Privacy Policy - Hayes Storage

Effective date: This Privacy Policy applies to all Hayes Storage customers in the area and explains how we collect, use, store, and protect personal data in connection with our storage services.

Hayes Storage is committed to handling personal information in a lawful, fair, and transparent manner in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy sets out the types of personal data we may collect, the lawful bases on which we process it, how long we keep it, the third parties who may process it on our behalf, and the rights available to you.

1. Personal Data We Collect

We collect only the information that is necessary to provide our services, manage our relationship with you, and meet our legal obligations. The categories of personal data we may collect include:

  • Identity data: name, date of birth, and any identification information required for security or verification.
  • Contact data: address, email address, and telephone number.
  • Account and contract data: customer reference details, rental or storage agreement information, payment status, and records relating to your storage unit or services.
  • Financial data: billing details, payment method information, transaction records, and limited payment-related data needed to process fees.
  • Security data: CCTV images, access logs, gate entry records, alarm records, and incident reports where applicable.
  • Communication data: correspondence with us, including enquiries, complaints, notices, and support requests.
  • Technical data: limited information such as device, browser, or system usage data if it is collected through digital tools used to manage services.

We generally do not seek to collect special category data. If you voluntarily provide information revealing health, religious, or other sensitive details, we will only use it where a lawful basis exists and where it is necessary for a specific purpose.

2. How We Use Personal Data

We use personal data for the following purposes:

  • to set up and manage your storage account;
  • to process bookings, payments, and invoices;
  • to provide access to storage facilities and monitor site security;
  • to communicate with you about your agreement, notices, or service changes;
  • to prevent fraud, misuse, unauthorised access, or criminal activity;
  • to comply with legal, tax, insurance, and regulatory obligations;
  • to resolve disputes, enforce contractual rights, and manage claims;
  • to improve our services and maintain internal records.

We will not use your personal data for purposes that are incompatible with the reasons for which it was collected unless we have a lawful basis to do so and, where required, we notify you.

3. Lawful Basis for Processing

Under data protection law, we must have a lawful basis to process your personal data. Depending on the situation, Hayes Storage may rely on one or more of the following:

Performance of a Contract

We process your personal data where it is necessary to enter into or perform our storage agreement with you. This includes managing accounts, providing access to units, billing, and fulfilling service obligations.

Legal Obligation

We may process personal data where required to comply with laws and regulations, including accounting, tax, security, fraud prevention, and any lawful requests from competent authorities.

Legitimate Interests

We may process personal data where it is necessary for our legitimate business interests and those interests are not overridden by your rights and freedoms. This may include maintaining site security, preventing unauthorised access, keeping accurate records, and protecting our property and customers.

Consent

In limited cases, we may rely on your consent, for example for certain optional communications or specific uses not covered by other lawful bases. Where processing is based on consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing before consent was withdrawn.

4. Data Retention

We keep personal data only for as long as necessary to fulfil the purposes for which it was collected, including satisfying legal, accounting, insurance, and operational requirements.

  • Contract and account records: retained for the duration of your relationship with us and for a period afterwards where needed to handle claims, disputes, and legal obligations.
  • Payment and invoicing records: retained in line with tax and accounting rules.
  • Security and access records: retained for a limited period unless needed longer for investigation, enforcement, or legal reasons.
  • Communications and complaint records: retained for as long as necessary to manage the matter and demonstrate compliance.

When data is no longer required, we will securely delete, anonymise, or archive it in accordance with our retention practices. Where feasible, we apply data minimisation so that we do not retain more information than necessary.

5. Processors and Third Parties

We may share personal data with trusted service providers who act as processors on our behalf. These processors are contractually required to protect your information and may only process it according to our instructions and applicable law.

Examples of processors may include:

  • Payment service providers: to process card or electronic payments and handle billing-related transactions.
  • IT and cloud service providers: to host systems, store records, and maintain secure digital operations.
  • Security providers: to support access control, alarm monitoring, or CCTV storage where used.
  • Professional advisers: such as accountants, auditors, insurers, legal advisers, or debt recovery specialists where necessary.
  • Regulatory, law enforcement, or public authorities: where disclosure is required by law or necessary for the exercise or defence of legal claims.

We do not sell your personal data. If data is transferred outside the UK, we will ensure appropriate safeguards are in place, such as an adequacy decision or recognised contractual protections.

6. Security of Personal Data

We use reasonable technical and organisational measures to protect personal data against loss, misuse, unauthorised access, alteration, or disclosure. These measures may include access controls, secure storage, staff training, and monitoring of systems and facilities.

Although no system is completely secure, we strive to keep your data protected and to manage risks in a proportionate way. Where required by law, we will notify affected individuals and regulators of personal data breaches.

7. Your Rights

Subject to certain conditions and exceptions, you have rights under data protection law. These include:

  • Right of access: to request a copy of the personal data we hold about you.
  • Right to rectification: to have inaccurate or incomplete data corrected.
  • Right to erasure: to request deletion of data in certain circumstances.
  • Right to restriction: to request that we limit processing in specific situations.
  • Right to object: to object to processing based on legitimate interests or direct marketing.
  • Right to data portability: to receive certain data in a structured, commonly used, machine-readable format where applicable.
  • Right to withdraw consent: where processing relies on consent, you may withdraw it at any time.

You also have the right to raise concerns with the relevant data protection authority if you believe your data has not been handled properly. We encourage you to contact us first so that we can try to resolve the issue promptly and fairly.

8. Children’s Data

Our storage services are not directed at children, and we do not knowingly collect personal data from children unless it is necessary in exceptional circumstances and with appropriate safeguards. If we become aware that we have collected such data unlawfully, we will take steps to delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in the law, our services, or our operational practices. Any revised version will apply from the date it is published or otherwise communicated. We encourage customers to review this policy periodically to stay informed about how we protect personal data.

10. Summary of Key Principles

Hayes Storage processes personal data only where it is necessary, lawful, and proportionate. We aim to keep data accurate, secure, and no longer than needed. We also ensure that any processors acting on our behalf are bound by appropriate data protection terms and that customers can exercise their rights in a straightforward way.

In short: we collect limited information to manage storage services, rely on lawful bases such as contract, legal obligation, legitimate interests, and consent where appropriate, retain data only as long as necessary, and protect your rights under data protection law.

Call Now!
Call Now Get a Quote
Hayes Storage

GDPR-compliant Privacy Policy for Hayes Storage covering data collection, lawful basis, retention, processors, and user rights for all customers in the area.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.