Privacy Policy - Mortlake Storage

Mortlake Storage is committed to protecting the privacy and personal data of all customers in the area. This Privacy Policy explains how we collect, use, share, store, and protect personal information in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. It applies to all Mortlake Storage customers in area, including prospective customers, current customers, former customers, and anyone who interacts with us in connection with our services.

1. Who we are

For the purposes of data protection law, Mortlake Storage is the data controller of the personal data we collect and process in relation to our storage services. This means we decide why and how personal data is used. We take our responsibilities seriously and aim to process personal data lawfully, fairly, and transparently.

2. Personal data we collect

We may collect and process the following categories of personal data:

  • Identity data such as your name, title, and date of birth where needed.
  • Contact data such as postal address, email address, and telephone number.
  • Account data such as customer reference numbers, booking details, account history, and service preferences.
  • Payment data such as billing information, transaction records, and payment status.
  • Security and access data such as CCTV footage, access logs, keyholder details, and site entry records, where applicable.
  • Communication data such as emails, messages, phone notes, complaints, and service requests.
  • Technical data such as device information, IP address, browser type, and basic usage data if you interact with our digital systems.

We generally do not seek to collect special category data unless it is required for a specific legal or operational reason. If such data is provided to us, we will only process it where the law allows.

3. How we collect personal data

We collect personal data directly from you when you:

  • enquire about or reserve storage space;
  • enter into a storage agreement;
  • make payments or update your account details;
  • contact us with a question, complaint, or request;
  • visit our premises, where CCTV or access systems are in operation;
  • provide information through forms, email, or other communication channels.

We may also receive personal data from third parties where necessary, such as payment providers, identity verification services, legal representatives, insurers, debt recovery partners, or public authorities.

4. Why we use your personal data

We process personal data for the following purposes:

  • to manage enquiries and provide storage quotations;
  • to enter into and perform storage contracts;
  • to verify identity and prevent fraud;
  • to take and process payments, refunds, and account adjustments;
  • to manage access to premises and protect the security of customers, staff, and property;
  • to handle complaints, incidents, and customer support requests;
  • to comply with legal obligations, including tax, accounting, and regulatory duties;
  • to maintain business records and resolve disputes;
  • to improve our services, systems, and operational efficiency;
  • to enforce our contractual rights, where necessary.

We only use personal data for the purposes for which it was collected, unless we reasonably believe we need to use it for another compatible purpose and the law permits this.

5. Lawful basis for processing

Under data protection law, we must have a lawful basis to process personal data. Depending on the activity, we rely on one or more of the following lawful bases:

  • Performance of a contract – where processing is necessary to provide storage services, manage your account, or take steps before entering into a contract.
  • Legal obligation – where we must process data to comply with legal and regulatory duties, such as accounting, tax, or fraud prevention requirements.
  • Legitimate interests – where processing is necessary for our legitimate business interests, such as protecting property, maintaining security, improving operations, and managing disputes, provided your rights do not override those interests.
  • Consent – where we rely on your freely given consent for specific uses, such as optional marketing communications. You may withdraw consent at any time.
  • Vital interests – in rare circumstances where processing is necessary to protect someone’s life.

Where we process special category data, we will only do so where an additional condition under the UK GDPR applies.

6. Sharing personal data and processors

We may share personal data with trusted third parties who support our operations. These organisations act as processors when they process data on our behalf and under our instructions. Examples may include:

  • payment service providers and banking partners;
  • IT hosting, software, cloud storage, and cybersecurity providers;
  • customer management and communications providers;
  • identity verification and fraud prevention services;
  • professional advisers such as accountants, auditors, insurers, and lawyers;
  • debt recovery or dispute resolution partners;
  • public authorities, regulators, law enforcement, or courts where required by law.

We require processors to keep personal data secure, to use it only for the purposes we specify, and to comply with data protection law. We do not sell personal data.

7. International transfers

Some of our processors may store or access data outside the UK. If this happens, we will ensure appropriate safeguards are in place so your personal data remains protected to a standard required by law. These safeguards may include adequacy regulations or approved contractual protections.

8. Data retention

We keep personal data only for as long as necessary to fulfil the purposes for which it was collected, including to meet legal, accounting, security, or reporting requirements. Retention periods may vary depending on the type of data and the nature of the relationship.

As a general approach:

  • customer account and contract records may be retained for the duration of the agreement and for a further period after it ends;
  • financial and tax records are retained for the period required by law;
  • CCTV and access logs are retained for a limited period unless needed for an investigation, claim, or legal process;
  • correspondence and complaints may be retained for as long as needed to resolve the matter and maintain records.

When data is no longer required, we will securely delete, anonymise, or archive it in accordance with our retention procedures.

9. Data security

We use appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, misuse, alteration, or disclosure. These measures may include access controls, encryption, secure storage, staff training, and internal policies governing data handling. While we work to protect your information, no system can be guaranteed to be completely secure.

10. Your rights

Under UK data protection law, you have a number of rights in relation to your personal data. Subject to legal limits, you may have the right to:

  • access the personal data we hold about you;
  • rectify inaccurate or incomplete data;
  • erase your data in certain circumstances;
  • restrict how we use your data in certain cases;
  • object to processing based on legitimate interests or direct marketing;
  • data portability for information you provided to us where applicable;
  • withdraw consent where processing is based on consent;
  • not be subject to certain automated decisions that produce legal or similarly significant effects, where applicable.

If you want to exercise any of these rights, we will respond in line with legal requirements. We may need to verify your identity before acting on your request.

How to exercise your rights

You can make a request by contacting us through the usual customer service channels. We will review your request carefully and respond within the legal timeframe, unless an extension is permitted.

11. Marketing preferences

Where we send marketing communications, we will do so only where the law allows. If we rely on consent, you can opt out at any time. If we rely on legitimate interests, you still have the right to object. We will always respect your preferences and keep a record of your choices where necessary.

12. Children’s data

Our services are generally intended for adults. We do not knowingly collect personal data from children unless it is necessary in connection with a customer account, legal responsibility, or another lawful purpose. If we become aware that we have collected data from a child without an appropriate lawful basis, we will take steps to delete it.

13. Complaints and supervision

If you have concerns about how we handle personal data, we encourage you to raise them with us first so we can try to resolve the issue. You also have the right to complain to the Information Commissioner’s Office (ICO) if you believe your data protection rights have been infringed.

14. Updates to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal obligations, or operational requirements. The latest version will apply from the date it is published or otherwise communicated. We encourage customers to review this policy periodically to stay informed about how we process personal data.

In summary: Mortlake Storage processes personal data only where we have a lawful basis, uses trusted processors under contract, retains information only as long as needed, and respects the rights of all Mortlake Storage customers in area. We remain committed to using personal data responsibly, securely, and transparently.

Call Now!
Call Now Get a Quote
Mortlake Storage

GDPR-compliant Privacy Policy for Mortlake Storage covering data collection, lawful basis, processors, retention, and user rights for all local customers.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.