Privacy Policy - Burntoak Storage

This Privacy Policy explains how Burntoak Storage collects, uses, stores, shares, and protects personal data in relation to its storage services. It applies to all Burntoak Storage customers in the area, including prospective customers, account holders, authorised representatives, and any individuals whose personal data is provided to us in connection with storage arrangements. We are committed to handling personal information in a lawful, fair, transparent, and secure manner in accordance with applicable data protection laws, including the UK GDPR and the Data Protection Act 2018.

1. Information We Collect

We collect personal data that is necessary to provide and manage our storage services, maintain security, comply with legal obligations, and communicate with customers. The types of information we may collect include:

  • Identity details such as name, date of birth, and proof of identity documents where needed for verification.
  • Contact details such as postal address, email address, and telephone number.
  • Account and service details including booking information, unit allocation, access records, payment status, and customer correspondence.
  • Payment information such as billing records and transaction references. Where payment card processing is involved, this is handled by secure payment providers rather than stored unnecessarily by us.
  • Security and access data including CCTV images, entry logs, key or access code records, and incident reports where relevant to site safety and security.
  • Communication records including enquiries, complaints, instructions, and notes from interactions with our team.
  • Technical data such as limited device or usage information where captured through our systems for security, fraud prevention, or operational purposes.

We generally collect data directly from you when you enquire about, enter into, or use our services. In some cases, we may receive data from third parties such as payment processors, identity verification services, insurers, law enforcement, or individuals authorised to act on your behalf.

2. How We Use Personal Data

We use personal data only where we have a valid legal basis to do so. Our uses include:

  • setting up and administering customer accounts;
  • verifying identity and preventing fraud;
  • managing access to storage facilities and ensuring site security;
  • processing payments and maintaining records;
  • responding to enquiries, service requests, and complaints;
  • enforcing agreements, including recovery of outstanding balances where necessary;
  • complying with legal, regulatory, tax, accounting, and insurance obligations;
  • monitoring and improving the safety, operation, and performance of our services;
  • protecting our rights, property, staff, customers, and premises.

3. Lawful Basis for Processing

Under data protection law, we must identify a lawful basis for each processing activity. Depending on the circumstances, Burntoak Storage may rely on the following lawful bases:

Performance of a Contract

We process personal data to enter into and perform our storage agreements, manage accounts, provide access to units, issue invoices, and deliver related customer services.

Legal Obligation

We may process personal data where necessary to comply with legal requirements, including accounting, tax, fraud prevention, health and safety, and law enforcement requests.

Legitimate Interests

We may process data for our legitimate business interests where these are not overridden by your rights and freedoms. These interests may include property security, CCTV monitoring, business administration, service improvement, debt recovery, and safeguarding our staff and customers. Where we rely on legitimate interests, we consider the impact on individuals and apply appropriate safeguards.

Consent

In limited situations, we may rely on your consent, for example for optional communications or certain non-essential uses of data. Where consent is used, you have the right to withdraw it at any time. Withdrawal of consent will not affect the lawfulness of processing carried out before withdrawal.

Vital Interests

In exceptional circumstances, we may process personal data to protect someone’s vital interests, such as in an emergency affecting health or safety.

4. Sharing Data and Processors

We do not sell personal data. However, we may share personal information with trusted third parties when necessary for service delivery, legal compliance, or business operations. These third parties may act as processors or, in some cases, as independent controllers.

Examples of processors and service providers may include:

  • payment processing providers;
  • IT and cloud hosting services;
  • customer management and booking systems;
  • security and CCTV maintenance providers;
  • professional advisers such as accountants, insurers, and legal advisers;
  • communications and record-keeping providers;
  • debt recovery or collections partners acting on our instructions where appropriate.

Where a third party processes data on our behalf, we require them to protect the data, use it only for specified purposes, and apply appropriate technical and organisational security measures. We may also disclose personal data to public authorities, regulators, courts, or law enforcement where required or permitted by law.

5. Retention of Personal Data

We keep personal data only for as long as necessary for the purposes for which it was collected, and for as long as required by law, contract, or legitimate business needs. Retention periods may vary depending on the type of information and the reason for processing.

  • Customer account records are generally retained for the duration of the service relationship and for a reasonable period afterward to handle queries, disputes, or legal claims.
  • Financial and tax records are retained for the period required by applicable accounting and tax laws.
  • Security records such as CCTV footage and access logs are retained only as long as needed for security, incident investigation, or legal purposes.
  • Correspondence and complaint records may be retained for evidence of how matters were handled and to support service quality.

When data is no longer required, we will securely delete, anonymise, or archive it in a controlled manner. Retention is always limited to what is necessary and proportionate.

6. Data Security

We take appropriate measures to protect personal data against unauthorised access, alteration, disclosure, loss, or destruction. These measures may include access controls, secure storage, staff training, system monitoring, and contractual safeguards with third-party processors. While no system can be guaranteed to be completely secure, we continually review our controls and procedures to reduce risks to an appropriate level.

7. Your Rights

Subject to applicable law, you have the following rights regarding your personal data:

  • Right of access – to request confirmation of whether we process your data and to obtain a copy of it.
  • Right to rectification – to request correction of inaccurate or incomplete data.
  • Right to erasure – to request deletion of data in certain circumstances.
  • Right to restriction – to request limited processing in specific situations.
  • Right to object – to object to processing based on legitimate interests or direct marketing where applicable.
  • Right to data portability – to receive certain data in a structured, commonly used, machine-readable format where the legal conditions are met.
  • Right to withdraw consent – where processing is based on consent, you may withdraw it at any time.
  • Right to complain – to raise concerns with the relevant data protection supervisory authority if you believe your rights have been infringed.

To exercise your rights, we may need to verify your identity before responding. Some rights may be limited where processing is required to comply with legal obligations or to establish, exercise, or defend legal claims.

8. International Transfers

If personal data is transferred outside the UK, we will take steps to ensure an adequate level of protection is in place. This may include using approved contractual safeguards or transferring data only to countries recognised as providing appropriate protection.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or data handling practices. Any revised version will apply from the date it is issued or otherwise communicated. We encourage customers to review this policy periodically so they remain informed about how we protect personal data.

10. Summary of Our Commitment

Burntoak Storage is committed to responsible data handling and to respecting the privacy of every customer. We collect only the information needed to provide secure and efficient storage services, use it for clear and lawful purposes, retain it for no longer than necessary, and share it only with trusted processors or where required by law. We also recognise and support your rights under data protection law. Your privacy and trust are important to us, and we aim to manage your data with care, transparency, and accountability.

Call Now!
Call Now Get a Quote
Burntoak Storage

GDPR-compliant Privacy Policy for Burntoak Storage covering data collection, lawful basis, retention, processors, and user rights for all customers in the area.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.