Privacy Policy - Hatton Storage

This Privacy Policy applies to all Hatton Storage customers in area and explains how we collect, use, store, share, and protect personal data in connection with our storage services. We are committed to handling personal information in a lawful, fair, and transparent manner in accordance with the UK GDPR and the Data Protection Act 2018.

1. Introduction

When you use Hatton Storage services, we may process personal data about you, your employees, representatives, visitors, or other individuals whose details are provided to us in the course of providing storage services. This policy explains what data we collect, why we collect it, the legal grounds for processing, how long we keep it, who may process it on our behalf, and the rights individuals have over their personal data.

By engaging with Hatton Storage, you acknowledge that some personal data is necessary for us to provide, administer, and improve our services. We aim to collect only the information needed for clear and legitimate business purposes, and we do not sell personal data.

2. Data We Collect

We may collect and process the following categories of personal data:

  • Identity data such as name, title, and business or account identifiers.
  • Contact data including address, email address, and telephone number.
  • Account and service data such as storage unit references, rental details, payment status, access logs, and service preferences.
  • Financial data such as billing details, invoices, payment records, and transaction history.
  • Security data such as CCTV images, visitor records, and access control information where applicable.
  • Communication data including correspondence and records of enquiries, complaints, and service requests.
  • Technical data such as device, browser, and usage information if you interact with our digital systems.

We may also receive personal data indirectly from third parties such as payment providers, contractors, insurers, or public authorities where lawful and relevant to our services. We take reasonable steps to ensure that any information received from third parties is used only for legitimate purposes.

3. How We Use Personal Data

Hatton Storage uses personal data for the following purposes:

  • to provide and manage storage services;
  • to verify identity and administer customer accounts;
  • to process payments, deposits, invoices, and refunds;
  • to communicate about bookings, renewals, access, or service changes;
  • to maintain site security and prevent fraud, theft, or misuse;
  • to comply with legal, regulatory, insurance, and tax obligations;
  • to handle disputes, complaints, and service-related claims;
  • to improve our operations, systems, and customer experience; and
  • to defend or establish legal rights where necessary.

We only use personal data in ways that are compatible with the reason it was collected, unless we have a lawful basis to do otherwise and the new use is not incompatible with the original purpose.

4. Lawful Basis for Processing

Under data protection law, we must have a lawful basis for each processing activity. Depending on the situation, Hatton Storage may rely on one or more of the following bases:

  • Contract: where processing is necessary to enter into or perform a storage agreement, manage customer accounts, issue invoices, or provide access to services.
  • Legal obligation: where we must process data to comply with laws relating to accounting, taxation, health and safety, or regulatory requirements.
  • Legitimate interests: where processing is necessary for our legitimate business interests, such as protecting property, securing premises, preventing fraud, managing operations, and improving services, provided these interests do not override the rights and freedoms of individuals.
  • Consent: where we rely on your consent, such as for certain optional communications or specific uses of data, you may withdraw consent at any time.
  • Vital interests: in rare circumstances, where processing is necessary to protect someone’s life.

We assess each processing activity to ensure the chosen lawful basis is appropriate and documented. If we ask for consent, it will be clear, specific, and freely given.

5. Data Retention

We keep personal data only for as long as necessary to fulfil the purposes for which it was collected, including for legal, accounting, reporting, and dispute-resolution requirements. Retention periods vary depending on the type of data and the context in which it is used.

Typical retention approach

  • Customer account and contract records: retained for the duration of the customer relationship and for a reasonable period afterwards for auditing, warranty, and dispute purposes.
  • Financial and tax records: kept for the period required by applicable tax and accounting laws.
  • Security logs and CCTV: retained for a limited period unless needed for an investigation, claim, or legal obligation.
  • Correspondence and support records: retained as long as necessary to resolve queries, manage service history, or demonstrate compliance.

When data is no longer required, we will securely delete, anonymise, or archive it in line with our internal retention procedures. We apply retention controls to reduce unnecessary storage of personal data.

6. Processors and Third Parties

We may share personal data with trusted service providers who act as data processors on our behalf. These processors are only permitted to use data according to our instructions and must implement appropriate security measures.

Examples of processors and third parties may include:

  • Payment processors that handle card and electronic payments;
  • IT and cloud service providers that host systems, store records, or support communications;
  • Accounting and bookkeeping providers that assist with financial administration;
  • Security providers that operate monitoring, access control, or alarm systems;
  • Maintenance and contractors who support the safe operation of premises;
  • Professional advisers such as lawyers, insurers, auditors, and consultants;
  • Public authorities or law enforcement where disclosure is required or permitted by law.

Where a processor is used, we enter into contractual arrangements that include confidentiality, data security, and data protection obligations. We do not permit processors to use personal data for their own unrelated purposes.

7. Security of Personal Data

We use appropriate technical and organisational measures to protect personal data against accidental loss, unlawful access, misuse, alteration, or disclosure. These measures may include restricted access, role-based permissions, encryption where appropriate, secure disposal, staff training, and regular review of procedures.

While no system can be guaranteed entirely secure, we work to maintain a level of protection that is appropriate to the risks associated with the data we process.

8. User Rights

Individuals have a number of rights under data protection law. Subject to legal conditions and exemptions, you may have the right to:

  • Access your personal data and receive a copy of it;
  • Rectification of inaccurate or incomplete data;
  • Erasure of personal data in certain circumstances;
  • Restriction of processing in certain situations;
  • Object to processing based on legitimate interests or for direct marketing;
  • Data portability for data processed by automated means and based on contract or consent;
  • Withdraw consent where processing is based on consent;
  • Challenge automated decision-making where applicable.

To protect privacy, we may need to verify identity before responding to a request. We will respond within the time limits set by law and will explain if any exemption applies. These rights help individuals maintain control over their personal information.

9. International Transfers

If personal data is transferred outside the UK, we will only do so where appropriate safeguards are in place, such as an adequacy decision, standard contractual clauses, or another lawful transfer mechanism. We ensure that any overseas transfer is subject to protection consistent with applicable data protection law.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, services, or business practices. Any changes will take effect when the revised policy is made available. We encourage customers to review this policy periodically to remain informed about how personal data is handled.

11. Summary of Our Commitment

Hatton Storage is committed to processing personal data responsibly and lawfully. We collect only necessary information, use it for clear and legitimate purposes, retain it for no longer than needed, and share it only with trusted processors or other parties when legally justified. Our goal is to respect privacy, maintain security, and support a reliable storage service for all Hatton Storage customers in area.

Privacy, transparency, and accountability are central to how we operate.

Call Now!
Call Now Get a Quote
Hatton Storage

GDPR-compliant privacy policy for Hatton Storage covering data collection, lawful basis, retention, processors, and user rights for all customers in area.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.