Privacy Policy - Coneyhall Storage

This Privacy Policy explains how Coneyhall Storage collects, uses, stores, and protects personal data relating to its customers in the area. It applies to all Coneyhall Storage customers in area, including individuals and businesses who use our storage services, make enquiries, or otherwise interact with us in connection with our services. We are committed to processing personal data lawfully, fairly, and transparently in accordance with the UK GDPR and the Data Protection Act 2018.

1. Information We Collect

We collect only the information necessary to provide and manage our storage services, maintain security, and comply with legal obligations. The categories of personal data we may collect include:

  • Identity information: name, date of birth, and, where relevant, company name and job title.
  • Contact information: address, email address, and telephone number.
  • Account and service information: storage unit details, booking records, payment history, and correspondence related to your use of our services.
  • Verification information: copies of identification documents or proof of address where required for security, fraud prevention, or legal compliance.
  • Payment information: transaction details, billing records, and limited payment-related data necessary to process payments. We do not store full payment card details unless required by a secure payment provider.
  • Technical and security information: CCTV recordings, access logs, device or system identifiers, and information generated when you access our premises or systems.
  • Communication records: emails, written messages, call notes, and any records of complaints, requests, or service updates.

We may also receive information from third parties, such as payment processors, insurers, credit reference or verification providers, or public sources where necessary and lawful. Where we collect personal data indirectly, we will ensure that the source is appropriate and that the processing is consistent with this policy.

2. How We Use Personal Data

We use personal data for the following purposes:

  • to register customers and manage storage agreements;
  • to provide access to storage units and related services;
  • to process payments, invoices, and refunds;
  • to verify identity and prevent fraud or unauthorised access;
  • to maintain safety and security across our premises;
  • to handle customer enquiries, disputes, and complaints;
  • to meet legal, regulatory, insurance, and tax obligations;
  • to improve service quality, operational efficiency, and customer experience;
  • to protect our rights, property, staff, customers, and premises.

We will not use personal data for purposes that are incompatible with those listed above unless we have a lawful basis to do so and, where required, we have informed you.

3. Lawful Basis for Processing

We only process personal data where we have a lawful basis under data protection law. Depending on the context, we rely on one or more of the following:

Contract

We process personal data where it is necessary to enter into or perform a contract with you, such as setting up a storage account, managing access, providing services, invoicing, and responding to service-related requests.

Legal Obligation

We process data where necessary to comply with legal obligations, including accounting, tax, fraud prevention, health and safety requirements, and lawful requests from authorities.

Legitimate Interests

We may process personal data where it is necessary for our legitimate interests, provided those interests are not overridden by your rights and freedoms. These interests include protecting our premises and customers, preventing misuse or unauthorised access, improving services, managing risks, and handling internal administration. Where we rely on legitimate interests, we consider the impact on individuals and apply appropriate safeguards.

Consent

In limited situations, we may rely on your consent, for example where it is required for certain optional communications or uses of data. If we rely on consent, you may withdraw it at any time, without affecting the lawfulness of processing carried out before withdrawal.

4. Data Sharing and Processors

We may share personal data with trusted third parties who act as processors or independent controllers, only when necessary and appropriate. These may include:

  • Payment processors that handle transactions securely on our behalf;
  • IT and cloud service providers that host systems, store records, or support communications;
  • Security providers that support CCTV, access control, alarm monitoring, or site protection;
  • Professional advisers such as accountants, auditors, insurers, and legal advisers;
  • Regulators, law enforcement, or public authorities where disclosure is required by law or necessary to protect rights and safety.

Where a third party processes data on our behalf, we require them to act under written instructions, keep data secure, and use it only for the agreed purpose. We do not sell personal data.

Processors are required to implement suitable technical and organisational measures to protect personal data, and they may not engage another processor without appropriate authorisation. Where data is transferred outside the UK, we will ensure appropriate safeguards are in place.

5. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including satisfying legal, accounting, insurance, and reporting requirements. Retention periods vary depending on the type of data and the purpose of processing.

  • Customer and contract records are usually kept for the duration of the agreement and for a further period where needed for claims, audit, or legal compliance.
  • Payment and accounting records are retained for the period required under tax and financial laws.
  • Security records, including CCTV and access logs, are kept for a limited period unless they are needed for an investigation, dispute, or legal claim.
  • Correspondence and complaints are retained for as long as necessary to resolve the matter and maintain a record of our dealings.

When personal data is no longer needed, we will delete, anonymise, or securely archive it in line with our retention practices.

6. Data Security

We take the security of personal data seriously. We use a combination of physical, technical, and administrative safeguards designed to reduce the risk of loss, misuse, unauthorised access, alteration, or disclosure. These measures may include access controls, encryption where appropriate, secure storage, staff training, and restricted permissions.

Although we take reasonable steps to protect personal data, no system can be guaranteed to be completely secure. If a personal data incident occurs that is likely to pose a risk to your rights and freedoms, we will respond in accordance with our legal obligations.

7. Your Rights

Subject to applicable law, you have the following rights in relation to your personal data:

  • Right of access – to request a copy of the personal data we hold about you;
  • Right to rectification – to ask us to correct inaccurate or incomplete data;
  • Right to erasure – to ask us to delete your data where there is no lawful reason for us to keep it;
  • Right to restriction – to ask us to limit how we use your data in certain circumstances;
  • Right to object – to object to processing based on legitimate interests or direct marketing;
  • Right to data portability – to receive certain data in a structured, commonly used format where applicable;
  • Right to withdraw consent – where processing is based on consent;
  • Right to complain – to raise concerns with the relevant data protection authority if you believe your rights have been infringed.

We may need to verify your identity before responding to a rights request. We will respond within the time limits required by law and may refuse or limit a request where an exemption applies.

8. Children’s Data

Our services are generally intended for adults. We do not knowingly collect personal data from children except where it is necessary in connection with a lawful contract or where another lawful basis applies. If we become aware that we have collected data from a child without a valid legal basis, we will take appropriate steps to remove it.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or operational practices. Any revised version will apply from the date it is made available. We encourage customers to review the policy periodically to stay informed about how personal data is handled.

10. Our Commitment

Coneyhall Storage is committed to treating personal data with care, fairness, and respect. We aim to be clear about what we collect, why we collect it, how long we keep it, and who may process it on our behalf. This policy is intended to give customers in the area a clear understanding of our data practices and the rights available to them under applicable law.

Last updated: 2026

Call Now!
Call Now Get a Quote
Coneyhall Storage

GDPR-compliant Privacy Policy for Coneyhall Storage covering data collection, lawful basis, retention, processors, and user rights for all customers in area.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.