Privacy Policy - Marylebone Storage

This Privacy Policy explains how Marylebone Storage collects, uses, stores, shares, and protects personal data when providing storage-related services to customers in the Marylebone area and surrounding local customers. This policy applies to all Marylebone Storage customers in area, including prospective customers, current customers, former customers, and any individuals who communicate with us or use our services on behalf of a business or household.

We are committed to handling personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We aim to ensure that personal information is processed fairly, lawfully, transparently, and securely.

1. Data We Collect

We collect only the personal data needed to operate our storage services, manage customer relationships, meet legal obligations, and protect our business, facilities, and customers.

Information you provide to us

  • Identity details, such as your name, date of birth, and proof of identity where required.
  • Contact information, such as address, email address, and telephone number.
  • Account and service details, such as booking information, storage unit allocation, payment records, and access arrangements.
  • Correspondence, including messages, complaint records, and other communications with our team.
  • Verification documents, where needed for fraud prevention, security checks, or legal compliance.

Information collected automatically

  • Security and access logs, such as entry and exit records, gate access information, and CCTV footage where used for site security.
  • Technical information, which may include IP address, device type, browser type, and basic usage data if you interact with our digital systems.

Information from third parties

We may receive personal data from third parties where necessary, such as payment providers, identity verification services, insurers, solicitors, debt recovery agents, or public authorities. We only use such data where permitted by law and relevant to the services we provide.

2. How We Use Your Data

We use personal data for the following purposes:

  • to set up and manage storage agreements;
  • to verify identity and prevent fraud;
  • to process payments, deposits, refunds, and account balances;
  • to communicate about bookings, access, invoices, renewals, and service changes;
  • to maintain security, monitor access, and protect premises, staff, and customers;
  • to handle complaints, disputes, and customer support requests;
  • to comply with legal, regulatory, insurance, and accounting obligations;
  • to recover unpaid amounts or defend legal claims;
  • to improve our services and internal operations.

We will only use your personal data for the purposes for which it was collected, unless we reasonably need to use it for another compatible purpose and the law allows this.

3. Lawful Basis for Processing

We process personal data only where we have a lawful basis under the UK GDPR. Depending on the circumstances, our lawful bases include:

Contract

We process personal data when it is necessary to enter into or perform a storage agreement, manage bookings, provide access, and administer customer accounts.

Legal obligation

We process personal data to meet legal requirements, including tax, accounting, anti-fraud, and record-keeping obligations, as well as lawful requests from courts or regulators.

Legitimate interests

We may process personal data where it is necessary for our legitimate interests or those of a third party, provided those interests are not overridden by your rights and freedoms. This may include site security, fraud prevention, service improvement, debt recovery, and business administration.

Consent

In limited situations, we may rely on your consent, for example where consent is required for specific optional communications or certain non-essential uses of data. Where consent is used, you may withdraw it at any time.

We do not rely on consent where another lawful basis is more appropriate and reliable for the service relationship.

4. Sharing Your Data and Processors

We may share personal data with trusted third parties who act as processors or independent controllers, but only when necessary and only to the extent needed for a legitimate purpose.

Processors we may use

  • Payment service providers to process card or electronic payments.
  • IT and cloud service providers to host systems, store data securely, and support communications.
  • Security service providers to help manage surveillance, access control, and site protection.
  • Customer management or booking system providers to administer accounts and reservations.
  • Professional advisers, such as accountants, auditors, lawyers, and insurers.
  • Debt recovery or collections services where necessary to recover outstanding amounts lawfully.

All processors are required to handle personal data securely, use it only in line with our instructions, and comply with applicable data protection laws. Where a third party acts as an independent controller, that party will be responsible for its own privacy practices.

We may also disclose information to public authorities, regulators, law enforcement, or courts where required or permitted by law.

5. Data Retention

We keep personal data only for as long as reasonably necessary to fulfil the purposes for which it was collected, including any legal, accounting, or reporting requirements.

Retention periods depend on the type of data and the reason for processing. For example:

  • Contract and account records are generally retained for the life of the agreement and for a reasonable period afterward for administration and dispute handling.
  • Financial records are retained for periods required by tax and accounting law.
  • Security records, such as access logs or CCTV footage, are kept only as long as necessary for safety, incident review, and crime prevention.
  • Correspondence and complaint records are retained for as long as needed to resolve issues and demonstrate compliance.

When data is no longer needed, we will securely delete, anonymise, or archive it in line with our retention procedures.

6. Security of Your Data

We take appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, destruction, alteration, or disclosure. These measures may include access controls, secure storage, staff confidentiality obligations, and regular review of our security practices.

While no system can be guaranteed completely secure, we work to reduce risk and maintain a high standard of data protection appropriate to the nature of the information we handle.

7. Your Rights

Under data protection law, you have a number of rights in relation to your personal data. These rights may be limited in some circumstances, but we will always respond to your request in accordance with the law.

  • Right of access – you can ask for a copy of the personal data we hold about you.
  • Right to rectification – you can ask us to correct inaccurate or incomplete information.
  • Right to erasure – in certain cases, you can ask us to delete your data.
  • Right to restrict processing – you can ask us to limit how we use your data in some situations.
  • Right to data portability – you may request your data in a structured, commonly used format where the law applies.
  • Right to object – you can object to processing based on legitimate interests or direct marketing.
  • Right to withdraw consent – where we rely on consent, you can withdraw it at any time.

You also have the right to complain to the Information Commissioner’s Office (ICO) if you believe your data protection rights have been infringed. We encourage you to contact us first so we can try to resolve concerns promptly.

8. International Transfers

If personal data is transferred outside the UK, we will ensure appropriate safeguards are in place so that your information remains protected to a standard required by law. These safeguards may include adequacy regulations, standard contractual clauses, or equivalent lawful mechanisms.

9. Children’s Data

Our storage services are not directed at children, and we do not knowingly collect personal data from children except where it is necessary in connection with a lawful service arrangement or where a parent or guardian provides information on their behalf. If we become aware that we have collected data improperly, we will take steps to delete it where appropriate.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our operations, legal obligations, or data protection practices. The most current version will apply to your relationship with Marylebone Storage. We encourage customers to review the policy periodically so they remain informed about how personal data is handled.

11. Summary of Our Commitment

Marylebone Storage is committed to treating personal data with care, fairness, and respect. We collect only what we need, use it for clear and lawful purposes, keep it only as long as necessary, and protect it through appropriate safeguards. We also aim to ensure that every customer in the Marylebone area understands their rights and how their information is used.

Call Now!
Call Now Get a Quote
Marylebone Storage

GDPR-compliant Privacy Policy for Marylebone Storage covering data collection, lawful bases, retention, processors, security, and customer rights.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.