Privacy Policy - Fitzrovia Storage

This Privacy Policy explains how Fitzrovia Storage collects, uses, stores, shares, and protects personal data. It applies to all Fitzrovia Storage customers in the area, including prospective customers, current customers, former customers, and anyone who interacts with our services in relation to storage bookings, account management, access arrangements, billing, and customer support. We are committed to handling personal data in a lawful, fair, transparent, and secure manner in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR).

Please read this policy carefully to understand how we process personal data and the rights available to you.

1. Data We Collect

We collect and process only the personal data necessary to provide our services, manage our relationship with you, and meet legal and operational obligations. The categories of data we may collect include:

  • Identity data: name, title, and similar identifying information.
  • Contact data: address, email address, and telephone number.
  • Account and booking data: storage unit reference, booking history, service preferences, move-in and move-out dates, and customer communications.
  • Payment and transaction data: invoicing details, payment records, and limited financial information necessary to process charges and refunds.
  • Access and security data: logs, entry records, key codes, device identifiers, CCTV footage where applicable, and security incident reports.
  • Correspondence data: messages, complaints, service requests, feedback, and any other information you choose to provide.
  • Technical data: limited information about your use of our online systems, such as IP address, browser type, and access timestamps if applicable.

We generally collect personal data directly from you when you enquire about a storage service, make a booking, complete forms, communicate with us, or use our facilities. In some cases, we may receive information from third parties, such as payment providers, identity verification services, contractors, or legal and regulatory bodies.

2. How We Use Your Data

We process personal data for specific and legitimate purposes. These include:

  • providing and administering storage services;
  • managing bookings, access, billing, and account records;
  • verifying identity and preventing fraud;
  • maintaining facility security and protecting property;
  • responding to enquiries, complaints, and requests;
  • meeting legal, tax, accounting, and regulatory obligations;
  • improving service quality and operational efficiency;
  • defending legal claims and enforcing contractual rights.

We will not use your personal data for purposes that are incompatible with the reasons for which it was collected unless we have a valid legal basis and, where required, we notify you.

3. Lawful Basis for Processing

Under GDPR, we must have a lawful basis for each processing activity. Fitzrovia Storage relies on the following lawful bases:

Contract

We process personal data where it is necessary to enter into or perform a contract with you. This includes opening accounts, administering storage agreements, processing payments, providing access, and managing customer support.

Legal Obligation

We process certain data to comply with legal obligations, including tax rules, accounting requirements, fraud prevention obligations, security obligations, and lawful requests from public authorities.

Legitimate Interests

We process personal data where it is necessary for our legitimate interests, provided those interests are not overridden by your rights and freedoms. These interests include protecting premises, preventing misuse, improving services, managing risk, and maintaining records for operational and legal protection.

Consent

Where we rely on consent, such as for optional communications or specific uses of data not covered by another lawful basis, you may withdraw consent at any time. Withdrawing consent will not affect the lawfulness of processing carried out before withdrawal.

Vital Interests and Public Interest

In exceptional cases, we may process personal data to protect someone’s vital interests or where processing is necessary for reasons of public interest under applicable law.

4. Sharing Your Data and Processors

We may share personal data with carefully selected third parties who help us operate our business. These parties act as processors or, in some cases, independent controllers. We require appropriate contractual safeguards and only disclose the minimum data necessary for the relevant purpose.

Processors may include:

  • Payment processors that handle card transactions and payment administration;
  • IT and cloud service providers that host systems, store records, and support communications;
  • Security service providers that support site monitoring, alarm systems, or CCTV operations;
  • Professional advisers such as accountants, auditors, insurers, and legal advisers;
  • Maintenance and facilities contractors where access or service coordination is required;
  • Identity verification and fraud prevention providers where relevant;
  • Regulatory, law enforcement, or public authorities where disclosure is required by law.

We do not sell your personal data. If data is transferred outside the United Kingdom or European Economic Area, we ensure appropriate safeguards are in place, such as adequacy regulations or standard contractual clauses, where required by law.

5. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, including to satisfy legal, accounting, tax, insurance, or reporting requirements. Retention periods vary depending on the type of data and the reason for processing.

  • Customer account and booking records are retained for the duration of the service relationship and for a reasonable period thereafter.
  • Payment and invoice records are retained for the period required by tax and accounting laws.
  • Security logs and CCTV-related records are retained only as long as necessary for security, incident response, or legal purposes.
  • Complaints and correspondence are retained while needed to resolve issues and for record-keeping purposes.

When personal data is no longer needed, it is securely deleted, anonymised, or archived in a manner consistent with applicable law and good practice.

6. Your Rights

GDPR gives you a number of rights in relation to your personal data. Subject to legal limitations, you may have the right to:

  • access the personal data we hold about you;
  • rectify inaccurate or incomplete information;
  • erase your data in certain circumstances;
  • restrict processing in certain situations;
  • object to processing based on legitimate interests or direct marketing;
  • data portability for data processed by automated means on the basis of consent or contract;
  • withdraw consent where processing is based on consent;
  • not be subject to certain automated decision-making, where applicable.

If you wish to exercise any of these rights, we may need to verify your identity before responding. We will respond within the time limits required by law, unless an extension is permitted due to complexity or multiple requests.

7. Security of Personal Data

We use appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure. These measures may include access controls, staff training, physical security arrangements, encryption where appropriate, and restricted system permissions.

While no system can be guaranteed to be completely secure, we take data protection and confidentiality seriously and review our safeguards regularly.

8. Cookies and Similar Technologies

If we use online systems that collect technical information through cookies or similar technologies, this is done to support functionality, security, and performance. Where required, we will seek your consent for non-essential cookies and provide information about available choices. Any such processing will be limited to what is necessary and proportionate.

9. Children’s Data

Our services are generally intended for adults. We do not knowingly collect personal data from children unless it is necessary for a lawful purpose and with appropriate authorisation from a parent, guardian, or responsible adult where applicable.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, technology, or our services. The latest version will apply from the date it is issued. We encourage customers to review this policy periodically to remain informed about how we process personal data.

11. Summary of Key Points

This policy explains what personal data Fitzrovia Storage collects, why it is collected, the lawful bases we rely on, how long we keep it, who may process it on our behalf, and the rights available to customers. Our aim is to process data transparently and responsibly, using only the information needed to provide secure and reliable storage services.

Call Now!
Call Now Get a Quote
Fitzrovia Storage

GDPR-compliant Privacy Policy for Fitzrovia Storage covering data collection, lawful basis, retention, processors, user rights, and security for all customers in the area.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.