Privacy Policy - Parkroyal Storage

Effective date: This Privacy Policy applies to all Parkroyal Storage customers in the area, including individuals who enquire about, use, or have used our storage services, related facilities, or account management services.

Parkroyal Storage is committed to protecting personal data and respecting privacy rights under applicable data protection law, including the UK GDPR and the Data Protection Act 2018. This Privacy Policy explains how we collect, use, store, share, and protect personal information, and describes the rights available to individuals whose data we process.

1. Who We Are

For the purposes of data protection law, Parkroyal Storage acts as the data controller in relation to personal data processed for the management and provision of our storage services, customer administration, security, billing, and compliance activities. This means we determine the purposes and means of processing personal data.

2. Personal Data We Collect

We collect only the personal data that is necessary for the purposes described in this Privacy Policy. Depending on your relationship with us, this may include:

  • Identity information such as your name, title, date of birth, and account reference number.
  • Contact details such as billing address, correspondence address, email address, and telephone number.
  • Account and service information such as storage unit details, move-in and move-out dates, payment history, service preferences, and communication records.
  • Financial information such as payment method details and transaction records. We do not store full card details where these are processed through secure payment providers.
  • Security information such as CCTV images, access records, logs of entry to our premises, and incident reports where relevant.
  • Communication data such as emails, written correspondence, call notes, complaint details, and other messages exchanged with us.
  • Verification information such as identity documents or proof of address when needed to confirm identity or meet legal obligations.
  • Technical data such as limited device or usage information when you interact with our digital systems, if applicable.

We generally do not intentionally collect special category data unless it is provided by you or becomes necessary in specific circumstances, for example to support a complaint or legal claim. If that happens, we will only process it where permitted by law and with appropriate safeguards.

3. How We Use Personal Data

We use personal data for lawful and legitimate business purposes, including to:

  • set up and manage customer accounts;
  • provide storage services and maintain access arrangements;
  • process payments, invoices, refunds, and credit control matters;
  • communicate with customers about service updates, account changes, and administrative matters;
  • maintain the security of our sites, property, staff, customers, and stored goods;
  • respond to enquiries, complaints, disputes, and claims;
  • comply with legal, regulatory, tax, accounting, and record-keeping obligations;
  • prevent fraud, misuse, unlawful activity, and breaches of contract;
  • improve our services, systems, and customer experience; and
  • establish, exercise, or defend legal rights.

We do not sell personal data. Any processing is limited to what is necessary for the operation of our services, legal compliance, and legitimate business interests.

4. Lawful Basis for Processing

Under data protection law, we must have a lawful basis to process personal data. The lawful bases we rely on include:

Contract

We process personal data where it is necessary to enter into or perform a contract with you, such as setting up your storage account, managing access to a unit, processing payments, and delivering services you request.

Legal Obligation

We may process data to comply with legal and regulatory requirements, including tax, accounting, anti-fraud, health and safety, and record retention obligations.

Legitimate Interests

We may process data where it is necessary for our legitimate interests, provided those interests are not overridden by your rights and freedoms. This may include site security, CCTV monitoring, fraud prevention, service improvement, debt recovery, internal administration, and enforcing contractual terms. We assess these interests carefully and apply safeguards where required.

Consent

Where we rely on your consent, we will make that clear at the time of collection. You may withdraw consent at any time where processing is based on consent, without affecting the lawfulness of processing before withdrawal.

Vital Interests

In limited cases, we may process data to protect someone’s vital interests, for example in an emergency involving health or safety.

5. Retention of Personal Data

We keep personal data only for as long as necessary to fulfil the purposes for which it was collected, including satisfying legal, accounting, or reporting requirements. The retention period varies depending on the nature of the data and why it is held.

  • Customer account records are generally kept for the duration of the relationship and for a reasonable period afterwards to manage enquiries, disputes, and legal claims.
  • Payment and accounting records are kept for the period required by law, including tax and financial reporting obligations.
  • Security records and CCTV footage are retained only as long as necessary for security, incident review, or investigation purposes, unless required longer for legal reasons.
  • Communication records are retained for the period needed to respond to your matter, maintain service history, and resolve issues.
  • Identity verification records are held only as long as needed for compliance and fraud prevention purposes.

When data is no longer required, we will securely delete, anonymise, or otherwise dispose of it in accordance with applicable law and internal retention procedures. Retention is never indefinite; we review records periodically to ensure they are not kept for longer than necessary.

6. Processors and Third Parties

We may share personal data with trusted third-party service providers acting as processors on our behalf. These parties are only permitted to process data according to our instructions and must implement appropriate security measures. Typical processors may include:

  • payment processing providers;
  • IT hosting, software, and cloud service providers;
  • security and CCTV system providers;
  • customer service and administrative support providers;
  • professional advisers such as accountants, auditors, insurers, and legal advisers;
  • collection and recovery agencies where lawful and appropriate; and
  • maintenance or facilities support providers where access to data is necessary to perform services.

We may also disclose data to independent controllers where required or permitted by law, including law enforcement agencies, courts, regulators, and public authorities. If our business is restructured, transferred, or sold, personal data may be shared with relevant parties as part of that transaction, subject to legal protections.

7. Data Security

We take appropriate technical and organisational measures to protect personal data from unauthorised access, accidental loss, unlawful destruction, alteration, or disclosure. These measures may include access controls, encryption where appropriate, staff confidentiality obligations, secure storage, and regular review of security practices. While we work hard to protect information, no system can be guaranteed to be completely secure.

8. Your Rights

Depending on the legal basis and circumstances of processing, you may have the following rights under data protection law:

  • Right of access – to request confirmation of whether we process your data and obtain a copy of it.
  • Right to rectification – to have inaccurate or incomplete data corrected.
  • Right to erasure – to request deletion of data in certain circumstances.
  • Right to restrict processing – to request limited use of your data in specific situations.
  • Right to object – to object to processing based on legitimate interests or direct marketing, where applicable.
  • Right to data portability – to receive certain data in a structured, commonly used, machine-readable format where processing is based on consent or contract and carried out by automated means.
  • Right to withdraw consent – where consent is the lawful basis for processing.

You may also have the right to lodge a complaint with the relevant supervisory authority if you believe your data protection rights have been infringed. We encourage you to raise concerns with us first so we can attempt to resolve them promptly and fairly.

9. Automated Decision-Making

We do not make decisions about customers based solely on automated processing that produce legal effects or similarly significant effects, unless we have informed you and such processing is lawful. If automated tools are used for security, fraud detection, or administrative efficiency, appropriate human oversight is applied where required.

10. International Transfers

If personal data is transferred outside the United Kingdom or the European Economic Area, we will ensure that appropriate safeguards are in place, such as adequacy regulations, standard contractual clauses, or equivalent protections recognised by law.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in law, our services, or our data processing practices. The updated version will apply from the date it is published or otherwise communicated. We encourage customers to review this policy periodically to stay informed about how we protect personal data.

12. Summary of Our Commitment

Parkroyal Storage treats privacy as an important part of customer trust. We aim to collect only the data we need, use it fairly and lawfully, retain it for no longer than necessary, and protect it with appropriate safeguards. We also respect your rights and seek to be transparent about how personal data is handled throughout the customer relationship.

In short: we process personal data for legitimate storage, administrative, security, legal, and contractual purposes; we use trusted processors where necessary; and we keep your information only for as long as required.

Call Now!
Call Now Get a Quote
Parkroyal Storage

GDPR-compliant Privacy Policy for Parkroyal Storage covering data collection, lawful bases, retention, processors, and user rights for all local customers.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.