Privacy Policy - Archway Storage

Effective date: This Privacy Policy applies to all Archway Storage customers in our service area and explains how we collect, use, disclose, and protect personal data in connection with our storage services. It is intended to be read alongside any rental agreement, account terms, or service notices that may apply to your storage unit or related services.

1. Introduction

Archway Storage is committed to handling personal data lawfully, fairly, and transparently in accordance with the UK GDPR and the Data Protection Act 2018, and where applicable, the EU GDPR. We respect your privacy and aim to collect only the information needed to provide secure, reliable storage services and to manage our business responsibly.

This policy explains what information we collect, why we collect it, the lawful bases we rely on, how long we keep it, who may process it on our behalf, and the rights available to you as a data subject.

2. Information We Collect

We may collect and process the following categories of personal data:

  • Identity information such as your name, date of birth, and identification details where required for verification.
  • Contact information such as your address, telephone number, and email address.
  • Account and transaction information such as rental records, payment records, invoices, billing history, and correspondence relating to your account.
  • Security and access information such as gate access logs, entry and exit records, CCTV footage, alarm records, and incident reports.
  • Service usage information such as unit allocation, move-in and move-out dates, storage preferences, and notes related to service requests.
  • Technical information where you interact with our digital systems, including device identifiers, log data, and limited usage information needed for security and maintenance.
  • Special category data only where strictly necessary and permitted by law, for example if you voluntarily provide information needed to address an accessibility request or a safeguarding issue.

We generally collect personal data directly from you when you enquire about our services, enter into a contract with us, make payments, use our facilities, or communicate with our staff. We may also receive data from third parties such as payment providers, identity verification services, insurers, debt recovery providers, or legal and regulatory authorities where lawful.

3. How We Use Personal Data

We use personal data for the following purposes:

  • To register your account and administer your storage agreement.
  • To verify identity and prevent fraud or misuse of our services.
  • To process payments, refunds, and account balances.
  • To provide access to storage facilities and maintain site security.
  • To communicate with you about bookings, billing, service changes, and operational matters.
  • To manage incidents, complaints, claims, and dispute resolution.
  • To comply with legal, regulatory, tax, accounting, and insurance obligations.
  • To improve our services, systems, and security measures.
  • To establish, exercise, or defend legal claims.

We do not use personal data for unrelated purposes without first ensuring that we have a lawful basis to do so.

4. Lawful Basis for Processing

Under data protection law, we must have a valid lawful basis for each use of personal data. We rely on the following lawful bases:

Contract

We process personal data where it is necessary to enter into or perform a contract with you. This includes setting up your storage account, managing access, handling payments, and providing the services you have requested.

Legal Obligation

We process data where needed to comply with legal duties, including accounting records, tax requirements, fraud prevention, and responses to lawful requests from authorities.

Legitimate Interests

We may process data where it is necessary for our legitimate business interests, provided those interests are not overridden by your rights and freedoms. Examples include site security, CCTV monitoring, preventing theft or misuse, service improvement, internal administration, and protecting our legal rights.

Consent

In limited situations, we may rely on your consent, for example where it is required for optional communications or particular types of processing. Where we rely on consent, you may withdraw it at any time, without affecting the lawfulness of processing before withdrawal.

Vital Interests and Public Interest

In rare circumstances, we may process personal data to protect someone’s vital interests or where processing is necessary for a task carried out in the public interest or under official authority, if applicable.

5. Sharing and Processors

We may share personal data with trusted third parties where necessary and lawful. These parties may act as processors or, in some cases, independent controllers. Processors only process personal data on our instructions and are required to keep it secure and confidential.

Examples of processors and service providers may include:

  • IT and cloud service providers that host systems, databases, and security tools.
  • Payment processors that handle card, bank, or electronic payments.
  • Security providers that support CCTV, alarm monitoring, and access control systems.
  • Maintenance and facility service providers that help operate and secure the site.
  • Accountants, auditors, and professional advisers who assist with compliance and business administration.
  • Debt recovery and legal service providers where required to recover unpaid balances or defend legal claims.
  • Identity verification or fraud prevention services where necessary to confirm identity or detect misuse.

We may also disclose data where required by law, court order, regulatory request, or to protect the rights, property, or safety of Archway Storage, our customers, staff, or visitors.

6. International Transfers

If any processor or service provider stores or accesses personal data outside the UK or the EEA, we will ensure appropriate safeguards are in place. These may include adequacy regulations, standard contractual clauses, or equivalent protections required by law.

7. Data Retention

We keep personal data only for as long as necessary for the purposes for which it was collected, including satisfying legal, accounting, insurance, and reporting requirements. Retention periods vary depending on the type of information and the reason it is held.

As a general approach:

  • Customer account and contract records are kept for the duration of the relationship and for a further period after termination as required for legal defence and recordkeeping.
  • Payment and accounting records are retained in line with tax and financial obligations.
  • Security logs and CCTV footage are kept for a limited period unless needed longer for incident investigation, insurance, or legal proceedings.
  • Enquiry and correspondence records are kept for as long as needed to manage the matter and for a reasonable follow-up period.

When personal data is no longer required, it will be securely deleted, anonymised, or otherwise disposed of in a controlled manner.

8. Data Security

We use appropriate technical and organisational measures to protect personal data against unauthorised access, loss, alteration, disclosure, or destruction. These measures may include access controls, physical security, staff training, secure storage, system monitoring, and procedures for handling incidents.

While no system can be guaranteed completely secure, we work to ensure that data is protected in a manner proportionate to the risks associated with our services.

9. Your Rights

Subject to applicable law, you may have the following rights in relation to your personal data:

  • Right of access to obtain confirmation of whether we process your data and receive a copy of it.
  • Right to rectification to correct inaccurate or incomplete information.
  • Right to erasure in certain circumstances, sometimes called the right to be forgotten.
  • Right to restriction to limit how we use your data in certain situations.
  • Right to object to processing based on legitimate interests or direct marketing.
  • Right to data portability where processing is based on consent or contract and carried out by automated means.
  • Right to withdraw consent where processing is based on consent.
  • Right to complain to the relevant data protection supervisory authority if you believe your rights have been infringed.

To protect privacy, we may need to verify your identity before responding to a request. Some rights may not apply in all circumstances, particularly where we must retain data to comply with legal obligations or defend claims.

10. Children’s Data

Our services are generally intended for adults. We do not knowingly collect personal data from children except where necessary in connection with a lawful service arrangement or incident response, and only in accordance with applicable law.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in law, technology, business operations, or data protection practices. Any updated version will apply from the date it is published or otherwise communicated. We encourage you to review it periodically.

12. Final Statement

Archway Storage is committed to ensuring personal data is processed fairly, securely, and transparently. By using our services, you acknowledge that your data may be processed as described in this policy, subject always to your rights and the protections required by law. We aim to keep our privacy practices clear, proportionate, and fully aligned with GDPR principles.

Call Now!
Call Now Get a Quote
Archway Storage

GDPR-compliant Privacy Policy for Archway Storage covering collection, lawful basis, retention, processors, security, and user rights for all customers in the service area.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.