Privacy Policy - Castelnau Storage

Effective for all Castelnau Storage customers in the area, this Privacy Policy explains how we collect, use, store, share, and protect personal data when providing self-storage and related services. It applies to all customers, prospective customers, authorised users, and visitors who interact with Castelnau Storage in connection with our services.

1. Who we are and what this policy covers

Castelnau Storage is responsible for handling personal data obtained in the course of operating our storage services. We are committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy explains the types of information we collect, the legal reasons for processing it, how long we keep it, who may process it on our behalf, and the rights available to you as a data subject.

This policy should be read carefully so you understand how your information is handled. By using our services, you acknowledge that your data may be processed in accordance with this policy and applicable law.

2. Data we collect

We collect only the information necessary to provide our services, manage our business, meet legal obligations, and protect our premises and customers. The categories of data may include:

  • Identity data: name, date of birth, and, where required, identification documents.
  • Contact data: postal address, email address, telephone number, and emergency contact details where appropriate.
  • Contract and account data: storage unit details, rental terms, payment status, correspondence, and service history.
  • Financial data: billing information, payment records, refund details, and limited transaction information needed for accounting.
  • Access and security data: entry logs, CCTV images, gate access records, and incident reports.
  • Usage data: records of communications, service requests, complaints, and visits to our facility.
  • Technical data: limited online or device information if you interact with us through digital systems, such as IP address or browser type.

We generally collect personal data directly from you. In some cases, we may also receive information from third parties such as payment providers, insurers, emergency contacts, legal representatives, or public authorities, where necessary and lawful.

3. How we use your data and our lawful basis

We only process personal data where we have a valid lawful basis under data protection law. Depending on the purpose, the lawful bases we rely on may include contract, legal obligation, legitimate interests, and consent where applicable.

Contract

We process personal data to enter into and perform our storage agreement with you. This includes setting up your account, managing your unit, taking payments, communicating about service matters, and delivering contracted services.

Legal obligation

We process data when needed to comply with legal duties, such as financial record-keeping, fraud prevention, responding to lawful requests from authorities, and meeting health and safety requirements.

Legitimate interests

We may process data where it is necessary for our legitimate interests, provided those interests are not overridden by your rights and freedoms. This may include protecting our premises, preventing theft or damage, monitoring security, handling disputes, improving services, and managing business operations.

Consent

In limited situations, we may ask for your consent, for example for certain optional communications or specific uses of information not covered by another lawful basis. Where consent is used, you may withdraw it at any time.

We do not use personal data for purposes that are incompatible with the reasons for which it was collected unless we have a lawful basis to do so.

4. Sharing your data and processors

We may share personal data with trusted third parties who assist us in operating our business. These parties act as processors when they handle data on our behalf and only in accordance with our instructions and contractual safeguards. Examples may include:

  • payment service providers and accounting systems;
  • IT support, cloud storage, and software providers;
  • security and CCTV monitoring providers;
  • professional advisers such as auditors, insurers, or legal advisers;
  • couriers or contractors where required to support operations;
  • law enforcement, regulators, courts, or other public bodies where disclosure is required by law.

We take appropriate steps to ensure processors protect your information, process it only for authorised purposes, and maintain confidentiality and security. We do not sell personal data.

5. Retention of personal data

We keep personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting, operational, and security requirements. Retention periods vary depending on the type of data and the reason for holding it.

  • Contract and account records: kept for the duration of the storage relationship and for a further period after it ends to deal with claims, complaints, or accounting obligations.
  • Financial records: retained for the period required by tax and accounting laws.
  • Security records: including CCTV and access logs, kept for a limited period unless required longer for investigation, incident management, or legal proceedings.
  • Communication records: retained for as long as needed to manage customer service, disputes, or ongoing operational matters.

When personal data is no longer needed, we will securely delete, anonymise, or otherwise dispose of it in line with our internal retention procedures.

6. Data security

We use appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, loss, or destruction. These measures may include restricted access controls, secure storage, staff training, password protection, and monitoring of systems and premises. While no system is completely risk-free, we work to maintain a level of security appropriate to the nature of the data we process.

7. Your rights

Under data protection law, you have a number of rights in relation to your personal data, subject to certain conditions and exemptions. These rights include:

  • Right of access: to request confirmation of whether we process your data and to obtain a copy of it.
  • Right to rectification: to request correction of inaccurate or incomplete data.
  • Right to erasure: to request deletion of your data in certain circumstances.
  • Right to restriction: to ask us to limit processing in specific situations.
  • Right to object: to object to processing based on legitimate interests or direct marketing, where applicable.
  • Right to data portability: to receive certain data in a structured, commonly used format where processing is based on consent or contract and carried out by automated means.
  • Right to withdraw consent: where processing relies on consent, you may withdraw it at any time.

Strongly note: these rights are not absolute. In some cases, we may need to retain or process data despite a request, for example where required by law or necessary to establish, exercise, or defend legal claims.

8. Automated decision-making and profiling

We do not make decisions based solely on automated processing that produce legal or similarly significant effects on you, unless we have told you otherwise and the law permits it. If we ever use automated tools in a material way, we will ensure appropriate safeguards are in place.

9. Complaints and changes to this policy

If you have concerns about how your personal data is handled, you may raise them with us. You also have the right to complain to the relevant data protection authority if you believe your rights have been infringed. We may update this Privacy Policy from time to time to reflect legal, operational, or service changes. The most current version will apply to our processing of your personal data.

By using Castelnau Storage services, you acknowledge that this Privacy Policy applies to you as one of our customers in the area.

Call Now!
Call Now Get a Quote
Castelnau Storage

GDPR-compliant Privacy Policy for Castelnau Storage covering data collection, lawful bases, retention, processors, security, and user rights for all local customers.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.