Privacy Policy - Barbican Storage

Last updated: This Privacy Policy explains how Barbican Storage collects, uses, stores, shares, and protects personal data in connection with the storage services it provides. It applies to all Barbican Storage customers in area, including prospective customers, current customers, former customers, visitors, contractors, and other individuals whose personal data is processed in the course of our services.

Barbican Storage is committed to handling personal data in a lawful, fair, transparent, and secure manner in accordance with applicable data protection laws, including the UK GDPR and the Data Protection Act 2018, where relevant.

1. Scope of this Privacy Policy

This Privacy Policy applies where Barbican Storage acts as a data controller, meaning we determine the purposes and means of processing personal data. It covers personal data collected through our storage service relationships, booking and account administration, billing, site access, security, communication, and legal compliance activities.

For the avoidance of doubt, this Policy applies to all Barbican Storage customers in area, regardless of whether services are purchased by individuals, households, businesses, or organisations.

2. Personal Data We Collect

We collect only the personal data that is necessary for the provision and management of our services, or that is otherwise required by law. The categories of data we may collect include:

  • Identity data: name, title, and where applicable, business name or representative information.
  • Contact data: postal address, email address, telephone number, and alternative contact details.
  • Account and transaction data: customer reference numbers, booking details, payment records, invoices, service selections, and communications relating to service use.
  • Security and access data: sign-in records, access logs, ID verification details, CCTV-related records where applicable, and other site security information.
  • Device and technical data: limited technical information generated when using our digital systems, such as IP address, browser type, timestamps, and system logs.
  • Correspondence data: records of enquiries, complaints, requests, and other communications.
  • Legal and compliance data: information required to meet statutory obligations, resolve disputes, prevent fraud, or support insurance or legal claims.

We do not intentionally collect special category data unless it is necessary and lawful to do so. If such data is provided to us by a customer or is incidentally included in correspondence, we will process it only where a valid legal basis exists and additional safeguards are in place.

3. How We Collect Personal Data

We may collect personal data directly from you when you:

  • request information about our services;
  • make a booking or create an account;
  • enter into or manage a storage agreement;
  • make a payment or issue a refund request;
  • contact us with an enquiry or complaint;
  • access our premises or use our security systems;
  • participate in verification processes required for security or legal reasons.

We may also receive personal data from:

  • payment providers;
  • identity verification and fraud prevention services;
  • professional advisers, insurers, or legal representatives;
  • public authorities or law enforcement where required by law;
  • third parties authorised by you to act on your behalf.

4. Lawful Basis for Processing

We process personal data only where we have a lawful basis to do so. Depending on the activity, we rely on one or more of the following lawful bases:

  • Contract: to enter into, manage, and perform our storage services, including bookings, billing, access arrangements, and customer support.
  • Legal obligation: to comply with applicable laws, tax and accounting rules, regulatory requirements, and lawful requests from authorities.
  • Legitimate interests: to operate and secure our business, prevent fraud, maintain site safety, improve services, manage risk, and defend legal claims, provided those interests are not overridden by your rights and freedoms.
  • Consent: where we rely on your explicit agreement for certain optional activities, such as specific marketing or non-essential communications, and you may withdraw consent at any time.
  • Vital interests: in rare circumstances where processing is necessary to protect someone’s life.

Where we rely on legitimate interests, we carry out a balancing assessment to ensure your privacy rights are respected. We do not use personal data in ways that are incompatible with the purposes for which it was collected.

5. How We Use Personal Data

We use personal data for the following purposes:

  • providing and administering storage services;
  • creating and managing customer records;
  • processing payments, issuing invoices, and handling refunds;
  • verifying identity and preventing unauthorised access;
  • monitoring security and protecting our premises, customers, staff, and property;
  • responding to enquiries, complaints, and customer requests;
  • meeting tax, accounting, legal, and regulatory obligations;
  • managing disputes, insurance matters, and legal claims;
  • improving service quality, operational efficiency, and system reliability;
  • sending essential service communications and, where permitted, relevant updates.

We will not sell your personal data. We will only use it for the purposes described in this Policy or for compatible purposes permitted by law.

