Privacy Policy - Haringey Storage

This Privacy Policy explains how Haringey Storage collects, uses, stores, shares, and protects personal data relating to its customers. It applies to all Haringey Storage customers in the area, including individuals and businesses that use our storage services, request quotations, make enquiries, or otherwise interact with us in connection with our services.

We are committed to handling personal data in a lawful, fair, and transparent manner in line with the UK General Data Protection Regulation and applicable data protection laws. This policy is written to help you understand what information we process, why we process it, how long we keep it, and what rights you have over your information.

1. Who We Are

Haringey Storage provides storage-related services, including customer account management, booking administration, payment handling, security management, and service communications. For the purposes of data protection law, Haringey Storage acts as a data controller in relation to the personal data described in this policy.

Data controller means we determine the purposes and means of processing your personal data. Where we use service providers to process information on our behalf, those organisations act as processors or, in some cases, independent controllers depending on the nature of the service.

2. What Personal Data We Collect

We may collect and process several categories of personal data depending on how you use our services. This may include:

Identity information such as your name, title, and date of birth where relevant.
Contact details such as your address, email address, and telephone number.
Account and booking information such as storage unit details, reservation dates, access arrangements, and service preferences.
Payment and billing information such as payment status, invoices, transaction references, and limited financial details necessary to manage payments.
Verification information such as identification documents or proof of address, where needed to meet legal, security, or fraud-prevention requirements.
Communications such as enquiries, complaints, feedback, and correspondence with our team.
Security and access data such as entry logs, CCTV images where used, alarm records, and incident reports.
Technical information such as IP address, device information, and website usage data if you interact with online systems associated with our services.

We aim to collect only the information necessary for legitimate business, legal, and operational purposes. Where possible, we minimise the amount of data collected and retain it only for as long as needed.

3. How We Use Your Personal Data

We use personal data for the following purposes:

To register and manage customer accounts.
To provide storage services, including allocation and management of units.
To process payments, issue invoices, and manage account balances.
To communicate service updates, notices, and administrative information.
To verify identity and prevent unauthorised access.
To protect our premises, staff, customers, and stored property.
To handle complaints, disputes, and customer support requests.
To comply with legal obligations and regulatory requirements.
To detect and prevent fraud, theft, misuse, and other unlawful activity.

We do not use personal data for purposes that are incompatible with those described in this policy unless we have a lawful basis to do so and, where required, have informed you accordingly.

4. Lawful Basis for Processing

Under data protection law, we must have a lawful basis to process personal data. Depending on the context, Haringey Storage relies on one or more of the following lawful bases:

Contract: processing is necessary to enter into or perform our storage agreement with you, such as managing bookings, payments, and service delivery.
Legal obligation: processing is necessary to comply with laws and regulations, including accounting, tax, safety, and record-keeping obligations.
Legitimate interests: processing is necessary for our legitimate business interests, such as protecting property, preventing fraud, improving services, and managing operations, provided your rights do not override those interests.
Consent: in limited situations, we may rely on your consent, for example for certain optional communications or specific uses where consent is the most appropriate basis. Where we rely on consent, you may withdraw it at any time.

When we process special category or sensitive information, if ever necessary, we will only do so where a valid legal condition applies and additional safeguards are in place.

5. Sharing Your Data and Processors

We may share your personal data with trusted third parties where necessary for the operation of our services, where required by law, or where we have another lawful basis to do so. Such third parties may include:

Payment service providers that process card or other payment transactions.
IT and hosting providers that support our systems, data storage, and communications.
Security providers that assist with premises protection, CCTV, monitoring, and incident response.
Professional advisers such as accountants, auditors, insurers, or legal advisers.
Public authorities where disclosure is required by law or necessary for the protection of rights, safety, or property.

Where a third party processes data on our behalf, that organisation acts as a processor and may only process your data in accordance with our instructions and applicable law. We require processors to implement appropriate technical and organisational measures to protect personal data and to maintain confidentiality.

Some service providers may act as independent controllers for certain processing activities, such as financial compliance or fraud detection. In such cases, they will be responsible for their own compliance with data protection obligations.

6. Data Retention

We keep personal data only for as long as necessary to fulfil the purposes for which it was collected, including satisfying legal, accounting, reporting, and security obligations. Retention periods vary depending on the type of information and the reason it is held.

In general:

Customer account and transaction records are retained for the duration of the customer relationship and for a period afterward to meet legal and business requirements.
Financial and tax-related records are kept for the period required by law.
Security records, including access logs and CCTV, are kept for a limited period unless needed for an investigation, legal claim, or security incident.
Enquiry and correspondence records are retained for as long as needed to respond to you and manage any related issues.

When data is no longer required, we will securely delete, anonymise, or otherwise dispose of it in a safe and lawful manner. We do not keep personal data indefinitely.

7. Security of Personal Data

We take appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, misuse, alteration, or disclosure. These measures may include restricted access, staff training, secure systems, encryption where appropriate, and physical security controls.

While no system can be guaranteed to be completely secure, we work to maintain a level of security appropriate to the risks associated with the processing of personal data.

8. Your Rights

As a data subject, you have a number of rights under data protection law. These rights may be subject to legal conditions and exemptions. They include:

Right of access: to request a copy of the personal data we hold about you.
Right to rectification: to ask us to correct inaccurate or incomplete data.
Right to erasure: to request deletion of your data in certain circumstances.
Right to restriction: to ask us to limit how we use your data in certain cases.
Right to data portability: to receive certain data in a structured, commonly used format where applicable.
Right to object: to object to processing based on legitimate interests or direct marketing.
Right to withdraw consent: where processing is based on consent, to withdraw it at any time.

You also have the right to make a complaint to the relevant supervisory authority if you believe your data protection rights have been breached. We encourage you to raise concerns with us first so we can try to resolve the matter promptly.

9. International Transfers

In some cases, personal data may be transferred or accessed outside the UK, for example where our processors use systems or support teams based elsewhere. Where this occurs, we will ensure that appropriate safeguards are in place to protect your data and maintain an equivalent level of protection to that required under applicable law.

10. Children’s Data

Our services are intended for adults and business users. We do not knowingly collect personal data from children except where such information is provided incidentally and is necessary for lawful service administration. If we become aware that we have collected data from a child without appropriate basis, we will take steps to delete it where required.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or data processing practices. Any updated version will apply from the date it is made effective. We encourage customers to review this policy periodically so they remain informed about how their data is handled.

12. Summary of Our Commitment

Haringey Storage is committed to using personal data responsibly, lawfully, and securely. We only collect the information we need, we use it for clear and legitimate purposes, and we keep it only for as long as necessary. We work with trusted processors, apply appropriate safeguards, and respect the rights of all customers in the area who use our services.

By using Haringey Storage services, you acknowledge that your personal data may be processed in accordance with this Privacy Policy and applicable data protection laws.