Privacy Policy - Leyton Storage

This Privacy Policy explains how Leyton Storage collects, uses, stores, shares, and protects personal data. It applies to all Leyton Storage customers in area, including prospective customers, current customers, former customers, and anyone who interacts with our services in connection with storage, account management, billing, access control, or support.

We are committed to handling personal data lawfully, fairly, and transparently under the UK GDPR and the Data Protection Act 2018. This policy is intended to help you understand what information we collect, why we collect it, how long we keep it, who may process it on our behalf, and what rights you have over your data.

1. Data We Collect

We only collect personal data that is necessary for operating our storage services, managing our business, and meeting legal obligations. The categories of data we may collect include:

  • Identity information such as your name, date of birth, and proof of identity where required.
  • Contact information including your address, email address, and telephone number.
  • Account and service information such as customer reference numbers, unit allocation, access records, booking details, payment history, and service preferences.
  • Financial information including payment method details, invoices, transaction records, and arrears information. We do not intentionally store full card details where payment processing is handled securely by a payment provider.
  • Security and access data such as CCTV footage, entry logs, gate access records, incident reports, and other information related to the safety and security of our premises.
  • Communication data including emails, written correspondence, call notes, complaints, and support requests.
  • Technical information where relevant, such as basic device, browser, or system information collected through our digital systems for security and operational purposes.

We usually collect data directly from you when you make an enquiry, sign a contract, pay a fee, visit our site, or contact us. In some cases, we may receive data from third parties such as payment processors, contractors, insurers, or public authorities where permitted by law.

2. Lawful Basis for Processing

We process personal data only where a lawful basis applies. Depending on the situation, the lawful bases we rely on are:

  • Performance of a contract - to provide storage services, manage accounts, allocate units, process payments, and fulfil our obligations to you.
  • Legal obligation - to comply with tax, accounting, security, fraud prevention, and regulatory requirements.
  • Legitimate interests - to operate and improve our business, protect our property and customers, prevent misuse, manage risk, and maintain secure records, provided those interests are not overridden by your rights and freedoms.
  • Consent - where we ask for permission for specific optional activities, such as certain marketing communications. You may withdraw consent at any time where consent is the legal basis.

Where we process special category data, or data relating to criminal offences, we will only do so where the law allows and appropriate safeguards are in place. We do not collect such data routinely, and if it is processed, it will be limited to what is necessary and proportionate.

3. How We Use Your Data

We use personal data for the following purposes:

  • To create and manage customer accounts.
  • To deliver storage services and administer access to units and facilities.
  • To process payments, refunds, charges, and account changes.
  • To communicate with you about your account, service updates, notices, and support matters.
  • To maintain site safety, monitor security, investigate incidents, and prevent fraud or theft.
  • To meet legal, tax, accounting, and insurance obligations.
  • To handle complaints, disputes, and claims.
  • To analyse business performance and improve our operations, systems, and customer experience.

We only use your data for the purposes described in this policy or for purposes that are compatible with them. If we need to use your data in a new way that is materially different, we will explain the reason and, where required, seek consent or otherwise ensure we have a lawful basis.

4. Data Retention

We keep personal data only for as long as necessary to meet the purposes for which it was collected, including legal, contractual, accounting, and security requirements. Retention periods depend on the type of information and the context in which it is used.

Typical Retention Periods

  • Customer account records: retained for the duration of the contract and for a reasonable period afterwards to manage claims, disputes, and records.
  • Payment and invoicing records: retained for the period required by tax and accounting laws.
  • Security logs and CCTV footage: retained for a limited time unless required for an investigation, legal matter, or incident response.
  • Communications and complaints: retained as long as needed to resolve the matter and maintain appropriate business records.

When personal data is no longer needed, we will securely delete, anonymise, or archive it in accordance with our retention procedures.

5. Processors and Third Parties

We may share personal data with trusted third parties who act as data processors or independent controllers, depending on the service involved. These parties are only given the minimum data necessary and are required to handle it securely and lawfully.

  • Payment processors for taking card or electronic payments securely.
  • IT and software providers for hosting, customer relationship management, email, backup, and system security.
  • Professional advisers such as accountants, auditors, insurers, and legal advisers.
  • Security providers for CCTV, access control, and incident support.
  • Contractors and maintenance providers where access is necessary to keep the site operational and safe.
  • Public authorities where disclosure is required by law or necessary to protect rights, property, or safety.

Where processors act on our behalf, they are subject to written data processing terms requiring them to follow our instructions, protect the data, and assist us in meeting data protection obligations. We do not sell personal data.

6. International Transfers

If any personal data is transferred outside the UK, we will take appropriate steps to ensure it is protected to UK GDPR standards. This may include using approved contractual safeguards or relying on adequacy decisions where available.

7. Your Rights

Subject to certain conditions and exemptions under data protection law, you have the following rights:

  • Right of access - to request a copy of the personal data we hold about you.
  • Right to rectification - to correct inaccurate or incomplete data.
  • Right to erasure - to request deletion of your data in certain circumstances.
  • Right to restrict processing - to limit how we use your data in specific situations.
  • Right to object - to object to processing based on legitimate interests or direct marketing.
  • Right to data portability - to receive certain data in a structured, commonly used format where applicable.
  • Right to withdraw consent - where processing is based on consent.

We will respond to valid requests within the time required by law and may need to verify your identity before acting on them. In some cases, we may not be able to comply fully if there is a legal obligation or overriding legitimate reason to retain or process the data.

8. Security of Personal Data

We use appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure. These measures may include access controls, secure storage, staff training, data minimisation, and monitoring. While no system can be guaranteed to be completely secure, we work to reduce risks and respond promptly to any suspected incident.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or data handling practices. Any updated version will apply from the date it is issued, and we encourage customers to review it periodically. Significant changes will be communicated through appropriate channels where required.

10. Final Statement

By using Leyton Storage services, you acknowledge that you have read and understood this Privacy Policy. We are committed to treating your personal data with care, respecting your rights, and maintaining a lawful and secure approach to data protection. Our aim is to collect only what is necessary, keep it only as long as needed, and use it responsibly.

Call Now!
Call Now Get a Quote
Leyton Storage

GDPR-compliant privacy policy for Leyton Storage covering data collection, lawful basis, retention, processors, rights, and security for all customers in area.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.