Privacy Policy - Woodford Storage

This Privacy Policy explains how Woodford Storage collects, uses, stores, shares, and protects personal data. It applies to all Woodford Storage customers in the area, including prospective customers, current customers, former customers, site visitors, and anyone who interacts with our services. We are committed to handling personal information in a lawful, fair, and transparent manner in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

Woodford Storage provides storage services to individuals and businesses. In the course of providing those services, we may collect and process personal data about customers, account holders, authorised representatives, delivery contacts, and other individuals linked to a storage agreement. We act as a data controller for the personal data we collect and decide how and why that data is used.

2. Personal Data We Collect

We collect only the information that is necessary to manage our services, meet legal obligations, and protect our legitimate interests. The types of data we may collect include:

  • Identity data such as name, date of birth, and identification details
  • Contact data such as address, email address, and telephone number
  • Account data such as customer reference details, service preferences, and storage unit information
  • Payment data such as billing records, transaction details, and payment status
  • Security data such as access logs, CCTV footage where used, and incident reports
  • Correspondence data such as emails, written communications, complaints, and service requests
  • Technical data where applicable, such as device or browser information used to access digital services

We do not intentionally collect special category data unless it is necessary and we have a lawful reason to do so. If such information is provided to us, we will process it only where permitted by law and with appropriate safeguards.

3. How We Use Personal Data

Woodford Storage uses personal data for the following purposes:

  • To set up and manage customer accounts
  • To provide storage services and administer access to units
  • To process payments, refunds, invoices, and account balances
  • To communicate about service matters, notices, and updates
  • To verify identity and prevent unauthorised access
  • To maintain safety, security, and loss prevention
  • To handle complaints, disputes, and claims
  • To comply with legal, tax, accounting, and regulatory obligations
  • To improve our operations, systems, and customer service

We may also use data in an aggregated or anonymised form for internal reporting and service improvement, provided it no longer identifies any individual.

4. Lawful Basis for Processing

We process personal data only when we have a valid lawful basis under UK GDPR. Depending on the circumstances, we rely on one or more of the following:

Contract

We process data where it is necessary to enter into or perform a contract with you. This includes setting up your storage agreement, managing your account, collecting payment, and providing the services you have requested.

Legal Obligation

We process data where necessary to comply with legal requirements, including tax, accounting, record-keeping, fraud prevention, and any lawful request from public authorities.

Legitimate Interests

We may process data where it is necessary for our legitimate interests, provided those interests are not overridden by your rights and freedoms. These interests may include service administration, security monitoring, debt recovery, dispute handling, and business management.

Consent

In limited cases, we may rely on your consent, for example where you choose to receive certain optional communications. Where we rely on consent, you may withdraw it at any time.

Vital Interests and Public Task

These bases are unlikely to apply in most storage arrangements, but we may process data on these grounds if necessary to protect someone’s vital interests or where required by law.

5. Sharing and Processors

We may share personal data with trusted third parties that help us run our business. These parties act as processors when they process data on our instructions and subject to contract. They may include:

  • Payment service providers and banking partners
  • IT, cloud hosting, and software service providers
  • Security and surveillance service providers
  • Professional advisers such as accountants, auditors, and legal advisers
  • Debt collection or recovery partners where lawful and necessary
  • Maintenance, repair, and facilities support providers

We require all processors to implement appropriate security measures and to process data only for the purposes we authorise. We do not sell personal data.

We may also disclose personal information where required by law, where necessary to protect our rights or property, or where needed to respond to a lawful request by courts, regulators, or law enforcement.

6. Retention of Personal Data

We keep personal data only for as long as necessary for the purposes for which it was collected, including to meet legal, accounting, and reporting requirements. Retention periods depend on the type of information and the reason for processing.

  • Account and contract records are generally retained for the duration of the agreement and for a period after it ends
  • Payment and invoicing records are retained for the period required by tax and accounting law
  • Security records such as access logs or CCTV footage are retained only as long as needed for safety, investigation, or compliance purposes
  • Correspondence and complaint records are retained for a reasonable period to manage disputes and service history

When data is no longer required, we will delete it securely or anonymise it so that it can no longer identify you. In some cases, we may retain information for longer if necessary to establish, exercise, or defend legal claims.

7. Data Security

We take the security of personal data seriously and use appropriate technical and organisational measures to protect it from loss, misuse, unauthorised access, disclosure, alteration, or destruction. These measures may include access controls, secure storage, staff training, confidentiality obligations, and regular review of our procedures. No system is completely secure, but we work to reduce risk and respond promptly to any suspected data incident.

8. International Transfers

If any personal data is transferred outside the United Kingdom, we will ensure that appropriate safeguards are in place so that the data remains protected in line with applicable law. Where required, this may include standard contractual clauses, adequacy regulations, or other recognised transfer mechanisms.

9. Your Rights

Under data protection law, you may have the following rights in relation to your personal data:

  • Right of access – to request a copy of the personal data we hold about you
  • Right to rectification – to ask us to correct inaccurate or incomplete data
  • Right to erasure – to request deletion of your data in certain circumstances
  • Right to restrict processing – to ask us to limit how we use your data in some situations
  • Right to object – to object to processing based on legitimate interests or direct marketing
  • Right to data portability – to receive certain data in a structured, commonly used format
  • Right to withdraw consent – where processing is based on consent

These rights are not absolute, and in some cases we may be entitled or required to continue processing your data. If you exercise your rights, we may need to verify your identity before responding.

10. Automated Decision-Making

We do not generally use automated decision-making or profiling that produces legal or similarly significant effects on individuals. If this changes, we will provide clear information about the logic involved and your rights in relation to that processing.

11. Complaints and Further Information

If you are concerned about how we handle your personal data, you have the right to raise a complaint with the relevant data protection authority. We encourage you to contact us first so we can try to resolve the issue promptly and fairly. We will investigate concerns and respond in line with applicable legal requirements.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, our services, or how we process personal data. Any updated version will apply from the date it is published or otherwise communicated. We encourage customers to review this policy periodically so they remain informed about how their data is handled.

Last reviewed: This policy is intended to apply to all Woodford Storage customers in the area and should be read alongside any relevant service terms or customer notices.

Call Now!
Call Now Get a Quote
Woodford Storage

GDPR-compliant Privacy Policy for Woodford Storage covering data collection, lawful basis, retention, processors, user rights, and scope for all customers in the area.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.