Privacy Policy - Hernehill Storage

Hernehill Storage is committed to protecting the privacy and personal data of all customers who use our storage services in the area. This Privacy Policy explains how we collect, use, store, share, and protect personal information, and it applies to all Hernehill Storage customers in area. We process personal data in accordance with the UK GDPR and the Data Protection Act 2018.

1. Who this policy applies to

This policy applies to individuals who enquire about, apply for, use, or have used services provided by Hernehill Storage. It also applies to anyone who interacts with us in connection with a storage agreement, including account holders, authorised users, business customers, suppliers acting on behalf of customers, and individuals whose data is provided to us for verification, billing, access, or security purposes.

For the purposes of this policy, personal data means any information that identifies, or can reasonably be used to identify, a living person.

2. Data we collect

We collect and process only the data necessary to provide our services, manage our business, and meet legal and security obligations. Depending on how you interact with us, the information we may collect includes:

  • Identity information such as name, date of birth, and identification details.
  • Contact details such as address, email address, and telephone number.
  • Account and agreement details such as booking records, storage unit references, access permissions, payment status, and correspondence history.
  • Billing and payment information such as invoicing details, transaction records, and payment confirmations.
  • Security and access information such as access logs, CCTV-related records, gate entry records, and incident reports where applicable.
  • Communications including enquiries, complaints, service requests, and any information you provide voluntarily.
  • Technical information such as device or browser data if collected through digital systems used to support service delivery or security.

We do not seek to collect special category data unless it is required in exceptional circumstances and permitted by law. If such data is provided to us, we will handle it with additional care and only for a lawful purpose.

3. How we use your data

We use personal data for the following purposes:

  • to set up and manage storage accounts and agreements;
  • to verify identity and authorise access where necessary;
  • to issue invoices, process payments, and manage debts or disputes;
  • to communicate about services, notices, and account matters;
  • to protect the safety and security of customers, staff, property, and premises;
  • to investigate incidents, complaints, or suspected misuse;
  • to comply with legal, regulatory, insurance, and tax obligations;
  • to maintain records and improve our services and operations.

We only use personal data for the purposes for which it was collected, unless we reasonably consider that another compatible purpose applies or the law permits otherwise.

4. Lawful basis for processing

Under data protection law, we must have a lawful basis to process personal data. Hernehill Storage relies on the following lawful bases, depending on the nature of the processing:

Contract

We process personal data where it is necessary to enter into or perform a contract with you. This includes managing bookings, providing access to storage units, issuing invoices, and delivering customer support connected to your agreement.

Legal obligation

We process data where required to comply with legal duties, such as tax, accounting, fraud prevention, health and safety, or responding to lawful requests from public authorities.

Legitimate interests

We may process data where it is necessary for our legitimate interests, provided your rights and freedoms do not override those interests. These interests include protecting premises, preventing crime, maintaining service records, handling disputes, and improving operational efficiency. Where we rely on legitimate interests, we assess the impact on your privacy and apply appropriate safeguards.

Consent

In limited cases, we may rely on your consent, for example where you choose to receive certain optional communications or where specific processing requires consent by law. You may withdraw consent at any time, without affecting the lawfulness of processing carried out before withdrawal.

5. Sharing your data and processors

We do not sell personal data. We may share personal information with trusted third parties only where necessary and lawful. These third parties act either as processors acting on our instructions, or as independent controllers in limited circumstances where they determine their own purposes.

Processors may include:

  • IT and cloud service providers that host systems, store records, or support communications;
  • payment and invoicing providers used to process transactions and manage accounts;
  • security service providers supporting CCTV, alarm systems, or access control;
  • professional advisers such as accountants, insurers, legal advisers, or auditors;
  • maintenance and operational contractors who need limited access to information to perform services;
  • regulatory, law enforcement, or public bodies where disclosure is required or permitted by law.

We require processors to act only on our instructions, to keep information confidential, to apply appropriate security measures, and to comply with data protection law. Where data is transferred outside the UK, we will ensure suitable safeguards are in place.

6. Data retention

We keep personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. Retention periods vary depending on the type of information and the reasons for holding it.

In general:

  • account and contract records are retained for the duration of the relationship and for a reasonable period afterwards;
  • billing and tax-related records are kept for the period required by law;
  • security and access records are kept only as long as needed for operational or safeguarding purposes;
  • correspondence and complaint records are retained while relevant to service management or dispute resolution;
  • information no longer required is securely deleted, anonymised, or destroyed.

Where retention periods are not fixed by law, we apply a proportionate assessment based on necessity, risk, and business need. We do not keep data indefinitely.

7. Your rights

As a data subject, you have a number of rights under data protection law. These rights are not absolute and may be subject to conditions or exceptions. Your rights include:

  • Right of access – to request a copy of the personal data we hold about you.
  • Right to rectification – to ask us to correct inaccurate or incomplete information.
  • Right to erasure – to request deletion of your data in certain circumstances.
  • Right to restriction – to ask us to limit processing in specific situations.
  • Right to object – to object to processing based on legitimate interests or direct marketing.
  • Right to data portability – to receive certain data in a structured, commonly used format where applicable.
  • Right to withdraw consent – where processing is based on consent.

You also have the right to lodge a complaint with the UK Information Commissioner’s Office if you believe your data protection rights have been infringed. We encourage you to raise concerns with us first so we can try to resolve them promptly.

8. Data security

We use appropriate technical and organisational measures to protect personal data against accidental loss, unauthorised access, misuse, alteration, or disclosure. These measures may include access controls, staff training, secure storage, confidentiality obligations, and system monitoring. While no system can be guaranteed completely secure, we take reasonable and proportionate steps to protect the information we hold.

9. Children’s data

Our services are intended for adults. We do not knowingly collect personal data from children except where it is incidentally provided in connection with a legitimate service matter and where permitted by law. If we become aware that we have collected data from a child without a lawful basis, we will take appropriate steps to delete it.

10. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in the law, our services, or our data practices. Any revised version will apply from the date it is published or otherwise communicated. We encourage customers to review this policy periodically so they remain aware of how their data is handled.

11. Summary of key principles

In summary, Hernehill Storage processes personal data fairly, transparently, and only where there is a valid lawful basis. We collect the minimum information needed, use it for clear business and legal purposes, share it only with trusted processors or where required by law, retain it for no longer than necessary, and respect the rights of every customer. This policy applies to all Hernehill Storage customers in area and is designed to support a safe, lawful, and privacy-conscious service.

Call Now!
Call Now Get a Quote
Hernehill Storage

GDPR-compliant privacy policy for Hernehill Storage covering data use, lawful basis, retention, processors, and user rights for all customers in area.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.