Privacy Policy - Stjamess Storage

This Privacy Policy explains how Stjamess Storage collects, uses, shares, stores, and protects personal data in connection with our storage services. It applies to all Stjamess Storage customers in area, including individuals and business customers who use our facilities, request quotes, make bookings, access units, or otherwise interact with us. We are committed to handling personal data in a lawful, fair, and transparent manner in line with the UK GDPR and the Data Protection Act 2018.

1. Data We Collect

We collect only the personal data necessary to provide our services, manage our relationship with customers, and meet legal and operational obligations. The categories of data we may collect include:

  • Identity data: name, date of birth, and, where relevant, business name and authorised signatory details.
  • Contact data: address, email address, and telephone number.
  • Account and booking data: storage unit details, account reference, booking history, payment status, and correspondence relating to your use of our services.
  • Transaction data: payment records, invoices, receipts, and billing information.
  • Verification data: documents or information we may need to verify identity, prevent fraud, or comply with legal requirements.
  • Security and access data: CCTV footage, access logs, gate entry records, and incident reports, where applicable.
  • Technical data: limited device or usage information if you interact with our digital systems, such as IP address or browser information.

We do not intentionally collect special category personal data unless it is necessary for a specific legal or operational purpose and permitted by law. If such data is provided to us, we will process it only where a lawful basis applies and appropriate safeguards are in place.

2. How We Use Personal Data

We use personal data to operate our storage services and to maintain the safety, security, and efficiency of our business. Typical uses include:

  • creating and managing customer accounts;
  • issuing quotations, confirmations, invoices, and statements;
  • processing payments and managing arrears;
  • verifying identity and preventing fraud;
  • maintaining site safety and security;
  • responding to queries, complaints, and service requests;
  • meeting legal, tax, accounting, and regulatory obligations;
  • protecting our property, customers, staff, and visitors;
  • establishing, exercising, or defending legal claims.

We will not use your personal data for purposes that are incompatible with those described in this policy without informing you and, where required, obtaining a valid lawful basis.

3. Lawful Basis for Processing

We only process personal data where we have a lawful basis under the UK GDPR. Depending on the context, one or more of the following bases may apply:

Contract

We process personal data when it is necessary to enter into or perform a contract with you. This includes account setup, storage provision, billing, and related customer service.

Legal Obligation

We may process personal data to comply with legal and regulatory obligations, including tax recordkeeping, accounting requirements, fraud prevention, and lawful requests from authorities.

Legitimate Interests

We may process personal data where it is necessary for our legitimate business interests, provided those interests are not overridden by your rights and freedoms. Examples include site security, CCTV monitoring, service improvement, administration, and protecting against misuse or unlawful activity. Where we rely on legitimate interests, we assess the balance between our interests and your privacy rights.

Consent

In limited circumstances, we may rely on your consent, for example for optional communications or certain non-essential processing. Where consent is used, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

Vital Interests

In rare cases, we may process personal data where necessary to protect someone’s vital interests, such as in an emergency involving health or safety.

4. Sharing Personal Data and Processors

We may share personal data with trusted third parties who help us operate our business. These parties act as processors or independent controllers depending on the service provided. We require appropriate data protection safeguards in all cases.

Processors may include:

  • payment service providers who process card or bank transactions;
  • accounting and bookkeeping providers who support financial administration;
  • IT and cloud service providers who host systems, manage data storage, or support security;
  • CCTV, alarm, and security service providers who maintain site protection systems;
  • customer management and communication platforms used to handle service records and correspondence;
  • professional advisers such as lawyers, insurers, auditors, and tax advisers;
  • debt recovery or enforcement providers where lawful action is necessary;
  • government bodies, regulators, and law enforcement where disclosure is required by law.

We do not sell personal data. Where personal data is transferred outside the UK, we will ensure that appropriate safeguards are in place, such as adequacy regulations or standard contractual clauses, as required by applicable law.

5. Data Retention

We keep personal data only for as long as necessary to fulfil the purposes for which it was collected, including for legal, accounting, tax, and operational needs. Retention periods depend on the type of information and the reason for processing.

  • Customer and contract records are generally retained for the duration of the customer relationship and for a further period where needed for legal or contractual claims.
  • Financial and accounting records are retained for the period required by law and tax rules.
  • CCTV and access records are usually retained for a limited period unless a longer retention is needed for an investigation, security incident, or legal claim.
  • Correspondence and support records are kept as long as necessary to handle the matter and for reasonable follow-up.

When personal data is no longer needed, we will securely delete, anonymise, or destroy it in accordance with our retention practices.

6. Data Security

We take appropriate technical and organisational measures to protect personal data against accidental loss, unauthorised access, disclosure, alteration, or destruction. These measures may include access controls, secure storage, staff training, restricted permissions, and monitoring systems. While no system is completely secure, we work to maintain an appropriate level of protection in light of the risks involved.

7. Your Rights

Under data protection law, you have rights in relation to your personal data. Subject to conditions and exemptions, you may have the right to:

  • access the personal data we hold about you;
  • rectify inaccurate or incomplete data;
  • erase your data in certain circumstances;
  • restrict how we process your data;
  • object to processing based on legitimate interests or direct marketing;
  • data portability for information you provided to us where processing is based on consent or contract and carried out by automated means;
  • withdraw consent where processing relies on consent;
  • lodge a complaint with the relevant data protection authority if you believe your rights have been infringed.

We may need to verify your identity before responding to a rights request. We aim to respond within the time limits set by law.

8. Automated Decision-Making

We do not make decisions about customers based solely on automated processing that produce legal or similarly significant effects, unless we inform you and such processing is permitted by law. If automated tools are used for limited administrative tasks, they do not replace human oversight where important decisions are involved.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. The latest version will always apply to the personal data we process. We encourage customers to review the policy periodically so they remain informed about how their data is handled.

10. Scope of This Policy

This policy applies to all personal data processed by Stjamess Storage in connection with our storage services and related business activities. It applies to all Stjamess Storage customers in area, whether they are individual account holders, business representatives, or authorised users acting on behalf of a customer. By using our services, you acknowledge that your personal data may be processed in accordance with this policy and applicable data protection law.

Last updated: This policy is intended to reflect GDPR-compliant principles for Stjamess Storage.

Call Now!
Call Now Get a Quote
Stjamess Storage

GDPR-compliant Privacy Policy for Stjamess Storage covering data collection, lawful basis, retention, processors, and user rights for all customers in area.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.