6. Data Sharing and Processors

We may share personal data with trusted third parties who act as data processors or, in some cases, independent controllers. These parties only process data on our instructions or for their own lawful purposes where appropriate. They may include:

  • Payment service providers: to process transactions and support billing operations;
  • IT and cloud service providers: to host, maintain, and secure our systems and data;
  • Security providers: to support access control, monitoring, alarms, and CCTV-related systems where used;
  • Identity verification and fraud prevention providers: to confirm identity and reduce misuse;
  • Professional advisers: such as accountants, auditors, insurers, and legal advisers;
  • Public bodies and authorities: where disclosure is required by law or necessary to protect rights, property, or safety.

Where third parties act as processors, we require appropriate contractual safeguards, including confidentiality, security obligations, and restrictions on further use of personal data. We take reasonable steps to ensure that any processor we engage provides adequate protection for personal data.

International Transfers

If personal data is transferred outside the United Kingdom, we will ensure that appropriate safeguards are in place, such as adequacy regulations or approved contractual measures, so that your data continues to receive a level of protection essentially equivalent to that required under applicable law.

7. Data Retention

We keep personal data only for as long as necessary for the purposes for which it was collected, and to satisfy legal, accounting, tax, insurance, and operational requirements. Retention periods vary depending on the type of data and the purpose of processing.

  • Customer and contract records: retained for the duration of the service relationship and for a reasonable period afterwards to manage claims or obligations.
  • Financial records: retained for the period required by tax and accounting laws.
  • Security records: retained for the period needed to maintain site safety, investigate incidents, or comply with legal requirements.
  • Correspondence: retained as long as needed to respond to queries, resolve disputes, and maintain records of decisions.

When personal data is no longer needed, we will securely delete, anonymise, or archive it in accordance with our retention procedures. Retention is reviewed periodically to ensure data is not kept longer than necessary.

8. Security of Personal Data

We use appropriate technical and organisational measures to protect personal data against accidental loss, unauthorised access, alteration, disclosure, or destruction. These measures may include access controls, encryption where appropriate, secure storage, staff training, restricted permissions, and physical safeguards at our sites and offices.

Although we take reasonable steps to protect personal data, no system can be guaranteed to be completely secure. In the event of a personal data breach, we will respond in accordance with applicable legal requirements, including assessing the breach and notifying affected individuals and regulators where necessary.

9. Your Rights

Subject to legal conditions and exemptions, you have the following rights in relation to your personal data:

  • Right of access: to request a copy of the personal data we hold about you.
  • Right to rectification: to request correction of inaccurate or incomplete data.
  • Right to erasure: to request deletion of your data where there is no lawful reason to continue processing it.
  • Right to restriction: to request limited processing in certain circumstances.
  • Right to data portability: to receive certain data in a structured, commonly used format and, where feasible, have it transferred to another controller.
  • Right to object: to object to processing based on legitimate interests or direct marketing.
  • Right to withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting prior lawful processing.
  • Right to complain: to raise concerns with the relevant supervisory authority if you believe your data protection rights have been infringed.

To exercise your rights, we may need to verify your identity before responding. We will respond to valid requests within the timeframes required by law, unless an extension is permitted due to complexity or volume.

10. Children’s Data

Our services are generally intended for adults. We do not knowingly collect personal data from children except where necessary in connection with a lawful service arrangement or where provided by an authorised adult. If we become aware that personal data has been collected unlawfully from a child, we will take appropriate steps to delete or protect it.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in legal requirements, operational practices, or service arrangements. Any updated version will apply from the date it is made effective. We encourage customers to review this Policy periodically to remain informed about how personal data is handled.

12. Summary of Our Commitment

Barbican Storage is committed to protecting the privacy of all Barbican Storage customers in area. We collect only the data needed to provide secure and reliable services, process it under a valid lawful basis, retain it only as long as necessary, and use trusted processors under appropriate safeguards. We also respect your rights and aim to handle every request with transparency, fairness, and care.

Call Now!
Call Now Get a Quote
Barbican Storage

GDPR-compliant Privacy Policy for Barbican Storage covering data collection, lawful basis, retention, processors, and user rights for all customers in area.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.