Savvy Storage ltd is committed to protecting the legal rights and freedoms of our Clients and clients.  We promise to process all data collected through our company in compliance with all legal structures. Savvy Storage holds personal data about our employees, clients and contracted workers.

This policy sets out how we seek to protect personal data and ensure that our staff understand the rules governing their use of the personal data to which they have access in the course of their work. In particular, this policy requires staff to ensure that the Data Protection Officer (DPO) be consulted before any significant new data processing activity is initiated to ensure that relevant compliance steps are addressed.

Our GDPR policy states how data is collected by Savvy Storage, how it is stored and how it is intended to be used. This document is used by staff at our company to ensure they are following GDPR regulations in full when handling your data. We are committed to ensuring that this information remains up to date and that our staff remain informed whenever changes are made to this document, which may happen from time to time as is necessary by legal obligation.

Savvy Storage Data Protection Officer:

Name: Tania McIntosh ( Managing Director )

Phone: 07737 777333






Savvy Storage ltd commits to the follow principles as outlined in the EU GDPR document.

Lawfulness, fairness and transparency

Data collection from Savvy Storage will be collected legally and its uses will be open and transparent. Savvy Storage will not misuse the data that it collects.

Purpose limitations

Savvy Storage will only collect data for specific reasons that it can justify as requiring data.

Data minimisation

Savvy Storage will not take part in collecting or storing unnecessary data which it cannot justify as requiring for any purpose.


Savvy Storage will do its utmost to ensure that stored records are accurate and up to date

Storage limitations

Savvy Storage will not store any data longer than it is necessary to do so

Integrity and confidentiality

Our data collections and records will be kept confidential and will be regularly reviewed to ensure they are secure


Procedural information


  1. We must ensure that data collection only takes place when it is lawful. This is defined as the data subject giving traceable consent for their data being used. This is considered fair and lawful collecting and processing of data.

  2. Data subjects have the right to request that their data is removed if there is no traceable consent. This is fair under the first principle.

Savvy Storage is specified as a Data Controller under the terms of the EU GDPR.


Lawful and reasonable conditions for collecting data

  1. The data subject has given full consent for data to be processed and used.
  2. The data is essential to complete a contract or booking
  3. The data is part of a legal requirement to possess specific data
  4. The data is essential to protecting human life in a medical situation


What to consider when processing data


  • What is the reason we require this data?
  • Can we achieve our goals without using this data?
  • Are we meeting our clients expectations on how their data could be used?
  • How could this affect the data subject?
  • Is the data subject a vulnerable individual?
  • Are you able to easily able remove data on request after it is processed?

The key factor in making a decision to process data is to think about what the data subject would expect or would have expected when agreeing for their data to be processed. This directly relates to the ‘lawful and reasonable conditions for collecting data’ section.


Sensitive Data


Sensitive data is defined as data of a subject which can cause harm or lead to risk of an individuals freedoms and fundamental rights. This can consist of:

  • Race
  • Political preference
  • Religion
  • Sexual preference
  • Ethnicity

Savvy Storage may want to record some sensitive data for market research purposes. If sensitive information is considered necessary to obtain, then explicit and traceable consent is required by the data subject in order to store it.

Savvy Storage | Data Responsibility


Savvy Storage must ensure it regularly does the following

  • Assess and evaluate the data it holds and review its need in the database
  • Ensuring that staff are informed and trained in data protection rules
  • Ensure that data on the system is lawful and given by consent
  • Ensure that data is kept securely and accessible by relevant staff only
  • Assess the risk of holding the data in its database
  • Ensuring that any parties who have access to the database are fully compliant with EU GDPR laws.

Storage rules

  • Data stored physically (paper, notes, etc) must be held securely
  • Physical data should be destroyed when it is not needed anymore
  • Digitally stored data should require advanced passwords to access
  • Passwords for anyone with access to the database should change often
  • Data stored on any external drives must be encrypted or password locked
  • The Data Protection Officer must approve of any cloud based database
  • Data must not be saved to any personal device such as a phone or laptop
  • Data must not be stored once its purpose is fulfilled and no longer required


Individual Rights


As an individual, you have the following rights with regards to GDPR data protection.

Right to information

We will provide notices regarding privacy policy which are accessible, transparent and easy to understand.

Right to access information

You have the full right to access your personal data and any relevant information held

Right to rectify

You have the right to request that we amend any personal data we hold in relation to you. This must be complete within the timeframe of 1 month.

Right to erase data

You have the right to request that we remove all data held in relation to you where there is no legal reason for us to hold it.

Right to transfer

You have the right to request that Savvy Storage transfers the stored data relevant to you so that you may use it for your own purposes.

Right to object

You have the right to object to your data being processed outside of its necessary role in our business procedures. This could be in relation to marketing and automated advertising.


GDPR Privacy Policy Notification


A link to this GDPR privacy policy should be supplied prior to collecting data. Where data is uploaded from third-parties or given via phone call, a link to this GDPR privacy policy should be provided to the data subject within the reasonable timeframe of 1 month.

If the data is being used for any form of data processing, consent must be obtained from the data subject before this takes place.

The Privacy Policy Notification must contain the following information:

  • The name and details of the data controller and data protection officer
  • The purpose of the data collection
  • The data subjects right to decline processing
  • Who will receive this data
  • Any details pertaining to third-parties or international transfers
  • How long the data is intended to be kept for
  • Details of how to raise any issues with the data processing
  • The source of the data
  • Details of how consent will be given by the data subject


Reporting & Breach of Data Regulations


If there is any breach of the company database, both internal or external, Savvy Storage will report to the official regulation authority within the time frame of 72 hours. We hold a legal obligation to fulfil this demand.

Any discrepancies in the database that are noticed must be reported to the Data Protection Officer to be investigated immediately. If there is evidence that a member of staff is aware of a breach that has not been reported, then disciplinary action will be initiated and training will be reinstated.



How will Savvy Storage use your Data?


Operational Data

Savvy Storage has a requirement for the following information in order for it to run its business:

  • Client first and last name
  • Client email address for invoicing and communication
  • Client phone number for notifications and emergency contact
  • Client residential address for security checks & data analysis
  • Vehicle information including registration and licence number

Client payment information is not stored on our database. Payment information will never show on our system. In our accounting software, only the first and last 4 card digits are presented.

Marketing Analysis Data

Savvy Storage may use some of its data for marketing and analysis.

  • Age
  • Sex
  • Country of Origin
  • Client Spend Amount
  • Method of payment including Credit/Debit card types
  • Type of storage service purchased

All of the above information is stored by Savvy Storage purely for the purpose of research analysis that we use to understand our market.

You have the full right to know what information has been stored about you via your booking with us. Please contact us via should you wish to enquire about the information we hold about you.


Savvy Storage intends to advertise its offers, promotions and seasonal updates to clients who have given consent for marketing purposes. If you have agreed to receive marketing emails from us, we will endeavour to do our best to only send you relevant information about our products and services which is based on the data we hold about you.