Privacy Policy - Cheam Storage

This Privacy Policy explains how Cheam Storage collects, uses, stores, shares, and protects personal data when providing storage services. It applies to all Cheam Storage customers in the area, including prospective customers, account holders, named contacts, authorised users, and any individual whose personal data is processed in connection with our services. We are committed to handling personal data lawfully, fairly, and transparently in accordance with the UK GDPR and the Data Protection Act 2018.

1. Who We Are

Cheam Storage is a storage services provider that processes personal data to manage enquiries, set up accounts, operate storage facilities, administer payments, ensure security, and meet legal obligations. In this policy, “we”, “us”, and “our” refer to Cheam Storage. “You” refers to any individual whose personal data we process, including customers and other people connected with a storage agreement.

2. Personal Data We Collect

We only collect personal data that is necessary for our business operations and legal compliance. The categories of data we may collect include:

  • Identity information such as name, date of birth, and identification details.
  • Contact information such as address, email address, and telephone number.
  • Account and contract information including storage unit details, rental history, payment records, and correspondence related to your account.
  • Financial information such as billing details, payment status, and limited transaction information required to process payments.
  • Access and security information such as entry logs, CCTV images, key or access code records, and incident reports.
  • Communication records including emails, phone call notes, complaint records, and customer service interactions.
  • Device and usage data if you interact with our digital systems, such as technical logs and IP-related information.

We generally do not seek to collect special category data unless it is provided by you or required in exceptional circumstances. If special category data is processed, we will do so only where a lawful condition applies and where it is necessary and proportionate.

3. How We Collect Personal Data

We collect personal data directly from you when you:

  • make an enquiry or request a quotation;
  • sign up for a storage service;
  • complete forms or provide information by phone, email, or in person;
  • make payments or update your account details;
  • use our premises, access systems, or customer support channels;
  • submit complaints, claims, or requests concerning your storage agreement.

We may also receive data from third parties such as payment providers, identity verification services, insurance providers, debt recovery agencies, legal advisers, contractors, or public authorities where this is lawful and necessary.

4. How We Use Your Data

We use personal data for the following purposes:

  • to provide storage services and manage contracts;
  • to verify identity and prevent fraud;
  • to process payments, refunds, and account administration;
  • to operate secure access systems and monitor site security;
  • to communicate with you about your account, service updates, or issues;
  • to handle complaints, disputes, and claims;
  • to comply with legal and regulatory obligations;
  • to enforce our terms, recover debts, and protect our business interests;
  • to maintain records and improve our services and operations.

We will not use your personal data for purposes that are incompatible with the reasons it was collected unless we have a valid lawful basis to do so.

5. Lawful Basis for Processing

We process personal data only where we have a lawful basis under the UK GDPR. Depending on the context, we rely on one or more of the following bases:

Contract

We process data where it is necessary to enter into or perform a contract with you, such as setting up your storage account, managing access, taking payment, and delivering services.

Legal Obligation

We process certain data where required to comply with law, including tax, accounting, fraud prevention, and record-keeping obligations.

Legitimate Interests

We may process data where it is necessary for our legitimate interests or those of a third party, provided your rights and freedoms do not override those interests. This may include site security, preventing unlawful activity, managing risk, improving services, and enforcing contractual rights.

Consent

In limited situations, we may rely on consent, for example for certain optional communications or uses not covered by another lawful basis. Where we rely on consent, you can withdraw it at any time.

Vital Interests

In rare circumstances, we may process data to protect someone’s vital interests, such as in a serious emergency.

6. Sharing Personal Data and Processors

We may share personal data with trusted processors and other recipients who help us provide our services. These parties process data only on our instructions and are required to keep it secure and confidential. Our processors may include:

  • payment processors and banking service providers;
  • IT hosting, cloud storage, and software support providers;
  • security, surveillance, and alarm monitoring providers;
  • identity verification and fraud prevention providers;
  • customer relationship and communication service providers;
  • professional advisers such as lawyers, accountants, and auditors;
  • debt recovery or collections providers where necessary;
  • insurance providers and claims handlers;
  • regulators, law enforcement, courts, and public authorities where legally required.

We do not sell personal data. Where a transfer outside the UK is necessary, we will ensure appropriate safeguards are in place, such as an adequacy decision or approved contractual protections.

7. Data Retention

We keep personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, tax, insurance, and dispute-resolution requirements. Retention periods vary depending on the type of data and the reason for processing. In general:

  • contract and account records are retained for the duration of the relationship and for a reasonable period afterwards;
  • payment and invoicing records are retained for the period required by tax and financial laws;
  • security records, such as CCTV and access logs, are retained only for a limited period unless needed for an investigation;
  • complaint and correspondence records are retained while relevant to service administration and legal protection;
  • where data is no longer required, it is securely deleted, anonymised, or archived in a restricted manner.

When deciding how long to keep data, we consider legal obligations, operational needs, potential claims, and the sensitivity of the information.

8. Data Security

We use appropriate technical and organisational measures to protect personal data from unauthorised access, loss, misuse, alteration, or disclosure. These measures may include access controls, encryption where appropriate, physical security, staff training, monitoring, and secure disposal processes. While we take reasonable steps to protect data, no system can be guaranteed to be completely secure.

9. Your Rights

Under data protection law, you have a number of rights in relation to your personal data. Subject to legal limitations, these may include:

  • Right of access – to request a copy of your personal data and information about how we use it.
  • Right to rectification – to ask us to correct inaccurate or incomplete data.
  • Right to erasure – to request deletion of your data in certain circumstances.
  • Right to restriction – to ask us to limit processing in certain situations.
  • Right to object – to object to processing based on legitimate interests or direct marketing.
  • Right to data portability – to receive certain data in a structured, commonly used format where applicable.
  • Right to withdraw consent – where processing is based on consent.

You also have the right to make a complaint to the Information Commissioner’s Office if you believe your data protection rights have been infringed. Before doing so, we encourage you to raise any concerns with us so we can try to resolve them.

10. Automated Decision-Making

We do not usually make decisions about you based solely on automated processing that produces legal or similarly significant effects. If this changes, we will provide appropriate information about the logic involved, the significance of the processing, and your rights.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, our services, or how we process personal data. Any updated version will apply from the date it is made available. We encourage you to review this policy periodically to stay informed about how we protect your information.

12. Scope of This Policy

This policy applies to all Cheam Storage customers in the area and to any individual whose personal data we process in connection with our storage services. By using our services or providing us with personal data, you acknowledge the practices described in this Privacy Policy.

Cheam Storage is committed to processing personal data lawfully, securely, and with respect for your privacy.

Call Now!
Call Now Get a Quote
Cheam Storage

GDPR-compliant Privacy Policy for Cheam Storage covering collection, lawful basis, retention, processors, rights, and local customer scope.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.