Privacy Policy - Merton Storage

This Privacy Policy explains how Merton Storage collects, uses, stores, shares, and protects personal data relating to customers, prospective customers, and other individuals whose information is processed in connection with our storage services. It applies to all Merton Storage customers in the area and is intended to provide clear information about your rights and our responsibilities under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

We are committed to handling personal data in a fair, lawful, transparent, and secure manner. We only collect data that is necessary for the purposes described in this policy, and we keep it only for as long as required for those purposes or as required by law.

1. Personal Data We Collect

We may collect and process the following categories of personal data:

  • Identity information such as your name, title, and date of birth where needed.
  • Contact details such as your postal address, email address, and telephone number.
  • Account and contract information including tenancy or storage agreement details, service preferences, and communication records.
  • Payment information such as billing details and transaction records. We do not normally store full card details where payment processing is handled securely by a payment provider.
  • Access and security information such as keyholder records, identification checks, CCTV records, entry logs, and vehicle registration information where applicable.
  • Correspondence including emails, letters, complaints, claims, and any other communications with us.
  • Technical data if you use any digital services linked to your account, such as device identifiers, log data, and usage records.

We generally collect personal data directly from you when you enquire about our services, sign an agreement, make a payment, communicate with us, or otherwise interact with us. In some cases, we may also receive information from third parties such as payment processors, identity verification providers, insurers, debt recovery providers, legal advisers, or public authorities.

2. How We Use Your Data

We use personal data only where we have a valid legal basis and for the purposes set out below:

  • to register and manage customer accounts;
  • to provide storage services and administer agreements;
  • to verify identity and prevent fraud;
  • to process payments, refunds, and outstanding balances;
  • to communicate with you about your account, our services, and service-related matters;
  • to maintain security, protect property, and manage access to our facilities;
  • to deal with complaints, disputes, insurance matters, and legal claims;
  • to comply with legal and regulatory obligations;
  • to improve our services, systems, and customer experience;
  • to keep business records and carry out internal administration.

We do not use personal data for purposes that are incompatible with the reasons it was collected unless we have a lawful basis to do so.

3. Lawful Basis for Processing

Under UK GDPR, we must identify a lawful basis for every processing activity. Depending on the situation, Merton Storage may rely on the following bases:

a. Performance of a Contract

We process your personal data when it is necessary to enter into or perform a storage agreement with you, manage your account, provide access to storage facilities, and administer related services.

b. Legal Obligation

We may process data to comply with legal requirements such as tax rules, accounting obligations, fraud prevention laws, court orders, and record-keeping duties.

c. Legitimate Interests

We may process data where it is necessary for our legitimate business interests, provided your interests and fundamental rights do not override those interests. This may include protecting our property, preventing crime, improving services, enforcing agreements, and managing operational efficiency. Where we rely on legitimate interests, we consider whether the processing is reasonable, necessary, and proportionate.

d. Consent

In limited cases, we may ask for your consent, for example for certain optional communications or specific uses that are not covered by another lawful basis. Where consent is used, you may withdraw it at any time.

4. Sharing Your Personal Data

We may share personal data with trusted third parties only where necessary and appropriate. These parties may act as processors or, in some circumstances, as independent controllers. We require all processors to handle personal data securely, only on our instructions, and in accordance with applicable data protection law.

Examples of processors and service providers may include:

  • Payment processors for handling card or electronic payments;
  • IT and cloud service providers for hosting, storage, system maintenance, and data backup;
  • Security providers for alarm systems, access control, or CCTV support;
  • Identity verification providers for confirming customer identity where necessary;
  • Professional advisers such as lawyers, accountants, insurers, or auditors;
  • Debt recovery or credit management providers where recovery of outstanding amounts is required;
  • Regulators, law enforcement, or public authorities where disclosure is required by law.

We do not sell personal data. If data must be transferred outside the UK, we will ensure appropriate safeguards are in place, such as adequacy regulations or approved contractual protections.

5. Data Retention

We keep personal data only for as long as necessary to fulfil the purposes for which it was collected, including for legal, accounting, reporting, insurance, or dispute-resolution requirements. Retention periods depend on the type of information and the context in which it is used.

  • Customer and contract records are retained for the duration of the agreement and for a reasonable period afterwards.
  • Payment and financial records are retained for the periods required by tax and accounting law.
  • Security records such as CCTV or access logs are retained for a limited period unless needed for an investigation, incident, or legal matter.
  • Correspondence and complaints may be retained for as long as necessary to resolve the issue and defend or pursue legal claims.

When personal data is no longer needed, we will delete it securely or anonymise it so that it can no longer identify you.

6. Data Security

We take appropriate technical and organisational measures to protect personal data against accidental loss, unlawful destruction, alteration, unauthorised disclosure, or access. These measures may include restricted access controls, secure storage, staff training, encryption, and monitoring of systems and facilities. While no system can be guaranteed to be completely secure, we work to reduce risks and respond promptly to incidents.

7. Your Rights

Under data protection law, you have a number of rights in relation to your personal data. These rights are not absolute and may be limited in some circumstances.

  • Right of access – you may request a copy of the personal data we hold about you.
  • Right to rectification – you may ask us to correct inaccurate or incomplete data.
  • Right to erasure – you may request deletion of data in certain situations, such as where it is no longer needed or consent is withdrawn.
  • Right to restriction – you may ask us to limit how we use your data in certain circumstances.
  • Right to object – you may object to processing based on legitimate interests or direct marketing.
  • Right to data portability – you may request certain data in a structured, commonly used, machine-readable format where applicable.
  • Right to withdraw consent – where we rely on consent, you may withdraw it at any time.

You also have the right to lodge a complaint with the UK Information Commissioner's Office if you believe your data protection rights have been infringed. We encourage you to raise any concerns with us first so we can try to resolve them.

8. Children’s Data

Our storage services are not directed at children, and we do not knowingly collect personal data from children unless it is necessary in connection with a customer account or legal obligation. Where such data is processed, we will do so only in line with applicable law and with appropriate safeguards.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, regulation, technology, or our business practices. The most current version will apply to the processing of your personal data. We encourage customers to review this policy periodically so they remain informed about how we handle personal data.

10. Contact and Further Information

We are responsible for deciding how and why personal data is processed in relation to our storage services. If you wish to exercise your rights, ask questions about this policy, or raise a privacy concern, you may do so through our usual customer service channels. We will consider all requests carefully and respond within the time limits required by law.

This policy is intended to provide a clear and practical explanation of our privacy practices for customers of Merton Storage in the area. By using our services, you acknowledge that personal data may be processed in accordance with this policy and applicable data protection law.

Call Now!
Call Now Get a Quote
Merton Storage

GDPR-compliant Privacy Policy for Merton Storage covering data collection, lawful basis, retention, processors, and user rights for all customers in the area.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.