Privacy Policy - Barnes Storage

This Privacy Policy explains how Barnes Storage collects, uses, stores, shares, and protects personal data relating to all Barnes Storage customers in the area. It applies whether you use our storage services as an individual, on behalf of a business, or as an authorised representative. We are committed to handling personal data in a lawful, fair, and transparent manner in accordance with the General Data Protection Regulation (GDPR) and applicable data protection laws.

1. Who we are

For the purposes of data protection law, Barnes Storage acts as the data controller for the personal data we collect and use in connection with our storage services. This means we determine why and how your personal data is processed. We take our responsibilities seriously and apply appropriate technical and organisational measures to protect personal information.

2. Personal data we collect

We may collect and process the following categories of personal data:

  • Identity data: your name, title, date of birth, and, where relevant, identification details used for verification.
  • Contact data: billing address, correspondence address, email address, and telephone number.
  • Account and contract data: storage unit details, agreement records, tenancy dates, payment plan information, and service preferences.
  • Financial data: payment status, bank or card payment records, and limited billing information necessary to process transactions.
  • Verification data: copies of identity documents or proof of address where required for fraud prevention, legal compliance, or service administration.
  • Communications data: enquiries, complaints, feedback, notices, and records of communications with us.
  • Security data: access logs, CCTV footage, alarm records, and other information needed to protect our premises, staff, customers, and property.
  • Technical data: limited device or usage information where you interact with digital systems we use to manage our services.

We generally collect personal data directly from you when you enquire about, sign up for, or use our services. We may also receive data from payment providers, identity verification services, legal or regulatory bodies, or from other third parties where permitted by law.

3. How we use your data

We use personal data for the following purposes:

  • to register and manage your storage account;
  • to provide storage services and administer agreements;
  • to process payments, refunds, and account balances;
  • to verify identity and prevent fraud or misuse;
  • to communicate about your account, service changes, or important notices;
  • to respond to questions, complaints, and requests;
  • to maintain security, investigate incidents, and protect property;
  • to comply with legal and regulatory obligations;
  • to defend legal claims, establish rights, or enforce contractual terms;
  • to improve our services, systems, and customer experience.

We only use personal data for the purposes for which it was collected, unless we reasonably consider that we need to use it for another compatible purpose and such use is permitted by law.

4. Lawful basis for processing

Under GDPR, we must have a lawful basis for processing personal data. We rely on the following lawful bases:

Contract

We process personal data where it is necessary to enter into or perform our contract with you. This includes creating your account, managing your storage unit, taking payment, and providing customer support linked to our services.

Legal obligation

We process data where necessary to comply with legal obligations, such as tax, accounting, anti-fraud, safeguarding, or other regulatory requirements.

Legitimate interests

We may process personal data where it is necessary for our legitimate interests, provided those interests are not overridden by your rights and freedoms. These interests include running a secure storage operation, preventing fraud, managing business risk, improving our services, and protecting staff and customers.

Consent

In limited circumstances, we may ask for your consent, for example where it is required for optional communications or certain non-essential processing activities. Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

5. Sharing your information and processors

We may share personal data with trusted third parties where necessary to provide our services, meet legal duties, or protect our legitimate interests. These third parties may act as processors or, in some cases, independent controllers.

Processors may include:

  • Payment processors that handle card and electronic payments securely;
  • IT and cloud service providers that host, store, back up, or maintain our systems;
  • Security service providers that support access control, alarm monitoring, or CCTV storage;
  • Identity verification providers used to confirm identity or reduce fraud;
  • Professional advisers such as accountants, lawyers, or auditors;
  • Debt recovery or legal service providers where necessary to recover unpaid sums or enforce rights.

We require processors to act only on our instructions, use appropriate security measures, and comply with GDPR obligations. We do not sell your personal data.

6. International transfers

If any processor or service provider stores or accesses personal data outside the UK or the European Economic Area, we ensure appropriate safeguards are in place, such as adequacy regulations, standard contractual clauses, or other lawful transfer mechanisms. These safeguards are intended to protect your data to a standard that is essentially equivalent to that required under GDPR.

7. Data retention

We keep personal data only for as long as necessary for the purposes for which it was collected, including to meet legal, accounting, tax, insurance, and dispute resolution requirements. Retention periods depend on the type of data and the reason for processing.

In general:

  • Customer account and contract records are retained for the duration of the agreement and for a reasonable period afterwards;
  • Payment and billing records are kept for as long as required by tax and accounting laws;
  • Security records such as CCTV footage are typically retained only for a limited period unless needed for an investigation;
  • Communication records may be retained while relevant to service administration, complaints, or legal claims;
  • Verification data is retained only for the period necessary to complete checks and comply with legal obligations.

When data is no longer required, we securely delete, anonymise, or archive it in accordance with our retention procedures.

8. Security of personal data

We use appropriate physical, electronic, and administrative safeguards to protect personal data against loss, misuse, unauthorised access, alteration, or disclosure. These measures may include access controls, staff training, secure storage, restricted permissions, encryption where appropriate, and regular reviews of our procedures. While no system can be guaranteed completely secure, we take reasonable and proportionate steps to safeguard your information.

9. Your rights under GDPR

You have rights in relation to your personal data. Subject to legal limits, you may have the right to:

  • Access a copy of the personal data we hold about you;
  • Rectification of inaccurate or incomplete data;
  • Erasure of your data in certain circumstances;
  • Restriction of processing in certain circumstances;
  • Data portability for data you provided to us, where processing is based on consent or contract and carried out by automated means;
  • Objection to processing based on legitimate interests or direct marketing;
  • Withdraw consent where we rely on consent;
  • Challenge automated decisions where applicable, although Barnes Storage does not typically make decisions producing legal or similarly significant effects solely by automated means.

You also have the right to be informed about how we use your data and to lodge a complaint with a supervisory authority if you believe your data protection rights have been infringed.

10. How to exercise your rights

To exercise any of your rights, you may make a request to us using the usual channels for customer correspondence. We may need to verify your identity before responding. We aim to respond within one month, although this period may be extended where requests are complex or numerous. There is usually no fee, unless the request is manifestly unfounded or excessive.

11. Children’s data

Barnes Storage services are not directed to children, and we do not knowingly collect personal data from children except where necessary in relation to a customer account and only where lawful to do so. If we become aware that we have collected data from a child inappropriately, we will take reasonable steps to delete it.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in law, our services, or our data handling practices. Any updated version will apply from the date it is made available. We encourage customers to review the policy periodically so they remain informed about how their personal data is handled.

13. Summary of our commitment

At Barnes Storage, we aim to use personal data responsibly, transparently, and securely. We collect only what we need, use it for clear purposes, and keep it only for as long as necessary. We work with trusted processors, apply appropriate safeguards, and respect your rights under GDPR. This policy applies to all Barnes Storage customers in area, and we are committed to maintaining privacy as part of the service we provide.

Call Now!
Call Now Get a Quote
Barnes Storage

GDPR-compliant Barnes Storage Privacy Policy covering data collection, lawful bases, retention, processors, security, and user rights for all local customers.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.