Privacy Policy - Whetstone Storage

This Privacy Policy explains how Whetstone Storage collects, uses, stores, shares, and protects personal data in connection with its storage services. It applies to all Whetstone Storage customers in the area, including prospective customers, current customers, account holders, authorized users, visitors, and individuals whose information is provided to us in the course of providing storage-related services.

Whetstone Storage is committed to handling personal data lawfully, fairly, and transparently in accordance with the UK GDPR and the Data Protection Act 2018. This policy is intended to help you understand what information we process, why we process it, how long we keep it, and what rights you have over it.

1. Personal Data We Collect

We may collect and process different categories of personal data depending on how you interact with Whetstone Storage. The information we collect may include:

  • Identity data: name, title, date of birth, and identification details where required for verification.
  • Contact data: postal address, email address, telephone number, and billing address.
  • Account data: customer reference numbers, booking details, unit allocation, access permissions, and account history.
  • Payment data: payment method details, transaction records, and billing information. We do not intentionally retain full card details where payment processors handle these securely.
  • Security and access data: entry logs, CCTV footage, alarm records, visitor logs, and access timestamps where applicable.
  • Communication data: records of calls, emails, written correspondence, complaints, and service requests.
  • Technical data: IP address, device information, browser type, and basic usage data if you interact with digital systems we operate.
  • Special category data: generally not collected. If such data is provided incidentally, we will only process it where permitted by law and only when necessary.

We collect personal data directly from you when you make an enquiry, sign a contract, use storage services, make payments, request support, or communicate with us. We may also receive data from third parties such as payment providers, identity verification services, insurers, legal representatives, debt recovery partners, or public authorities when necessary and lawful.

2. How We Use Personal Data

We use personal data only for specified, explicit, and legitimate purposes. These include:

  • setting up and managing customer accounts;
  • verifying identity and preventing fraud;
  • providing and administering storage services;
  • processing payments and managing invoices;
  • communicating about bookings, access, renewals, and service changes;
  • maintaining site security, including monitoring access and safeguarding property;
  • responding to enquiries, complaints, and disputes;
  • complying with legal and regulatory obligations;
  • establishing, exercising, or defending legal claims;
  • improving our services, systems, and customer experience;
  • recovering unpaid amounts where necessary.

We do not sell personal data. Any processing of your information will be limited to what is relevant and necessary for the purposes described in this policy.

3. Lawful Basis for Processing

Whetstone Storage processes personal data only where we have a lawful basis under data protection law. Depending on the context, our lawful bases may include:

Contract

We process personal data when it is necessary to enter into or perform a contract with you. This includes managing bookings, providing storage space, billing, access administration, and customer support.

Legal Obligation

We may process personal data to comply with legal obligations, such as tax, accounting, record-keeping, fraud prevention, or responses to lawful requests from authorities.

Legitimate Interests

We may process personal data where it is necessary for our legitimate interests, provided those interests are not overridden by your rights and freedoms. Examples include site security, business administration, service improvement, loss prevention, and debt recovery.

Consent

In limited cases, we may rely on your consent, for example where it is required for certain optional communications or specific processing activities. Where consent is used, you may withdraw it at any time.

Vital Interests and Public Task

These bases are unlikely to apply in ordinary storage operations, but may be used in exceptional circumstances where necessary to protect someone’s life or comply with a public authority function.

4. Sharing Personal Data and Processors

We may share personal data with trusted third parties who act as processors or independent controllers, but only when necessary and subject to appropriate safeguards. Processors may include:

  • IT and cloud service providers: to host systems, store data, and support internal operations.
  • Payment processors: to process card payments, direct debits, and other transactions securely.
  • Security service providers: to support CCTV, alarms, access control, and site monitoring.
  • Customer relationship and communication tools: to manage correspondence and service updates.
  • Professional advisers: including accountants, legal advisers, insurers, and auditors where necessary.
  • Debt recovery and collections partners: where accounts remain unpaid and recovery action is lawful.
  • Identity verification and fraud prevention services: where needed to protect our customers and business.

We require processors to handle personal data securely, to use it only for authorised purposes, and to implement appropriate technical and organisational measures. Where a third party acts as an independent controller, it will be responsible for its own privacy practices.

We may also disclose data where required by law, court order, regulatory request, or to protect the rights, property, or safety of Whetstone Storage, our customers, staff, or others.

5. Data Retention

We keep personal data only for as long as necessary for the purposes for which it was collected, including to satisfy legal, accounting, contractual, or reporting requirements. Retention periods vary depending on the type of data and the relevant purpose.

  • Customer and contract records: retained for the duration of the relationship and for a reasonable period afterwards to deal with claims, enquiries, and account administration.
  • Payment and invoicing records: retained for periods required by tax and accounting laws.
  • Security records: retained only as long as necessary for site safety, incident management, or legal purposes.
  • Correspondence and support records: retained for as long as needed to resolve issues and maintain service history.
  • Marketing or optional communications data: retained until you withdraw consent or opt out, where applicable.

When data is no longer needed, we will securely delete, anonymise, or archive it in line with our retention practices and legal obligations. Retention decisions are based on necessity and proportionality, and we review stored data periodically to ensure it is not kept longer than required.

6. Data Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, destruction, alteration, or disclosure. These measures may include access restrictions, authentication controls, secure storage, staff training, monitoring, and contractual safeguards with processors.

Although no system can be guaranteed to be completely secure, we work to maintain a level of protection appropriate to the risk associated with the data we process.

7. International Transfers

If personal data is transferred outside the UK, we will ensure that appropriate safeguards are in place, such as adequacy regulations, standard contractual clauses, or other lawful transfer mechanisms. Any such transfer will be limited to what is necessary for the service and subject to suitable protection.

8. Your Rights

Under data protection law, you have a number of rights in relation to your personal data. These rights may apply depending on the legal basis for processing and the circumstances of the request.

  • Right of access: you may request a copy of the personal data we hold about you.
  • Right to rectification: you may ask us to correct inaccurate or incomplete data.
  • Right to erasure: you may request deletion of your data in certain circumstances.
  • Right to restriction: you may ask us to limit processing in certain situations.
  • Right to object: you may object to processing based on legitimate interests or direct marketing.
  • Right to data portability: you may request a copy of certain data in a structured, commonly used format where applicable.
  • Right to withdraw consent: where processing is based on consent, you may withdraw it at any time.

If you wish to exercise your rights, we may need to verify your identity before responding. We will respond within the time limits required by law unless an extension is permitted. These rights are not absolute, and some requests may be limited by legal obligations or the rights of others.

9. Children’s Data

Whetstone Storage services are not directed to children, and we do not knowingly collect personal data from children except where it is incidental to a lawful service arrangement and necessary for administration or security. Where relevant, we will apply appropriate safeguards.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, our services, or our processing practices. Any updated version will apply from the date it is published or otherwise communicated. We encourage customers to review this policy periodically to remain informed about how we protect personal data.

11. Complaints and Supervisory Authority

If you have concerns about how we handle personal data, we encourage you to raise them with us first so we can try to resolve the issue. You also have the right to lodge a complaint with the relevant data protection authority in the UK if you believe your rights have been infringed.

By using Whetstone Storage services, you acknowledge that your personal data may be processed in accordance with this Privacy Policy and applicable data protection laws.

Call Now!
Call Now Get a Quote
Whetstone Storage

GDPR-compliant Privacy Policy for Whetstone Storage covering data collection, lawful basis, retention, processors, user rights, and applicability to all local customers.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.