Privacy Policy - Littleilford Storage

This Privacy Policy explains how Littleilford Storage collects, uses, stores, shares, and protects personal data in connection with its storage services. It applies to all Littleilford Storage customers in the area, including prospective customers, current account holders, former customers, and any individual who communicates with us, visits our premises, or uses our services on behalf of a business or household.

We are committed to handling personal data in a lawful, fair, and transparent manner in accordance with the UK GDPR and the Data Protection Act 2018. This policy sets out what information we collect, why we collect it, the legal grounds we rely on, how long we keep it, who may process it on our behalf, and the rights available to individuals.

1. Personal Data We Collect

We only collect personal data that is necessary for operating our storage services, meeting legal obligations, and managing our relationship with customers. Depending on how you interact with us, we may collect the following categories of data:

  • Identity details, such as your name, date of birth, and account reference number.
  • Contact details, such as postal address, email address, and telephone number.
  • Payment information, including billing details and transaction records. We do not store full card details where these are processed by payment providers.
  • Verification information, such as proof of identity or address where required for fraud prevention, contract checks, or legal compliance.
  • Storage unit information, including unit number, access dates, move-in and move-out dates, and service usage records.
  • Communications data, such as emails, messages, complaints, requests, or notes from phone conversations.
  • Security and access data, including CCTV footage, key or access records, alarm records, and site entry logs where applicable.
  • Technical data, if you use digital systems linked to our services, such as device information, IP address, and usage logs.

We may also receive personal data indirectly from third parties, such as payment processors, identity verification services, insurers, debt recovery providers, or legal representatives. Where appropriate and lawful, we may also use publicly available sources to verify information or prevent fraud.

2. How We Use Personal Data

Littleilford Storage uses personal data to manage storage agreements and provide safe, efficient, and reliable services. Our purposes include:

  • setting up and administering customer accounts;
  • verifying identity and preventing unauthorised use;
  • taking payment and managing billing;
  • communicating about bookings, access, renewals, charges, notices, and service changes;
  • maintaining security and controlling access to our facilities;
  • handling queries, complaints, disputes, and claims;
  • meeting legal, regulatory, tax, insurance, and record-keeping obligations;
  • detecting and preventing fraud, abuse, and unlawful activity;
  • protecting the safety of staff, customers, visitors, and property;
  • improving our operations, systems, and customer service.

We do not use personal data for purposes that are incompatible with the reasons it was collected unless we have a lawful basis to do so and provide appropriate notice where required.

3. Lawful Basis for Processing

We process personal data only where permitted by law. The lawful bases we rely on are set out below:

Contract

We process data where it is necessary to enter into or perform a contract with you. This includes managing your storage agreement, processing payments, and providing access to your unit.

Legal obligation

We process data where necessary to comply with legal duties, such as tax rules, accounting requirements, responding to lawful requests, fraud prevention obligations, and record retention requirements.

Legitimate interests

We process data where it is necessary for our legitimate interests and where those interests are not overridden by your rights. Examples include security monitoring, service administration, debt recovery, business management, and preventing misuse of our facilities. We carry out balancing tests to ensure this processing is proportionate.

Consent

In limited situations, we may rely on consent, for example for certain optional communications or specific uses not covered by other lawful bases. Where we rely on consent, you may withdraw it at any time.

We do not generally rely on consent where another lawful basis is more appropriate for storage services.

4. Sharing and Processors

We may share personal data with trusted third parties that help us operate our business. These organisations act as processors when they process data on our instructions, or as independent controllers where they determine their own purposes and means.

Processors may include:

  • payment service providers;
  • accounting and bookkeeping providers;
  • IT hosting, software, and system support providers;
  • cloud storage and data backup providers;
  • security and CCTV service providers;
  • identity verification and fraud prevention services;
  • legal advisers, insurers, and claims handlers;
  • debt recovery or collection agencies where accounts remain unpaid;
  • maintenance, auditing, and professional service providers.

We require processors to protect personal data, use it only for agreed purposes, and follow appropriate confidentiality and security measures. We do not sell personal data. If data is shared with law enforcement, regulators, or courts, this will only happen where required or permitted by law.

5. International Transfers

If any service provider stores or accesses personal data outside the UK, we will ensure appropriate safeguards are in place before transfer. These may include adequacy regulations, standard contractual clauses, or other lawful transfer mechanisms. We take steps to ensure a similar level of protection is applied wherever data is processed.

6. Data Retention

We keep personal data only for as long as necessary to fulfil the purposes described in this policy, including legal, accounting, contractual, and reporting requirements. Retention periods vary depending on the nature of the data and the reason it was collected.

  • Customer account and contract records are generally kept for the duration of the relationship and for a period after it ends to handle disputes, claims, or legal obligations.
  • Payment and accounting records are usually retained for the period required by tax and financial laws.
  • Security records, such as CCTV or access logs, are kept only as long as reasonably necessary for site safety, incident investigation, or legal defence.
  • Correspondence and complaints are retained for as long as needed to resolve the matter and maintain proper records.

When retention is no longer required, we securely delete, anonymise, or destroy data. We apply retention controls to limit unnecessary storage and reduce privacy risk.

7. Data Security

We use appropriate technical and organisational measures to protect personal data against unauthorised access, loss, alteration, or disclosure. These measures may include access controls, staff confidentiality duties, secure storage, system monitoring, and data minimisation. While no system can be completely secure, we work to maintain a level of security appropriate to the risks involved.

8. Your Rights

Under data protection law, individuals have rights in relation to their personal data. Subject to legal limits and exemptions, you may have the right to:

  • access your personal data and obtain a copy of it;
  • rectify inaccurate or incomplete information;
  • erase your data in certain circumstances;
  • restrict processing in certain situations;
  • object to processing based on legitimate interests;
  • data portability for information you provided where processing is based on consent or contract and carried out by automated means;
  • withdraw consent where we rely on consent;
  • lodge a complaint with the relevant supervisory authority if you believe your rights have been infringed.

We may need to verify your identity before responding to a request. We will respond within the time required by law and keep you informed if additional information is needed.

9. Children’s Data

Our services are not intended for children, and we do not knowingly collect personal data from children except where necessary in relation to lawful account administration, for example where a parent, guardian, or authorised adult is acting on their behalf. If we become aware that we have collected data unlawfully, we will take steps to delete it where appropriate.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, practice, or our services. Any revised version will apply from the date it is published or otherwise communicated. We encourage customers to review this policy periodically so they remain informed about how their data is used.

11. Contact and Questions

If you have questions about this Privacy Policy, wish to exercise your rights, or need clarification about how your personal data is handled, you may raise the matter through the usual customer service or account management channels provided by Littleilford Storage. We will handle requests in accordance with applicable data protection law and will aim to resolve concerns promptly and fairly.

Littleilford Storage is committed to respecting privacy, maintaining confidentiality, and processing personal data responsibly for every customer in the area.

Call Now!
Call Now Get a Quote
Littleilford Storage

GDPR-compliant privacy policy for Littleilford Storage covering data collection, lawful basis, retention, processors, rights, security, and scope for all local customers.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.