Privacy Policy - Crystalpalace Storage

Effective Date: This Privacy Policy applies to all Crystalpalace Storage customers in the area and explains how we collect, use, store, share, and protect personal data in accordance with applicable data protection laws, including the UK GDPR and the Data Protection Act 2018.

Crystalpalace Storage is committed to protecting your privacy. We only process personal data where we have a lawful basis to do so, and we take appropriate technical and organisational measures to safeguard the information entrusted to us. This policy applies to customers, prospective customers, business contacts, and other individuals whose personal data we process in connection with our storage services.

1. Data We Collect

We may collect and process different types of personal data depending on how you interact with us and the services you use. The categories of data we may collect include:

  • Identity information: name, title, date of birth, and identification details where needed for verification.
  • Contact information: address, email address, telephone number, and billing address.
  • Account and service information: customer references, booking details, unit allocation, access permissions, payment status, and communications relating to your storage agreement.
  • Financial information: payment card information, bank details, transaction records, and invoicing information.
  • Security and access information: CCTV footage, entry records, gate logs, alarm records, and other security-related data necessary to protect people and property.
  • Correspondence: emails, calls, messages, complaints, and any other records of communication with us.
  • Technical information: device data, IP address, browser type, and website usage data if you interact with our digital services.

We generally collect personal data directly from you when you enquire about storage, enter into a contract, make a payment, communicate with us, or use our premises and services. In some cases, we may also receive data from third parties such as payment providers, identity verification services, insurers, legal representatives, or public authorities where lawful and appropriate.

2. How We Use Personal Data

We use personal data only for specific, legitimate purposes connected to our storage services and legal obligations. These purposes may include:

  • setting up and managing your storage account;
  • verifying your identity and eligibility;
  • processing payments, refunds, and invoices;
  • providing access to storage facilities and monitoring site security;
  • communicating with you about your account, contract, or service changes;
  • handling enquiries, complaints, and disputes;
  • maintaining records for accounting, auditing, and compliance;
  • preventing fraud, misuse, theft, or unlawful activity;
  • protecting the rights, property, and safety of Crystalpalace Storage, our customers, staff, and visitors;
  • meeting legal and regulatory requirements.

We do not use personal data for purposes that are incompatible with those for which it was collected, unless we are required or permitted to do so by law.

3. Lawful Basis for Processing

Under data protection law, we must have a lawful basis for processing personal data. Depending on the circumstances, Crystalpalace Storage may rely on one or more of the following bases:

3.1 Contract

We process personal data where it is necessary to enter into or perform our storage agreement with you. This includes managing your booking, providing access to your unit, handling payments, and delivering the services you have requested.

3.2 Legal obligation

We may process data where necessary to comply with legal duties, such as tax, accounting, consumer protection, security, anti-fraud, or record-keeping obligations.

3.3 Legitimate interests

We may process personal data where it is necessary for our legitimate interests, provided those interests are not overridden by your rights and freedoms. Legitimate interests may include running and improving our business, maintaining site security, preventing fraud, protecting property, and resolving disputes.

3.4 Consent

Where we rely on consent, we will ask for it clearly and separately. You may withdraw consent at any time, where applicable. Withdrawal will not affect the lawfulness of processing carried out before consent was withdrawn.

3.5 Vital interests and public task

These bases are unlikely to apply in most storage service contexts, but we may rely on them where necessary to protect someone’s life or where required by public authorities under law.

4. Retention of Personal Data

We keep personal data only for as long as necessary for the purposes for which it was collected, including to meet legal, accounting, reporting, and dispute-resolution requirements. The retention period will depend on the type of data and the context in which it is processed.

Typical retention approach:

  • Customer account records: retained for the duration of the contract and for a reasonable period afterwards to handle queries, claims, and compliance matters.
  • Financial and tax records: retained for the period required by applicable accounting and tax laws.
  • CCTV and access logs: retained only as long as necessary for security, incident investigation, and crime prevention purposes.
  • Correspondence and complaints: retained as long as needed to resolve the issue and maintain an accurate record of the matter.

When personal data is no longer required, we will securely delete, destroy, or anonymise it so that it can no longer identify you. Retention periods may vary depending on legal obligations and operational needs.

5. Sharing and Processors

We may share personal data with trusted third parties where necessary to operate our business, provide our services, protect our interests, or comply with the law. Any third party acting on our behalf is required to handle personal data securely and in accordance with data protection requirements.

Examples of processors and recipients may include:

  • Payment processors who handle card or bank transactions;
  • IT and hosting providers who support our data storage, systems, and communications;
  • Security service providers who assist with monitoring, access control, or alarm systems;
  • Accounting and administrative providers who support invoicing, bookkeeping, and compliance;
  • Professional advisers such as insurers, auditors, lawyers, and consultants;
  • Public authorities and law enforcement where disclosure is required or permitted by law.

Where we use processors, we enter into contracts requiring them to process personal data only on our instructions, to keep it confidential, and to implement appropriate security measures. Some providers may process data outside the UK. If this happens, we will ensure suitable safeguards are in place to protect your information, such as approved transfer mechanisms and contractual protections.

6. Security of Personal Data

We take the security of personal data seriously and use a combination of physical, technical, and organisational safeguards designed to prevent unauthorised access, alteration, loss, or disclosure. These measures may include restricted access controls, staff training, secure storage, encryption where appropriate, CCTV, and monitoring of our systems.

While we work hard to protect personal data, no system can be guaranteed as completely secure. If a personal data breach occurs and it is likely to result in a risk to your rights and freedoms, we will take steps in line with applicable law, which may include notifying affected individuals and the relevant supervisory authority.

7. Your Rights

Subject to certain conditions and exceptions under data protection law, you have the following rights in relation to your personal data:

  • Right of access: to obtain confirmation of whether we process your data and to receive a copy of it;
  • Right to rectification: to request correction of inaccurate or incomplete data;
  • Right to erasure: to request deletion of data in certain circumstances;
  • Right to restriction: to ask us to limit processing in certain situations;
  • Right to data portability: to receive certain data in a structured, commonly used format where technically feasible;
  • Right to object: to object to processing based on legitimate interests or direct marketing;
  • Right to withdraw consent: where processing is based on consent;
  • Right to complain: to the relevant data protection authority if you believe your rights have been infringed.

We may need to verify your identity before responding to a request. We will respond within the time limits required by law and will explain if any exemption applies. If you wish to exercise any of these rights, please make your request using the appropriate channel provided by Crystalpalace Storage.

8. Children’s Data

Our storage services are intended for adults and business users. We do not knowingly collect personal data from children unless it is necessary and lawful in exceptional circumstances, such as where a parent or guardian is the customer or authorised contact.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal obligations, or service arrangements. The most current version will apply from the date it is made available. We encourage you to review this policy periodically so that you remain informed about how we process personal data.

10. Summary of Our Commitment

Crystalpalace Storage respects your privacy and is committed to processing personal data lawfully, fairly, and transparently. We collect only what we need, use it for clear purposes, retain it for appropriate periods, and share it only with trusted processors or where required by law. Your rights matter to us, and we will take steps to ensure your personal information is handled responsibly and securely.

Call Now!
Call Now Get a Quote
Crystalpalace Storage

GDPR-compliant Privacy Policy for Crystalpalace Storage covering data collection, lawful basis, retention, processors, security, and user rights.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.