Privacy Policy - Mordenpark Storage

This Privacy Policy explains how Mordenpark Storage collects, uses, stores, shares, and protects personal data in connection with its storage services. It applies to all Mordenpark Storage customers in the area, including prospective customers, current customers, former customers, visitors, account holders, and any individual who interacts with us in relation to our services.

1. Introduction

We are committed to protecting personal data and respecting privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy describes the categories of information we process, the purposes for which we use it, the lawful bases on which we rely, how long we keep it, the third parties who may process it on our behalf, and the rights available to individuals.

By using our services, visiting our premises, or otherwise providing us with personal data, you acknowledge that your information may be processed as described in this policy.

2. Data We Collect

We collect only the personal data necessary to operate our services effectively, securely, and lawfully. The types of information we may collect include:

Identity information: name, date of birth, and proof of identity where required.
Contact details: postal address, email address, telephone number, and emergency contact details where applicable.
Account and tenancy information: booking details, unit allocation, payment status, contract records, access permissions, and service preferences.
Payment information: bank account details, card details, billing history, invoices, and records of transactions.
Access and security information: CCTV images, entry and exit logs, gate or access codes, and records of visits to our premises.
Communication records: emails, letters, telephone notes, complaint records, and other correspondence.
Technical information: device information and limited usage data if you interact with our online services or digital systems.
Legal and compliance data: information collected to meet insurance, fraud prevention, regulatory, or legal obligations.

We generally collect personal data directly from you. In some cases, we may receive data from payment providers, contractors, insurers, legal advisers, or public authorities where permitted by law.

3. How We Use Personal Data

We process personal data for the following purposes:

to create and manage storage contracts and customer accounts;
to verify identity and prevent misuse or fraud;
to provide access to storage units and related facilities;
to process payments, send invoices, and manage arrears;
to communicate about service matters, updates, reminders, and notices;
to maintain the safety and security of our site, staff, customers, and property;
to monitor for unlawful activity, damage, or prohibited use of storage units;
to comply with legal, tax, accounting, and regulatory obligations;
to defend legal claims and manage disputes;
to improve the quality, reliability, and efficiency of our services.

We only use personal data where we have a lawful basis to do so and where the processing is relevant and proportionate to the purpose.

4. Lawful Basis for Processing

Under data protection law, we must identify a lawful basis for each type of processing. Depending on the circumstances, we rely on the following bases:

Contract

We process personal data where it is necessary to enter into or perform a contract with you. This includes handling account details, access arrangements, billing, and service communications that are necessary to provide storage services.

Legal Obligation

We may process data where we must comply with a legal obligation, such as accounting requirements, tax law, fraud prevention duties, court orders, or responses to lawful requests from authorities.

Legitimate Interests

We may process data where it is necessary for our legitimate interests or those of a third party, provided those interests are not overridden by your rights and freedoms. These interests include site security, preventing theft or misuse, maintaining records, managing customer relationships, and improving our operations. We balance these interests against your privacy rights before relying on this basis.

Consent

In limited situations, we may rely on your consent, for example where it is required for certain optional communications or specific data uses. Where consent is used, you may withdraw it at any time, without affecting the lawfulness of processing carried out before withdrawal.

Vital Interests

In rare cases, we may process data to protect someone’s vital interests, such as in an emergency or serious incident requiring immediate action.

5. Sharing and Processors

We do not sell personal data. However, we may share information with trusted third parties where necessary for the purposes set out in this policy. These parties act either as processors or independent controllers depending on the service provided.

Processors may include:

Payment service providers who handle card or bank transactions;
IT and cloud service providers who support secure data storage, email, and system maintenance;
Security providers who maintain alarms, CCTV, access control, and monitoring systems;
Accountants and bookkeeping providers who assist with financial records and compliance;
Legal advisers and debt recovery providers where action is needed to protect our rights or recover unpaid amounts;
Insurers and claims handlers where incidents, loss, or damage require assessment;
Maintenance and facility contractors where access is necessary to carry out work safely;
Regulators, law enforcement, and public authorities where disclosure is required or permitted by law.

We require our processors to handle personal data securely, to act only on our instructions, and to use appropriate technical and organisational safeguards. Where data is transferred outside the UK, we ensure suitable legal protections are in place.

6. Data Retention

We keep personal data only for as long as necessary for the purpose for which it was collected, or for as long as required by law. Retention periods vary depending on the nature of the data and the reasons for processing.

Contract and account records: retained for the duration of the customer relationship and for a reasonable period afterwards to handle queries, disputes, or claims.
Financial records: retained for the period required by tax and accounting laws.
Security records, including CCTV and access logs: retained for a limited period unless needed longer for an investigation, legal claim, or safety incident.
Correspondence and complaint records: retained for as long as necessary to manage the matter and demonstrate compliance.
Legal claims and dispute files: retained until the matter is resolved and any applicable limitation period has expired.

When data is no longer needed, we will delete it securely or anonymise it so that it can no longer identify you.

7. Security of Personal Data

We use appropriate technical and organisational measures to safeguard personal data against unauthorised access, loss, alteration, or disclosure. These measures may include access controls, encryption, secure storage, staff training, limited permissions, and physical security arrangements at our premises.

Although we take reasonable steps to protect information, no method of transmission or storage is completely secure. We therefore cannot guarantee absolute security, but we will respond promptly to any suspected data breach and take appropriate remedial action.

8. Your Rights

Under data protection law, you have several rights in relation to your personal data. These rights may be subject to conditions and exemptions:

Right of access: you may request a copy of the personal data we hold about you.
Right to rectification: you may ask us to correct inaccurate or incomplete data.
Right to erasure: you may ask us to delete your data in certain circumstances.
Right to restriction: you may ask us to limit how we use your data in certain situations.
Right to object: you may object to processing based on legitimate interests, including direct marketing where applicable.
Right to data portability: you may request certain data in a commonly used format where processing is based on consent or contract and carried out by automated means.
Right to withdraw consent: where we rely on consent, you may withdraw it at any time.
Right to complain: you have the right to raise concerns with the UK Information Commissioner’s Office if you believe your data has been misused.

To protect privacy, we may need to verify your identity before responding to a rights request. We aim to respond within the legal timeframe.

9. Children’s Data

Our services are not directed at children, and we do not knowingly collect personal data from children except where it is necessary and lawful in connection with a customer account or access arrangement. Where such processing is required, we take care to ensure appropriate safeguards are in place.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or data protection practices. The most recent version will apply to the processing of personal data from the date it is issued. We encourage customers to review the policy periodically so they remain informed about how their information is handled.

11. Summary

Mordenpark Storage processes personal data fairly, securely, and only when necessary. We collect information to manage storage services, ensure security, fulfil legal obligations, and support customer relationships. We rely on lawful bases such as contract, legal obligation, legitimate interests, and, where appropriate, consent. Data is retained only for as long as needed, shared only with trusted processors and authorities where necessary, and protected by appropriate safeguards. Customers in the area have rights to access, correct, delete, restrict, object to, and otherwise control their personal data within the limits of the law.