Privacy Policy - Crooklog Storage

This Privacy Policy explains how Crooklog Storage collects, uses, stores, shares, and protects personal data relating to its customers, prospective customers, visitors, and other individuals whose personal information is processed in connection with our services. This policy applies to all Crooklog Storage customers in the area, and it is intended to meet the requirements of the UK GDPR and the Data Protection Act 2018.

1. Who We Are

Crooklog Storage provides storage-related services to individuals and businesses. In the course of delivering these services, we may process personal data about customers, account holders, authorised users, delivery contacts, emergency contacts, billing contacts, and individuals who communicate with us about enquiries, access, security, payments, or facility use.

For the purposes of data protection law, Crooklog Storage acts as the data controller in relation to the personal data described in this policy, unless we are specifically instructed to process data on behalf of another controller.

2. Personal Data We Collect

We only collect personal data that is necessary for legitimate business, operational, legal, and security purposes. The categories of data we may collect include:

  • Identity data such as name, title, and identification details where needed for verification.
  • Contact data such as postal address, email address, and telephone number.
  • Account data such as customer reference numbers, service records, agreements, preferences, and communication history.
  • Payment and billing data such as payment status, invoice details, and limited financial information necessary to process transactions.
  • Access and security data such as entry logs, CCTV-related information where applicable, gate or door access records, and incident reports.
  • Technical data such as device information, IP address, browser type, and usage data if you interact with our systems or digital tools.
  • Correspondence data such as messages, complaints, enquiries, and other communications with us.

We generally do not seek to collect special category data. If such information is incidentally provided to us, we will handle it in accordance with data protection law and only where a lawful basis applies.

3. How We Use Your Personal Data

We use personal data only where necessary and for specific, explicit purposes. These include:

  • setting up and managing customer accounts;
  • providing storage services and related administrative support;
  • verifying identity and preventing fraud;
  • processing payments, invoices, refunds, and account balances;
  • monitoring access, facility security, and health and safety;
  • handling enquiries, complaints, and service issues;
  • maintaining records for legal, regulatory, insurance, and auditing purposes;
  • improving our operations, service quality, and security controls;
  • complying with lawful requests and legal obligations.

We will not use your personal data in ways that are incompatible with these purposes unless we have informed you or are otherwise permitted by law.

4. Lawful Basis for Processing

Under the UK GDPR, we must identify a lawful basis for each processing activity. Crooklog Storage may rely on one or more of the following:

Contract

We process personal data where it is necessary to enter into or perform a contract with you. This includes managing your storage agreement, providing services, administering payments, and maintaining your account.

Legal Obligation

We may process data where required to comply with applicable laws, regulations, court orders, tax rules, fraud prevention duties, or other legal obligations.

Legitimate Interests

We may process data where it is necessary for our legitimate business interests and where those interests are not overridden by your rights and freedoms. This can include security monitoring, service improvement, record keeping, internal administration, and protecting our property, staff, customers, and operations. Where required, we carry out a balancing test to ensure these interests are fair and proportionate.

Consent

In limited cases, we may rely on your consent, for example for certain optional communications or specific processing activities not covered by another lawful basis. Where consent is used, you may withdraw it at any time.

5. Sharing Your Data and Processors

We may share personal data with trusted third parties where necessary and lawful. These recipients may act as processors or as separate controllers depending on the service they provide. We only disclose the minimum data required for the intended purpose and only where appropriate safeguards are in place.

Examples of processors and service providers may include:

  • IT hosting, software, and systems support providers;
  • payment processing and invoicing providers;
  • security and surveillance service providers;
  • records management and document storage providers;
  • professional advisers such as accountants, auditors, or legal advisers;
  • maintenance, operational, and facility support contractors.

We require processors to act only on our instructions, to protect data appropriately, and to implement suitable technical and organisational measures. We do not sell your personal data.

We may also share information where required by law, where it is necessary to protect rights, property, or safety, or where you have instructed us or given valid permission.

6. International Transfers

If personal data is transferred outside the UK, we will ensure that appropriate safeguards are in place. This may include adequacy regulations, standard contractual clauses, or other lawful transfer mechanisms approved under data protection law. We take steps to ensure transferred data receives a level of protection that is essentially equivalent to UK requirements.

7. Data Retention

We keep personal data only for as long as necessary for the purposes for which it was collected, including legal, accounting, insurance, operational, and regulatory requirements. Retention periods vary depending on the nature of the information and the reason it was collected.

In general:

  • customer account and contract records are retained for the life of the agreement and for a reasonable period afterwards;
  • financial and tax records are retained in accordance with applicable statutory requirements;
  • security and access records are kept only as long as necessary for safety, monitoring, investigation, or compliance purposes;
  • correspondence and complaint records are retained for operational and evidential purposes;
  • data no longer required is securely deleted, anonymised, or destroyed.

We may retain data for longer where necessary to establish, exercise, or defend legal claims, or where retention is otherwise required by law.

8. Data Security

We use appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, loss, or destruction. These measures may include access controls, staff training, secure storage, encryption where appropriate, monitoring, and internal procedures designed to reduce risk.

No method of transmission or storage is completely secure, but we take reasonable and proportionate steps to protect your information based on the nature of the data and the risks involved.

9. Your Rights

As a data subject under the UK GDPR, you may have the following rights in relation to your personal data:

  • Right of access - to request confirmation of whether we process your data and to obtain a copy of it.
  • Right to rectification - to request correction of inaccurate or incomplete data.
  • Right to erasure - to request deletion of data in certain circumstances.
  • Right to restriction - to request that processing be limited in certain situations.
  • Right to data portability - to receive certain data in a structured, commonly used, machine-readable format where applicable.
  • Right to object - to object to processing based on legitimate interests or direct marketing, where applicable.
  • Right to withdraw consent - where processing is based on consent, you may withdraw it at any time.

Some rights may be limited by law, for example where we must retain data for legal reasons or where disclosure would affect the rights of others. Requests will be assessed on a case-by-case basis.

10. Automated Decision-Making

We do not use personal data for decisions based solely on automated processing that produce legal or similarly significant effects, unless this is expressly permitted by law and appropriate safeguards are in place.

11. Children

Our services are not intended for children, and we do not knowingly collect personal data from children unless it is necessary in connection with an authorised customer relationship and lawful basis exists. If we become aware that we have collected data unlawfully, we will take appropriate steps to delete or secure it.

12. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal obligations, or operational needs. Any changes will apply from the date they are published or otherwise communicated. We encourage you to review the policy periodically so that you remain informed about how your information is handled.

13. Summary of Key Principles

Crooklog Storage is committed to processing personal data lawfully, fairly, and transparently. We collect only what is needed, use it for clear purposes, share it only where necessary, retain it for no longer than required, and protect it using suitable safeguards. Customers may exercise their rights under data protection law, and we will respond to requests in accordance with legal requirements.

This policy applies to all Crooklog Storage customers in the area.

Call Now!
Call Now Get a Quote
Crooklog Storage

GDPR-compliant Privacy Policy for Crooklog Storage covering data collection, lawful basis, retention, processors, and user rights for all customers in the area.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.