Privacy Policy - Woodgreen Storage

This Privacy Policy explains how Woodgreen Storage collects, uses, stores, shares, and protects personal data relating to customers, prospective customers, visitors, and other individuals whose information is processed in connection with our storage services. It applies to all Woodgreen Storage customers in the area, including individuals who enquire about, book, access, manage, or end a storage arrangement with us. We are committed to handling personal data in a lawful, fair, transparent, and secure manner in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

By using our services, making an enquiry, entering into a storage agreement, visiting our facilities, or otherwise interacting with Woodgreen Storage, you acknowledge that your personal data may be processed as described in this policy. This policy should be read carefully so you understand what information we collect, why we use it, and what rights you have.

1. Data We Collect

We collect only the personal data that is necessary for the operation of our business, the provision of storage services, and the management of our relationship with you. The categories of personal data we may collect include:

  • Identity information such as your name, title, and date of birth where needed for verification.
  • Contact information such as your address, email address, and telephone number.
  • Account and booking information such as storage unit details, start and end dates, access arrangements, payment references, and service preferences.
  • Financial information such as billing records, payment status, and limited payment details required to process transactions.
  • Verification information such as copies of identification documents, proof of address, or other documents required for anti-fraud or regulatory purposes.
  • Facility and security information such as CCTV recordings, access logs, key or code usage, and incident reports.
  • Communication data such as correspondence, enquiries, complaints, service requests, and notes of conversations.
  • Technical information such as IP address or device information if you interact with digital systems we use for administration or security.

We generally collect personal data directly from you. In some cases, we may receive data from third parties such as payment providers, identity verification services, insurers, debt recovery providers, contractors, or public authorities where necessary and lawful.

2. How We Use Personal Data

We process personal data to operate Woodgreen Storage efficiently and to provide secure storage services. Typical purposes include:

  • setting up and administering accounts and storage agreements;
  • processing payments, refunds, and charges;
  • managing access to storage facilities;
  • verifying identity and preventing fraud;
  • communicating with you about bookings, services, notices, or changes;
  • handling complaints, claims, disputes, and enforcement matters;
  • maintaining security, including monitoring premises and detecting incidents;
  • meeting legal, accounting, and regulatory obligations;
  • improving service quality, record-keeping, and internal administration.

We only use personal data for the purposes for which it was collected, unless we reasonably determine that we need to use it for a compatible purpose or another lawful reason.

3. Lawful Basis for Processing

We rely on one or more lawful bases under UK GDPR depending on the type of processing involved. These include:

Contract

We process personal data where it is necessary to enter into or perform a contract with you. This includes managing your storage account, providing access to your unit, billing, and handling service-related communications.

Legal Obligation

We process data where needed to comply with legal obligations, including tax, accounting, consumer protection, anti-fraud, and other statutory requirements.

Legitimate Interests

We may process personal data where it is necessary for our legitimate interests or those of a third party, provided your rights and interests do not override those interests. These legitimate interests include protecting our premises, preventing crime and misuse, managing business operations, recovering outstanding debts, improving services, and defending legal claims. We balance these interests against your privacy rights before relying on this basis.

Consent

In limited situations, we may rely on your consent, for example where specific optional communications or uses of data require it. Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

Vital Interests and Public Task

These bases are unlikely to apply in ordinary storage services, but we may rely on them in rare circumstances where necessary to protect someone’s life or where required by law.

4. Sharing and Processors

We may share personal data with trusted third parties where necessary for the purposes described in this policy. Such third parties may act as processors or independent controllers. When a third party acts as a processor, it only processes data on our instructions and under a written contract requiring appropriate security and confidentiality.

Examples of processors and service providers may include:

  • IT and cloud service providers that host systems, store records, or support secure communications;
  • payment processors that handle card or bank payment transactions;
  • identity verification or fraud prevention providers that help confirm identity or detect suspicious activity;
  • security and CCTV service providers that maintain monitoring and alarm systems;
  • accountants, auditors, and professional advisers who support financial and legal compliance;
  • debt recovery or legal service providers where necessary to recover unpaid sums or manage disputes;
  • maintenance and facility contractors where access or operational support is required.

We may also disclose personal data to regulators, law enforcement agencies, courts, or other authorities where required or permitted by law. We do not sell your personal data.

5. Retention of Personal Data

We keep personal data only for as long as necessary for the purposes for which it was collected, including any legal, accounting, reporting, or dispute-resolution requirements. Retention periods vary depending on the type of data and the context in which it was collected.

As a general approach:

  • customer account and contract records are retained for the duration of the relationship and for a period afterward to deal with claims, disputes, and compliance;
  • financial records are retained for the period required by tax and accounting law;
  • security records, including CCTV and access logs, are retained for a limited period unless needed for investigation or legal proceedings;
  • complaints and correspondence are retained as long as necessary to resolve matters and maintain evidence of our actions;
  • where data is no longer required, it is securely deleted, anonymised, or destroyed.

We apply retention periods based on necessity and legal requirements, and we review records regularly to ensure they are not kept longer than needed.

6. Data Security

We use appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, destruction, alteration, or disclosure. These measures may include access controls, staff training, encryption where appropriate, secure storage, and physical security procedures. While we take reasonable steps to safeguard data, no system can be guaranteed to be completely secure.

7. International Transfers

If personal data is transferred outside the United Kingdom, we will take steps to ensure an adequate level of protection in accordance with applicable data protection law. This may include using appropriate safeguards such as standard contractual clauses or assessing whether the destination country provides an adequate level of protection.

8. Your Rights

Under data protection law, you have a number of rights in relation to your personal data. These may apply in different circumstances and are subject to legal conditions and exemptions. Your rights include:

  • Right of access – to request a copy of the personal data we hold about you.
  • Right to rectification – to ask us to correct inaccurate or incomplete data.
  • Right to erasure – to request deletion of your data in certain circumstances.
  • Right to restriction – to ask us to limit processing in certain situations.
  • Right to object – to object to processing based on legitimate interests or direct marketing, where applicable.
  • Right to data portability – to receive certain data in a structured, commonly used format where the legal conditions are met.
  • Right to withdraw consent – where processing is based on consent.
  • Right to complain – to raise concerns with the relevant supervisory authority if you believe your data has been mishandled.

To protect your privacy, we may need to verify your identity before responding to a rights request. We aim to respond within the time limits set by law.

9. Children’s Data

Our services are generally intended for adults. We do not knowingly collect personal data from children except where it is necessary and lawful, for example where a parent, guardian, or authorised representative provides information in connection with a service arrangement.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or data processing practices. Any updated version will apply from the date it is published or otherwise communicated. We encourage you to review this policy periodically to stay informed about how we protect your personal data.

11. Fair Processing Statement

Woodgreen Storage is committed to treating personal data with care, confidentiality, and respect. We collect and use information only where we have a lawful basis to do so, and we take steps to ensure that our processing remains relevant, proportionate, and secure. Our aim is to provide storage services responsibly while safeguarding the privacy rights of every customer in the area.

Last reviewed: current policy in force

Call Now!
Call Now Get a Quote
Woodgreen Storage

GDPR-compliant Privacy Policy for Woodgreen Storage covering data use, lawful basis, retention, processors, and customer rights for all area customers.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.