Privacy Policy - Stlukes Storage

Effective date: This Privacy Policy applies to all Stlukes Storage customers in the area and explains how we collect, use, store, share, and protect personal data in connection with our storage services.

Stlukes Storage is committed to handling personal information in a lawful, fair, and transparent manner in accordance with the General Data Protection Regulation (GDPR) and any applicable local data protection laws. This Privacy Policy describes the personal data we process, the reasons we process it, the legal bases we rely on, how long we keep it, the third parties that may process it on our behalf, and the rights available to individuals whose data we process.

1. Personal Data We Collect

We collect only the personal data that is necessary to provide storage services, manage our business operations, maintain security, and meet legal obligations. The types of data we may collect include:

  • Identity details: name, date of birth, and identification information where needed for account creation, verification, or security purposes.
  • Contact details: postal address, email address, and telephone number.
  • Account and service information: storage unit details, booking information, contract terms, payment status, and communications related to the service.
  • Payment information: billing records, transaction references, and limited payment details necessary to process charges.
  • Access and security information: entry logs, CCTV images, incident reports, key or access records, and security-related notes.
  • Correspondence: messages, complaints, enquiries, and any other communication you send to us.
  • Technical information: limited device, browser, or usage data if you interact with our digital systems.

We do not intentionally collect special category data unless you choose to provide it or we are required to do so by law or in connection with an incident. If such data is processed, we will do so only where permitted by GDPR and subject to appropriate safeguards.

2. How We Use Personal Data

We use personal data to operate our storage services, manage customer relationships, protect our premises, and comply with legal and contractual obligations. Typical uses include:

  • setting up and managing customer accounts;
  • providing storage access and administrative support;
  • processing payments, invoices, refunds, and arrears;
  • maintaining safety, security, and fraud prevention measures;
  • responding to enquiries, complaints, and service requests;
  • meeting legal, accounting, and regulatory obligations;
  • resolving disputes and enforcing contracts;
  • improving services, internal controls, and operational efficiency.

We will only process personal data for the purposes for which it was collected, unless we reasonably determine that we need to use it for another compatible purpose or we are legally permitted or required to do so.

3. Lawful Basis for Processing

Under GDPR, we must have a lawful basis for each processing activity. Stlukes Storage may rely on one or more of the following lawful bases:

Contract

We process personal data where it is necessary to enter into or perform our contract with you. This includes creating your account, providing storage access, managing service instructions, and handling billing.

Legal Obligation

We process personal data where we must comply with a legal requirement, such as tax, accounting, anti-fraud, safety, or record-keeping obligations.

Legitimate Interests

We may process data where it is necessary for our legitimate business interests and where those interests are not overridden by your rights and freedoms. These interests may include protecting our premises, preventing misuse, maintaining service quality, and managing business operations efficiently.

Consent

In limited circumstances, we may rely on your consent, for example for certain optional communications or activities where consent is the most appropriate basis. Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

Vital Interests

In exceptional cases, we may process personal data where necessary to protect someone’s vital interests, such as in an emergency involving health or safety.

4. Data Retention

We keep personal data only for as long as necessary to fulfil the purposes for which it was collected, including meeting legal, accounting, insurance, and dispute-resolution requirements. Retention periods depend on the type of data and the reason it was collected.

  • Customer and contract records: retained for the duration of the relationship and for a reasonable period after the relationship ends.
  • Financial and tax records: retained for the period required by applicable law.
  • Security records: retained only as long as necessary for safety, incident management, investigation, or crime prevention purposes.
  • Correspondence and complaints: retained for as long as needed to resolve the matter and to evidence our handling of the issue.

When personal data is no longer needed, we will securely delete, anonymise, or archive it in accordance with our retention procedures and legal obligations.

5. Data Sharing and Processors

We may share personal data with trusted third parties that help us operate our services. These parties act as processors or, in some cases, as separate controllers. We require appropriate contractual protections and only share the minimum data necessary.

  • Payment processors: to handle card transactions, direct debits, and other payment methods.
  • IT and cloud service providers: to store data, maintain systems, and support business software.
  • Security providers: to support CCTV, alarm systems, access control, and site protection.
  • Professional advisers: such as accountants, auditors, insurers, legal advisers, and debt recovery professionals where necessary.
  • Public authorities: where disclosure is required by law or necessary to protect rights, property, or safety.

We do not sell personal data. If personal data is transferred outside the United Kingdom or European Economic Area, we will ensure suitable safeguards are in place, such as approved transfer mechanisms or equivalent legal protections.

6. Security Measures

We use appropriate technical and organisational measures to protect personal data against loss, misuse, unauthorised access, alteration, or disclosure. These measures may include access restrictions, encryption where appropriate, staff training, secure storage, and monitoring of systems and premises.

However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security. We will respond promptly to any suspected data breach in line with our legal obligations.

7. Your Rights Under GDPR

Individuals whose personal data we process have a number of rights under GDPR. Subject to applicable conditions and exemptions, you may have the right to:

  • access the personal data we hold about you;
  • rectify inaccurate or incomplete data;
  • erase your data in certain circumstances;
  • restrict the processing of your data in certain cases;
  • object to processing based on legitimate interests or direct marketing;
  • data portability where processing is based on consent or contract and carried out by automated means;
  • withdraw consent at any time where consent is the lawful basis;
  • lodge a complaint with a supervisory authority if you believe your rights have been infringed.

We may need to verify your identity before responding to a request. In some cases, we may not be able to comply fully if an exemption applies or if doing so would adversely affect the rights of others or our legal obligations.

8. Children’s Data

Our storage services are intended for adults and business customers. We do not knowingly collect personal data from children in connection with our services. If we become aware that we have collected data from a child without appropriate authority, we will take steps to delete it as soon as reasonably possible.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or data protection practices. Any updated version will apply from the date of publication unless stated otherwise. We encourage customers to review this policy periodically to remain informed about how their personal data is processed.

10. Summary of Our Commitments

Stlukes Storage is committed to processing personal data responsibly, securely, and only where we have a lawful reason to do so. We collect data that is necessary for service delivery and business operations, retain it only for as long as required, share it carefully with trusted processors, and respect the rights of all individuals whose data we process.

By using Stlukes Storage services, you acknowledge that your personal data may be processed in accordance with this Privacy Policy and applicable data protection law.

Call Now!
Call Now Get a Quote
Stlukes Storage

GDPR-compliant Privacy Policy for Stlukes Storage covering data collection, lawful basis, retention, processors, and user rights for all customers in the area.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.