Privacy Policy - Norbiton Storage

This Privacy Policy explains how Norbiton Storage collects, uses, stores, shares, and protects personal data in connection with our storage services. It applies to all Norbiton Storage customers in the area, including current, former, and prospective customers, and to individuals who contact us or otherwise interact with us in relation to our services. We are committed to handling personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

For the purposes of data protection law, Norbiton Storage acts as the data controller for the personal data collected and processed in connection with our storage services. This means we decide why and how your personal data is used. We take our responsibilities seriously and aim to process data fairly, lawfully, transparently, and securely.

2. Information We Collect

We may collect and process different types of personal data depending on how you interact with us. The data we collect may include:

  • Identity data such as your name, date of birth, and identification details.
  • Contact data such as address, email address, and telephone number.
  • Contract data such as account details, booking information, storage unit details, and payment records.
  • Financial data such as billing information and transaction history.
  • Usage data such as access logs, service interactions, and customer service records.
  • Technical data such as device identifiers or limited online interaction data if you use digital services connected to our operations.
  • Security data such as CCTV footage, site access records, and incident reports where applicable.

We generally collect personal data directly from you when you enquire about, enter into, or use our storage services. In some cases, we may also receive information from third parties such as payment providers, identity verification services, insurers, or legal and regulatory bodies where relevant.

3. How We Use Your Data

We use personal data only for specified purposes and where we have a valid legal basis. Our uses include:

  • Setting up and managing customer accounts.
  • Providing storage services and managing access to units.
  • Processing payments and handling invoices.
  • Verifying identity and preventing fraud.
  • Maintaining security and monitoring site safety.
  • Responding to enquiries, complaints, and requests.
  • Complying with legal obligations and regulatory requirements.
  • Improving our services, systems, and customer experience.

We do not use your personal data for purposes that are incompatible with the reasons it was collected. If we need to use data for a new purpose, we will ensure that this is compatible with the original purpose or that we have another lawful basis to do so.

4. Lawful Basis for Processing

We process personal data under one or more of the following lawful bases:

Contract

We process your data where it is necessary to enter into or perform a contract with you. This includes managing your storage agreement, providing access to your unit, taking payment, and maintaining your account.

Legal Obligation

We may process data where required to comply with laws, regulations, taxation rules, accounting requirements, court orders, or requests from lawful authorities.

Legitimate Interests

We may process data where it is necessary for our legitimate business interests, provided those interests do not override your rights and freedoms. This may include protecting our premises, detecting misuse, improving services, managing business operations, and defending legal claims. Where we rely on legitimate interests, we assess the impact on your privacy and apply safeguards.

Consent

In limited cases, we may rely on your consent, for example where specific optional communications or services require it. Where consent is used, you can withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

5. Data Retention

We keep personal data only for as long as necessary to fulfil the purposes for which it was collected, including for legal, accounting, security, and operational needs. Retention periods vary depending on the type of information and the reason for processing.

  • Customer account and contract records are retained for the duration of the relationship and for a reasonable period after it ends.
  • Financial and tax-related records are kept for the period required by law.
  • Security records, including CCTV where used, are retained for a limited period unless a longer retention is needed for an investigation or legal matter.
  • Enquiry and communication records are retained only as long as needed to handle the matter and maintain appropriate business records.

When personal data is no longer needed, we will securely delete, anonymise, or destroy it. Retention is reviewed regularly so that we do not keep data longer than necessary.

6. Data Sharing and Processors

We may share personal data with trusted third parties where necessary for our business operations, legal compliance, or service delivery. These third parties act as either independent controllers or processors depending on the service they provide.

Our processors may include:

  • Payment processors to handle card or electronic payments.
  • IT and cloud service providers to host or maintain secure systems and data storage.
  • Security service providers supporting alarms, monitoring, and access control.
  • Professional advisers such as accountants, auditors, insurers, and legal advisers.
  • Identity verification or fraud prevention providers where necessary.

We require all processors to act only on our instructions, to protect personal data appropriately, and to use it only for the purposes we specify. Where data is shared with independent controllers, they will be responsible for their own compliance with data protection law.

We do not sell your personal data. We will only disclose personal information where necessary, proportionate, and lawful.

7. International Transfers

If any of our processors or service providers store or access personal data outside the UK, we will take appropriate steps to ensure that your data receives a level of protection that is essentially equivalent to UK standards. This may include approved contractual safeguards and transfer risk assessments where required.

8. Data Security

We use appropriate technical and organisational measures to protect personal data against accidental loss, unauthorised access, misuse, alteration, or disclosure. These measures may include access controls, secure systems, staff training, restricted permissions, and physical security arrangements. While no system can be guaranteed to be completely secure, we work continuously to maintain a high standard of protection.

9. Your Rights

Under data protection law, you have a number of rights in relation to your personal data. These rights are not absolute and may be subject to conditions or exemptions. Your rights include:

  • The right to be informed about how your data is collected and used.
  • The right of access to obtain a copy of the personal data we hold about you.
  • The right to rectification to correct inaccurate or incomplete information.
  • The right to erasure in certain circumstances, also known as the right to be forgotten.
  • The right to restrict processing in certain situations.
  • The right to data portability for data you provided to us in a structured, commonly used format, where applicable.
  • The right to object to processing based on legitimate interests or direct marketing.
  • Rights related to automated decision-making, where applicable.

You also have the right to withdraw consent at any time where processing is based on consent. Exercising your rights will not usually affect the services we provide, unless the data is necessary for the service or required by law.

10. Children’s Data

Our services are intended for adults. We do not knowingly collect personal data from children unless it is necessary in connection with a lawful customer or legal relationship. If we become aware that we have collected data from a child inappropriately, we will take steps to delete it in accordance with the law.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. Any updated version will apply from the date it is published or communicated. We encourage customers to review this policy periodically so they remain informed about how their data is handled.

12. Complaints

If you have concerns about how we use your personal data, you should raise them with us so we can address the issue. You also have the right to lodge a complaint with the UK data protection supervisory authority if you believe your rights have been infringed. We value privacy and will investigate concerns carefully and fairly.

Summary of our approach: Norbiton Storage processes personal data lawfully, transparently, and securely, with clear limits on collection, use, sharing, and retention.

Call Now!
Call Now Get a Quote
Norbiton Storage

GDPR-compliant Privacy Policy for Norbiton Storage covering data collection, lawful basis, retention, processors, and user rights for all local customers.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.