Privacy Policy - Shootershill Storage

This Privacy Policy explains how Shootershill Storage collects, uses, shares, stores, and protects personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. It applies to all Shootershill Storage customers in the area, including individuals, household customers, and business customers who use our storage services, related facilities, and administrative services.

We are committed to handling personal data lawfully, fairly, and transparently. This policy describes the types of data we collect, the purposes for which we process it, the lawful bases we rely on, how long we keep it, the categories of processors and third parties we use, and the rights available to data subjects.

1. Data We Collect

We collect only the personal data necessary to provide storage services, manage accounts, meet legal obligations, and protect our business and customers. Depending on how you interact with us, we may collect the following categories of information:

  • Identity data such as your name, date of birth, and identification details where required for verification.
  • Contact data such as billing address, correspondence address, telephone number, and email address.
  • Contract and account data such as storage unit details, booking records, access permissions, payment status, invoices, and service history.
  • Payment data such as payment confirmations, transaction references, and limited financial details needed to process payments. We do not ordinarily store full card details where payment services are handled by secure providers.
  • Security and access data such as CCTV recordings, gate access logs, site entry records, alarm records, and visitor information where applicable.
  • Communication data such as emails, call notes, complaints, enquiries, and records of customer support interactions.
  • Technical data such as IP address, device information, browser information, and usage data when you interact with digital systems or online forms used to manage services.
  • Verification data such as proof of identity, proof of address, and anti-fraud checks, where necessary.

We do not seek to collect special category data unless it is unavoidable and lawful to do so, for example where such data is incidentally included in a communication or required for a legal claim. If special category data is processed, it will be done only where a valid condition under data protection law applies.

2. How We Use Personal Data

Shootershill Storage uses personal data for the following purposes:

  • to set up and manage customer accounts;
  • to provide storage services and allocate units;
  • to process payments and issue invoices;
  • to verify identity and prevent fraud;
  • to maintain the security of our premises, staff, customers, and property;
  • to administer access control and site management;
  • to respond to enquiries, complaints, and service requests;
  • to comply with legal, tax, accounting, and regulatory obligations;
  • to manage disputes, insurance matters, and legal claims;
  • to improve the efficiency, safety, and quality of our services;
  • to maintain records required for internal administration and audit purposes.

We will not use personal data for purposes that are incompatible with those described above unless we have a lawful basis to do so and, where required, have informed the relevant individual.

3. Lawful Basis for Processing

We process personal data only where a lawful basis under UK GDPR applies. The principal lawful bases we rely on are:

Contract

We process data where it is necessary to enter into or perform a contract with you. This includes account creation, managing your storage agreement, processing payments, and delivering services requested by you.

Legal Obligation

We process data where necessary to comply with legal obligations, including tax law, accounting requirements, anti-fraud obligations, health and safety duties, and lawful requests from public authorities.

Legitimate Interests

We may process data where it is necessary for our legitimate interests, provided those interests are not overridden by your rights and freedoms. Legitimate interests may include protecting our property, preventing crime, managing access to our site, monitoring security, handling disputes, and improving service delivery. When relying on this basis, we assess the impact on individuals and ensure appropriate safeguards are in place.

Consent

Where required by law, we will rely on your consent, for example for certain optional communications or non-essential processing. If we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

4. Data Sharing and Processors

We may share personal data with trusted third parties who act as processors or independent controllers, only where necessary and subject to appropriate safeguards. These may include:

  • Payment processors that handle card and electronic payments securely.
  • IT and cloud service providers that host databases, email systems, scheduling tools, and secure document storage.
  • Security providers that assist with CCTV systems, alarms, access control, and site monitoring.
  • Accountants and auditors who support financial record keeping and compliance.
  • Legal advisers and insurers where required to manage claims, disputes, or policy obligations.
  • Maintenance and facilities contractors where access to limited customer information is needed to perform services safely.
  • Regulatory, law enforcement, or public authorities where disclosure is required by law or to protect rights, safety, or security.

All processors are required to handle personal data in accordance with data protection law, to use it only on our instructions, and to implement appropriate technical and organisational security measures. Where data is transferred outside the UK, we will ensure that adequate safeguards are in place, such as an adequacy decision or approved contractual protections.

5. Retention of Personal Data

We retain personal data only for as long as necessary for the purposes for which it was collected, including satisfying legal, contractual, accounting, and reporting requirements. Retention periods are determined by the nature of the data and the reasons for processing.

  • Customer and contract records are typically retained for the duration of the storage relationship and for a reasonable period afterward to deal with queries, claims, or disputes.
  • Financial and tax records are retained for the period required by applicable law.
  • Security records such as CCTV and access logs are retained only for as long as necessary for site security, incident investigation, or legal purposes.
  • Correspondence and complaints are kept for as long as needed to resolve issues and maintain proper records.

When personal data is no longer required, we will securely delete, anonymise, or dispose of it in a controlled manner.

6. Data Security

We use appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, destruction, or alteration. These measures may include access restrictions, secure storage, encryption, password controls, staff confidentiality obligations, monitoring systems, and regular review of security practices. While no system can be guaranteed completely secure, we take data protection seriously and continually assess our safeguards.

7. Your Data Protection Rights

Subject to certain legal conditions and exemptions, you have the following rights under data protection law:

  • Right of access – to request a copy of the personal data we hold about you.
  • Right to rectification – to request correction of inaccurate or incomplete data.
  • Right to erasure – to request deletion of personal data in certain circumstances.
  • Right to restriction – to ask us to limit how we use your data in certain situations.
  • Right to data portability – to request transfer of certain data to you or another controller in a structured, commonly used format.
  • Right to object – to object to processing based on legitimate interests or to direct marketing.
  • Right to withdraw consent – where processing is based on consent, you may withdraw it at any time.

You also have the right to lodge a complaint with the Information Commissioner’s Office if you believe your data protection rights have been infringed. Exercising your rights will not normally involve a fee, although requests that are manifestly unfounded or excessive may be refused or charged in line with applicable law.

8. Children’s Data

Shootershill Storage services are not intended for children, and we do not knowingly collect personal data from children in the ordinary course of business. If we become aware that such data has been collected without appropriate authority, we will take reasonable steps to delete it or process it only where lawful and necessary.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, regulatory guidance, operational needs, or service arrangements. The latest version will apply to all Shootershill Storage customers in the area. Where changes are significant, we will take reasonable steps to make affected individuals aware of them.

By using Shootershill Storage services, you acknowledge that your personal data may be processed in accordance with this Privacy Policy and applicable data protection law.

Call Now!
Call Now Get a Quote
Shootershill Storage

GDPR-compliant privacy policy for Shootershill Storage covering data collection, lawful basis, retention, processors, user rights, and local customer scope.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.