Privacy Policy - Cannhall Storage

This Privacy Policy explains how Cannhall Storage collects, uses, stores, shares, and protects personal data. It applies to all Cannhall Storage customers in area, including prospective customers, current customers, former customers, authorised users, and any individuals who interact with us in connection with our storage services.

We are committed to handling personal data in a lawful, fair, and transparent manner in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy is intended to help you understand what data we process, why we process it, how long we keep it, who may process it on our behalf, and what rights you have.

1. Data We Collect

We collect and process only the personal data that is necessary for providing storage services, managing our business, meeting legal obligations, and protecting our legitimate interests. The categories of data we may collect include:

  • Identity data, such as your name, date of birth, and identification details used for verification purposes.
  • Contact data, such as your address, email address, and telephone number.
  • Account and contract data, such as customer account numbers, booking details, payment plans, storage unit details, and agreement records.
  • Financial data, such as payment information, billing records, and transaction history. We do not store full card details unless necessary through a secure payment provider.
  • Security and access data, such as access logs, CCTV footage, alarm records, gate entry records, and incident reports where applicable.
  • Communications data, such as enquiries, complaints, notices, and any correspondence between you and Cannhall Storage.
  • Technical data, where relevant, including IP address, device information, and usage information obtained through digital systems.

We may also collect special category data only if it is required for a specific legal or operational purpose and where the law allows us to do so. In most cases, we do not intend to collect special category data.

2. How We Collect Data

We collect data directly from you when you complete forms, enter into a storage agreement, make a payment, contact us, or otherwise use our services. We may also collect data from third parties where necessary, for example:

  • identity verification providers;
  • payment processors;
  • debt recovery or legal service providers;
  • insurance providers, if relevant to your storage arrangement;
  • public authorities or law enforcement where required by law.

Where CCTV, access control systems, or other security systems are in use, data may also be collected automatically for safety, loss prevention, and crime deterrence.

3. Lawful Basis for Processing

We only process personal data where we have a valid lawful basis under data protection law. Depending on the context, we may rely on one or more of the following lawful bases:

  • Contract: processing is necessary to enter into or perform a storage agreement with you, manage your account, provide access to storage facilities, and handle billing or service requests.
  • Legal obligation: processing is necessary to comply with laws, regulations, tax requirements, accounting rules, or lawful requests from authorities.
  • Legitimate interests: processing is necessary for our legitimate business interests, such as protecting our premises, preventing fraud, enforcing our terms, handling disputes, and improving our services, provided these interests are not overridden by your rights and freedoms.
  • Consent: in limited cases, we may rely on your consent, for example for certain optional communications or specific uses of data. Where we rely on consent, you may withdraw it at any time.

We do not rely on consent where another lawful basis is more appropriate, especially where processing is required to deliver the storage service or to meet legal duties.

4. Purposes of Processing

We use personal data for the following purposes:

  • to register customers and manage storage accounts;
  • to verify identity and help prevent fraud;
  • to provide, maintain, and administer storage services;
  • to process payments, invoices, and refunds;
  • to communicate about bookings, contract changes, renewals, and service issues;
  • to maintain facility security and protect customers, staff, property, and assets;
  • to investigate incidents, claims, complaints, and disputes;
  • to meet tax, accounting, and regulatory obligations;
  • to exercise or defend legal rights;
  • to improve our operations, systems, and customer experience;
  • to send essential service messages and, where permitted, relevant marketing communications.

We will not use your data for unrelated purposes unless the law allows us to do so and, where required, we have informed you or obtained your consent.

5. Data Sharing and Processors

We may share personal data with trusted third parties who act as processors on our behalf or, in some cases, as independent controllers. We only share data where necessary and subject to appropriate safeguards. Processors may include:

  • IT and cloud service providers that host systems, email services, document storage, and backup solutions;
  • payment service providers that process customer payments securely;
  • accounting and bookkeeping providers that support financial administration;
  • identity verification and fraud prevention providers used to confirm identity and reduce risk;
  • security providers supporting CCTV, alarms, access control, and incident management;
  • legal, insurance, debt recovery, or professional advisers where needed for claims, disputes, or compliance;
  • maintenance and facility management providers where required to manage the premises.

