Privacy Policy - Brixton Storage

This Privacy Policy explains how Brixton Storage collects, uses, shares, stores, and protects personal data in connection with our storage services. It applies to all Brixton Storage customers in the area, including prospective customers, current customers, former customers, and individuals who interact with us on behalf of a customer. We are committed to handling personal information in a lawful, fair, and transparent manner in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

Brixton Storage provides self-storage and related services to individuals and businesses. In providing these services, we act as a data controller for the personal data we collect and process for our own purposes. This means we determine why and how personal data is used in relation to customer accounts, service administration, security, and compliance obligations.

2. Personal Data We Collect

We only collect personal data that is necessary for specific, legitimate purposes. Depending on your relationship with us, we may collect the following categories of data:

  • Identity information such as name, date of birth, and identification details.
  • Contact information such as postal address, email address, and telephone number.
  • Account and contract information including booking details, storage unit allocation, payment history, and service preferences.
  • Payment information such as billing details and transaction records. We do not store full card details where these are handled securely by payment providers.
  • Security information including CCTV footage, access logs, gate entry records, incident reports, and visitor records where applicable.
  • Communication data such as messages, complaints, service requests, and correspondence with our staff.
  • Technical data such as device or browser information if collected through our online systems or security tools.
  • Special category data only where strictly necessary and lawfully permitted, for example if disclosed in an incident or complaint. We do not intentionally collect such data unless required for a specific lawful purpose.

We may receive personal data directly from you, from third parties acting on your behalf, from payment providers, from fraud-prevention or identity-check services, and from lawful authorities where required.

3. How We Use Your Data

We use personal data for the following purposes:

  • to register and manage customer accounts;
  • to provide storage units and related services;
  • to process payments, invoices, and refunds;
  • to verify identity and prevent fraud;
  • to maintain site security and protect property, staff, and customers;
  • to communicate about contracts, access, service updates, and policy changes;
  • to manage complaints, disputes, and insurance-related matters;
  • to comply with legal, tax, accounting, and regulatory obligations;
  • to improve our operations, systems, and customer experience;
  • to establish, exercise, or defend legal claims.

We take care to ensure that our use of personal data is relevant, proportionate, and limited to what is necessary for the purpose in question.

4. Lawful Basis for Processing

Under GDPR, we must have a lawful basis to process your personal data. We rely on the following bases depending on the context:

Contract

We process data where it is necessary to enter into or perform a contract with you. This includes setting up your storage agreement, managing access to a unit, billing, and supporting the services you request.

Legal Obligation

We process data where required to comply with legal obligations, such as tax rules, accounting duties, record-keeping requirements, fraud prevention, and responses to lawful requests from public authorities.

Legitimate Interests

We process certain data based on our legitimate interests, provided these do not override your rights and freedoms. These interests may include protecting our site from theft or damage, managing business operations, improving service quality, preventing misuse, and defending legal claims. Where we rely on legitimate interests, we consider the impact on individuals and apply appropriate safeguards.

Consent

We may rely on consent in limited circumstances, such as for optional communications or non-essential processing that requires your permission. Where consent is used, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

5. Sharing and Processors

We do not sell personal data. However, we may share information with trusted third parties where necessary to operate our business and provide services. These third parties may act as processors or, in some cases, independent controllers.

Processors We Use

Where a third party processes data on our behalf, we require them to follow written contractual terms, keep data secure, and act only on our instructions. Examples of processors may include:

  • IT and cloud hosting providers;
  • payment processing services;
  • customer management and booking system providers;
  • security service providers;
  • professional advisers acting under confidentiality obligations;
  • data storage, backup, and archiving services;
  • mailing or document management providers.

We may also share data with insurers, debt recovery providers, legal advisers, and authorities where necessary and lawful. In all cases, we apply safeguards to ensure that personal data is handled appropriately and only for the intended purpose.

6. International Transfers

If any processor or service provider stores or accesses data outside the UK, we will ensure appropriate transfer safeguards are in place. These may include adequacy regulations, standard contractual clauses, or other lawful mechanisms designed to protect your information to a standard consistent with UK GDPR requirements.

7. Data Retention

We retain personal data only for as long as necessary to fulfil the purpose for which it was collected, including to meet legal, accounting, and reporting requirements. Retention periods may vary depending on the type of information and the reason for processing.

  • Customer account records are generally retained for the duration of the contract and for a reasonable period afterward.
  • Payment and invoicing records are retained in line with tax and accounting obligations.
  • Security records, including CCTV footage, are retained only for a limited period unless needed for an investigation, claim, or legal requirement.
  • Correspondence and complaints are retained for as long as needed to resolve the issue and for record-keeping purposes.

When data is no longer required, we will securely delete, anonymise, or destroy it in accordance with our retention procedures.

8. Data Security

We use appropriate technical and organisational measures to protect personal data against accidental loss, unlawful access, destruction, alteration, or disclosure. These measures may include access controls, secure storage, encryption where suitable, staff training, and monitoring of security systems. While no system is completely risk-free, we work continuously to maintain a high standard of protection.

9. Your Rights

Under data protection law, you have several rights regarding your personal data. These rights may be subject to certain conditions or exemptions. They include:

  • Right of access – you may request a copy of the personal data we hold about you.
  • Right to rectification – you may ask us to correct inaccurate or incomplete information.
  • Right to erasure – you may ask us to delete data in certain circumstances.
  • Right to restriction – you may ask us to limit how we use your data in certain cases.
  • Right to data portability – you may ask for certain information in a structured, commonly used format.
  • Right to object – you may object to processing based on legitimate interests or direct marketing.
  • Right to withdraw consent – where processing relies on consent, you may withdraw it at any time.

You also have the right to lodge a complaint with the UK Information Commissioner’s Office if you believe your data has been handled unlawfully. We encourage you to raise any concerns with us first so that we may try to resolve them fairly and promptly.

10. Automated Decision-Making

We do not generally make decisions about you using solely automated means that have legal or similarly significant effects. If we ever introduce such processes, we will provide appropriate information and safeguards as required by law.

11. Children’s Data

Our services are not intended for children to contract independently. We do not knowingly collect data from children except where it is provided by a parent, guardian, or authorised representative in connection with a storage agreement or related matter.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, practice, or service operations. Any revised version will apply from the date it is made available. We encourage customers to review this policy periodically to remain informed about how their personal data is handled.

In summary, Brixton Storage is committed to protecting personal data, using it fairly and lawfully, retaining it only as long as necessary, and respecting the rights of every customer in the area. We aim to ensure that our data handling practices remain transparent, secure, and compliant with applicable data protection laws.

Call Now!
Call Now Get a Quote
Brixton Storage

GDPR-compliant Privacy Policy for Brixton Storage covering data collection, lawful basis, retention, processors, and user rights for all local customers.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.