Privacy Policy - Cowley Storage

Effective for all Cowley Storage customers in the area. This Privacy Policy explains how Cowley Storage collects, uses, stores, shares, and protects personal data when you use our storage services, visit our premises, communicate with us, or otherwise interact with us. We are committed to handling personal information in a lawful, fair, and transparent manner in accordance with the UK GDPR and the Data Protection Act 2018.

1. Who this policy applies to

This policy applies to all Cowley Storage customers in area, including individuals, sole traders, and business representatives who enquire about, sign up for, pay for, access, or manage storage services. It also applies to visitors, prospective customers, and anyone whose information is processed as part of our operations.

2. Personal data we collect

We may collect and process different types of personal data depending on how you interact with us. The categories of data we collect include:

  • Identity data such as your name, title, and date of birth where needed for verification.
  • Contact data such as postal address, email address, and phone number.
  • Account and service data such as storage unit details, access records, booking information, and service preferences.
  • Payment data such as billing details and payment status. We do not usually store full card details if payments are processed by a secure payment provider.
  • Verification data such as copies of identification documents or proof of address where required for legal, security, or anti-fraud purposes.
  • Technical and usage data such as IP address, device information, website interactions, and cookie-related data where applicable.
  • Communications data such as enquiries, complaints, feedback, and records of correspondence.
  • Security data such as CCTV footage, access logs, incident reports, and records of site entry and exit.

We only collect data that is necessary for specific and legitimate purposes. We do not intentionally collect special category data unless it is required and we have a lawful basis to do so.

3. How we use your personal data

We use personal data for the following purposes:

  • To provide storage services and manage your account.
  • To verify identity and prevent unauthorised access, fraud, or misuse.
  • To process bookings, payments, renewals, and cancellations.
  • To communicate about your storage unit, service updates, and operational matters.
  • To maintain site safety, security, and business continuity.
  • To handle enquiries, complaints, and disputes.
  • To comply with legal and regulatory obligations.
  • To improve our services, systems, and customer experience.

We will not use your personal data for purposes that are incompatible with the original reasons for collection unless we have a lawful basis to do so.

4. Lawful basis for processing

Under UK GDPR, we must have a lawful basis before processing your personal data. Depending on the activity, we rely on one or more of the following:

Contract

We process personal data where it is necessary to enter into or perform a contract with you. This includes setting up your storage account, managing access, billing, and delivering the services you have requested.

Legal obligation

We process certain information to meet legal or regulatory requirements, such as tax, accounting, fraud prevention, health and safety, and record-keeping obligations.

Legitimate interests

We may process data where it is necessary for our legitimate interests or those of a third party, provided your rights and freedoms do not override those interests. Examples include security monitoring, service improvement, incident management, and internal administration. Where we rely on legitimate interests, we assess the impact on your privacy.

Consent

In limited cases, we may rely on your consent, for example for certain optional communications or cookies where required. Where consent is used, you have the right to withdraw it at any time.

Vital interests and public task

These bases are unlikely to apply in most storage service situations, but we may rely on them in exceptional circumstances where necessary.

5. Sharing your data and processors

We may share personal data with trusted third parties where necessary to operate our business, deliver services, or comply with the law. These parties act either as independent controllers or as processors who handle data on our behalf under written contracts.

Examples of processors and service providers may include:

  • IT and cloud hosting providers that store data securely and support our systems.
  • Payment processors that handle transactions and billing.
  • Security providers that support alarms, monitoring, and CCTV systems.
  • Administrative and communication providers that help manage customer records and service messages.
  • Professional advisers such as accountants, auditors, insurers, or legal advisers.
  • Public authorities where disclosure is required by law or necessary to protect rights, property, or safety.

All processors are required to process your personal data only on our instructions, keep it confidential, and implement appropriate technical and organisational security measures. We do not sell personal data.

6. Data retention

We keep personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, operational, and reporting requirements. Retention periods vary depending on the type of data and the context in which it is used.

  • Customer and contract records are generally retained for the duration of the agreement and for a period afterwards to manage disputes, claims, and statutory obligations.
  • Financial and tax records are kept for the period required by law.
  • Security records such as CCTV footage and access logs are retained for a limited period unless needed for investigation, legal claims, or safety incidents.
  • Correspondence and complaint records may be retained for as long as necessary to resolve issues and demonstrate compliance.

When data is no longer needed, we will delete, anonymise, or securely destroy it. Retention decisions are reviewed regularly to ensure we do not keep data longer than necessary.

7. Data security

We take the security of personal data seriously and use appropriate safeguards to prevent loss, misuse, unauthorised access, alteration, or disclosure. These measures may include access controls, secure storage, encryption where appropriate, staff training, and monitoring of system activity. While no system can be guaranteed to be completely secure, we work to maintain a high standard of protection.

8. International transfers

Where personal data is transferred outside the UK, we will ensure appropriate safeguards are in place so that your information remains protected to a standard equivalent to UK GDPR requirements. This may include adequacy regulations, standard contractual clauses, or other approved transfer mechanisms.

9. Your rights under data protection law

You have a number of rights in relation to your personal data, subject to legal conditions and exemptions. These rights include:

  • Right of access to request a copy of the personal data we hold about you.
  • Right to rectification to correct inaccurate or incomplete information.
  • Right to erasure in certain circumstances, often known as the right to be forgotten.
  • Right to restrict processing in certain situations.
  • Right to data portability where processing is based on consent or contract and carried out by automated means.
  • Right to object to processing based on legitimate interests or direct marketing.
  • Right to withdraw consent where we rely on consent for processing.
  • Right not to be subject to solely automated decisions that produce legal or similarly significant effects, where applicable.

If you wish to exercise any of these rights, we will respond within the time limits set by law and may need to verify your identity before processing your request.

10. Cookies and similar technologies

If we operate a website or digital service, we may use cookies or similar technologies to support functionality, improve performance, and understand how the service is used. Where required, we will ask for your consent before placing non-essential cookies. You can adjust your browser settings to manage cookies, although some features may not function properly if cookies are disabled.

11. Children

Our storage services are not intended for children under 18 without the involvement of a parent, guardian, or authorised adult. We do not knowingly collect personal data from children unless it is required in connection with a lawful service arrangement.

12. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in the law, our services, or our processing activities. Any updated version will apply from the date it is made available. We encourage you to review this policy periodically so you remain informed about how we handle personal data.

13. Summary of our commitment

Cowley Storage is committed to protecting personal information and using it responsibly. We collect only what we need, use it for clear and lawful purposes, retain it only as long as necessary, and work with processors who are bound by confidentiality and security obligations. We also respect your rights and will handle requests in line with applicable data protection law. Privacy, security, and transparency are central to how we operate.

Call Now!
Call Now Get a Quote
Cowley Storage

GDPR-compliant Privacy Policy for Cowley Storage covering data collection, lawful basis, retention, processors, and user rights for all local customers.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.