Privacy Policy - Gospeloak Storage

This Privacy Policy explains how Gospeloak Storage collects, uses, shares, stores, and protects personal data in connection with its storage services. It applies to all Gospeloak Storage customers in the area, including prospective customers, current customers, former customers, authorised users, and other individuals whose personal data is processed in the course of providing storage services. We are committed to handling personal data in a lawful, fair, and transparent manner in accordance with the UK GDPR and the Data Protection Act 2018, or equivalent applicable data protection laws where required.

1. Data We Collect

We collect only the personal data necessary to provide and manage our storage services, comply with legal obligations, and protect our legitimate business interests. Depending on your relationship with us, we may collect the following categories of information:

  • Identity details such as your name, date of birth, and identification information used for account verification and security checks.
  • Contact details including postal address, email address, and telephone number.
  • Account and contract details such as storage unit number, booking information, service preferences, payment status, and communications relating to your account.
  • Financial information such as payment records, billing details, transaction references, and limited payment information required to process charges and refunds.
  • Security and access information including gate access logs, entry and exit times, CCTV recordings, alarm records, and incident reports.
  • Correspondence such as complaints, enquiries, notices, and other communications you send to us.
  • Technical and usage data where relevant, such as device or browser information used to access digital services, and records of system interactions needed for security and audit purposes.

We do not intentionally collect special category data unless it is necessary, lawful, and expressly provided by you or required for a specific legal purpose. If such data is collected, we will process it only where permitted by law and with appropriate safeguards.

2. How We Use Personal Data

We use personal data for the following purposes:

  • to provide storage services and manage customer accounts;
  • to verify identity and maintain site security;
  • to process payments, issue invoices, and manage arrears;
  • to communicate with customers about bookings, contract matters, and service updates;
  • to monitor access to storage facilities and protect property, customers, staff, and visitors;
  • to investigate incidents, claims, disputes, fraud, theft, or misuse;
  • to comply with legal, regulatory, and accounting obligations;
  • to improve our operations, facilities, and security measures;
  • to establish, exercise, or defend legal claims.

Where we rely on legitimate interests, we ensure that those interests do not override your rights and freedoms. We only process data where there is a clear and appropriate purpose.

3. Lawful Basis for Processing

Under data protection law, we must have a lawful basis for each processing activity. Depending on the context, Gospeloak Storage may process personal data on one or more of the following bases:

Contract

We process personal data when it is necessary to enter into or perform a contract with you, such as setting up an account, providing a storage unit, managing payments, and administering your service.

Legal Obligation

We process personal data when required to comply with legal obligations, including tax, accounting, fraud prevention, record-keeping, and responses to lawful requests from authorities.

Legitimate Interests

We may process personal data where it is necessary for our legitimate interests or those of a third party, provided your interests do not override ours. These interests include maintaining site security, preventing crime, protecting property, operating our business efficiently, and handling customer disputes.

Consent

In limited situations, we may rely on your consent, for example for optional communications or specific uses not covered by another lawful basis. Where consent is used, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.

4. Sharing and Processors

We may share personal data with trusted third parties where necessary for the purposes described in this policy. These third parties act either as processors acting on our instructions or as independent controllers where they determine their own purposes.

Our processors may include:

  • IT and hosting providers who store or support our systems;
  • payment service providers who process customer payments securely;
  • security service providers who support monitoring, alarm, and surveillance functions;
  • professional advisers such as lawyers, accountants, auditors, and insurers;
  • maintenance and facility service providers who assist with operations and repairs;
  • debt recovery or legal service providers where recovery or enforcement action is required.

We require processors to handle personal data only on our documented instructions, to keep it secure, and to use appropriate technical and organisational safeguards. Where a transfer of data outside the UK or EEA is necessary, we will ensure that appropriate safeguards are in place, such as an adequacy decision or approved contractual protections.

We may also disclose data where required by law, court order, regulatory request, or to protect the rights, property, or safety of Gospeloak Storage, our customers, or others.

5. Data Retention

We keep personal data only for as long as necessary for the purposes for which it was collected, including to satisfy legal, accounting, reporting, or security requirements. Retention periods vary depending on the type of information and the purpose of processing.

In general:

  • contract and account records are retained for the duration of the customer relationship and for a reasonable period afterwards;
  • financial and tax records are retained for the period required by law;
  • security records, including CCTV footage and access logs, are retained for a limited period unless needed for investigation or legal proceedings;
  • correspondence and complaint records are retained while relevant to service management, disputes, or legal claims.

When personal data is no longer required, we will securely delete, anonymise, or archive it in accordance with our retention procedures. We do not keep data indefinitely without a lawful and necessary purpose.

6. Data Security

We use appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, loss, or destruction. These measures may include access controls, staff confidentiality obligations, encryption where appropriate, secure storage, restricted system access, and monitoring of suspicious activity. Although no system can be guaranteed completely secure, we work to maintain a level of protection appropriate to the risks associated with the data we process.

7. Your Rights

Subject to legal conditions and exemptions, you have the following rights in relation to your personal data:

  • Right of access – to request a copy of the personal data we hold about you;
  • Right to rectification – to ask us to correct inaccurate or incomplete data;
  • Right to erasure – to request deletion of your data in certain circumstances;
  • Right to restriction – to request limited processing in specific situations;
  • Right to object – to object to processing based on legitimate interests or direct marketing;
  • Right to data portability – to receive certain data in a structured, commonly used, machine-readable format where applicable;
  • Right to withdraw consent – where processing is based on consent;
  • Right to complain – to the relevant data protection supervisory authority if you believe your rights have been infringed.

We may need to verify your identity before responding to a rights request. We will respond within the time limits required by law and provide reasons if we cannot fully comply with a request.

8. Children’s Data

Our services are intended for adults and businesses. We do not knowingly collect personal data from children except where it is incidental to the provision of services and permitted by law. If we become aware that we have collected data from a child without an appropriate lawful basis, we will take steps to delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, our services, or how we process personal data. Any updated version will apply from the date it takes effect. We encourage customers to review this policy periodically so they remain informed about how their information is handled.

10. Summary of Our Commitments

  • We collect only data that is relevant and necessary for storage services.
  • We process personal data under lawful bases including contract, legal obligation, legitimate interests, and consent where appropriate.
  • We share data only with trusted processors and other recipients where necessary and lawful.
  • We retain data only as long as required for business, legal, or security purposes.
  • We respect your rights and provide mechanisms to exercise them.

Gospeloak Storage is committed to treating personal data with care, transparency, and accountability. If you are a customer in the area, this policy explains how your information is handled whenever you use our storage services or interact with us in relation to those services.

Call Now!
Call Now Get a Quote
Gospeloak Storage

GDPR-compliant Privacy Policy for Gospeloak Storage covering data collection, lawful basis, retention, processors, and user rights for all customers in the area.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.