Privacy Policy - Brompton Storage

This Privacy Policy explains how Brompton Storage collects, uses, shares, stores, and protects personal data. It applies to all Brompton Storage customers in the area, including prospective customers, current customers, former customers, website visitors, and any other individuals whose personal data we process in connection with our storage services, administration, and operations.

We are committed to processing personal data fairly, lawfully, and transparently in line with the UK GDPR and the Data Protection Act 2018. This policy is intended to help you understand what information we collect, why we use it, how long we keep it, who may process it on our behalf, and what rights you have in relation to your personal data.

1. Who We Are

Brompton Storage provides self-storage and related storage management services. In the context of data protection law, Brompton Storage acts as the data controller for personal data collected and used to manage customer accounts, facilities, billing, security, and communications. Where we use third-party service providers to process personal data on our behalf, those providers act as data processors or, in some limited cases, as separate controllers.

2. Personal Data We Collect

We collect only the personal data necessary for legitimate business, legal, and operational purposes. The categories of data we may collect include:

  • Identity data such as name, title, and date of birth where required for verification.
  • Contact data such as postal address, email address, and telephone number.
  • Account data such as customer reference numbers, booking details, payment status, and service history.
  • Financial data such as payment card information or bank details, where needed for billing and refunds. We do not retain full card details unless necessary and permitted by the payment provider model.
  • Transaction data such as payments made, invoices issued, and records of services provided.
  • Security data such as CCTV images, access logs, entry records, incident reports, and alarm-related information.
  • Communication data such as messages, complaints, requests, and any correspondence you send us.
  • Technical data such as IP address, device information, browser type, and usage information when you interact with our digital services.
  • Verification and compliance data such as proof of identity, proof of address, anti-fraud checks, and other records required by law or for risk management.

We generally do not intentionally collect special category data unless it is strictly necessary, for example to accommodate a specific request or to handle a legal claim. If we do process special category data, we will do so only in accordance with applicable law and with appropriate safeguards.

3. How We Collect Personal Data

We may collect personal data directly from you when you complete forms, sign agreements, make payments, contact us, or use our services. We may also collect data indirectly from:

  • payment service providers;
  • identity verification providers;
  • security systems such as access control and CCTV;
  • publicly available sources where permitted by law;
  • your authorised representatives;
  • debt recovery, fraud prevention, or legal service providers where relevant.

Where we collect data from third parties, we will take steps to ensure the information is lawful to use and relevant to the purposes described in this policy.

4. Purposes and Lawful Basis for Processing

We only process personal data when we have a lawful basis under data protection law. Depending on the context, Brompton Storage may rely on one or more of the following lawful bases:

Contract

We process personal data where it is necessary to enter into or perform a contract with you. This includes setting up your account, providing storage services, issuing invoices, managing access, handling payments, and communicating about your booking or storage unit.

Legal obligation

We process personal data where necessary to comply with legal requirements, including tax and accounting obligations, fraud prevention rules, regulatory requirements, and lawful requests from courts or public authorities.

Legitimate interests

We may process personal data where it is necessary for our legitimate interests, provided those interests are not overridden by your rights and freedoms. These interests may include improving our services, protecting our premises, preventing theft or misuse, managing disputes, maintaining records, and ensuring the safety and security of customers, staff, and property.

Consent

In limited circumstances, we may rely on your consent, for example for certain optional communications or specific processing activities where consent is the most appropriate basis. Where consent is used, you may withdraw it at any time. Withdrawal will not affect processing that has already taken place.

5. How We Use Personal Data

We may use personal data to:

  • create and manage customer accounts;
  • provide storage services and related administration;
  • process payments and issue refunds where applicable;
  • verify identity and prevent fraud;
  • maintain security through access logs, alarms, and CCTV;
  • respond to enquiries, complaints, and service requests;
  • enforce agreements, recover unpaid sums, and resolve disputes;
  • comply with legal and regulatory obligations;
  • improve operational efficiency, service quality, and customer experience;
  • protect the rights, property, and safety of Brompton Storage and others.

6. Retention of Personal Data

We keep personal data only for as long as necessary to fulfil the purposes for which it was collected, including to meet legal, accounting, and reporting requirements. Retention periods vary depending on the type of data and the purpose of processing.

  • Customer account and contract records are typically retained for the duration of the relationship and for a period after termination to manage claims, disputes, and compliance obligations.
  • Financial and tax records are kept for the period required by law.
  • Security records such as access logs and CCTV footage are retained for a limited period unless required longer for investigation, insurance, or legal reasons.
  • Correspondence and complaints may be retained for a reasonable period to support service history and dispute resolution.

When personal data is no longer required, we will securely delete, anonymise, or archive it in accordance with our retention practices.

7. Processors and Recipients of Personal Data

We may share personal data with trusted third parties who help us operate our business. These parties are required to handle personal data securely and only in accordance with our instructions or applicable law. Such parties may include:

  • IT and hosting providers supporting systems, storage, and security;
  • payment processors handling card or bank transactions;
  • accounting and bookkeeping providers assisting with financial records;
  • identity verification and fraud prevention providers where needed;
  • security service providers such as alarm monitoring or CCTV maintenance;
  • legal, insurance, and debt recovery advisers where necessary;
  • delivery, maintenance, or facilities contractors acting on our behalf;
  • public authorities when required by law or lawful request.

We require processors to implement appropriate technical and organisational security measures, maintain confidentiality, and process personal data only for specified purposes. We do not sell your personal data.

8. International Transfers

If any service provider processes personal data outside the UK, we will take steps to ensure an adequate level of protection. This may include reliance on UK adequacy regulations, standard contractual clauses, or other lawful transfer safeguards as required by data protection law.

9. Data Security

We use appropriate security measures to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure. These measures may include access controls, encryption, restricted permissions, staff confidentiality obligations, secure backups, and physical security procedures. While we work to protect your information, no system can be guaranteed completely secure.

10. Your Rights

Under data protection law, you may have the following rights in relation to your personal data:

  • Right of access - to request confirmation of whether we process your data and to obtain a copy of it.
  • Right to rectification - to ask us to correct inaccurate or incomplete data.
  • Right to erasure - to request deletion of your data in certain circumstances.
  • Right to restriction - to ask us to limit processing in certain cases.
  • Right to object - to object to processing based on legitimate interests or direct marketing.
  • Right to data portability - to receive certain data in a structured, commonly used format where applicable.
  • Right to withdraw consent - where processing is based on consent.

These rights are not absolute and may be subject to legal exceptions. We will respond to requests in accordance with applicable law. You may also have the right to lodge a complaint with the relevant data protection authority if you believe your data has been handled improperly.

11. Children

Brompton Storage services are not directed at children, and we do not knowingly collect personal data from children unless it is necessary for a lawful business or legal purpose and appropriate safeguards are in place.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service arrangements. Any updated version will apply from the time it is made available. We encourage you to review this policy periodically so that you remain informed about how we process personal data.

13. Summary of Key Principles

Brompton Storage only processes personal data where it has a lawful basis, keeps it only as long as necessary, uses trusted processors under contract, and respects your data protection rights. Transparency, security, and accountability are central to how we handle personal data for all customers in the area.

Call Now!
Call Now Get a Quote
Brompton Storage

GDPR-compliant Privacy Policy for Brompton Storage covering data collection, lawful bases, retention, processors, and user rights for all customers in the area.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.