Privacy Policy - Lambeth Storage

This Privacy Policy explains how Lambeth Storage collects, uses, stores, shares, and protects personal data in connection with our storage services. It applies to all Lambeth Storage customers in the area, including prospective customers, current customers, and individuals who interact with us on behalf of a customer. We are committed to handling personal data in a lawful, fair, and transparent manner in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

Lambeth Storage provides storage-related services to individuals and businesses. For the purposes of data protection law, we act as a data controller when we determine the purposes and means of processing personal data. In limited circumstances, we may act as a data processor where we process information on behalf of another organisation under its instructions.

2. Personal Data We Collect

We only collect personal data that is necessary for operating our services, managing customer relationships, and meeting our legal obligations. The categories of data we may collect include:

  • Identity information, such as name, date of birth, and proof of identity where required.
  • Contact information, such as postal address, email address, and telephone number.
  • Account and contract details, including booking records, service preferences, storage unit information, and payment status.
  • Payment information, such as billing details and limited transaction records.
  • Access and security records, including logs relating to entry, exit, and site security systems.
  • Communications, including enquiries, complaints, notes of phone calls, emails, and service correspondence.
  • Technical information, such as device and usage data collected through our systems, where applicable.
  • Special category data only where strictly necessary and lawfully permitted, for example if a customer voluntarily provides information relevant to a reasonable adjustment request.

We do not seek to collect unnecessary personal data. Where possible, we will limit data collection to what is directly relevant to the service being provided.

3. How We Use Personal Data

We use personal data for the following purposes:

  • to register customers and manage storage agreements;
  • to verify identity and prevent fraud;
  • to provide, maintain, and administer storage services;
  • to process payments, refunds, and account-related matters;
  • to communicate with customers about service matters;
  • to manage access, safety, and security on our premises;
  • to respond to complaints, disputes, and legal claims;
  • to comply with legal and regulatory obligations;
  • to maintain business records and improve service operations.

We will only use personal data for the purposes explained in this Policy or for closely related purposes that would reasonably be expected by the customer.

4. Lawful Basis for Processing

Under the UK GDPR, we must have a lawful basis for processing personal data. Depending on the activity, we rely on one or more of the following lawful bases:

Contract

We process data when it is necessary to enter into or perform a contract with a customer. This includes setting up storage accounts, managing payments, and providing access to storage services.

Legal Obligation

We process data where necessary to comply with legal obligations, including accounting, tax, fraud prevention, and requests from lawful authorities.

Legitimate Interests

We may process data where it is necessary for our legitimate interests or the legitimate interests of a third party, provided those interests are not overridden by the customer’s rights and freedoms. Examples include service improvement, security monitoring, business administration, and defending legal claims.

Consent

In limited situations, we may rely on consent, for example where it is the most appropriate lawful basis for a particular optional activity. Where consent is used, customers may withdraw it at any time.

Vital Interests

In rare circumstances, we may process data where necessary to protect someone’s vital interests, such as in an emergency involving health or safety.

5. Data Sharing and Processors

We may share personal data with trusted third parties only where necessary and appropriate. These parties act as processors or independent controllers depending on the service they provide. Processors may include:

  • IT and cloud service providers that support our systems, storage, and communications;
  • payment service providers that process card or banking transactions;
  • security and monitoring providers that help protect our premises;
  • accounting, audit, and professional advisers who support business and compliance functions;
  • maintenance and facilities providers where access is needed to perform contracted services;
  • legal or regulatory authorities where disclosure is required by law.

Where we use processors, we require them to protect personal data and process it only on our instructions, in line with data protection law. We do not sell personal data.

6. International Transfers

Where personal data is transferred outside the UK, we will ensure that appropriate safeguards are in place. These safeguards may include adequacy regulations, UK transfer agreements, or other lawful transfer mechanisms. We will take reasonable steps to ensure that any international recipient provides an adequate level of protection for personal data.

7. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, including to meet legal, accounting, contractual, and reporting obligations. Retention periods depend on the type of information and the context in which it is used.

  • Contract and account records are generally retained for the duration of the customer relationship and for a further period after the relationship ends.
  • Financial records are retained for the period required by tax and accounting law.
  • Security and access logs are retained for a limited period unless longer retention is needed for an incident, investigation, or legal claim.
  • Enquiry records may be kept for a reasonable period to manage follow-up communications and service continuity.

When personal data is no longer needed, it is securely deleted, anonymised, or otherwise disposed of in accordance with our internal retention procedures.

8. Data Security

We take appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, destruction, misuse, or disclosure. These measures may include access controls, secure storage, staff confidentiality obligations, monitoring, and regular review of our security practices. While no system can be guaranteed completely secure, we work to maintain safeguards that are proportionate to the risks involved.

9. Your Rights

Individuals whose personal data we process have a number of rights under data protection law. Subject to legal conditions and exemptions, these rights include:

  • Right of access – to request a copy of the personal data we hold about you.
  • Right to rectification – to request correction of inaccurate or incomplete data.
  • Right to erasure – to request deletion of personal data in certain circumstances.
  • Right to restrict processing – to ask us to limit how we use your data in specific cases.
  • Right to object – to object to processing based on legitimate interests or direct marketing.
  • Right to data portability – to receive certain data in a structured, commonly used format where legally applicable.
  • Right to withdraw consent – where processing is based on consent, you may withdraw it at any time.

You also have the right to complain to the relevant data protection authority if you believe your rights have been infringed. We encourage customers to raise concerns with us first so that we can address them promptly and fairly.

10. Automated Decision-Making

We do not use solely automated decision-making that produces legal or similarly significant effects without human involvement, unless we are permitted to do so by law and appropriate safeguards are in place. If such processing were introduced, we would provide clear information about it and your associated rights.

11. Children’s Data

Our services are not directed at children, and we do not knowingly collect personal data from children except where it is necessary in connection with a lawful storage arrangement and appropriate authorisation is provided by an adult responsible for the arrangement. If we become aware that we have collected data inappropriately, we will take steps to delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in the law, our practices, or our services. Any updated version will apply from the date it becomes effective. We encourage customers to review this Policy periodically so they remain informed about how their data is handled.

13. Summary of Our Commitment

Lambeth Storage is committed to responsible data handling. We collect only the personal data needed to provide and manage our services, rely on lawful bases recognised by the UK GDPR, keep data only for as long as necessary, use processors under appropriate contractual controls, and respect the rights of all individuals whose data we process. Our aim is to handle personal data with care, transparency, and accountability at every stage.

Call Now!
Call Now Get a Quote
Lambeth Storage

GDPR-compliant Privacy Policy for Lambeth Storage covering data collection, lawful basis, retention, processors, and user rights for all local customers.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.