Privacy Policy - Chessington Storage

This Privacy Policy explains how Chessington Storage collects, uses, stores, shares, and protects personal data belonging to our customers and prospective customers in the Chessington area. It applies to all Chessington Storage customers in area, including individuals, households, and business users who engage our storage services, enquire about availability, make a booking, access our premises, or communicate with us in connection with our services.

We are committed to handling personal data in a lawful, fair, transparent, and secure manner in accordance with the UK GDPR and the Data Protection Act 2018. This policy should be read carefully so you understand what information we collect, why we collect it, how long we keep it, who may process it on our behalf, and what rights you have over your personal data.

1. Personal Data We Collect

We may collect personal data directly from you, automatically through our systems, or from third parties where necessary for service delivery, security, and compliance. The categories of data we may collect include:

  • Identity information such as your name, date of birth, and identification documents where needed for verification.
  • Contact information such as address, email address, and telephone number.
  • Account and booking information such as service preferences, unit size, access arrangements, payment status, and correspondence history.
  • Financial information such as billing details, payment records, and transaction references. We do not store full card details where a secure payment provider is used.
  • Access and security information such as CCTV footage, entry logs, gate access records, and incident reports where relevant to security and site management.
  • Usage information such as records of site visits, service enquiries, complaints, and communications with our staff.
  • Technical information such as device identifiers, IP address, and browsing-related data if you interact with our online systems, where applicable.

We only collect data that is necessary for legitimate business purposes, legal compliance, and the proper operation of our storage services. Where possible, we limit the amount of information requested to what is relevant and proportionate.

2. How We Use Personal Data

Chessington Storage uses personal data for the following purposes:

  • To provide storage services and manage customer accounts.
  • To verify identity and prevent fraud, misuse, or unauthorised access.
  • To process bookings, renewals, payments, and service administration.
  • To communicate with you about your account, service updates, and operational matters.
  • To maintain security and protect our premises, staff, customers, and stored goods.
  • To comply with legal, regulatory, insurance, and tax obligations.
  • To handle enquiries, complaints, disputes, and claims.
  • To improve our services, processes, and customer experience.

We will only use your personal data for the purposes stated in this policy or for compatible purposes permitted by law. We do not sell personal data.

3. Lawful Basis for Processing

Under data protection law, we must have a lawful basis for processing personal data. Depending on the context, we may rely on one or more of the following legal bases:

Contract

We process personal data where it is necessary to enter into or perform a contract with you. This includes managing bookings, providing access to storage units, billing, and service administration.

Legal obligation

We may process data to comply with legal requirements, including accounting, tax, fraud prevention, health and safety, and lawful requests from authorities.

Legitimate interests

We may process data where it is necessary for our legitimate interests, provided your interests and rights do not override those interests. This may include site security, CCTV monitoring, preventing fraud, service improvement, and defending legal claims.

Consent

In limited circumstances, we may rely on your consent, for example for certain optional communications or where the law requires consent. Where we rely on consent, you may withdraw it at any time, without affecting the lawfulness of processing already carried out.

4. Retention of Personal Data

We keep personal data only for as long as necessary for the purpose for which it was collected, and in line with legal, contractual, and operational requirements. Retention periods depend on the type of data and the context in which it was obtained.

  • Customer account and booking records are retained for the duration of the service relationship and for a reasonable period afterwards for administration and dispute resolution.
  • Financial and transaction records are retained for the periods required by tax and accounting laws.
  • Security records and CCTV footage are retained for a limited time unless an incident requires longer retention for investigation, insurance, or legal proceedings.
  • Enquiry and correspondence data may be retained to manage communications, respond to queries, and maintain a record of decisions or complaints.

When data is no longer required, it is securely deleted, anonymised, or otherwise disposed of in a controlled manner.

5. Processors and Sharing of Data

We may share personal data with trusted third parties that act as processors or independent controllers, where this is necessary to deliver our services, comply with law, or protect our business. Processors only act on our instructions and are required to keep data secure.

Examples of processors and service providers may include:

  • Payment service providers who handle secure payment processing.
  • IT and cloud service providers who support data storage, email, system hosting, and backups.
  • Security providers who assist with alarms, CCTV, and access control systems.
  • Accounting and administrative service providers who support invoicing, bookkeeping, and records management.
  • Professional advisers such as auditors, insurers, lawyers, and consultants where necessary.

We may also disclose data to law enforcement, courts, regulators, or public authorities where required or permitted by law. In the event of a business transfer, merger, restructuring, or asset sale, personal data may be transferred subject to appropriate safeguards.

6. Data Security

We use appropriate technical and organisational measures to protect personal data from accidental loss, unauthorised access, alteration, disclosure, or destruction. These measures may include access controls, encryption, secure storage, staff training, and regular review of our data handling practices.

Although we work hard to safeguard information, no system can be guaranteed to be completely secure. If a personal data breach occurs that is likely to result in a risk to your rights and freedoms, we will respond in line with applicable legal obligations.

7. Your Rights

You have a number of rights in relation to your personal data, subject to certain legal conditions and exceptions. These rights include:

  • Right of access – you may request a copy of the personal data we hold about you.
  • Right to rectification – you may ask us to correct inaccurate or incomplete information.
  • Right to erasure – in certain circumstances, you may request deletion of your data.
  • Right to restriction – you may ask us to limit how we use your data in some situations.
  • Right to object – you may object to processing based on legitimate interests, and to certain types of direct marketing.
  • Right to data portability – in certain circumstances, you may request your data in a structured, commonly used format.
  • Right to withdraw consent – where processing is based on consent, you may withdraw it at any time.

If you wish to exercise any of these rights, we will consider your request in accordance with applicable law and respond within the required timeframe where possible.

8. Children’s Data

Our services are primarily intended for adults. We do not knowingly collect personal data from children unless it is necessary in a limited context, such as where a customer provides information relevant to household arrangements and lawful service administration. Where child-related data is collected, it will be handled with appropriate care and only for legitimate purposes.

9. International Transfers

Where personal data is transferred outside the United Kingdom, we will ensure that appropriate safeguards are in place to protect it. These may include adequacy regulations, standard contractual clauses, or equivalent legal mechanisms approved under applicable data protection law.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, our services, or our data handling practices. Any revised version will apply from the date it is made available. We encourage customers to review this policy periodically so they remain informed about how their data is processed.

11. Summary of Key Points

Chessington Storage collects only the personal data needed to provide secure storage services, manage customer relationships, meet legal obligations, and protect our site. We rely on lawful bases such as contract, legal obligation, legitimate interests, and in limited cases consent. We keep data only as long as necessary, use trusted processors under contract, and respect your rights to access, correct, erase, restrict, or object to processing.

This policy applies to all Chessington Storage customers in area and is intended to provide clear, GDPR-aligned information about how personal data is handled in connection with our services.

Call Now!
Call Now Get a Quote
Chessington Storage

GDPR-compliant Privacy Policy for Chessington Storage covering data collection, lawful basis, retention, processors, and user rights for all local customers.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.