Privacy Policy - Millbank Storage

This Privacy Policy explains how Millbank Storage collects, uses, stores, shares, and protects personal data. It applies to all Millbank Storage customers in the area, including prospective customers, current customers, former customers, and individuals who interact with us in connection with storage services. We are committed to handling personal data in a lawful, fair, and transparent manner in line with the UK GDPR and the Data Protection Act 2018.

1. Who We Are

Millbank Storage provides storage services to individuals and businesses in the area. In the course of operating our services, we act as a data controller for the personal data we collect and use for our own business purposes. This means we decide why and how personal data is processed and are responsible for ensuring it is handled properly.

2. Personal Data We Collect

We only collect personal data that is necessary for the operation of our services, the management of customer accounts, the protection of property, and the fulfilment of legal obligations. The types of personal data we may collect include:

  • Identity information, such as name, date of birth, and identification details where required.
  • Contact information, including address, email address, and telephone number.
  • Account and contract information, such as booking details, storage unit reference, payment status, and service history.
  • Payment information, such as billing records and transaction records. We do not normally store full card details unless necessary and permitted by the payment process in use.
  • Access and security information, which may include entry logs, CCTV records, and incident reports where relevant to site security and property protection.
  • Correspondence, including messages, complaints, requests, and notes relating to customer support.

We may also collect limited data from third parties where necessary, such as payment providers, identity verification services, or referral sources, but only where lawful and relevant to our services.

3. How We Use Personal Data

We use personal data for specific and legitimate business purposes, including to:

  • set up and manage storage agreements;
  • verify identity and prevent fraud;
  • process payments and manage invoices;
  • communicate about bookings, account issues, and service changes;
  • maintain security and monitor access to our facilities;
  • respond to enquiries, complaints, and requests;
  • meet legal, tax, accounting, and regulatory obligations;
  • protect our rights, property, staff, customers, and premises;
  • improve our services and internal processes.

We do not use personal data for purposes that are incompatible with those stated above unless we have a lawful basis to do so and, where required, have informed you.

4. Lawful Basis for Processing

Under data protection law, we must have a lawful basis to process personal data. Millbank Storage relies on the following lawful bases:

  • Contract - where processing is necessary to enter into or perform a storage agreement, such as managing bookings, access, and payments.
  • Legal obligation - where we must process data to comply with laws relating to taxation, accounting, fraud prevention, or regulatory compliance.
  • Legitimate interests - where processing is necessary for our business interests or the interests of third parties, provided those interests are not overridden by your rights and freedoms. This may include security monitoring, service improvement, and incident management.
  • Consent - in limited situations where we ask for your permission, for example for specific optional communications or certain uses of data not covered by other bases. You may withdraw consent at any time where consent is the basis relied upon.

Where we rely on legitimate interests, we carry out a balancing test to ensure our interests do not unfairly affect your rights. Where we rely on consent, the processing will only take place if you have given a clear and informed choice.

5. Sharing Personal Data

We may share personal data with carefully selected third parties that help us operate our business. These parties act as processors or independent controllers depending on the service provided. We only share data where necessary and require appropriate safeguards.

Processors

Processors are organisations that process personal data on our behalf under our instructions. They may include:

  • IT and cloud service providers;
  • payment processing providers;
  • security and CCTV service providers;
  • accounting, invoicing, and record-keeping providers;
  • maintenance and support contractors where access to data is needed for service delivery.

We require processors to keep personal data secure, use it only for the agreed purpose, and comply with applicable data protection law. We do not sell personal data.

In some circumstances, we may also share data with professional advisers, insurers, law enforcement, regulators, or courts where required or permitted by law, or where necessary to protect legal rights or public safety.

6. Data Retention

We keep personal data only for as long as necessary for the purpose for which it was collected, or for as long as required by law. Retention periods vary depending on the type of information and the legal or business need for keeping it.

For example, contract records and payment information may need to be retained for tax and accounting purposes. Security records, such as access logs or CCTV footage, may be kept for a limited period unless needed for an investigation or legal claim. Once the retention period expires, data will be securely deleted, destroyed, or anonymised.

When deciding how long to keep data, we consider:

  • the purpose of processing;
  • any legal or regulatory retention requirements;
  • the need to establish, exercise, or defend legal claims;
  • industry practice and business necessity.

7. Data Security

We use appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure. These measures may include secure systems, role-based access, staff training, and physical security controls. While no system is completely risk-free, we take reasonable steps to safeguard the information entrusted to us.

8. Your Rights

As a data subject, you have rights under data protection law. These rights may be subject to conditions or exemptions, but we will always assess each request carefully. Your rights may include:

  • Right of access - to request a copy of the personal data we hold about you.
  • Right to rectification - to ask us to correct inaccurate or incomplete data.
  • Right to erasure - to request deletion of your data in certain circumstances.
  • Right to restrict processing - to ask us to limit how we use your data in certain cases.
  • Right to object - to object to processing based on legitimate interests or direct marketing.
  • Right to data portability - to receive certain data in a structured, commonly used format where applicable.
  • Right to withdraw consent - where processing is based on consent.

You also have the right to complain to the relevant supervisory authority if you believe your data has been mishandled. We encourage you to contact us first so we can try to resolve any issue promptly and fairly.

9. International Transfers

Where personal data is transferred outside the UK, we will ensure appropriate safeguards are in place. This may include the use of approved transfer mechanisms and contractual protections to ensure your data remains protected to a standard required by law.

10. Children’s Data

Our services are not intended for children acting on their own behalf. We do not knowingly collect personal data from children unless it is necessary for an account or service arranged by a parent, guardian, or authorised adult. If we become aware that we have collected data unlawfully from a child, we will take appropriate steps to delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or data processing practices. Any revised version will apply from the date it is issued. We encourage customers to review this policy periodically to stay informed about how personal data is handled.

12. Summary of Our Commitment

Millbank Storage is committed to respecting privacy and using personal data responsibly. We collect only what we need, use it for clear and lawful purposes, retain it for appropriate periods, and share it only with trusted processors or where required by law. We also respect your rights and aim to handle every request with care and transparency.

This Privacy Policy applies to all Millbank Storage customers in area.

By using our services, you acknowledge that your personal data may be processed as described in this policy.

Call Now!
Call Now Get a Quote
Millbank Storage

GDPR-compliant Privacy Policy for Millbank Storage covering data collection, lawful basis, retention, processors, and user rights for all customers in area.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.