Privacy Policy - Waterloo Storage

This Privacy Policy explains how Waterloo Storage collects, uses, stores, shares, and protects personal data relating to customers, prospective customers, visitors, and other individuals whose information we process in connection with our storage services. It applies to all Waterloo Storage customers in the area and is intended to meet the requirements of the UK GDPR and the Data Protection Act 2018, together with applicable data protection principles. We are committed to handling personal data fairly, lawfully, transparently, and securely.

1. Who We Are

Waterloo Storage provides storage-related services to individuals and businesses. In the course of operating our services, we act as a data controller for personal data that we determine the purposes and means of processing. This means we decide why and how certain personal information is used, while respecting the rights of individuals and the obligations imposed on us by law.

2. Personal Data We Collect

We collect only the personal data that is necessary for lawful and legitimate business purposes. The information we may collect includes:

  • Identity data, such as your name, title, and date of birth where needed for verification.
  • Contact data, such as postal address, email address, and telephone number.
  • Account and service data, including booking details, unit allocation, access records, invoicing details, and communication preferences.
  • Payment data, such as payment method, transaction records, and billing information, though we may not store full payment card details if these are processed by a payment provider.
  • Verification data, including information used to confirm identity or authority to use a storage unit.
  • Technical data, such as IP address, device information, browser type, and system logs where our systems capture them.
  • CCTV and security data, including images or footage captured within and around our premises for safety, security, and crime prevention purposes.
  • Correspondence data, including emails, letters, call notes, complaints, and other communications.

We generally collect personal data directly from you, but we may also receive data from third parties where necessary, such as payment processors, verification providers, insurers, legal representatives, or public authorities.

3. How We Use Personal Data

We use personal data for the following purposes:

  • to provide storage services and manage customer accounts;
  • to verify identity and eligibility where required;
  • to issue invoices, collect payments, and maintain financial records;
  • to manage access to facilities and maintain site security;
  • to communicate about bookings, service changes, renewals, notices, and administrative matters;
  • to prevent fraud, misuse, theft, damage, and other unlawful activity;
  • to comply with legal obligations, tax requirements, and regulatory requests;
  • to resolve disputes, defend legal claims, and enforce agreements;
  • to improve our operations, systems, and customer service;
  • to maintain appropriate records and business controls.

We do not use personal data for purposes that are incompatible with the reasons it was collected unless we have a lawful basis to do so and have informed you where required.

4. Lawful Basis for Processing

Under data protection law, we must have a lawful basis to process personal data. Waterloo Storage relies on one or more of the following lawful bases depending on the context:

Contract

We process personal data where it is necessary to enter into or perform a contract with you. This includes setting up accounts, managing storage units, taking payments, and providing the services you request.

Legal Obligation

We may need to process data to comply with legal or regulatory requirements, such as tax, accounting, record-keeping, safety, or lawful requests from authorities.

Legitimate Interests

We may process personal data where it is necessary for our legitimate interests and where those interests are not overridden by your rights and freedoms. Legitimate interests may include facility security, fraud prevention, service administration, improving operations, and protecting our property, staff, customers, and business.

Consent

Where consent is required by law for specific processing activities, we will obtain it from you. You may withdraw consent at any time where processing is based on consent, without affecting the lawfulness of processing carried out before withdrawal.

5. Sharing Personal Data and Processors

We may share personal data with trusted third parties who assist us in providing our services. These parties act as processors or, in some cases, as independent controllers. When processors handle personal data on our behalf, they are contractually required to process it only according to our instructions and to implement appropriate security measures.

Processors and recipients may include:

  • payment service providers and banking partners;
  • IT hosting, software, and system support providers;
  • security and CCTV service providers;
  • accounting, audit, and administrative support providers;
  • legal, insurance, and debt recovery professionals;
  • delivery or logistics providers where needed to support the service;
  • public authorities, regulators, law enforcement, or courts when legally required.

We do not sell personal data. If personal data is transferred outside the UK or the European Economic Area, we will ensure suitable safeguards are in place, such as adequacy regulations, standard contractual clauses, or other lawful transfer mechanisms.

6. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, insurance, and reporting requirements. The retention period depends on the type of data and the purpose for which it is processed.

In general:

  • customer account and service records are kept for the duration of the relationship and for a period afterwards for administration and legal defence;
  • financial and transaction records are retained for the period required by tax and accounting law;
  • correspondence and complaint records are kept as long as needed to resolve matters and meet legal obligations;
  • CCTV footage is usually retained only for a short period unless it is needed for investigation, security, or legal purposes;
  • inactive or unnecessary data is securely deleted, anonymised, or archived in line with our retention practices.

When data is no longer required, we take appropriate steps to securely erase or anonymise it.

7. Data Security

We use suitable technical and organisational measures to protect personal data against accidental loss, unauthorised access, misuse, alteration, or disclosure. These measures may include access controls, secure storage, staff training, logging, physical security, and contractual protections for service providers. While no system can be guaranteed to be completely secure, we work continuously to reduce risks and protect the information entrusted to us.

8. Your Rights

Depending on the circumstances and applicable law, you may have the following rights regarding your personal data:

  • Right of access – to request a copy of the personal data we hold about you.
  • Right to rectification – to ask us to correct inaccurate or incomplete information.
  • Right to erasure – to request deletion of your data in certain circumstances.
  • Right to restriction – to ask us to limit processing in certain cases.
  • Right to data portability – to receive certain data in a structured, commonly used format where applicable.
  • Right to object – to object to processing based on legitimate interests or direct marketing.
  • Right to withdraw consent – where processing relies on consent.
  • Right to complain – to the relevant data protection authority if you believe your rights have been infringed.

To exercise your rights, you may need to provide sufficient information so we can verify your identity and locate the relevant records. We will respond within the time limits required by law.

9. Children’s Data

Our services are intended for adults and business users. We do not knowingly collect personal data from children except where necessary and lawful in a limited context, such as where a parent or guardian is involved in a service arrangement. If we learn that we have collected data unlawfully from a child, we will take appropriate steps to delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or business practices. Any updated version will apply from the time it is made available. We encourage you to review this policy periodically so that you remain informed about how your personal data is handled.

11. Summary of Our Commitment

Waterloo Storage is committed to respecting privacy and handling personal information with care. We collect only what we need, use it for clear and lawful purposes, retain it only as long as necessary, and share it only with appropriate processors or other recipients where legally permitted. We recognise that privacy is a core part of trust, and we aim to maintain that trust through responsible and transparent data practices.

In all cases, this Privacy Policy applies to all Waterloo Storage customers in the area.

Call Now!
Call Now Get a Quote
Waterloo Storage

GDPR-compliant Privacy Policy for Waterloo Storage covering data collection, lawful basis, retention, processors, and user rights for all local customers.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.