Privacy Policy - Mazehill Storage

Mazehill Storage is committed to protecting personal data and respecting privacy. This Privacy Policy explains how we collect, use, share, store, and protect personal data in connection with our storage services. It applies to all Mazehill Storage customers in the area, including prospective customers, current customers, and individuals who interact with us on behalf of a business or household account.

1. Who We Are

Mazehill Storage acts as the data controller for the personal data described in this Privacy Policy. This means we decide why and how personal data is processed for the purposes of providing storage services, managing customer relationships, operating our facilities, and meeting legal obligations.

We process personal data in accordance with the UK GDPR, the EU GDPR where applicable, and other relevant data protection laws. We are committed to processing data fairly, lawfully, and transparently.

2. Personal Data We Collect

We collect only the data necessary to provide and manage our storage services. The categories of personal data we may collect include:

  • Identity data: name, date of birth, and identification details where required for verification.
  • Contact data: address, email address, telephone number, and correspondence preferences.
  • Contract and account data: account number, service history, payment status, rental details, and communications relating to your storage unit.
  • Payment data: billing information, transaction records, and payment confirmation data. We do not store full card details where payments are processed by secure payment providers.
  • Access and security data: key fob or access code records, CCTV footage, entry and exit logs, and incident reports where access control is in place.
  • Technical data: device information, IP address, and usage data if you use our digital systems.
  • Special category data: generally, we do not seek to collect special category data. If such data is incidentally provided to us, we will process it only where a lawful basis permits and with appropriate safeguards.

We may receive personal data directly from you, from your employer or business partner if you are acting on their behalf, from payment processors, from identity verification services, or from security systems used at our premises.

3. How We Use Personal Data

We use personal data for the following purposes:

  • to register and manage your storage account;
  • to verify identity and prevent fraud;
  • to provide access to storage facilities and maintain site security;
  • to process payments, manage invoices, and recover debts where necessary;
  • to communicate with you about your account, services, and service-related changes;
  • to respond to enquiries, complaints, and support requests;
  • to monitor and improve our services, systems, and security measures;
  • to comply with legal and regulatory obligations;
  • to establish, exercise, or defend legal claims.

We do not use personal data for purposes that are incompatible with the reasons for which it was collected unless we have a lawful basis to do so and have informed you where required.

4. Lawful Basis for Processing

We only process personal data where we have a valid lawful basis under data protection law. Depending on the activity, Mazehill Storage relies on the following bases:

  • Contract: where processing is necessary to enter into or perform our storage agreement with you, including account management, billing, access, and service delivery.
  • Legal obligation: where processing is necessary to comply with laws, regulations, tax requirements, accounting rules, or lawful requests from public authorities.
  • Legitimate interests: where processing is necessary for our legitimate business interests, provided those interests are not overridden by your rights and freedoms. This includes protecting our premises, preventing fraud, improving operations, and enforcing our terms.
  • Consent: where we ask for your consent, for example for certain optional communications or where consent is otherwise required by law.

If we rely on consent, you may withdraw it at any time. Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.

5. Sharing Personal Data and Processors

We may share personal data with third parties where necessary to operate our business and provide services. These third parties act either as processors on our behalf or as independent controllers in their own right.

Processors are service providers who process personal data only under our instructions and are contractually required to protect it. Examples may include:

  • IT and cloud hosting providers;
  • payment processing providers;
  • customer management and invoicing software providers;
  • security and CCTV service providers;
  • maintenance and facility management contractors;
  • identity verification and fraud prevention services;
  • professional advisers such as accountants, auditors, and legal advisers where appropriate.

We may also disclose personal data to law enforcement, regulators, courts, insurers, or other authorities when required by law or when necessary to protect our rights, staff, customers, or property.

Where we use processors, we ensure that appropriate data processing agreements are in place and that they only process data on our documented instructions. We do not sell personal data.

6. Data Retention

We keep personal data only for as long as necessary to fulfil the purposes for which it was collected, including any legal, accounting, or reporting requirements. Retention periods may vary depending on the type of data and the nature of our relationship with you.

In general:

  • customer account and contract records are retained for the duration of the relationship and for a period afterward to handle disputes or legal claims;
  • payment and accounting records are retained for the period required by tax and financial laws;
  • security records such as access logs or CCTV footage are kept only for a limited period unless needed for an investigation, incident handling, or legal proceedings;
  • enquiry and complaint records are retained for as long as necessary to resolve the matter and maintain business records.

When retention is no longer required, we securely delete, anonymise, or destroy personal data.

7. Data Security

We use appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, destruction, or alteration. These measures may include access controls, encryption, secure storage, staff training, and restricted access to systems and records.

Although we take reasonable steps to safeguard data, no system is completely secure. If a personal data breach occurs, we will assess the risk and, where required by law, notify the relevant supervisory authority and affected individuals.

8. International Transfers

Where personal data is transferred outside the UK or EEA, we will ensure that appropriate safeguards are in place. These may include adequacy regulations, standard contractual clauses, or other lawful transfer mechanisms. We aim to ensure a level of protection that is equivalent to that required under applicable data protection law.

9. Your Rights

Subject to conditions and exemptions under data protection law, you have the following rights in relation to your personal data:

  • Right of access: to request a copy of the personal data we hold about you.
  • Right to rectification: to request correction of inaccurate or incomplete data.
  • Right to erasure: to request deletion of personal data in certain circumstances.
  • Right to restriction: to ask us to limit how we process your data in certain situations.
  • Right to object: to object to processing based on legitimate interests or to direct marketing.
  • Right to data portability: to receive certain data in a structured, commonly used, machine-readable format and to request transfer where applicable.
  • Right to withdraw consent: where processing is based on consent, to withdraw that consent at any time.

You may also have the right to object to decisions based solely on automated processing if such processing is used. We do not intend to make significant decisions about you solely by automated means without lawful justification and appropriate safeguards.

If you wish to exercise any of these rights, we will respond in accordance with data protection law and within the required timeframes.

10. Children’s Data

Mazehill Storage services are not directed at children, and we do not knowingly collect personal data from children except where it is necessary in connection with a customer account and permitted by law. Where a child’s data is involved, we will process it with particular care and only as needed for the relevant service or legal requirement.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or data protection practices. The updated version will apply from the date it is published or otherwise communicated. We encourage you to review this policy periodically to stay informed about how we protect your information.

12. Our Commitment

Mazehill Storage is committed to handling personal data in a responsible and transparent manner. We aim to collect only what is necessary, use it fairly, retain it for limited periods, and protect it with appropriate safeguards. We also aim to respect your rights and maintain trust in every part of our service.

This policy forms part of our overall commitment to privacy and data protection for all Mazehill Storage customers in the area.

Call Now!
Call Now Get a Quote
Mazehill Storage

GDPR-compliant Privacy Policy for Mazehill Storage covering data collection, lawful basis, retention, processors, user rights, and scope for all local customers.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.