Privacy Policy - Botanybay Storage

This Privacy Policy explains how Botanybay Storage collects, uses, stores, shares, and protects personal data. It applies to all Botanybay Storage customers in area, including individuals who enquire about our services, create an account, use storage facilities, make payments, or otherwise interact with us. We are committed to handling personal data in accordance with the General Data Protection Regulation (GDPR) and any other applicable data protection laws.

1. Who We Are

For the purposes of data protection law, Botanybay Storage acts as the data controller for the personal data we collect and process in connection with our storage services. This means we determine why and how personal data is processed, subject to the requirements of law.

2. Personal Data We Collect

We collect only the personal data that is necessary and relevant for operating our services, managing our business, and meeting legal obligations. The types of data we may collect include:

  • Identity data, such as name, date of birth, and identity verification details where required.
  • Contact data, such as address, email address, and telephone number.
  • Account and service data, including customer reference numbers, storage unit allocation, booking details, and service preferences.
  • Payment data, such as billing information, payment status, transaction records, and partial card or bank details processed through payment providers.
  • Security and access data, including CCTV footage, access logs, gate entry records, alarm records, and incident reports.
  • Communication data, including correspondence with us by email, phone, text, written forms, or other channels.
  • Technical data, such as device or browser information if you use our digital services.
  • Legal and compliance data, including records required for fraud prevention, dispute resolution, and regulatory compliance.

We may also collect information you choose to provide voluntarily, for example when raising a query, making a complaint, requesting assistance, or providing feedback.

3. How We Use Personal Data

We process personal data for the following purposes:

  • to register and manage customer accounts;
  • to provide storage services and related customer support;
  • to process payments, invoices, refunds, and account administration;
  • to verify identity and prevent fraud;
  • to maintain security of our facilities, customers, staff, and property;
  • to monitor use of our premises and enforce site rules;
  • to communicate about service changes, notices, or account issues;
  • to resolve disputes, claims, and complaints;
  • to comply with tax, legal, and regulatory obligations;
  • to improve our services, systems, and operational performance; and
  • to establish, exercise, or defend legal rights.

We do not use personal data for purposes that are incompatible with the reasons for which it was collected unless permitted by law or with valid consent where required.

4. Lawful Basis for Processing

Under GDPR, we must have a lawful basis for each processing activity. Botanybay Storage relies on the following lawful bases:

4.1 Contract

We process personal data where it is necessary to enter into or perform a contract with you. This includes setting up an account, providing storage space, taking payment, issuing notices, and managing your use of our services.

4.2 Legal Obligation

We process personal data where necessary to comply with legal obligations, such as accounting requirements, tax recordkeeping, and lawful requests from regulatory or law enforcement authorities.

4.3 Legitimate Interests

We may process personal data where it is necessary for our legitimate interests or those of a third party, provided those interests are not overridden by your rights and freedoms. Examples include maintaining site security, preventing fraud, protecting assets, managing disputes, and improving our services.

4.4 Consent

In limited situations, we may rely on your consent, for example where consent is required for certain optional communications or processing activities. Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

5. Sharing Your Personal Data

We only share personal data when necessary and with appropriate safeguards in place. We may share data with:

  • Service providers who support our business operations, such as payment processors, IT hosting providers, CCTV and security service providers, customer management systems, and document storage suppliers.
  • Professional advisers, including accountants, insurers, auditors, legal advisers, and consultants.
  • Regulators and public authorities where disclosure is required by law or necessary to protect rights, safety, or property.
  • Third parties involved in disputes or claims, where necessary for investigation, enforcement, or legal proceedings.

We require processors and other third parties to handle personal data securely, lawfully, and only on our instructions where they act as processors. We do not sell personal data.

6. Processors

Where third parties process personal data on our behalf, they act as processors. These processors may provide services such as payment handling, cloud storage, accounting systems, customer communications, CCTV support, maintenance platforms, and IT security. We ensure that appropriate data processing agreements are in place and that processors are only permitted to use personal data for specified purposes, in line with GDPR requirements.

We take reasonable steps to assess our processors and to ensure they apply suitable technical and organisational measures, including access controls, confidentiality obligations, encryption where appropriate, and secure deletion or return of data when services end.

7. Data Retention

We keep personal data only for as long as necessary for the purposes for which it was collected, including to satisfy legal, accounting, security, and operational requirements. Retention periods vary depending on the type of information and the reason it is held.

  • Customer account and contract data is generally retained for the duration of the customer relationship and for a period afterward as required for records and legal purposes.
  • Payment and accounting records are retained for the period required by tax and financial laws.
  • Security records, such as CCTV and access logs, are retained for a limited period unless they are needed for an ongoing investigation, dispute, or legal claim.
  • Correspondence and complaint records are retained as needed to manage the matter and for evidence of how issues were resolved.

When personal data is no longer required, it is securely deleted, anonymised, or destroyed in accordance with our retention procedures.

8. International Transfers

If personal data is transferred outside the United Kingdom or European Economic Area, we will ensure appropriate safeguards are in place, such as standard contractual clauses or other lawful transfer mechanisms, to protect your data to the standard required by GDPR.

9. Data Security

We use reasonable technical and organisational measures to protect personal data from unauthorised access, loss, misuse, alteration, or disclosure. These measures may include restricted access, password protection, security monitoring, secure storage, staff training, and regular review of our systems and procedures. While no system can be guaranteed completely secure, we work continuously to maintain a high standard of data protection.

10. Your Rights

Under GDPR, you have a number of rights in relation to your personal data. These may include:

  • Right of access - to request a copy of the personal data we hold about you.
  • Right to rectification - to ask us to correct inaccurate or incomplete information.
  • Right to erasure - to request deletion of your personal data in certain circumstances.
  • Right to restriction - to ask us to limit processing in certain situations.
  • Right to data portability - to receive certain data in a structured, commonly used, machine-readable format.
  • Right to object - to object to processing based on legitimate interests or direct marketing.
  • Right to withdraw consent - where processing is based on consent.

You also have the right to raise a concern with a data protection authority if you believe your rights have been infringed. We encourage you to contact us first so we can try to resolve any issue promptly and fairly.

11. Children’s Data

Our services are intended for adults. We do not knowingly collect personal data from children except where it is necessary and lawful in connection with a customer’s account or legal obligations.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. Any updates will apply from the date they are published or otherwise communicated. We encourage customers to review this policy periodically.

13. Contact and Further Information

This policy is designed to give clear and transparent information about how Botanybay Storage handles personal data. If you wish to exercise your rights or raise a data protection concern, please use the appropriate service channels provided to you by Botanybay Storage. We will respond in accordance with applicable data protection law and aim to handle requests fairly, securely, and without undue delay.

Botanybay Storage is committed to respecting your privacy and protecting your personal data at every stage of our service relationship.

Call Now!
Call Now Get a Quote
Botanybay Storage

GDPR-compliant privacy policy for Botanybay Storage covering data collection, lawful basis, retention, processors, and user rights.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.