Privacy Policy - Chinatown Storage

This Privacy Policy explains how Chinatown Storage collects, uses, stores, shares, and protects personal data relating to all Chinatown Storage customers in the area. It applies to every customer, account holder, authorized user, visitor, and prospective customer who interacts with our services in the area. We are committed to handling personal data in a lawful, fair, transparent, and secure manner in accordance with the UK GDPR and applicable data protection laws.

1. Who We Are

Chinatown Storage provides self-storage and related services to individuals and businesses in the area. For the purposes of data protection law, Chinatown Storage acts as the data controller for the personal data described in this Privacy Policy, meaning we determine why and how your personal data is processed.

2. Personal Data We Collect

We only collect personal data that is necessary for the operation of our storage services, the management of customer accounts, compliance with legal obligations, and the protection of our business, staff, and customers. The categories of data we may collect include:

  • Identity data: name, date of birth, and identification details used to verify identity.
  • Contact data: postal address, billing address, email address, and telephone number.
  • Account data: customer account numbers, storage unit references, contract details, payment status, and service preferences.
  • Payment data: payment method details, transaction records, invoices, receipts, and refund information.
  • Security data: CCTV recordings, access logs, alarm records, incident reports, and other security-related information.
  • Communication data: emails, letters, call notes, complaints, service requests, and other correspondence.
  • Technical data: device information, IP address, browser details, and usage information if you interact with our digital systems.
  • Legal and compliance data: records required to meet legal, tax, insurance, fraud prevention, or regulatory obligations.

In limited situations, we may also process special category data if it is provided to us or becomes necessary for a legal claim, safety matter, or an accommodation request. Where this occurs, we will only process it where permitted by law and subject to additional safeguards.

3. How We Use Your Data

We use personal data for the following purposes:

  • to create and manage storage accounts;
  • to verify identity and prevent fraud;
  • to provide access to storage units and related services;
  • to process payments, invoices, and account administration;
  • to communicate with customers about bookings, renewals, reminders, and service updates;
  • to maintain site security and protect property, staff, and customers;
  • to handle disputes, complaints, claims, and legal proceedings;
  • to comply with legal, tax, accounting, and regulatory requirements;
  • to improve service quality, operational efficiency, and customer experience;
  • to establish, exercise, or defend legal rights.

We will only use your personal data in ways that are compatible with the purposes for which it was collected, unless we reasonably determine that another compatible purpose exists or the law requires otherwise.

4. Lawful Basis for Processing

We process personal data only where we have a valid lawful basis under data protection law. Depending on the activity, we rely on one or more of the following:

Contract

We process data where it is necessary to enter into or perform a contract with you, such as managing your storage account, providing access to a unit, processing payments, and delivering requested services.

Legal obligation

We process data where necessary to comply with legal obligations, including tax, accounting, safety, security, fraud prevention, and regulatory recordkeeping obligations.

Legitimate interests

We may process data where it is necessary for our legitimate interests or those of a third party, provided those interests are not overridden by your rights and freedoms. Examples include site security, CCTV monitoring, preventing misuse of our facilities, debt recovery, service improvement, and business administration.

Consent

In limited cases, we rely on your consent, for example where specific optional communications or certain processing activities require it. Where we rely on consent, you can withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

Vital interests and legal claims

Where necessary, we may process data to protect someone’s vital interests or to establish, exercise, or defend legal claims.

5. Sharing Your Data and Processors

We do not sell your personal data. We may share personal data with trusted third parties where necessary for the purposes described in this Privacy Policy. Some of these third parties act as processors, meaning they process personal data on our instructions and under contract. Our processors may include:

  • payment service providers;
  • accounting and bookkeeping providers;
  • IT hosting, cloud storage, and software providers;
  • customer management and communications platforms;
  • security and CCTV service providers;
  • maintenance, alarm, and access control contractors;
  • professional advisers such as lawyers, insurers, auditors, and consultants;
  • debt recovery or dispute resolution service providers where required.

We may also disclose personal data to law enforcement, courts, regulators, or other authorities where required by law, and to third parties involved in legal proceedings or emergencies.

All processors are required to protect personal data appropriately and may only use it for the purposes we instruct. Where personal data is transferred outside the UK or European Economic Area, we will ensure appropriate safeguards are in place, such as adequacy regulations, standard contractual clauses, or equivalent lawful transfer mechanisms.

6. Data Retention

We keep personal data only for as long as necessary for the purposes for which it was collected, including to satisfy legal, accounting, insurance, and reporting obligations. Retention periods depend on the type of data and the reason for processing.

  • Active customer records: retained for the duration of the contract and for a reasonable period afterward.
  • Financial and tax records: retained for the period required by law.
  • Security records and CCTV footage: retained for a limited period unless needed for an investigation, claim, or legal purpose.
  • Correspondence and complaints: retained as long as needed to resolve the matter and demonstrate proper handling.
  • Legal claims data: retained until the relevant limitation period has expired or the claim is resolved.

When data is no longer required, we will delete it securely or anonymise it so that it can no longer identify you. In some cases, we may retain data for longer where required by law or where it is necessary for a legitimate business purpose, such as defending a claim.

7. Your Rights

Under data protection law, you may have the following rights in relation to your personal data:

  • Right of access: to obtain confirmation of whether we process your data and to receive a copy of it.
  • Right to rectification: to request correction of inaccurate or incomplete data.
  • Right to erasure: to request deletion of data in certain circumstances.
  • Right to restriction: to request that we limit how we use your data in certain situations.
  • Right to object: to object to processing based on legitimate interests or direct marketing, where applicable.
  • Right to data portability: to request certain data in a structured, commonly used, machine-readable format, where applicable.
  • Right to withdraw consent: where processing is based on consent, you may withdraw it at any time.

These rights are not absolute and may be subject to legal or practical limitations. For example, we may need to keep certain records to comply with legal obligations or to defend a legal claim.

8. Security of Personal Data

We use appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, disclosure, alteration, or destruction. These measures may include access controls, staff confidentiality obligations, secure storage, monitoring systems, and regular review of internal processes. While we take reasonable steps to protect your data, no system can be guaranteed to be completely secure.

9. Automated Decision-Making

We do not use fully automated decision-making that produces legal or similarly significant effects about you unless permitted by law and accompanied by appropriate safeguards. If this position changes, we will update this policy and explain your rights in relation to such processing.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or operational practices. Any revised version will apply from the date it is published or otherwise communicated. We encourage customers to review this policy periodically to stay informed about how their personal data is handled.

11. Additional Information

By using Chinatown Storage services in the area, you acknowledge that your personal data may be processed in accordance with this Privacy Policy. We aim to be transparent, proportionate, and accountable in all of our data handling activities. If any part of this policy conflicts with applicable data protection law, the law will prevail. Our approach is to ensure that your personal data is handled with care, used only where justified, and protected with appropriate safeguards.

Call Now!
Call Now Get a Quote
Chinatown Storage

GDPR-compliant Privacy Policy for Chinatown Storage covering data collection, lawful bases, retention, processors, and user rights for all area customers.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.