tax, and accounting obligations;
  • improving our services, systems, and customer experience;
  • defending legal claims or enforcing our contractual rights.

We will only use personal data for the purposes for which it was collected, unless we reasonably believe we need to use it for another compatible purpose or where the law permits or requires it.

4. Lawful Basis for Processing

Under GDPR, we must have a lawful basis for each processing activity. Shirley Storage relies on the following lawful bases:

Contract

We process personal data where it is necessary to enter into or perform a contract with a customer. This includes setting up an account, providing a storage unit, administering payments, and managing customer records.

Legal obligation

We process personal data where required to comply with legal obligations, such as tax, accounting, fraud prevention, and record-keeping duties.

Legitimate interests

We process certain personal data for our legitimate interests, provided those interests are not overridden by the rights and freedoms of the individual. These interests may include protecting property, improving security, managing our business efficiently, communicating with customers, and preventing misuse of our services. We carry out appropriate balancing tests where required.

Consent

Where consent is the appropriate lawful basis, such as for optional marketing communications or certain non-essential processing, we will request clear consent. Individuals can withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.

5. Sharing Personal Data and Processors

We may share personal data with trusted third parties where necessary to provide services, operate our business, or comply with the law. These third parties may act as processors, joint controllers, or independent controllers depending on the relationship and purpose.

Processors are organisations that process personal data on our behalf under written instructions and appropriate confidentiality and security obligations. Shirley Storage may use processors for:

  • payment processing and transaction handling;
  • IT hosting, data storage, and system maintenance;
  • customer management and communication tools;
  • security monitoring and access control systems;
  • professional services such as accounting, auditing, or legal support;
  • identity verification and fraud prevention services.

We only share the minimum personal data necessary for the relevant service. Our processors are required to implement appropriate technical and organisational measures to protect personal data and may not use it for their own unrelated purposes.

We may also disclose personal data to law enforcement, regulators, courts, insurers, or other authorities where required or permitted by law, or where necessary to establish, exercise, or defend legal rights.

6. Data Retention

Shirley Storage keeps personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, contractual, and operational requirements. Retention periods vary depending on the type of data and why it is held.

In general:

  • customer account and contract records are retained for the duration of the relationship and for a further period after it ends;
  • payment and accounting records are retained for the period required by tax and financial regulations;
  • security records, such as access logs or incident reports, are kept for a limited period unless needed longer for investigation or legal claims;
  • enquiry records are kept only as long as needed to respond and manage follow-up communications;
  • marketing preferences are retained until consent is withdrawn or the individual opts out.

When data is no longer required, we will delete it securely or anonymise it so that it can no longer identify an individual.

7. Data Security

We take appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, loss, or destruction. These measures may include access restrictions, password controls, encryption where appropriate, staff training, secure disposal practices, and system monitoring. While no system is entirely risk-free, we aim to maintain a level of security appropriate to the nature of the data and the risks involved.

8. Your Rights

Under data protection law, individuals may have the following rights in relation to their personal data:

  • Right of access: to request a copy of the personal data we hold about you.
  • Right to rectification: to ask us to correct inaccurate or incomplete data.
  • Right to erasure: to request deletion of personal data in certain circumstances.
  • Right to restrict processing: to request that we limit how we use your data in certain cases.
  • Right to data portability: to receive certain data in a structured, commonly used format where applicable.
  • Right to object: to object to processing based on legitimate interests or direct marketing.
  • Right to withdraw consent: where processing is based on consent, to withdraw it at any time.

These rights are not absolute. They may apply only in specific circumstances and may be subject to exemptions under data protection law. We will respond to valid requests within the time limits required by law.

9. International Transfers

If personal data is transferred outside the UK, we will ensure appropriate safeguards are in place to protect it. These safeguards may include adequacy regulations, standard contractual clauses, or other legally approved transfer mechanisms. We will only transfer data where necessary and where the required level of protection can be maintained.

10. Marketing Preferences

Where we send optional marketing communications, we do so only in accordance with applicable law. Individuals can opt out of marketing at any time. If you choose not to receive marketing messages, you will still receive essential service communications relating to your account, payments, security, or legal notices.

11. Children

Our services are not intended for children, and we do not knowingly collect personal data from children except where it is necessary in connection with a lawful customer arrangement or where an adult acts on behalf of a child in a permitted context. If we learn that we have collected personal data without an appropriate basis, we will take reasonable steps to delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal obligations, or services. The most current version will apply to the processing of personal data. We encourage customers to review this policy periodically so they remain informed about how their information is handled.

13. Summary of Key Principles

In summary, Shirley Storage processes personal data lawfully, fairly, and transparently. We collect only what we need, use it for clear purposes, retain it only as long as necessary, and share it only with trusted processors or where required by law. We respect the rights of individuals and aim to protect personal data through appropriate security measures.

By using Shirley Storage services, customers in the area acknowledge that their personal data may be processed as described in this Privacy Policy.

Call Now!
Call Now Get a Quote
Shirley Storage

GDPR-compliant Privacy Policy for Shirley Storage covering data collection, lawful basis, retention, processors, and user rights for all customers in the area.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.