Privacy Policy - Stjohns Storage

This Privacy Policy explains how Stjohns Storage collects, uses, stores, shares, and protects personal data. It applies to all Stjohns Storage customers in the area, including prospective customers, current customers, former customers, and individuals who interact with us in connection with storage services, unit rentals, payments, deliveries, account management, or customer support. We are committed to handling personal data in a lawful, fair, transparent, and secure manner in line with the UK GDPR and the Data Protection Act 2018.

1. Who we are

Stjohns Storage provides storage services and related facility operations. In the context of this policy, Stjohns Storage acts as the data controller for the personal data we collect and process for our own business purposes. This means we decide why and how your personal data is used. In some cases, we may also act as a processor on behalf of another organisation, but this policy focuses on the personal data we control in connection with our own services.

2. Personal data we collect

We collect only the data necessary to operate our services effectively, manage customer relationships, and meet legal obligations. The categories of personal data we may collect include:

  • Identity data such as name, title, date of birth, and identification details where needed for verification.
  • Contact data such as address, email address, and telephone number.
  • Account and contract data such as customer reference numbers, rental details, storage unit assignments, access records, and contract history.
  • Payment data such as billing information, payment status, and transaction records. We do not store full card details unless required by our payment provider’s systems.
  • Security and access data such as CCTV images, access logs, key or entry records, and incident reports where relevant for site security and property protection.
  • Communications data such as enquiries, complaints, service requests, notes from support interactions, and correspondence related to your account.
  • Technical data such as device or browser information when you interact with digital systems used by us, if applicable.

We generally collect data directly from you when you complete forms, sign agreements, make payments, contact us, or use our facilities. We may also receive data from third parties where necessary, for example from payment processors, identity verification services, insurers, legal advisers, or public authorities.

3. How we use personal data

We use personal data for the following purposes:

  • to provide storage services and manage your rental agreement;
  • to verify identity where required;
  • to process payments, refunds, and account administration;
  • to communicate with you about your account, facility updates, and service matters;
  • to maintain site security, protect property, and prevent fraud or misuse;
  • to respond to complaints, disputes, and legal claims;
  • to comply with legal and regulatory obligations;
  • to improve our services, operations, and customer experience;
  • to keep records for accounting, audit, and business administration.

We will only use your personal data for purposes that are compatible with the reason it was collected, unless we have a lawful basis to use it for a new purpose.

4. Lawful basis for processing

Under data protection law, we must have a lawful basis to process your personal data. Stjohns Storage relies on the following lawful bases:

Contract

We process personal data where it is necessary to enter into or perform a contract with you, such as setting up your storage agreement, managing your unit, and administering payments.

Legal obligation

We process data where required to comply with laws and regulations, including tax, accounting, health and safety, fraud prevention, and lawful requests from public authorities.

Legitimate interests

We process data for our legitimate business interests, provided those interests are not overridden by your rights and freedoms. This may include facility security, CCTV monitoring, record keeping, customer service, service improvement, and protection of our property and users.

Consent

In limited cases, we may rely on your consent, for example for certain optional communications or specific uses not covered by other lawful bases. Where we rely on consent, you may withdraw it at any time. Withdrawal will not affect the lawfulness of processing carried out before withdrawal.

Vital interests and public task

These lawful bases are unlikely to apply in most storage-service situations, but may be used in exceptional circumstances if necessary to protect someone’s life or to respond to a lawful public function.

5. Data retention

We keep personal data only for as long as necessary to fulfil the purposes for which it was collected, including meeting legal, accounting, and reporting requirements. Retention periods vary depending on the type of data and the reason for processing.

  • Customer and contract records are typically retained for the duration of the agreement and for a reasonable period afterwards to manage disputes, audits, or claims.
  • Financial and accounting records are retained for the period required by law.
  • Security records such as CCTV and access logs are retained for a limited period unless required longer for an investigation, incident, or legal obligation.
  • Communication records may be retained to ensure service continuity, resolve complaints, and maintain business records.

When personal data is no longer needed, we will delete it securely or anonymise it so it can no longer identify you.

6. Processors and third parties

We may share personal data with trusted third parties who help us deliver services or operate our business. These third parties act as processors or independent controllers depending on the service they provide. They are only permitted to use personal data in accordance with our instructions or their own legal obligations.

Examples of processors and service providers may include:

  • payment processing providers;
  • IT hosting, backup, and software service providers;
  • security and CCTV maintenance providers;
  • customer relationship and communications systems providers;
  • professional advisers such as accountants, insurers, and lawyers;
  • couriers or contractors where needed to support service delivery;
  • public authorities, regulators, law enforcement, or courts where disclosure is required by law.

Where we use processors, we ensure that appropriate contractual safeguards are in place. These safeguards require processors to protect personal data, act only on our instructions, and implement suitable technical and organisational security measures. If data is transferred outside the UK, we will ensure that appropriate transfer mechanisms are used and that your data remains protected to an adequate standard.

7. Data security

We use appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure. These may include access controls, secure storage, staff training, password protection, encryption where appropriate, and physical security measures at our facilities. While we work hard to protect personal data, no system can be guaranteed to be completely secure.

8. Your rights

Under data protection law, you have a number of rights in relation to your personal data. These rights may be subject to conditions and exceptions:

  • Right of access – you can request a copy of the personal data we hold about you.
  • Right to rectification – you can ask us to correct inaccurate or incomplete data.
  • Right to erasure – you can ask us to delete your data in certain circumstances.
  • Right to restrict processing – you can ask us to limit how we use your data in certain situations.
  • Right to data portability – you can request that certain data be provided to you or another controller in a structured, commonly used format.
  • Right to object – you can object to processing based on legitimate interests, including direct marketing where applicable.
  • Right to withdraw consent – where processing is based on consent, you may withdraw it at any time.

You also have the right to raise concerns about how your personal data is handled. If you believe your data protection rights have been violated, you may lodge a complaint with the relevant supervisory authority. We encourage you to contact us first so we can address any concerns promptly and fairly.

9. Children’s data

Our services are intended for adults and business users. We do not knowingly collect personal data from children except where required in a lawful and limited context, such as emergency contact details or family-related arrangements authorised by an adult customer. If we become aware that we have collected data from a child unlawfully, we will take steps to delete it.

10. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in law, regulation, operational practices, or the way we provide our services. Any changes will take effect when the updated policy is made available. We recommend reviewing this policy periodically so that you remain informed about how your personal data is handled.

11. Fair processing commitment

Stjohns Storage is committed to processing personal data in a way that is transparent, proportionate, and respectful of privacy. We will only collect what we need, use it for clear purposes, keep it only as long as necessary, and safeguard it appropriately. We aim to ensure that all customers in the area can trust us to handle their information responsibly and in compliance with applicable data protection law.

Call Now!
Call Now Get a Quote
Stjohns Storage

GDPR-compliant Privacy Policy for Stjohns Storage covering data collection, lawful basis, retention, processors, user rights, and local customer scope.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.