Privacy Policy - Holloway Storage

Effective date: This Privacy Policy applies to all Holloway Storage customers in the area and explains how we collect, use, store, share, and protect personal data in connection with our storage services.

We are committed to handling personal data in a lawful, fair, and transparent manner in accordance with the UK GDPR and the Data Protection Act 2018, as applicable. This policy explains what data we collect, why we collect it, the lawful bases we rely on, how long we keep it, who may process it on our behalf, and the rights available to individuals.

1. Who this policy applies to

This Privacy Policy applies to all customers, prospective customers, website visitors, account holders, authorised contacts, and any other individuals whose personal data we process in the course of providing storage-related services in the area served by Holloway Storage.

By using our services, making an enquiry, signing an agreement, or otherwise interacting with us, you acknowledge that your personal data may be processed as described in this policy.

2. Personal data we collect

We only collect personal data that is relevant and necessary for operating our services, managing customer accounts, maintaining security, and meeting our legal obligations. The types of data we may collect include:

  • Identity details: name, title, date of birth, and identification details where required for verification.
  • Contact details: address, email address, telephone number, and other communication preferences.
  • Account and service details: rental dates, storage unit information, payment history, access permissions, and service records.
  • Financial details: billing records, payment status, and limited payment-related information needed to process transactions.
  • Security and access data: entry logs, CCTV images where used, incident reports, and records of authorised access.
  • Correspondence: communications with us by email, telephone, in writing, or through other channels.
  • Technical data: device and usage information if you interact with digital systems we operate, such as log files or cookie-related data where applicable.

We generally collect personal data directly from you when you enquire about our services, create or maintain an account, enter into an agreement, make a payment, or communicate with us. We may also receive data from third parties where necessary, such as identity verification providers, payment processors, or legal and regulatory bodies.

3. How we use personal data

We use personal data for the following purposes:

  • to assess enquiries and provide quotations or service information;
  • to set up, administer, and manage storage accounts;
  • to verify identity and prevent fraud;
  • to process payments, refunds, and account balances;
  • to manage access to premises and storage units;
  • to maintain security, protect property, and investigate incidents;
  • to communicate notices, updates, reminders, or contract-related information;
  • to comply with legal, tax, accounting, and regulatory obligations;
  • to establish, exercise, or defend legal claims;
  • to improve our service operations and customer experience.

We do not use personal data for purposes that are incompatible with the reasons for which it was collected unless we have a lawful basis and, where required, have notified you.

4. Lawful basis for processing

We process personal data only where we have a valid lawful basis under data protection law. Depending on the context, we may rely on one or more of the following:

Contract

We process personal data where it is necessary to enter into or perform a contract with you. This includes managing your storage agreement, handling payments, providing access, and communicating about your account.

Legal obligation

We may process personal data where we are required to do so by law, including obligations relating to tax, accounting, fraud prevention, record keeping, or compliance with lawful requests from authorities.

Legitimate interests

We may process personal data where it is necessary for our legitimate interests, provided those interests are not overridden by your rights and freedoms. Our legitimate interests may include protecting our premises, preventing misuse, maintaining business records, improving services, and managing customer relationships.

Consent

In limited circumstances, we may rely on your consent, for example for certain optional communications or non-essential uses of personal data. Where we rely on consent, you may withdraw it at any time, although this will not affect any processing already carried out lawfully before withdrawal.

Vital interests

In rare cases, we may process personal data to protect someone’s vital interests, such as in an emergency involving health or safety.

5. Data retention

We keep personal data only for as long as necessary to fulfil the purposes for which it was collected, including meeting contractual obligations, complying with legal requirements, and resolving disputes. Retention periods vary depending on the category of data and the reason for processing.

  • Customer account and contract records: retained for the duration of the relationship and for a reasonable period afterwards.
  • Payment and accounting records: retained for the period required by tax and accounting laws.
  • Security records: retained for a limited period unless needed longer for an investigation or legal claim.
  • Correspondence and complaint records: retained as long as necessary to address the matter and manage future reference.

When personal data is no longer required, we will securely delete, anonymise, or archive it in accordance with our retention procedures and applicable law.

6. Processors and third parties

We may share personal data with trusted third-party service providers who act as processors on our behalf. These processors are only allowed to use personal data under our instructions and must implement appropriate security measures.

Examples of processors may include:

  • payment service providers;
  • IT and hosting providers;
  • security and CCTV system providers;
  • identity verification or fraud prevention providers;
  • professional advisers such as accountants, auditors, or legal advisers;
  • maintenance and facilities service providers where access to limited personal data is necessary.

We may also disclose personal data to independent third parties where required by law, to law enforcement, regulators, courts, insurers, or other authorities, or in connection with the establishment, exercise, or defence of legal claims.

Where a processor handles personal data on our behalf, we require appropriate contractual safeguards and confidentiality obligations. We do not sell personal data.

7. Data security

We take appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, misuse, alteration, or disclosure. These measures may include access controls, secure storage, staff confidentiality obligations, regular reviews of security practices, and limited access on a need-to-know basis.

While no system can be guaranteed completely secure, we work to reduce risks and respond appropriately to suspected security incidents.

8. International transfers

If personal data is transferred outside the UK, we will take steps to ensure that appropriate safeguards are in place and that the transfer complies with applicable data protection law. This may include use of adequacy regulations, standard contractual clauses, or other lawful transfer mechanisms.

9. Your rights

You have a number of rights in relation to your personal data, subject to legal conditions and exceptions. These rights may include:

  • Right of access: to request a copy of the personal data we hold about you.
  • Right to rectification: to correct inaccurate or incomplete data.
  • Right to erasure: to request deletion of your data in certain circumstances.
  • Right to restriction: to ask us to limit how we use your data in certain cases.
  • Right to object: to object to processing based on legitimate interests or direct marketing, where applicable.
  • Right to data portability: to receive certain data in a structured, commonly used format where the legal test is met.
  • Right to withdraw consent: where processing is based on consent, you may withdraw that consent at any time.

You also have the right to complain to the UK Information Commissioner’s Office if you believe your data protection rights have been infringed. We encourage individuals to raise concerns with us first so we can try to resolve them promptly.

10. Children’s data

Our storage services are intended for adults. We do not knowingly collect personal data from children except where necessary and lawful in limited circumstances, such as emergency contact details or where a parent or legal guardian provides information on behalf of a child.

11. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or data handling practices. Any updated version will apply from the date it is made available. We encourage customers to review this policy periodically to stay informed about how we protect personal data.

12. Summary of our approach

In summary, Holloway Storage processes personal data only where it is necessary, proportionate, and lawful. We collect data to operate storage services, maintain security, meet contractual and legal obligations, and support customer administration. We retain data only for as long as needed, use processors under strict safeguards, and respect the rights of individuals whose data we process.

This Privacy Policy applies to all Holloway Storage customers in the area.

Call Now!
Call Now Get a Quote
Holloway Storage

GDPR-compliant Privacy Policy for Holloway Storage covering data collection, lawful basis, retention, processors, and user rights.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.