Privacy Policy - Tulsehill Storage

This Privacy Policy explains how Tulsehill Storage collects, uses, stores, shares, and protects personal data. It applies to all Tulsehill Storage customers in the area, including prospective customers, current customers, visitors, and individuals who communicate with us in relation to storage services. We are committed to handling personal data in a lawful, fair, transparent, and secure manner in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

Tulsehill Storage provides storage services for personal and business use. In the course of providing these services, we may act as a data controller for the personal information we collect and process. This means we determine the purposes and means of processing personal data and are responsible for ensuring that such processing complies with data protection law.

2. Personal Data We Collect

We collect only the information that is necessary for the management and delivery of our storage services, to maintain security, and to comply with legal obligations. The categories of data we may collect include:

  • Identity data, such as name, date of birth, and identification details where required.
  • Contact data, such as postal address, email address, and telephone number.
  • Account and service data, including storage unit details, booking records, payment status, and service preferences.
  • Financial data, such as billing records and payment transaction information. We do not store full card details unless explicitly necessary and permitted by payment providers.
  • Security data, such as CCTV footage, entry logs, access control records, and incident reports where applicable.
  • Communication data, including messages, enquiries, complaints, and correspondence.
  • Technical data, such as IP address or device information if collected through digital systems used to manage our services.

We do not intentionally collect special category data unless it is necessary and lawful to do so, and only in limited circumstances. We also do not seek to collect data relating to children unless it is relevant to a customer relationship and provided with appropriate authority.

3. How We Use Personal Data

We process personal data for the following purposes:

  • to register and manage customer accounts;
  • to provide storage services and administer access to storage units;
  • to process payments, invoices, and account balances;
  • to communicate about bookings, service updates, and operational matters;
  • to maintain site safety, security, and fraud prevention;
  • to resolve disputes, complaints, and claims;
  • to comply with legal and regulatory obligations;
  • to improve our services, systems, and customer experience;
  • to establish, exercise, or defend legal rights.

We only use personal data for the purposes for which it was collected, unless we reasonably consider that another purpose is compatible with the original purpose and permitted by law.

4. Lawful Basis for Processing

Under data protection law, we must have a lawful basis for each type of processing. Depending on the context, Tulsehill Storage may rely on one or more of the following lawful bases:

Contract

We process personal data where it is necessary to perform a contract with a customer or to take steps at the request of a customer before entering into a contract. This includes setting up storage services, managing accounts, and delivering agreed services.

Legal Obligation

We process certain data to comply with legal requirements, such as tax, accounting, record-keeping, fraud prevention, health and safety, and lawful requests from authorities.

Legitimate Interests

We may process data where it is necessary for our legitimate business interests, provided those interests are not overridden by the rights and freedoms of the individual. Legitimate interests may include site security, CCTV monitoring, service improvement, and preventing misuse or theft. When we rely on this basis, we consider the nature of the data, the impact on individuals, and appropriate safeguards.

Consent

Where required, we may ask for consent to process certain data. For example, consent may be used for optional marketing communications or specific circumstances where no other lawful basis applies. When consent is relied upon, it can be withdrawn at any time.

5. Sharing of Personal Data and Processors

We may share personal data with trusted third parties that assist us in running our business. These third parties act as processors when they process personal data on our behalf and only in accordance with our instructions. They are required to protect data and may not use it for their own purposes.

Examples of processors and service providers may include:

  • payment processing providers;
  • IT hosting, maintenance, and cloud service providers;
  • customer management and communication platform providers;
  • security and CCTV system providers;
  • accounting, audit, and administrative service providers;
  • professional advisers such as lawyers, insurers, and consultants where necessary.

We may also disclose data to law enforcement, regulators, courts, or other public authorities where required by law or where disclosure is necessary to protect our rights, customers, staff, or property. If a business transfer or reorganisation takes place, personal data may be transferred as part of that transaction, subject to legal safeguards.

6. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, and to meet legal, accounting, or reporting obligations. Retention periods depend on the type of data and the reason it was collected.

In general:

  • Customer account and contract records are retained for the duration of the service relationship and for a reasonable period afterwards for legal and administrative purposes.
  • Financial and transaction records are retained for the period required by tax and accounting law.
  • Security records, including CCTV footage and access logs, are retained for a limited period unless needed longer for an investigation, claim, or legal requirement.
  • Correspondence and complaint records may be retained for as long as necessary to handle the matter and keep an appropriate audit trail.

When personal data is no longer needed, we will securely delete, anonymise, or archive it in accordance with our retention practices and legal requirements.

7. Data Security

We use appropriate technical and organisational measures to protect personal data against unauthorised access, loss, destruction, alteration, or disclosure. These measures may include access controls, staff training, secure storage, password protection, system monitoring, and restricted processing access. While no system is completely secure, we work to safeguard personal data using measures proportionate to the risks involved.

8. Your Rights

Individuals have rights in relation to their personal data. Subject to conditions and exemptions under data protection law, you may have the right to:

  • access the personal data we hold about you;
  • rectify inaccurate or incomplete data;
  • erase your data in certain circumstances;
  • restrict the processing of your data in certain situations;
  • object to processing based on legitimate interests or direct marketing;
  • data portability for certain information you have provided to us;
  • withdraw consent where processing is based on consent;
  • lodge a complaint with the relevant supervisory authority if you believe your rights have been infringed.

We may need to verify your identity before responding to a rights request. We will respond within the time limits set by law, normally within one month, unless the request is complex or multiple requests are made.

9. Automated Decision-Making

Tulsehill Storage does not generally rely on fully automated decision-making that produces legal or similarly significant effects for customers. If this changes, we will ensure that any such processing is lawful, transparent, and subject to appropriate safeguards.

10. Marketing Communications

If we send optional marketing communications, we will do so only where permitted by law. You may opt out of marketing at any time. Even if you opt out, we may still send essential service messages relating to your account, safety, payments, or contractual matters.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, our operations, or the way we process data. Any updated version will apply from the date it is made available. We encourage customers to review it periodically to stay informed about how personal data is handled.

12. Summary of Key Principles

Tulsehill Storage is committed to ensuring that personal data is:

  • used fairly, lawfully, and transparently;
  • collected for specified and legitimate purposes;
  • adequate, relevant, and limited to what is necessary;
  • accurate and kept up to date where needed;
  • retained only for as long as necessary;
  • protected using suitable security measures.

By using our services, customers in the area acknowledge that personal data may be processed in accordance with this Privacy Policy and applicable data protection laws. We aim to ensure that all processing is proportionate, secure, and respectful of individual rights.

Call Now!
Call Now Get a Quote
Tulsehill Storage

GDPR-compliant privacy policy for Tulsehill Storage covering data collection, lawful basis, retention, processors, and user rights for all customers in the area.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.