Privacy Policy - Penge Storage

Last updated: 14 May 2026

This Privacy Policy explains how Penge Storage collects, uses, shares, stores, and protects personal data in connection with its storage services. It applies to all Penge Storage customers in the area, including prospective customers, current customers, former customers, and anyone whose personal data is processed in the course of providing storage services.

We are committed to handling personal data lawfully, fairly, and transparently in line with the UK GDPR and the Data Protection Act 2018. This policy should be read together with any service terms that apply to your storage agreement.

1. Personal Data We Collect

We collect only the personal data we need to operate our storage services, manage accounts, and meet legal obligations. The types of information we may collect include:

  • Identity details: name, date of birth, and identification information where needed for verification.
  • Contact details: address, email address, and telephone number.
  • Account and contract details: storage unit reference, rental dates, payment records, and service preferences.
  • Financial information: payment status, billing records, and limited transaction data processed through payment providers.
  • Security records: access logs, CCTV images, alarm records, incident reports, and gate entry information where applicable.
  • Communications: correspondence with us by phone, email, or in writing, including complaints and service requests.
  • Technical data: limited device or system data when you interact with our digital systems, where such systems are used.

We do not seek to collect special category data unless it is voluntarily provided by you and necessary for a specific lawful purpose, for example in connection with a claim or complaint. Where such information is provided, it will be handled with appropriate safeguards.

2. How We Use Personal Data

We use personal data for the following purposes:

  • to set up and manage customer accounts;
  • to provide storage services and administer rental agreements;
  • to verify identity and prevent fraud;
  • to process payments, refunds, and outstanding balances;
  • to manage access to storage facilities and maintain security;
  • to handle enquiries, complaints, disputes, and claims;
  • to comply with legal, tax, accounting, and regulatory requirements;
  • to enforce contractual rights and recover debts where necessary;
  • to monitor, investigate, and prevent unauthorised access or criminal activity;
  • to improve our services, systems, and internal operations.

We will only use your personal data where we have a valid legal reason to do so and only for the purposes described in this policy or otherwise permitted by law.

3. Lawful Basis for Processing

Under data protection law, we must have a lawful basis to process personal data. Depending on the activity, we rely on one or more of the following lawful bases:

Contract

We process personal data when it is necessary to enter into or perform our storage contract with you. This includes setting up your account, managing your unit, taking payment, and delivering services you have requested.

Legal Obligation

We process personal data where needed to comply with legal obligations, including tax, accounting, fraud prevention, record-keeping, health and safety, and lawful requests from authorities.

Legitimate Interests

We may process personal data where it is necessary for our legitimate interests or those of a third party, provided your interests and rights do not override those interests. Examples include protecting our premises, preventing crime, managing risk, improving services, and enforcing agreements. We carry out balancing tests where required.

Consent

In limited cases, we may rely on your consent, for example for certain optional communications or where consent is required by law. Where consent is used, you may withdraw it at any time.

We do not rely on consent where another lawful basis is more appropriate, such as contract or legal obligation.

4. Sharing Personal Data and Processors

We may share personal data with trusted third parties where necessary for the purposes set out in this policy. These parties act as processors or, in some cases, independent controllers.

Processors may include:

  • payment service providers that handle card or online payments;
  • IT and cloud service providers that store or support our systems;
  • security providers that operate CCTV, alarms, or access control systems;
  • accounting, audit, or record-management providers;
  • maintenance and facilities support providers;
  • legal advisers, insurers, and debt recovery services where needed.

We require processors to act only on our instructions, keep data secure, and process personal data in compliance with data protection law. We do not sell your personal data.

We may also disclose data where required to do so by law, court order, regulator, or law enforcement agency. If a business transfer, restructuring, or sale occurs, personal data may be shared with relevant parties under appropriate safeguards.

5. Data Retention

We keep personal data only for as long as necessary for the purposes for which it was collected, including to satisfy legal, accounting, insurance, and reporting requirements.

Retention periods vary depending on the type of data and the reason it is held. As a general approach:

  • Customer account and contract records are kept for the duration of the agreement and for a period afterwards where needed to handle claims, disputes, or legal obligations.
  • Payment and accounting records are retained for the period required by tax and accounting law.
  • Security records such as access logs and CCTV are kept only for a limited period unless needed for an investigation, legal claim, or incident response.
  • Communications and complaint records are kept as long as necessary to resolve the matter and for subsequent reference where required.

When data is no longer required, we will securely delete, anonymise, or otherwise dispose of it in a safe manner.

6. Your Rights

Data protection law gives you a number of rights in relation to your personal data. Subject to certain conditions and exceptions, you may have the right to:

  • access the personal data we hold about you;
  • rectify inaccurate or incomplete information;
  • erase your data in certain circumstances;
  • restrict how we use your data in certain situations;
  • object to processing based on legitimate interests or direct marketing;
  • data portability for information you provided to us in a structured, commonly used format where applicable;
  • withdraw consent where processing is based on consent;
  • complain to the relevant supervisory authority if you believe your rights have been infringed.

Important: Some rights may not apply in full where we need to retain data for legal reasons, to defend claims, or to complete a contract. We will consider each request carefully and respond in line with applicable law.

7. Data Security

We use appropriate technical and organisational measures to protect personal data against loss, misuse, unauthorised access, alteration, or disclosure. These measures may include access restrictions, secure storage, staff confidentiality obligations, and monitoring of systems and premises where necessary.

While we take reasonable steps to protect your data, no system is entirely risk-free. If a data breach occurs, we will respond in accordance with legal obligations and take steps to reduce any risk to you.

8. International Transfers

If any service provider processes personal data outside the United Kingdom, we will ensure suitable safeguards are in place, such as approved contractual protections or equivalent legal mechanisms required by data protection law. We will only transfer data where appropriate protections are available.

9. Children’s Data

Our storage services are not directed to children, and we do not intentionally collect personal data from children except where it is incidentally provided in relation to an adult customer’s account or a lawful claim. Where this happens, we will process the data only as necessary and with appropriate care.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, regulation, services, or internal practices. Any revised version will apply from the date it is published or otherwise communicated. We encourage customers to review this policy periodically.

11. Summary of Our Approach

This policy is designed to ensure that personal data is handled in a transparent and lawful way. In summary, Penge Storage collects only the information needed to provide safe and reliable storage services, uses it for clear business and legal purposes, keeps it only as long as necessary, and shares it only with trusted processors or where the law requires it.

By using our storage services, you acknowledge that your personal data may be processed in accordance with this Privacy Policy.

Call Now!
Call Now Get a Quote
Penge Storage

GDPR-compliant Privacy Policy for Penge Storage covering data collection, lawful basis, retention, processors, and user rights for all customers in the area.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.