Privacy Policy - Aperfield Storage

Effective date: This Privacy Policy applies to all Aperfield Storage customers in the area. It explains how Aperfield Storage collects, uses, stores, shares, and protects personal data in connection with storage services, related administration, and customer support.

Aperfield Storage is committed to handling personal data fairly, transparently, and in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who this policy applies to

This policy applies to individuals who use, enquire about, or otherwise interact with Aperfield Storage services in the area, including customers, prospective customers, authorised contacts, business account users, and visitors whose personal data is processed for operational or security reasons.

By using our services or providing us with personal data, you acknowledge that your information will be processed as described in this policy.

2. Personal data we collect

We collect only the data needed to provide and manage our services, maintain security, and meet legal obligations. Depending on your relationship with us, this may include:

  • Identity information: name, date of birth, title, and identification details where required for verification.
  • Contact information: postal address, email address, telephone number, and billing address.
  • Account and contract information: storage unit details, booking records, access permissions, contract dates, and service preferences.
  • Payment information: payment status, transaction references, and limited billing information. We do not store full payment card details unless necessary through secure payment systems.
  • Security information: CCTV footage, access logs, device or key fob records, and incident reports where relevant for site safety and security.
  • Communication records: enquiries, complaints, support requests, and any correspondence you send to us.
  • Technical information: basic device, browser, or usage data if collected through digital systems used to operate services or secure the site.

We do not intentionally collect special category data unless you choose to share it with us in a communication or it is required for a specific legal or safety reason. If such data is received, we will process it only where permitted by law and with appropriate safeguards.

3. How we use your personal data

We use your data to manage our relationship with you and to operate the storage facility safely and efficiently. This includes:

  • setting up and administering your storage account;
  • verifying identity and access rights;
  • processing bookings, payments, refunds, and account changes;
  • communicating with you about your service, contract, or site matters;
  • managing security, site access, and loss prevention;
  • handling incidents, disputes, or complaints;
  • meeting legal, accounting, insurance, and regulatory obligations;
  • maintaining records for operational, audit, and business continuity purposes.

We do not sell personal data. We also do not use your information for unrelated purposes without a lawful basis.

4. Lawful basis for processing

We process personal data only when we have a lawful basis under data protection law. The main lawful bases we rely on are:

Contract

We process data when it is necessary to enter into or perform a contract with you, such as managing your storage agreement, billing, access arrangements, and customer support.

Legal obligation

We process data where we must do so to comply with legal requirements, including tax, accounting, fraud prevention, safety, and lawful requests from authorities.

Legitimate interests

We may process data where it is necessary for our legitimate business interests and those interests are not overridden by your rights. This includes site security, CCTV monitoring, preventing misuse of the facility, managing risks, and improving service operations. When relying on this basis, we carry out a balancing test to ensure your privacy rights are respected.

Consent

Where required, we may rely on your consent, for example for certain optional communications or specific uses not covered by another lawful basis. If we rely on consent, you can withdraw it at any time, without affecting processing already carried out lawfully before withdrawal.

5. Retention of personal data

We keep personal data only for as long as necessary for the purpose it was collected, or as required by law. Retention periods depend on the type of information and the reason for processing.

  • Contract and account records: kept for the duration of the agreement and for a reasonable period afterwards to handle disputes, claims, or legal obligations.
  • Payment and accounting records: retained for the period required by tax and financial recordkeeping laws.
  • Security records: including CCTV and access logs, retained for a limited period unless needed longer for an incident, investigation, or legal claim.
  • Correspondence and complaint records: retained while the issue is active and for a period after resolution to evidence handling and for audit purposes.

When data is no longer required, we will delete it securely or anonymise it so that it can no longer identify you. Retention decisions are reviewed regularly to ensure we do not keep information longer than necessary.

6. Processors and third parties

We may share personal data with carefully selected processors and service providers who act on our instructions and provide services such as payment processing, IT support, document storage, communications, maintenance systems, security services, and professional advisers.

These processors are only permitted to use personal data for the services they provide to us and must protect it using appropriate technical and organisational measures. We require them to handle information confidentially and in accordance with applicable data protection laws.

In limited cases, we may also share data with:

  • law enforcement agencies or public authorities where required by law;
  • insurers, legal advisers, and courts in connection with claims or disputes;
  • debt recovery or fraud prevention partners where lawful and necessary;
  • successors or purchasers of the business, if the business or assets are transferred, subject to appropriate safeguards.

Where data is transferred outside the UK, we will ensure that suitable safeguards are in place, such as an adequacy decision or approved contractual protections.

7. Security of your data

We take the security of personal data seriously and use reasonable measures to protect it from unauthorised access, loss, alteration, or disclosure. These measures may include access controls, secure storage, staff confidentiality obligations, monitoring of systems, and physical security arrangements at the site.

While no system can be guaranteed to be completely secure, we regularly review our controls and take steps to reduce risk. If a personal data breach occurs that is likely to result in a risk to your rights and freedoms, we will respond in line with legal requirements.

8. Your rights

Under data protection law, you have a number of rights in relation to your personal data. These rights may apply in different circumstances and may be subject to exemptions.

  • Right of access: you can request a copy of the personal data we hold about you.
  • Right to rectification: you can ask us to correct inaccurate or incomplete information.
  • Right to erasure: you can ask us to delete your data in certain circumstances.
  • Right to restriction: you can ask us to limit how we use your data in certain cases.
  • Right to object: you can object to processing based on legitimate interests or direct marketing.
  • Right to data portability: you can request certain data in a portable format where processing is based on consent or contract and carried out by automated means.
  • Right to withdraw consent: where we rely on consent, you may withdraw it at any time.

If you believe your data protection rights have been infringed, you also have the right to lodge a complaint with the relevant supervisory authority. We encourage you to raise concerns with us first so we can try to resolve them promptly.

9. Children’s data

Aperfield Storage services are not intended for children as primary customers. We do not knowingly collect personal data from children unless it is incidental and necessary for legitimate service administration, such as emergency contact or authorised access arrangements, and only where appropriate legal grounds exist.

10. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in law, our services, or how we process personal data. Any revised version will apply from the date it is issued. We encourage customers to review this policy periodically to stay informed about how their data is handled.

11. Summary of our approach

Aperfield Storage processes personal data lawfully, fairly, and securely. We collect only what we need, keep it only as long as necessary, and share it only with trusted processors or where required by law. We respect your rights and aim to provide clear, responsible privacy practices for all customers in the area.

Call Now!
Call Now Get a Quote
Aperfield Storage

GDPR-compliant Privacy Policy for Aperfield Storage covering data collection, lawful basis, retention, processors, rights, and scope for all customers in the area.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.