Privacy Policy - Goddington Storage

This Privacy Policy applies to all Goddington Storage customers in the area and explains how we collect, use, store, share, and protect personal data in connection with our storage services. It is written to reflect the requirements of the UK GDPR and the Data Protection Act 2018. By using Goddington Storage services, customers acknowledge that personal data may be processed as described in this policy.

1. Who We Are

Goddington Storage provides storage services to individuals and businesses in the area. For the purposes of data protection law, we act as a data controller when we determine the purposes and means of processing personal data collected for account administration, service delivery, billing, compliance, and security.

2. Personal Data We Collect

We collect only the personal data necessary to provide and manage our services. The categories of data may include:

  • Identity information: name, title, and similar identification details.
  • Contact information: address, email address, telephone number, and emergency contact details where relevant.
  • Account and contract information: booking details, storage unit references, agreement records, invoices, payment status, and communication history.
  • Payment information: payment card details processed through secure payment providers, bank details, and transaction records.
  • Security information: CCTV images, access logs, gate entry records, key or access code use, and incident reports.
  • Vehicle information: registration details collected when needed for site access, security, or operational purposes.
  • Correspondence: messages, complaints, requests, or any information you provide when contacting us.

We may also collect data indirectly from third parties where necessary, such as payment processors, insurance providers, identity verification services, or public sources used for fraud prevention and legal compliance.

3. How We Use Personal Data

We use personal data for the following purposes:

  • to create and manage customer accounts;
  • to provide storage services and manage access to storage facilities;
  • to process payments, refunds, and billing matters;
  • to communicate service updates, contract information, and notices;
  • to maintain site security, prevent fraud, and protect property;
  • to comply with legal and regulatory obligations;
  • to handle complaints, claims, and disputes;
  • to improve our operations, services, and customer experience;
  • to enforce our terms, agreements, and lawful rights.

We only process personal data where we have a lawful basis to do so.

4. Lawful Basis for Processing

Under the UK GDPR, we must have a lawful basis for each processing activity. Depending on the context, we rely on the following bases:

Contract

We process personal data where it is necessary to enter into or perform a contract with you. This includes setting up your account, managing storage access, providing services, and processing payments.

Legal Obligation

We process certain data to comply with legal obligations, such as tax, accounting, anti-fraud measures, health and safety duties, and law enforcement requests where valid.

Legitimate Interests

We may process data where it is necessary for our legitimate interests, provided those interests are not overridden by your rights and freedoms. Examples include site security, CCTV monitoring, preventing misuse, managing service quality, and protecting our business and customers from fraud or theft.

Consent

In limited cases, we may rely on your consent, for example where we ask to send optional marketing communications or where a specific non-essential processing activity requires permission. Where consent is used, you may withdraw it at any time.

Vital Interests

In rare situations, we may process personal data to protect someone’s vital interests, such as in an emergency involving health or safety.

5. Data Sharing and Processors

We do not sell personal data. We may share personal data with trusted third parties and processors who support our operations. These parties process data only on our instructions and under appropriate contractual safeguards.

Typical processors and recipients may include:

  • Payment processors: for secure card and bank payment handling;
  • IT and hosting providers: for secure storage, email, software systems, and data backups;
  • Security providers: for CCTV, alarm monitoring, access control, and incident management;
  • Accountants and auditors: for financial administration, reporting, and compliance;
  • Legal and professional advisers: where advice or dispute resolution is needed;
  • Insurance providers: when claims or risk management require sharing;
  • Public authorities: where disclosure is required by law or a lawful request.

Where processors act on our behalf, we require them to maintain confidentiality, apply appropriate technical and organisational measures, and process personal data only for specified purposes. All processors must protect data in line with GDPR standards.

6. Data Retention

We keep personal data only for as long as necessary for the purposes for which it was collected, and in accordance with legal, accounting, and operational requirements. Retention periods may vary depending on the type of information and the reason for processing.

  • Customer account and contract records: retained for the duration of the relationship and for a reasonable period afterward to deal with claims, disputes, and legal obligations.
  • Financial and tax records: retained for the period required by law.
  • Security records, including CCTV and access logs: retained only as long as necessary for safety, incident review, or investigation purposes.
  • Correspondence and complaints: retained for a period appropriate to the matter and any follow-up obligations.

When retention is no longer required, data is securely deleted, anonymised, or destroyed. We apply retention controls to ensure personal data is not kept longer than necessary.

7. Data Security

We take the security of personal data seriously and use suitable technical and organisational measures to reduce the risk of loss, misuse, unauthorised access, disclosure, or alteration. These measures may include access restrictions, password protection, secure backups, staff confidentiality obligations, monitoring of systems, and physical security controls at our facilities.

While no system can be guaranteed completely secure, we work to protect data in line with the level of risk involved and review our safeguards regularly.

8. International Transfers

If personal data is transferred outside the UK, we will take steps to ensure it receives an adequate level of protection. This may include relying on adequacy regulations, approved contractual clauses, or other lawful transfer mechanisms recognised under data protection law.

9. Your Rights

As a data subject, you have rights under UK GDPR in relation to your personal data. These rights may be subject to legal limits and exemptions. They include:

  • Right of access: you can request a copy of the personal data we hold about you;
  • Right to rectification: you can ask us to correct inaccurate or incomplete data;
  • Right to erasure: you may request deletion of your data in certain circumstances;
  • Right to restriction: you may ask us to limit how we use your data in certain situations;
  • Right to object: you can object to processing based on legitimate interests, and in some cases direct marketing;
  • Right to data portability: you can request certain data in a structured, commonly used format where applicable;
  • Right to withdraw consent: where processing is based on consent, you may withdraw it at any time;
  • Right to complain: you may raise concerns with the relevant data protection supervisory authority.

We may need to verify your identity before responding to a request. Requests will be handled within the time limits required by law, subject to any lawful extension.

10. Children’s Data

Our storage services are generally intended for adults and business customers. We do not knowingly collect children’s personal data except where it is necessary and lawful, for example for emergency contact purposes or where provided incidentally by an adult customer. If we become aware that we have collected data from a child unlawfully, we will take appropriate steps to delete it.

11. Automated Decision-Making

We do not use solely automated decision-making that produces legal or similarly significant effects on customers, unless this is clearly lawful and appropriately safeguarded. If such processing were ever introduced, we would provide information about the logic involved and your rights.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, business practices, or service arrangements. The most recent version will apply to all Goddington Storage customers in the area. Where changes are significant, we will take reasonable steps to make customers aware of them.

13. Summary of Our Commitment

Goddington Storage is committed to handling personal data fairly, lawfully, transparently, and securely. We collect only what we need, use it for clear purposes, share it only with trusted processors and parties where permitted, retain it for appropriate periods, and respect your rights under data protection law. We aim to maintain a balance between service delivery, legal compliance, security, and the privacy of every customer.

This policy is intended to provide clear and concise information about our data practices and should be read alongside any applicable storage agreement or service terms.

Call Now!
Call Now Get a Quote
Goddington Storage

GDPR-compliant Privacy Policy for Goddington Storage covering collection, lawful basis, retention, processors, security, and user rights for all customers in the area.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.