Privacy Policy - Norbury Storage

Effective date: This Privacy Policy applies to all Norbury Storage customers in the area and explains how we collect, use, store, and protect personal data in connection with our storage services.

Norbury Storage is committed to handling personal information in a lawful, fair, and transparent manner. We respect your privacy and comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Scope of This Policy

This Privacy Policy applies to all individuals who use, enquire about, or otherwise interact with Norbury Storage services in the area, including prospective customers, account holders, authorised contacts, visitors, and any other person whose personal data we process in connection with our business.

By using our services or providing your personal information, you acknowledge that your data may be processed as described in this policy.

2. Personal Data We Collect

We collect only the personal data necessary to provide storage services, manage our relationship with you, and meet our legal obligations. The types of data we may collect include:

  • Identity data: your name, title, and date of birth where required for identification.
  • Contact data: address, email address, and telephone number.
  • Account and contract data: customer account details, agreements, payment records, billing information, and service history.
  • Access and security data: entry records, CCTV footage, key or access fob information, and site attendance records where applicable.
  • Communication data: records of emails, calls, messages, complaints, enquiries, and feedback.
  • Financial data: payment card details processed through secure payment providers, bank details if a direct payment is arranged, and transaction references.
  • Technical data: limited device or usage information if you interact with our digital systems, such as IP address and browser information.
  • Special category data: we do not seek to collect special category data unless it is provided by you and is necessary for a specific reason, such as an accessibility request. If this occurs, we will apply additional safeguards.

We generally collect data directly from you. In some cases, we may receive information from third parties, such as payment processors, identity verification providers, legal representatives, insurers, or public authorities.

3. How We Use Your Personal Data

Norbury Storage uses personal data for the following purposes:

  • to provide and manage storage services;
  • to create and administer customer accounts;
  • to process payments and maintain financial records;
  • to verify identity and prevent fraud;
  • to maintain security of our premises, staff, customers, and property;
  • to communicate with you about bookings, access, service issues, and changes to terms;
  • to handle complaints, disputes, and customer support enquiries;
  • to comply with legal and regulatory obligations;
  • to establish, exercise, or defend legal claims;
  • to improve our services, systems, and operational performance;
  • to send limited service-related updates where permitted by law.

We will only use your personal data in ways that are compatible with the purposes for which it was collected, unless we reasonably determine that a new lawful basis applies.

4. Lawful Basis for Processing

Under data protection law, we must have a lawful basis for each use of personal data. Depending on the situation, Norbury Storage may rely on one or more of the following lawful bases:

Contract

We process personal data where it is necessary to enter into or perform a contract with you. This includes managing storage agreements, taking payments, providing access, and delivering customer support.

Legal obligation

We may process data to comply with legal obligations, including tax, accounting, fraud prevention, health and safety, and lawful disclosure requirements.

Legitimate interests

We may process data where it is necessary for our legitimate interests or those of a third party, provided your rights do not override those interests. Examples include protecting our premises, preventing misuse, managing risk, improving services, and maintaining records. We conduct balancing assessments where required.

Consent

In limited situations, we may rely on your consent, for example where specific optional communications or certain types of data use require it. Where we rely on consent, you may withdraw it at any time.

Vital interests

In rare cases, we may process personal data to protect someone’s vital interests, such as in an emergency.

We do not rely on one lawful basis for all processing activities. The applicable basis depends on the purpose and context of the processing.

5. Sharing Your Data and Processors

We may share personal data with trusted third parties where necessary to run our services, meet legal requirements, or protect our business. Such recipients may act as processors or as independent controllers.

Our processors may include:

  • IT and cloud service providers: for secure data hosting, email, document storage, and business systems.
  • Payment service providers: for card and electronic payment processing.
  • Security and surveillance providers: for alarm systems, access control, and CCTV support.
  • Accountancy and bookkeeping providers: for financial administration and reporting.
  • Customer relationship and communication tools: for service notifications and record keeping.
  • Professional advisers: such as lawyers, auditors, insurers, or consultants, where needed.

We require processors to handle personal data securely, use it only on our instructions, and comply with data protection law. We do not sell your personal data.

We may also disclose data to law enforcement, courts, regulators, or other authorities where we are required or permitted to do so by law.

6. International Transfers

If any processor or service provider stores or accesses data outside the UK, we will ensure appropriate safeguards are in place, such as adequacy regulations, standard contractual clauses, or equivalent protections recognised under applicable law.

7. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, including legal, accounting, reporting, and dispute resolution requirements.

Retention periods may vary depending on the type of data and the reason for processing, but generally:

  • customer account and contract records are retained for the duration of the relationship and for a period afterwards where needed for legal purposes;
  • financial and tax records are kept for the period required by law;
  • security records, including CCTV, are retained only for a limited period unless needed for an incident, investigation, or legal claim;
  • enquiry and complaint records are retained for as long as reasonably necessary to manage the issue and defend our position if required.

When data is no longer needed, we will delete it securely or anonymise it so that it can no longer identify you.

8. Data Security

We use appropriate technical and organisational measures to protect personal data from loss, misuse, unauthorised access, alteration, or disclosure. These measures may include access controls, secure storage, staff training, encryption where appropriate, and regular review of internal practices.

No system is completely secure, but we work continuously to reduce risks and protect the confidentiality and integrity of information.

9. Your Rights

Depending on the circumstances and the lawful basis used, you have the following rights under data protection law:

  • Right of access: to request a copy of the personal data we hold about you.
  • Right to rectification: to ask us to correct inaccurate or incomplete data.
  • Right to erasure: to request deletion of your data in certain situations.
  • Right to restriction: to ask us to limit how we use your data in certain situations.
  • Right to object: to object to processing based on legitimate interests or direct marketing.
  • Right to data portability: to receive certain data in a structured, commonly used format where applicable.
  • Right to withdraw consent: where processing is based on consent, you may withdraw it at any time.
  • Right to complain: to lodge a complaint with the Information Commissioner’s Office if you believe your rights have been infringed.

Some rights are not absolute and may be limited by law, for example where we must retain data for legal reasons or where disclosure would affect the rights of others.

10. Children’s Data

Norbury Storage services are generally intended for adults. We do not knowingly collect personal data from children unless it is necessary in a lawful context, such as for authorised contact or emergency purposes.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, business operations, or data handling practices. The latest version will apply from the date it is published or otherwise communicated.

12. Summary of Our Approach

In summary, Norbury Storage processes personal data only where there is a valid legal reason to do so, uses trusted processors under strict safeguards, keeps data only for as long as necessary, and respects the rights of every customer in the area. We are committed to maintaining privacy, security, and transparency in all our data practices.

Call Now!
Call Now Get a Quote
Norbury Storage

GDPR-compliant Privacy Policy for Norbury Storage covering data collection, lawful basis, retention, processors, rights, and scope for all local customers.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.