Privacy Policy - Nagshead Storage

This Privacy Policy explains how Nagshead Storage collects, uses, shares, stores, and protects personal data in connection with its storage services. It applies to all Nagshead Storage customers in the area, including prospective customers, current customers, former customers, and any individuals who interact with us in relation to our services. We are committed to processing personal data fairly, lawfully, and transparently in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Personal Data We Collect

We collect only the personal data that is necessary for us to provide and manage our services, maintain security, comply with legal obligations, and improve our operations. The types of data we may collect include:

  • Identity data: name, date of birth, and identification details where required for verification.
  • Contact data: address, email address, and telephone number.
  • Account and contract data: booking details, storage unit reference, contract terms, payment status, and service history.
  • Financial data: billing information, payment method details, and transaction records. We do not store full card details where payment processing is handled by a secure third party.
  • Access and security data: CCTV footage, entry logs, key or access code records, and incident reports where necessary for site security.
  • Correspondence data: records of communications with us, including complaints, enquiries, and service requests.
  • Technical data: limited information collected through systems used to operate and protect our services, such as device or system logs.

We generally do not seek to collect special category data unless it is unavoidable or required by law. If such information is provided voluntarily, we will only process it where a lawful basis exists and additional safeguards are in place.

2. How We Use Personal Data

We use personal data for the following purposes:

  • to provide storage services and manage customer accounts;
  • to verify identity and prevent fraud;
  • to process payments, invoices, and refunds where applicable;
  • to communicate about bookings, renewals, access, and operational matters;
  • to monitor site safety and protect customers, staff, property, and premises;
  • to handle complaints, disputes, and claims;
  • to meet legal, tax, accounting, and regulatory obligations;
  • to maintain records and improve the quality and reliability of our services.

We will not use personal data for purposes that are incompatible with those described above without informing you and, where required, obtaining a further lawful basis.

3. Lawful Basis for Processing

Under UK GDPR, we must have a lawful basis for processing personal data. Depending on the activity, Nagshead Storage may rely on one or more of the following bases:

Contract

We process personal data where it is necessary to enter into or perform a contract with you. This includes setting up storage arrangements, managing access, collecting payments, and providing customer support linked to the contract.

Legal obligation

We process data where necessary to comply with legal obligations, including accounting, tax, health and safety, crime prevention, and responding to lawful requests from public authorities.

Legitimate interests

We may process personal data where it is necessary for our legitimate interests and those interests are not overridden by your rights and freedoms. This may include site security, loss prevention, service administration, record keeping, and improving our operations. When we rely on legitimate interests, we assess the impact on privacy and use appropriate safeguards.

Consent

In limited cases, we may rely on consent, for example for certain optional communications or where required by law. Where consent is used, you may withdraw it at any time. Withdrawal will not affect the lawfulness of processing carried out before consent was withdrawn.

4. How We Share Data and Processors

We may share personal data with trusted third parties where necessary for the operation of our business. These third parties act either as independent controllers or as processors acting on our behalf. Processors may include:

  • IT and hosting providers that support our systems and data storage;
  • payment service providers that handle card or electronic payments securely;
  • security and surveillance providers that help manage CCTV or alarm systems;
  • accounting and bookkeeping providers that assist with financial administration;
  • customer management and communications providers that support service delivery;
  • professional advisers such as legal or insurance advisers where necessary;
  • public authorities, regulators, law enforcement, or courts where disclosure is required by law.

We require processors to process personal data only on our instructions, to keep it secure, and to implement appropriate technical and organisational measures. Where personal data is transferred outside the UK, we will ensure that suitable safeguards are in place in line with applicable data protection law.

5. Data Retention

We keep personal data only for as long as necessary to fulfil the purposes for which it was collected, including for legal, accounting, or reporting requirements. The retention period depends on the nature of the information and the reason it is held.

  • Customer and contract records: retained for the duration of the relationship and for a period afterward where needed for legal claims, record keeping, or tax purposes.
  • Payment and invoicing records: retained for the period required by tax and accounting laws.
  • Security records: such as CCTV footage or access logs, retained for a limited period unless needed for an investigation, claim, or legal obligation.
  • Correspondence and complaints: retained for as long as necessary to resolve the matter and maintain appropriate business records.

When data is no longer needed, we will delete it or anonymise it securely. In some cases, we may retain data longer where required to establish, exercise, or defend legal claims.

6. Data Security

We use appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, destruction, alteration, or disclosure. These measures may include access controls, secure storage, staff confidentiality obligations, system monitoring, and physical security measures at our premises. While we take data protection seriously, no system can be guaranteed to be completely secure. If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will act in accordance with applicable legal requirements.

7. Your Rights

Under data protection law, you have certain rights in relation to your personal data. These rights may be subject to limitations and exemptions, depending on the circumstances.

  • Right of access: you can request a copy of the personal data we hold about you.
  • Right to rectification: you can ask us to correct inaccurate or incomplete data.
  • Right to erasure: you can ask us to delete your data in certain situations.
  • Right to restriction: you can ask us to limit how we use your data in some cases.
  • Right to object: you can object to processing based on legitimate interests or direct marketing.
  • Right to data portability: you can request certain data in a structured, commonly used format where applicable.
  • Right to withdraw consent: where processing is based on consent, you may withdraw it at any time.

If you wish to exercise any of these rights, we will respond in accordance with data protection law and may ask for information to confirm your identity. You also have the right to lodge a complaint with the UK Information Commissioner’s Office if you are unhappy with how your personal data has been handled.

8. Cookies and Similar Technologies

If we use online systems or digital tools in connection with our services, limited cookies or similar technologies may be used to support functionality, security, and performance. Where required, we will provide appropriate information about these technologies and obtain consent for non-essential cookies.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. Any revised version will apply from the date it is published or otherwise communicated. We encourage customers to review this policy periodically to stay informed about how personal data is handled.

10. Summary of Our Commitment

Nagshead Storage is committed to handling personal data responsibly, securely, and transparently. We collect only what we need, use it for clear purposes, retain it only for as long as necessary, and respect the rights of individuals whose data we process. This policy is intended to provide clear information to all Nagshead Storage customers in the area and to demonstrate our ongoing commitment to privacy and compliance.

Call Now!
Call Now Get a Quote
Nagshead Storage

GDPR-compliant Privacy Policy for Nagshead Storage covering data collection, lawful basis, retention, processors, and user rights for all local customers.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.