Privacy Policy - Highamspark Storage

This Privacy Policy explains how Highamspark Storage collects, uses, stores, and protects personal data relating to its customers and prospective customers. It applies to all Highamspark Storage customers in the area, including individuals and businesses that use or enquire about storage services. We are committed to handling personal information in a lawful, fair, and transparent manner in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who This Policy Applies To

This Policy applies to anyone who interacts with Highamspark Storage as a customer, account holder, authorised user, payer, or contact person. It also applies to individuals who request information, receive quotations, make bookings, or otherwise communicate with us in relation to storage services. By using our services, you acknowledge that your personal data may be processed as described in this Policy.

2. Data We Collect

We collect only the personal data that is necessary for providing storage services, maintaining our records, and meeting legal and operational obligations. The categories of data we may collect include:

  • Identity data: name, title, date of birth, and identification details where required for verification.
  • Contact data: address, email address, telephone number, and other communication details.
  • Account and service data: booking details, unit allocation, access records, payment status, and service history.
  • Financial data: billing details, payment method information, and transaction records.
  • Verification data: information used to confirm identity, prevent fraud, and comply with legal obligations.
  • Technical data: limited device or usage information collected through systems used to support service operations and security.
  • Correspondence data: records of communications, complaints, requests, and feedback.

We do not intentionally collect special category data unless it is voluntarily provided by you and is necessary for a specific lawful purpose. If such data is received inadvertently, it will be handled with appropriate care and safeguards.

3. How We Use Personal Data

We use personal data for the following purposes:

  • to register and manage storage accounts;
  • to provide and administer storage services;
  • to process payments, invoices, and account changes;
  • to verify identity and prevent unauthorised access or fraud;
  • to communicate about bookings, payments, service updates, and account matters;
  • to maintain security, monitor access, and protect property and systems;
  • to handle complaints, disputes, and service requests;
  • to comply with legal, tax, accounting, and regulatory obligations;
  • to improve our operations, service quality, and customer experience;
  • to establish, exercise, or defend legal claims where necessary.

We only process personal data for the purposes for which it was collected, unless we reasonably consider that we need to use it for another compatible purpose and the law allows this.

4. Lawful Basis for Processing

Under the UK GDPR, we must have a lawful basis for each type of processing. Highamspark Storage may rely on one or more of the following bases:

Contract

We process personal data where it is necessary to enter into or perform a contract with you. This includes managing bookings, providing storage services, taking payments, and administering your account.

Legal Obligation

We process data where required to comply with laws and regulations, including accounting, tax, fraud prevention, and other legal requirements.

Legitimate Interests

We may process data where it is necessary for our legitimate business interests and where those interests are not overridden by your rights and freedoms. Examples include service administration, security, internal record-keeping, protecting our property, and preventing misuse of services. Where we rely on legitimate interests, we consider the necessity and balance of the processing carefully.

Consent

In limited situations, we may rely on your consent, particularly where the law requires it. If consent is used, you may withdraw it at any time, without affecting the lawfulness of processing carried out before withdrawal.

5. Sharing Data and Processors

We may share personal data with trusted third parties who assist in operating our services. These third parties act as processors or, in some cases, as independent controllers. We only share data when necessary and subject to appropriate contractual and security safeguards.

Processors may include:

  • payment service providers that handle card or electronic transactions;
  • IT and hosting providers that support storage, security, and system maintenance;
  • accounting and bookkeeping providers;
  • identity verification or fraud prevention service providers;
  • customer management and communication service providers;
  • professional advisers such as auditors, insurers, legal advisers, and compliance consultants;
  • maintenance, security, or operational contractors where necessary for service delivery.

We require processors to process personal data only on our instructions, to keep it secure, and to use it only for the purposes we specify. We do not sell your personal data.

6. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including satisfying legal, accounting, and reporting obligations. Retention periods may vary depending on the type of information and the reason for processing.

In general:

  • account and service records are kept for the duration of the customer relationship and for a reasonable period afterwards;
  • financial and tax records are retained for the period required by law;
  • correspondence and complaint records are retained as needed to manage service issues and legal claims;
  • security-related records are retained for a limited period unless required longer for investigations or legal obligations.

When data is no longer needed, it is securely deleted, destroyed, or anonymised where appropriate.

7. Data Security

We take appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure. These measures may include restricted access controls, secure systems, staff confidentiality obligations, and procedures for handling incidents. While no system can be guaranteed completely secure, we work to maintain a level of protection that is appropriate to the nature of the data and the risks involved.

8. International Transfers

Where personal data is transferred outside the UK, we will ensure that suitable safeguards are in place and that the transfer is carried out in accordance with applicable data protection law. This may include the use of approved contractual protections or transfers to countries recognised as providing adequate protection.

9. Your Rights

Under data protection law, you have certain rights in relation to your personal data. These rights may be subject to legal conditions and exemptions. They include:

  • Right of access: to obtain confirmation of whether we process your data and receive a copy of it.
  • Right to rectification: to request correction of inaccurate or incomplete data.
  • Right to erasure: to request deletion of your data in certain circumstances.
  • Right to restriction: to ask us to limit processing in certain situations.
  • Right to object: to object to processing based on legitimate interests or direct marketing.
  • Right to data portability: to receive certain data in a structured, commonly used format and have it transferred where applicable.
  • Right to withdraw consent: where processing is based on consent.

If you wish to exercise any of these rights, we will respond in accordance with applicable law and may need to verify your identity before acting on your request.

10. Marketing Preferences

We may send service-related communications that are necessary for administering your account or providing our services. Where marketing communications are used, they will be sent only in accordance with applicable law. You may object to or opt out of marketing communications where relevant. Service messages that are necessary for the operation of your account are not considered marketing.

11. Complaints and Supervisory Authority

If you have concerns about how your personal data is handled, you should raise them with us so that we can review and address the matter. You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) if you believe your data protection rights have been infringed.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or data processing practices. Any updated version will apply from the date it is published or otherwise made available. We encourage customers to review this Policy periodically to remain informed about how their data is handled.

13. Summary of Our Commitment

Highamspark Storage is committed to protecting personal data and ensuring that customer information is handled responsibly. We collect only what is necessary, use it for clear and lawful purposes, retain it for appropriate periods, and share it only with processors and other parties where required for service delivery, legal compliance, or legitimate business purposes. We respect your rights and aim to maintain trust through transparent and secure data practices.

Call Now!
Call Now Get a Quote
Highamspark Storage

GDPR-compliant Privacy Policy for Highamspark Storage covering data collection, lawful basis, retention, processors, and user rights.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.