Privacy Policy - Paddington Storage

This Privacy Policy explains how Paddington Storage collects, uses, stores, shares, and protects personal data in connection with its storage services. It applies to all Paddington Storage customers in the area, including individuals, household customers, and business customers who use our storage facilities or related services. We are committed to handling personal data in a lawful, fair, and transparent manner in accordance with applicable data protection law, including the UK GDPR and the Data Protection Act 2018.

1. Who we are

Paddington Storage provides self-storage and related services. For the purposes of data protection law, Paddington Storage is the data controller in relation to personal data collected and processed for the operation of our services, customer management, security, billing, and legal compliance.

2. Personal data we collect

We collect only the personal data that is necessary for the provision and administration of our services. Depending on your relationship with us, we may collect the following categories of data:

  • Identity data such as name, title, date of birth, and identification details.
  • Contact data such as postal address, email address, and telephone number.
  • Account and contract data such as booking details, storage unit references, rental agreements, payment status, and correspondence relating to your account.
  • Financial data such as payment method, transaction records, and invoicing information.
  • Security and access data such as CCTV images, entry logs, alarm records, gate access information, and incident reports.
  • Usage data such as storage unit usage, attendance records, and service interactions.
  • Technical data such as device information, browser type, or IP address where relevant to the operation of digital systems.
  • Special category data only where strictly necessary and permitted by law, and typically not as part of normal service delivery.

We do not intentionally collect more data than is needed. If you provide information about another person, you should ensure that you have the authority to do so and that they are aware of this Privacy Policy where appropriate.

3. How we use your personal data

We process personal data for the following purposes:

  • To register customers and set up storage agreements.
  • To manage accounts, payments, and billing.
  • To provide access to storage premises and maintain security.
  • To respond to enquiries, requests, and customer service matters.
  • To monitor the safety, security, and proper use of our facilities.
  • To prevent, detect, and investigate fraud, misuse, theft, and other unlawful activity.
  • To comply with legal and regulatory obligations.
  • To defend, establish, or exercise legal claims.

We will only use personal data for the purposes for which it was collected unless we reasonably consider that we need to use it for another compatible purpose and that use is lawful.

4. Lawful basis for processing

We rely on one or more lawful bases under data protection law when processing your personal data. These include:

  • Contract — where processing is necessary to enter into or perform our storage agreement with you, including account administration and service provision.
  • Legal obligation — where processing is required to meet legal duties, such as accounting, tax, record-keeping, fraud prevention, or compliance with lawful requests from authorities.
  • Legitimate interests — where processing is necessary for our legitimate business interests, such as maintaining security, operating our facilities efficiently, preventing crime, and improving services, provided that your rights and freedoms do not override those interests.
  • Consent — where we ask for your clear consent for a specific purpose, such as certain optional communications or uses of information. You may withdraw consent at any time where processing is based on consent.

Where special category data is processed, we will also ensure an additional condition under data protection law applies. In practice, we do not normally need to process such data as part of standard storage services.

5. Sharing personal data and processors

We may share personal data with trusted third parties where necessary and lawful. These parties act either as processors on our behalf or as independent controllers in their own right. We require processors to process data only on our instructions, to keep it secure, and to comply with data protection obligations.

Examples of processors and service providers may include:

  • Payment processors that handle card or electronic payments.
  • IT and cloud service providers that host or support our systems, databases, and communications.
  • Security service providers that assist with CCTV, alarms, monitoring, or site protection.
  • Administrative and professional advisers such as accountants, insurers, and legal advisers.
  • Maintenance and facilities providers who may need limited access to perform contracted services.

We may also disclose data to law enforcement, regulators, courts, or other public authorities where required or permitted by law. In limited circumstances, we may share data in connection with a business reorganisation, merger, or transfer of assets, provided appropriate safeguards are in place.

6. International transfers

If any of our processors or service providers transfer personal data outside the United Kingdom, we will ensure that appropriate safeguards are used. These may include an adequacy decision, the UK International Data Transfer Agreement, or other lawful transfer mechanisms as required by data protection law.

7. Data retention

We retain personal data only for as long as necessary for the purposes for which it was collected, and for any additional period required by law or for legitimate business needs such as resolving disputes and enforcing agreements.

Retention periods may vary depending on the category of data and the purpose of processing. For example:

  • Contract and account records may be retained for the duration of the agreement and for a period afterward to manage claims, audits, and compliance.
  • Financial and tax records are retained in line with statutory obligations.
  • Security records, including CCTV footage, are typically retained only for a short period unless an incident, claim, or investigation requires longer retention.
  • Customer communications are retained for as long as needed to deal with the matter and maintain accurate records.

When personal data is no longer required, we will delete it securely or anonymise it so that it can no longer identify you.

8. Data security

We use appropriate technical and organisational measures to protect personal data against unauthorised access, loss, alteration, disclosure, or destruction. These measures are designed to reflect the nature of the data and the risks involved. While no system can be guaranteed to be completely secure, we work to maintain a high standard of protection and to limit access to personal data on a need-to-know basis.

9. Your rights

Subject to applicable law, you have a number of rights in relation to your personal data. These may include:

  • Right of access — to obtain confirmation of whether we process your data and to request a copy.
  • Right to rectification — to ask us to correct inaccurate or incomplete data.
  • Right to erasure — to request deletion of your data in certain circumstances.
  • Right to restriction — to ask us to limit processing in certain cases.
  • Right to object — to object to processing based on legitimate interests or direct marketing, where applicable.
  • Right to data portability — to receive certain data in a structured, commonly used, machine-readable format where processing is based on consent or contract and carried out by automated means.
  • Right to withdraw consent — where we rely on consent, you may withdraw it at any time.

You also have the right to lodge a complaint with the relevant data protection supervisory authority if you believe your rights have been infringed. We encourage you to raise any concerns with us first so that we can try to resolve them promptly.

10. Automated decision-making

We do not generally use solely automated decision-making that produces legal or similarly significant effects for customers. If this position changes, we will provide appropriate information and safeguards as required by law.

11. Children

Our services are intended for adults and businesses. We do not knowingly collect personal data from children except where it is incidental and necessary in connection with a customer arrangement, and only with appropriate lawful basis.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or data handling practices. Any updated version will apply from the date it is made available. We recommend that customers review this policy periodically to remain informed about how we protect personal data.

13. Summary of our approach

Transparency

We explain clearly what data we collect, why we collect it, and how it is used.

Necessity

We only process data that is needed for service delivery, security, compliance, or legitimate business purposes.

Accountability

We expect our processors and service providers to protect personal data and only use it in accordance with our instructions and legal obligations.

Respect for rights

We recognise and support your data protection rights, and we aim to respond to any requests or concerns in a timely and lawful manner.

Paddington Storage is committed to keeping personal data secure, lawful, and limited to what is necessary. This Privacy Policy applies to all Paddington Storage customers in the area and forms part of our responsible approach to privacy, trust, and compliance.

Call Now!
Call Now Get a Quote
Paddington Storage

GDPR-compliant Privacy Policy for Paddington Storage covering data collection, lawful basis, retention, processors, and user rights for all customers in the area.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.