Privacy Policy - Bloomsbury Storage

This Privacy Policy explains how Bloomsbury Storage collects, uses, stores, shares, and protects personal data in connection with our storage services. It applies to all Bloomsbury Storage customers in the area, including prospective customers, account holders, authorised users, and individuals who interact with us in relation to our services. We are committed to handling personal information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

Bloomsbury Storage provides storage-related services to individuals and businesses. For the purposes of data protection law, we act as the data controller for personal data we collect and use in the course of operating our business, managing customer accounts, and providing our services.

This means we decide why and how your personal data is processed. Where we engage external service providers to process data on our behalf, they act as data processors and may only act under our instructions.

2. Personal Data We Collect

We collect only the personal data that is necessary for the operation of our services, compliance with legal obligations, and improvement of customer experience. The categories of data we may collect include:

  • Identity data such as your name, title, and date of birth where needed for verification.
  • Contact data such as your address, email address, and telephone number.
  • Account and contract data including account references, booking details, storage unit allocation, and service preferences.
  • Payment data such as billing address, payment status, and transaction records. We do not store full card details if payment processing is carried out by a secure third-party provider.
  • Access and security data including entry logs, CCTV footage where used, and records of authorised access.
  • Communication data including emails, phone call notes, written correspondence, and service enquiries.
  • Technical data such as IP address, device information, and browsing data if you use our digital services.
  • Compliance data including information collected for fraud prevention, legal checks, or insurance-related purposes.

We may also receive personal data from third parties, such as payment processors, identity verification providers, public sources, or other persons authorised by you to act on your behalf.

3. How We Use Personal Data

We use personal data to operate our business and provide services in a secure and efficient manner. Our uses include:

  • Setting up and managing customer accounts;
  • Processing bookings, payments, and renewals;
  • Verifying identity and preventing misuse;
  • Managing access to storage units and site facilities;
  • Providing customer support and responding to enquiries;
  • Maintaining security, including incident investigation and CCTV monitoring where appropriate;
  • Complying with legal, tax, insurance, and regulatory requirements;
  • Detecting and preventing fraud, theft, or other unlawful activity;
  • Improving our services, processes, and customer communications;
  • Managing disputes, claims, or enforcement actions.

We will only use your data where we have a valid legal ground to do so. We do not sell personal data.

4. Lawful Basis for Processing

Under UK GDPR, we must have a lawful basis for each processing activity. Depending on the context, Bloomsbury Storage relies on the following lawful bases:

Contract

We process personal data where it is necessary to enter into or perform a contract with you. This includes managing bookings, providing access to storage facilities, administering accounts, and processing payments.

Legal Obligation

We may process data where necessary to comply with legal requirements, including accounting, tax, health and safety, fraud prevention, and lawful requests from public authorities.

Legitimate Interests

We may process data where it is necessary for our legitimate business interests, provided those interests are not overridden by your rights and freedoms. This may include securing our premises, monitoring suspicious activity, improving our services, and managing business records. Where required, we carry out a balancing test to ensure your interests are protected.

Consent

In limited situations, we may rely on your consent, for example for certain optional marketing communications or specific processing that requires permission. Where consent is used, you may withdraw it at any time.

5. Sharing Personal Data and Processors

We may share personal data with trusted third parties where necessary for the operation of our services, compliance with law, or protection of our legitimate interests. These third parties may include:

  • Payment processors who handle card or electronic payments securely;
  • IT and hosting providers who support our systems, data storage, and security;
  • Security service providers supporting access control, alarm systems, or CCTV infrastructure;
  • Professional advisers such as accountants, insurers, auditors, and legal advisers;
  • Identity verification and fraud prevention services where checks are necessary;
  • Government authorities, regulators, or law enforcement where disclosure is required by law or is necessary to protect rights and safety.

All processors are required to handle personal data securely, use it only for the specified purpose, and comply with data protection law. We take reasonable steps to ensure that any third party processing personal data on our behalf provides appropriate safeguards.

6. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, including any legal, accounting, insurance, or reporting requirements. Retention periods depend on the nature of the data and the reason for processing.

In general:

  • Customer account and contract records are kept for the duration of the agreement and for a reasonable period afterwards.
  • Financial and tax records are retained for the period required by law.
  • Security records, including access logs and CCTV footage where applicable, are retained only as long as needed for security, incident handling, or legal purposes.
  • General correspondence and service records are kept for as long as needed to manage the relationship and resolve disputes.

When personal data is no longer needed, we will securely delete, anonymise, or archive it in accordance with our internal retention procedures.

7. Data Security

We use appropriate technical and organisational measures to protect personal data against unauthorised access, loss, alteration, or disclosure. These measures may include access controls, secure storage, staff training, password protection, system monitoring, and restricted access to sensitive records. While no method of transmission or storage is completely secure, we work to maintain a level of protection appropriate to the risk.

8. Your Rights

Under data protection law, you have rights regarding your personal data. Subject to legal limits, these include:

  • Right of access – to request a copy of the personal data we hold about you;
  • Right to rectification – to ask us to correct inaccurate or incomplete data;
  • Right to erasure – to request deletion of your data in certain circumstances;
  • Right to restriction – to ask us to limit how we use your data in certain situations;
  • Right to data portability – to receive certain data in a structured, commonly used format;
  • Right to object – to object to processing based on legitimate interests or direct marketing;
  • Right to withdraw consent – where processing is based on consent, you may withdraw it at any time;
  • Right to complain – to raise concerns with the relevant supervisory authority if you believe your data rights have been infringed.

We will respond to valid requests in accordance with applicable law. In some cases, we may need to retain or continue processing certain data where we have a lawful reason to do so.

9. International Transfers

If personal data is transferred outside the UK, we will ensure that appropriate safeguards are in place to protect it, such as adequacy regulations, standard contractual clauses, or other approved legal mechanisms. We aim to keep data within secure environments and only transfer it where necessary.

10. Marketing

We may send service-related communications that are necessary for managing your account or providing the storage service. If we send optional marketing communications, we will do so only where permitted by law, and you may opt out at any time. We will respect your preferences and avoid unnecessary contact.

11. Children’s Data

Our services are intended for adults and businesses. We do not knowingly collect personal data from children unless it is necessary in exceptional circumstances and lawful to do so. If we become aware that we have collected data from a child without appropriate authorisation, we will take steps to delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, operations, or data handling practices. The latest version will apply to all relevant processing activities. We encourage customers to review this policy periodically to stay informed about how personal data is used.

By using Bloomsbury Storage services, you acknowledge that you have read and understood this Privacy Policy. We are committed to processing personal data fairly, lawfully, and transparently, while respecting the rights and freedoms of every customer in the area.

Call Now!
Call Now Get a Quote
Bloomsbury Storage

GDPR-compliant privacy policy for Bloomsbury Storage covering data collection, lawful basis, retention, processors, and user rights.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.