Privacy Policy - Pinner Storage

This Privacy Policy explains how Pinner Storage collects, uses, stores, shares, and protects personal data in connection with its services. It applies to all Pinner Storage customers in the area, including individuals and business customers who use our storage facilities, administration services, payment systems, or related customer support channels.

We are committed to processing personal data fairly, lawfully, and transparently in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy describes the types of information we may collect, the lawful bases we rely on, how long we retain information, the categories of processors we may use, and the rights available to individuals.

1. Information We Collect

We may collect personal data directly from customers, from interactions with our services, or from third parties where permitted by law. The information we collect depends on the nature of the relationship and the services used.

Information provided by you

  • Identity details such as name, title, and date of birth where needed for verification.
  • Contact details such as postal address, email address, and telephone number.
  • Account and contract information including storage unit allocation, rental period, agreement details, and customer reference data.
  • Payment information such as billing address, payment card details processed securely by payment providers, invoices, and transaction records.
  • Communication records including correspondence, service requests, complaints, notices, and feedback.
  • Verification information where required to confirm identity, prevent fraud, or comply with legal obligations.

Information collected automatically

  • Access and security records such as entry logs, gate access records, alarm events, and CCTV footage where used for security purposes.
  • Technical information including device type, browser type, and basic usage data when you interact with our digital systems.
  • Operational information relating to storage unit use, service visits, and facility management.

We do not intentionally collect special category data unless it is necessary and lawful to do so. If such data is ever provided, it will be handled with enhanced protection and only where a lawful basis exists.

2. How We Use Personal Data

We use personal data only where it is necessary for a legitimate and defined purpose. This may include:

  • providing storage services and managing customer accounts;
  • processing payments, refunds, and account administration;
  • verifying identity and preventing fraud;
  • maintaining the security of premises, staff, customers, and property;
  • communicating service-related notices and updates;
  • handling queries, disputes, and complaints;
  • meeting legal, regulatory, and accounting obligations;
  • protecting our rights, enforcing contracts, and managing insurance or legal claims.

We will not use personal data for unrelated purposes unless the law allows us to do so and the new use is compatible with the original purpose.

3. Lawful Basis for Processing

Pinner Storage processes personal data only where one or more lawful bases under GDPR apply. Depending on the circumstances, we may rely on the following:

Contract

We process personal data when it is necessary to enter into or perform a storage contract, including setting up accounts, managing unit access, processing payments, and providing agreed services.

Legal obligation

We may process data to comply with legal duties, such as tax, accounting, consumer law, anti-fraud requirements, or lawful requests from authorities.

Legitimate interests

We may process personal data where it is necessary for our legitimate business interests and those interests are not overridden by your rights and freedoms. This includes facility security, business administration, service improvement, prevention of misuse, and enforcement of contractual rights.

Consent

In limited cases, we may rely on consent, such as for certain optional communications or specific non-essential processing. Where consent is used, you may withdraw it at any time without affecting the lawfulness of prior processing.

Vital interests and public task

These lawful bases are unlikely to apply in normal storage operations, but they may be used in exceptional circumstances where required by law.

4. Retention of Personal Data

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, insurance, and reporting requirements. Retention periods vary depending on the type of information and the reason for processing.

  • Contract and account records are kept for the duration of the customer relationship and for a reasonable period afterward.
  • Payment and financial records are retained to satisfy accounting and tax obligations.
  • Security records such as access logs or CCTV footage are retained only for as long as necessary for security, incident investigation, or legal purposes.
  • Communications and complaints may be kept for the period needed to resolve the issue and demonstrate compliance.

When personal data is no longer required, we will delete it securely, anonymise it, or archive it in a way that prevents further use except where continued retention is required by law.

5. Processors and Data Sharing

We may use trusted third-party processors to help us operate our services. These processors act on our instructions and are only permitted to process personal data for specified purposes and under appropriate contractual safeguards.

Categories of processors may include:

  • Payment processors for secure transaction handling.
  • IT and hosting providers for system storage, maintenance, and security.
  • Security providers for alarm monitoring, access control, and CCTV support.
  • Accountancy and administrative providers for financial records and compliance support.
  • Legal, insurance, and debt recovery partners where necessary to protect our rights or manage claims.

We may also share personal data with public authorities, regulators, law enforcement, or courts where required by law or where necessary to establish, exercise, or defend legal claims. We do not sell personal data.

6. Security of Personal Data

We take appropriate technical and organisational measures to protect personal data against loss, misuse, unauthorised access, disclosure, alteration, or destruction. These measures may include access controls, secure storage, staff training, confidentiality obligations, system monitoring, and restricted data access.

Although no system can be guaranteed to be completely secure, we regularly review our safeguards to reduce risk and maintain compliance.

7. Your Rights Under GDPR

Subject to applicable law, individuals have several rights in relation to their personal data. These rights may be limited in some situations, for example where disclosure would affect the rights of others or where we must retain data for legal reasons.

  • Right of access - to request a copy of the personal data we hold about you.
  • Right to rectification - to request correction of inaccurate or incomplete data.
  • Right to erasure - to request deletion of personal data where there is no lawful reason to keep it.
  • Right to restriction - to request limited processing in certain circumstances.
  • Right to object - to object to processing based on legitimate interests or direct marketing.
  • Right to data portability - to receive certain data in a structured, commonly used format, where applicable.
  • Right to withdraw consent - where processing is based on consent.
  • Right to complain - to raise concerns with the relevant supervisory authority if you believe your data rights have not been respected.

We aim to respond to valid requests within the time limits required by law. To protect privacy, we may need to verify identity before acting on a request.

8. International Transfers

If personal data is transferred outside the UK, we will ensure that appropriate safeguards are in place to protect it in line with GDPR requirements. These safeguards may include adequacy regulations, standard contractual clauses, or other lawful transfer mechanisms.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, operational needs, or service arrangements. Any revised version will apply from the date of publication or from another effective date stated in the updated policy.

This policy is intended to provide a clear and fair explanation of how personal data is handled by Pinner Storage. By using our services, customers in the area acknowledge that their personal data may be processed as described in this policy and in accordance with applicable data protection laws.

Call Now!
Call Now Get a Quote
Pinner Storage

GDPR-compliant Privacy Policy for Pinner Storage covering data collection, lawful basis, retention, processors, user rights, and applies to all local customers.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.