Privacy Policy - Cricklewood Storage

This Privacy Policy explains how Cricklewood Storage collects, uses, stores, shares, and protects personal data in connection with its storage services. It applies to all Cricklewood Storage customers in the area, including prospective customers, current customers, account holders, business users, visitors to our premises, and individuals who communicate with us about our services.

We are committed to handling personal data in a lawful, fair, and transparent manner in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy sets out what information we collect, the lawful bases we rely on, how long we keep data, the types of processors we use, and the rights available to individuals.

1. Data We Collect

We collect only the personal data necessary to provide and manage our storage services, maintain security, and meet legal obligations. Depending on your relationship with us, this may include:

  • Identity details: name, date of birth, and proof of identity where required.
  • Contact details: postal address, email address, and telephone number.
  • Account and transaction data: booking details, unit size, payment history, invoices, and service records.
  • Security and access data: entry logs, CCTV footage, alarm records, and access credentials where used.
  • Correspondence: messages, complaints, service requests, and notes about interactions.
  • Technical data: limited website or device information if you interact with our systems, such as IP address or browser type, where applicable.
  • Special category data: we do not seek to collect special category data unless it is strictly necessary and you have chosen to provide it, or another lawful condition applies.

We do not intentionally collect more information than is required to operate the storage service safely and effectively. If you provide information about another person, you should ensure that you have the authority to do so.

2. How We Use Personal Data

We use personal data for the following purposes:

  • to set up and manage storage accounts;
  • to verify identity and prevent fraud;
  • to process payments and issue invoices;
  • to provide access to storage units and manage security;
  • to communicate about service updates, notices, and account matters;
  • to handle queries, complaints, and disputes;
  • to comply with legal and regulatory obligations;
  • to protect our property, staff, customers, and premises;
  • to establish, exercise, or defend legal claims.

Where we rely on CCTV or access logs, these are used for security, crime prevention, and incident investigation. We will only use data in ways that are compatible with the purposes for which it was collected.

3. Lawful Basis for Processing

We process personal data under one or more of the following lawful bases:

Contract

We process data where it is necessary to enter into or perform a contract with you. This includes account administration, payments, storage access, and service delivery.

Legal Obligation

We may process personal data to meet legal requirements, such as accounting, tax, fraud prevention, health and safety obligations, and compliance with lawful requests from authorities.

Legitimate Interests

We may rely on our legitimate interests where this is necessary for running a secure and efficient storage business, provided those interests are not overridden by your rights and freedoms. Examples include site security, CCTV monitoring, service improvement, internal administration, and limited communications relating to the service.

Consent

In limited situations, we may ask for your consent, for example where consent is required for optional communications or specific uses of personal data. When consent is used, you can withdraw it at any time, without affecting the lawfulness of processing carried out before withdrawal.

Vital Interests

In rare circumstances, we may process personal data to protect someone’s vital interests, such as in an emergency.

4. Data Sharing and Processors

We may share personal data with trusted third parties that act as processors or independent controllers, but only where necessary and with appropriate safeguards. Our processors may include:

  • payment service providers and card processors;
  • IT hosting, cloud storage, and software providers;
  • security monitoring and CCTV service providers;
  • accounting and bookkeeping providers;
  • professional advisers such as lawyers, auditors, or insurers;
  • delivery, maintenance, or facilities contractors acting under our instructions.

Where third parties process data on our behalf, they are required to keep it secure, use it only for the agreed purpose, and comply with data protection obligations. We may also disclose personal data to law enforcement, regulators, or other authorities where required by law or where necessary to protect our rights, property, staff, or customers.

We do not sell personal data. Any sharing is limited to what is necessary and proportionate for the service or for compliance with legal obligations.

5. Data Retention

We keep personal data only for as long as necessary for the purposes for which it was collected, and to satisfy legal, contractual, accounting, or security requirements. Retention periods depend on the type of data and the reason for holding it.

  • Customer account and contract records: kept for the duration of the relationship and for a reasonable period after it ends.
  • Financial and tax records: retained for the period required by law and accounting practice.
  • CCTV and access logs: normally kept for a limited period unless required for an investigation, claim, or legal request.
  • Complaints and correspondence: retained for as long as needed to resolve the matter and maintain proper records.

When data is no longer required, we will delete it securely or anonymise it so that it can no longer identify you. We regularly review retention periods to ensure data is not kept longer than necessary.

6. Security of Personal Data

We use appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure. These measures may include restricted access, secure systems, encryption where appropriate, staff confidentiality obligations, and regular review of security controls.

Although we take reasonable steps to protect personal data, no system can be guaranteed to be completely secure. If a personal data breach occurs, we will act in accordance with applicable law and, where required, notify the relevant authority and affected individuals.

7. Your Rights

Under data protection law, you may have the following rights in relation to your personal data:

  • Right of access: to request a copy of the personal data we hold about you.
  • Right to rectification: to ask us to correct inaccurate or incomplete data.
  • Right to erasure: to request deletion of data in certain circumstances.
  • Right to restriction: to ask us to limit processing in certain situations.
  • Right to object: to object to processing based on legitimate interests or direct marketing.
  • Right to data portability: to receive certain data in a structured, commonly used format where applicable.
  • Right to withdraw consent: where processing is based on consent.

These rights are not absolute. They may be subject to legal exceptions, and we may need to retain or process some information where permitted or required by law. If you wish to exercise a right, we may need to verify your identity before responding.

8. Children’s Data

Our storage services are not directed at children, and we do not knowingly collect personal data from children unless it is necessary in connection with an adult customer’s account or legal obligation. If we become aware that we have collected data improperly, we will take reasonable steps to delete it.

9. International Transfers

If any of our processors store or access data outside the UK, we will ensure appropriate safeguards are in place, such as adequacy regulations, standard contractual clauses, or equivalent protection measures. Any transfer will be made in a way that preserves the security and rights required under data protection law.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in law, operations, or service arrangements. Any updated version will apply from the date it is published or otherwise communicated. We encourage customers to review this policy periodically to stay informed about how we handle personal data.

11. Data Protection Principles

Cricklewood Storage is committed to following the core principles of data protection, including:

  • lawfulness, fairness, and transparency;
  • purpose limitation;
  • data minimisation;
  • accuracy;
  • storage limitation;
  • integrity and confidentiality;
  • accountability.

We aim to ensure that personal data is used responsibly and only where there is a clear and lawful need. If you have concerns about how your data is handled, you may raise them through the appropriate channels, and you also have the right to lodge a complaint with the UK Information Commissioner’s Office.

Last updated: 2026

Call Now!
Call Now Get a Quote
Cricklewood Storage

GDPR-compliant Privacy Policy for Cricklewood Storage covering data collection, lawful basis, retention, processors, user rights, and area-wide applicability.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.