Privacy Policy - Hatchend Storage

This Privacy Policy explains how Hatchend Storage collects, uses, shares, stores, and protects personal data. It applies to all Hatchend Storage customers in the area, including individuals and businesses using our storage services, related administration services, and any associated customer support interactions. We are committed to handling personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

Hatchend Storage provides storage-related services and manages customer accounts, access arrangements, billing, security procedures, and service administration. In providing these services, we act as a data controller for personal data we determine the purposes and means of processing. This means we decide why and how personal data is used for our operational, legal, and business purposes.

2. Personal Data We Collect

We collect only the personal data necessary for running our services, maintaining security, and meeting our legal obligations. The categories of data we may collect include:

  • Identity information such as name, date of birth, and identification details where required for verification.
  • Contact information such as address, email address, and telephone number.
  • Account information such as customer account numbers, service records, and communication preferences.
  • Payment and billing information such as payment status, invoices, and transaction records. We do not retain full card details where payment processing is handled securely by a payment provider.
  • Usage and access information such as entry logs, security records, facility access history, and service usage data.
  • Correspondence including enquiries, complaints, notices, and other communications with us.
  • Technical information that may be collected when you use digital services, such as device information, browser details, and log data.

We may also process limited information that is provided to us by third parties, such as authorised representatives, insurers, debt recovery providers, or public authorities, where lawful and necessary.

3. How We Use Personal Data

We use personal data for the following purposes:

  • To register customers and manage accounts.
  • To provide storage services and administer customer access.
  • To process payments, issue invoices, and manage credit control.
  • To verify identity and prevent fraud.
  • To ensure site security, monitor access, and protect property.
  • To communicate with customers regarding services, account matters, and operational updates.
  • To handle complaints, disputes, and legal claims.
  • To comply with tax, accounting, insurance, and regulatory obligations.
  • To improve service quality, operations, and internal record keeping.

We do not use personal data for purposes that are incompatible with the reasons for which it was collected, unless we have a valid lawful basis and have notified you where required.

4. Lawful Basis for Processing

We process personal data only where we have a lawful basis under the UK GDPR. Depending on the type of data and the context of processing, our lawful bases may include:

Contract

We process personal data where it is necessary to enter into or perform a contract with you. This includes setting up your storage account, managing access to the facility, issuing invoices, and delivering the services you request.

Legal Obligation

We may process personal data where required to comply with legal obligations, such as accounting rules, tax laws, fraud prevention duties, and lawful requests from regulatory or law enforcement bodies.

Legitimate Interests

We may process personal data where it is necessary for our legitimate business interests, provided those interests are not overridden by your rights and freedoms. Examples include improving our services, protecting our premises, maintaining security, preventing misuse, and managing business records. Where we rely on legitimate interests, we consider the impact on individuals and apply appropriate safeguards.

Consent

In some limited cases, we may rely on your consent, for example for certain optional communications or preferences. Where consent is used, you may withdraw it at any time, without affecting the lawfulness of processing carried out before withdrawal.

Vital Interests and Public Task

These bases are unlikely to apply in normal storage operations, but may be used in exceptional circumstances where necessary to protect someone’s vital interests or where processing is required under a public task or authority.

5. Retention of Personal Data

We keep personal data only for as long as necessary for the purpose for which it was collected, including meeting legal, accounting, insurance, and operational requirements. Retention periods vary depending on the type of data and the relevant legal obligation.

Typical retention periods may include:

  • Customer account and contract records: retained for the duration of the relationship and for a reasonable period after it ends.
  • Financial and accounting records: retained for the periods required by tax and accounting laws.
  • Security and access records: retained only as long as needed for operational security, incident investigation, or legal purposes.
  • Correspondence and complaints: retained for the time needed to resolve matters and to keep a record of outcomes.

When data is no longer required, we will securely delete, anonymise, or archive it in line with our retention practices.

6. Data Sharing and Processors

We may share personal data with trusted third parties who help us operate our business. These parties act as processors when they process data on our behalf and only under our instructions, or as independent controllers where they determine their own purposes.

Types of processors and recipients may include:

  • IT and cloud service providers that host, store, or maintain our systems.
  • Payment processors that handle transactions securely.
  • Security and monitoring providers that support site protection and incident recording.
  • Professional advisers such as accountants, auditors, insurers, and legal advisers.
  • Service contractors who support administration, maintenance, or customer service operations.
  • Debt recovery or credit control providers where necessary and lawful.
  • Public authorities including regulators, tax authorities, courts, or law enforcement agencies when required by law.

We require all processors to implement appropriate technical and organisational measures to protect personal data and to use it only for the agreed purpose. Where data is transferred outside the UK, we ensure appropriate safeguards are in place, such as adequacy regulations, standard contractual clauses, or equivalent protective measures where applicable.

7. Data Security

We take the security of personal data seriously and use reasonable measures to protect it from unauthorised access, accidental loss, alteration, disclosure, or destruction. These measures may include access controls, staff training, secure storage, audit trails, and confidentiality obligations. However, no system can be guaranteed completely secure, and individuals should also take care to protect their own account information and communications.

8. Your Rights

Under data protection law, you may have the following rights in relation to your personal data:

  • Right of access – to request a copy of the personal data we hold about you.
  • Right to rectification – to ask us to correct inaccurate or incomplete data.
  • Right to erasure – to request deletion of your data in certain circumstances.
  • Right to restrict processing – to ask us to limit how we use your data in certain cases.
  • Right to object – to object to processing based on legitimate interests or direct marketing.
  • Right to data portability – to receive certain data in a structured, commonly used format where applicable.
  • Right to withdraw consent – where processing is based on consent.

You also have the right to raise concerns with the relevant data protection authority if you believe your rights have been infringed. We encourage you to contact us first so we can try to resolve any issue promptly and fairly.

9. Children’s Data

Our services are not directed at children, and we do not knowingly collect personal data from children except where it is incidental and lawful in the context of a customer relationship or authorised contact. If we become aware that data has been collected inappropriately, we will take steps to delete it or handle it appropriately.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, regulation, technology, or our business operations. Any revised version will apply from the date it is issued or otherwise stated. We encourage customers to review the policy periodically so they remain informed about how their personal data is handled.

By using Hatchend Storage services, you acknowledge that your personal data will be processed in accordance with this Privacy Policy and applicable data protection laws. We are committed to keeping personal data lawful, fair, and transparent, while only using it for legitimate business and legal purposes.

Call Now!
Call Now Get a Quote
Hatchend Storage

GDPR-compliant privacy policy for Hatchend Storage covering data collection, lawful basis, retention, processors, security, and user rights.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.