Privacy Policy - Nineelms Storage

This Privacy Policy explains how Nineelms Storage collects, uses, stores, shares, and protects personal data in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. It applies to all Nineelms Storage customers in the area, including individuals, household customers, business customers, and anyone who uses or enquires about storage services provided by Nineelms Storage.

We are committed to handling personal data fairly, lawfully, and transparently. We only collect data that is relevant and necessary for operating our storage services, meeting legal obligations, and improving the customer experience. By using our services, you acknowledge that your personal data may be processed in accordance with this Privacy Policy.

1. Data We Collect

We may collect and process the following categories of personal data:

  • Identity information: name, title, date of birth, and identification details where required for verification.
  • Contact information: address, email address, telephone number, and billing details.
  • Account and service information: storage unit reference, booking records, access logs, payment history, and communication preferences.
  • Financial information: payment card details, bank information, invoice records, and transaction confirmations.
  • Security information: CCTV footage, access control records, vehicle registration details, and incident reports where relevant.
  • Communications: correspondence with our team, feedback, complaints, and other messages.
  • Technical information: IP address, device information, and cookie or similar usage data when you interact with digital systems we use.

We do not intentionally collect special category data unless it is necessary, lawfully permitted, or provided by you in a specific context. If such data is submitted to us, we will handle it with extra care and only process it where a valid legal basis exists.

2. How We Use Personal Data

We use personal data to operate our storage business and to meet our legal and contractual responsibilities. This includes:

  • Setting up and managing customer accounts.
  • Providing storage services and maintaining secure site access.
  • Processing payments, refunds, and account balances.
  • Communicating about bookings, notices, service changes, and important updates.
  • Managing security, preventing fraud, and protecting property.
  • Handling enquiries, disputes, claims, and complaints.
  • Meeting legal and regulatory obligations, including tax and accounting requirements.
  • Improving our services, systems, and operational efficiency.

We only use personal data for purposes that are compatible with the reason it was collected. If we need to use it for a new purpose, we will make sure that purpose is lawful and, where required, we will inform you.

3. Lawful Basis for Processing

Under data protection law, we must have a lawful basis to process personal data. Depending on the context, Nineelms Storage may rely on one or more of the following legal bases:

Contract

We process personal data where it is necessary to enter into or perform a contract with you. This includes managing your storage agreement, processing payments, providing access, and handling account-related communications.

Legal Obligation

We process certain data to comply with legal requirements, such as accounting, tax, fraud prevention, law enforcement requests, and record-keeping obligations.

Legitimate Interests

We may process data where it is necessary for our legitimate interests, provided those interests are not overridden by your rights and freedoms. Examples include site security, CCTV monitoring, preventing misuse of services, improving operations, and maintaining business records. When relying on legitimate interests, we assess the impact on your privacy and take appropriate safeguards.

Consent

In some situations, we may rely on your consent, for example for certain optional communications or specific data uses not covered by another lawful basis. Where consent is used, you may withdraw it at any time. This will not affect processing carried out before withdrawal.

Vital Interests and Public Task

These bases are unlikely to apply in most storage service situations, but they may be used if necessary in exceptional circumstances involving safety or public authority requirements.

4. Sharing Personal Data and Processors

We may share personal data with trusted third parties who act as processors or, in some cases, independent controllers. We only share what is necessary and require appropriate contractual and security safeguards.

Examples of processors and service providers may include:

  • Payment service providers for secure transaction processing.
  • IT and cloud service providers for data hosting, email, and system support.
  • Security service providers for monitoring, access control, and incident response.
  • Professional advisers such as accountants, auditors, insurers, and legal advisers.
  • Maintenance and facilities contractors where access to limited data is needed to perform their work.
  • Government bodies, regulators, or law enforcement where disclosure is required by law or necessary to protect rights and safety.

Processors are only allowed to act on our documented instructions and must protect personal data with appropriate technical and organisational measures. We do not sell personal data.

5. International Transfers

Where any processor or service provider stores or accesses data outside the UK, we will ensure that appropriate safeguards are in place. These may include adequacy regulations, standard contractual clauses, or equivalent lawful transfer mechanisms. We review such arrangements to help ensure your information remains protected.

6. Retention of Personal Data

We keep personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, and reporting requirements. Retention periods may vary depending on the type of data and the reason for processing.

  • Customer account and contract records: retained for the duration of the relationship and for a reasonable period afterwards.
  • Payment and accounting records: retained for the period required by tax and financial laws.
  • Security records such as CCTV: retained only for as long as needed for security, incident investigation, or legal purposes.
  • Correspondence and complaints: kept for the time needed to manage the matter and any follow-up obligations.

When personal data is no longer needed, we will securely delete it, anonymise it, or otherwise dispose of it safely.

7. Data Security

We use appropriate technical and organisational measures to protect personal data against unauthorised access, loss, alteration, disclosure, or destruction. These measures may include access controls, encryption, secure storage, staff training, and regular review of security practices.

While no system is completely risk-free, we work to reduce risk and respond promptly to potential incidents. Where required by law, we may notify affected individuals and relevant authorities of a personal data breach.

8. Your Rights

Under data protection law, you have a number of rights in relation to your personal data. These rights may be subject to certain conditions and exemptions:

  • Right of access: request a copy of the personal data we hold about you.
  • Right to rectification: ask us to correct inaccurate or incomplete data.
  • Right to erasure: request deletion of your data where there is no lawful reason to keep it.
  • Right to restriction: ask us to limit how we use your data in certain circumstances.
  • Right to data portability: request transfer of certain data in a structured, commonly used format.
  • Right to object: object to processing based on legitimate interests or direct marketing.
  • Right to withdraw consent: withdraw consent where processing relies on consent.

If you wish to exercise any of these rights, we will consider your request in accordance with applicable law. We may need to verify your identity before acting on the request. You also have the right to raise concerns with the UK Information Commissioner’s Office if you believe your data protection rights have been infringed.

9. Children’s Data

Our storage services are not directed at children, and we do not knowingly collect personal data from children except where it is incidentally provided in the context of a customer relationship and permitted by law. If we become aware that we have collected data unlawfully, we will take appropriate steps to delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, operational practices, or service arrangements. Any revised version will apply from the date it is published or otherwise communicated. We encourage you to review this policy periodically to stay informed about how we handle personal data.

11. Summary of Our Commitment

Nineelms Storage is committed to protecting privacy and processing personal data in a lawful, fair, and transparent manner. We collect only what we need, use it for clear business purposes, keep it only as long as necessary, and share it only with trusted processors or where the law requires it. All Nineelms Storage customers in the area are covered by this policy, and we aim to respect your rights at every stage of our service relationship.

Call Now!
Call Now Get a Quote
Nineelms Storage

GDPR-compliant Privacy Policy for Nineelms Storage covering data collection, lawful basis, retention, processors, and user rights for all customers in the area.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.