All processors are required to process data only on our instructions, keep it confidential, and implement appropriate technical and organisational measures to protect it.

We may also disclose data where required by law, by court order, or to public authorities, including law enforcement, regulators, or emergency services. If Cannhall Storage is involved in a business reorganisation, transfer, or sale, customer data may be disclosed as part of that transaction, subject to legal protections.

6. International Transfers

Where personal data is transferred outside the UK, we will ensure that appropriate safeguards are in place. These may include adequacy regulations, standard contractual clauses, or other lawful transfer mechanisms. We take reasonable steps to ensure your data receives a level of protection consistent with UK data protection law.

7. Data Retention

We keep personal data only for as long as necessary for the purpose for which it was collected, including any legal, accounting, or reporting requirements. Retention periods may vary depending on the type of data and the reason for processing.

  • Customer and contract records are typically retained for the period of the agreement and for a further period after it ends to manage queries, disputes, or legal claims.
  • Financial and tax records are retained for the period required by law and accounting rules.
  • Security records, such as CCTV footage or access logs, are kept for a limited time unless needed for an investigation, legal matter, or insurance claim.
  • Communications and complaint records are retained for as long as needed to handle the matter and protect our legal position.

When personal data is no longer required, we will delete it securely or anonymise it so that it can no longer identify you.

8. Your Rights

Under data protection law, you have a number of rights in relation to your personal data. These rights may apply depending on the lawful basis and the circumstances of the request:

  • Right of access: you may request a copy of the personal data we hold about you.
  • Right to rectification: you may ask us to correct inaccurate or incomplete information.
  • Right to erasure: in certain cases, you may ask us to delete your data.
  • Right to restriction: you may request that we limit how we use your data in specific circumstances.
  • Right to data portability: you may request certain data in a structured, commonly used, machine-readable format where applicable.
  • Right to object: you may object to processing based on legitimate interests or to direct marketing.
  • Right to withdraw consent: where processing is based on consent, you may withdraw that consent at any time.

You also have the right to lodge a complaint with the Information Commissioner’s Office if you believe your data protection rights have been infringed. We encourage you to raise concerns with us first so we can try to resolve them promptly.

9. Security of Personal Data

We take the security of personal data seriously and apply appropriate technical and organisational measures to protect it against loss, misuse, unauthorised access, alteration, or disclosure. These measures may include access restrictions, secure storage, staff training, system monitoring, and contractual controls with processors.

Although we work hard to safeguard information, no system can be guaranteed to be completely secure. If a personal data breach occurs that is likely to result in a risk to your rights and freedoms, we will respond in accordance with applicable law, which may include notifying affected individuals and the relevant regulator.

10. Automated Decision-Making

Cannhall Storage does not generally rely on fully automated decision-making that produces legal or similarly significant effects. If this changes, we will provide appropriate information about the logic involved, the significance of the processing, and the possible consequences for you.

11. Children’s Data

Our services are intended for adults and business or personal customers who can lawfully enter into a storage agreement. We do not knowingly collect children’s personal data except where it is incidentally included in lawful records, for example emergency contact information, and only to the extent necessary and permitted by law.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or data handling practices. The most recent version will apply to the personal data we hold. Where changes are significant, we will take reasonable steps to make customers aware of them.

Summary of Key Points

Cannhall Storage collects only the personal data needed to provide secure storage services, manage accounts, meet legal duties, and protect legitimate interests. We process data on the lawful bases of contract, legal obligation, legitimate interests, and, in limited cases, consent. Data is shared only with trusted processors and others where necessary, retained only as long as required, and protected by appropriate security measures. Customers have rights to access, correct, erase, restrict, object, and withdraw consent where applicable.

This policy applies to all Cannhall Storage customers in area.

Call Now!
Call Now Get a Quote
Cannhall Storage

GDPR-compliant privacy policy for Cannhall Storage covering data collection, lawful bases, retention, processors, and user rights.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.