Privacy & Cookies Policy
Shurgard Privacy Policy
This privacy policy provides you with information about what personal data we collect from you, how we use it, and your rights with regard to the personal data that we retain.
The Shurgard privacy policy shall come into effect on 25/05/2018.
1. Who we are
Shurgard Europe VOF (“Shurgard” or “we”) is a company having its registered office at Breedveld 29, 1702 Dilbeek, Belgium and registered in the Crossroads Bank for Enterprises under registration number 0884.371.665.
As a data controller, we respect your right to privacy and will only process personal data that you provide to us in conformity with the applicable data protection rules as described in this policy. The applicable data protection legislation includes (i) the General Data Protection Regulation (EU Regulation 2016/679) (GDPR); and (ii) (c) any other existing or new laws relating to the processing of data of a living person, and data protection.
If you have any questions about how we collect, store and use your personal data, or any other questions about data protection, please email us at: dataprotection@shurgard.eu.
Shurgard has a Data Protection Officer (DPO): Kleinermann & Sohn GmbH, Max-Planck-Str.9, 52499 Baesweiler, Germany, who can be contacted at info@das-datenschutz-team.de.
2. What personal data we collect
We collect personal information about you (such as your name, postal address, email address, phone numbers, date of birth, payment details) when you sign up to participate in or receive a service from us, such as request for a “call me back”, getting a quote or reserve a unit online or face to face if you come to our storage facility to sign an agreement.
We also collect personal information when you contact us, send us feedback, and complete customer surveys.
Our website also uses cookies (see “Use of cookies” section below) and collects IP addresses (which means a number that can uniquely identify a specific computer or other device on the internet).
We also gather personal information about you via our websites. If you visit our storage facility, some personal data may be collected from monitoring devices and systems such as closed circuit TV (CCTV) and door entry systems at our storage facilities.
We may monitor and record communications with you (such as telephone conversations and emails). We do this to check the quality of our customer service and for training purposes of our operational teams.
3. Processing of your data and legal basis
We, or processors acting on our behalf (for more information on companies processing data on our behalf, see Clause 4 below), may process your personal data for the following purposes:
- identify you and manage any account you hold with us;
- to contact you for reasons related to the service you have signed up for or to provide information you have requested;
- deal with payment for our services;
- resolve disputes or collect overdue payments;
- to make our website and its content available to you;
- to perform any reservations for storage units you may submit through our website;
- to respond to your online queries and provide you with services that you may request;
- where and insofar you have given us your explicit consent, to provide you with promotional content (via mail, e-mail, or SMS/MMS messages) or to include you in our promotional campaigns and offers relating to our products and services;
- to carry out market research;
- to better understand patterns relating to our website usage, through cookies, so that we may further improve upon our products, services and website offering. For further information on the cookies we deploy on our website, see “Use of cookies” section below;
- to detect and prevent potential fraud and /or other possible misdemeanours that could take place at our storage facilities;
- to comply with legal requirements, including anti-money laundering and counter-terrorist financing;
- for training purposes, and to enable internal monitoring activities aimed at improving service quality;
- for evidentiary purposes; e.g. to prove that certain transactions or contract conclusions have taken place in connection with certain communications.
We process your personal information for the purposes mentioned above:
- in case you have consented to the processing operations (see 3(h), 3(m), 3(n)), and those cookies which require consent (see 3(j)); OR
- in case such processing is necessary for the performance of a contract with you as a contracting party or for the performance of pre-contractual measures at your request (see 3(a) up to and including 3(g)); OR
- subject to the condition that the processing is necessary for the purposes of our legitimate interests and does not override your interests or fundamental rights and freedoms that require the protection of personal data; in doing so, we pursue, inter alia, the legitimate interests of Shurgard to conduct its business properly (see 3(k) and 3(l)), to further improve the quality of our products and services (see 3(i)), and for the use of such cookies for which consent is not necessary (see 3(j)).
- In case processing is necessary for compliance with a legal obligation to which we are subject (see 3(l)).
To this end, we strive to maintain a fair balance between the need to process data and the preservation of your rights and freedoms, including the protection of your privacy.
4. How and to whom we transfer your personal data
4.1 Principle
We will not sell, rent or otherwise disclose your personal data to third parties except as set out in this policy.
4.2 Subsidiaries/affiliates and external processors
We may provide your personal information to Shurgard subsidiaries/affiliated companies and to third party processors to process personal information on our behalf for the purposes set out above. These parties are required to process such information based on our instructions and in accordance with the Shurgard Privacy Policy.
The third party providers to whom we may disclose your personal data are:
- service providers under contract with us to support our business operations, such as technology services, fraud prevention, debt collection;
- our insurers and insurance brokers if you take out insurance coverage through us;
- any person who you have named as a person we can contact to discuss your account;
- any person who is your agent or representative, such as the holder of a power of attorney, a legal guardian or person administering a will;
- any person who we are negotiating with as a potential buyer of our business or property or if we are proposing to merge our business with another business.
4.3 Compliance with legal regulations and requirements
We may disclose your personal information where:
- we are required to do so by applicable law, by a governmental body or by a law enforcement agency in connection with any investigation to help prevent or detect unlawful activity;
- to establish or exercise our legal rights or defend against legal claims;
- to investigate, prevent or take actions against illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our terms of use, or as otherwise required by law.
4.4 Other
If a third party acquires all (or substantially all) of our business and/or assets, we may disclose your personal information to that third party in connection with the acquisition.
4.5 Address verification and credit review
We transfer your personal data to Creditreform Boniversum GmbH, Heilersbergstraße 11, D-41460 Neuss, for the purpose of verifying your address and checking your creditworthiness in case of late payment. Contact details of Creditreform Boniversum GmbH - Tel.: 02131 36845560, Fax: 02131 36845570, E-Mail: selbstauskunft@boniversum.de, www.boniversum.de. You can find more information on the processing of your data by Creditreform Boniversum GmbH at: https://www.boniversum.de/bonipedia/.
You can reach the responsible data protection officer of Creditreform Boniversum GmbH using the following contact details: Creditreform Boniversum GmbH, Data Protection Officer, Hellersbergstr. 11, 41460 Neuss, E-Mail: datenschutz@boniversum.de
5. International data transfer
In connection with the abovementioned purposes, we try to avoid as much as possible the transfer of personal information that we collect from you to third party data processors located outside the European Economic Area.
When we transfer personal information that we collect from you to third party data processors located in countries that are outside of the European Economic Area and which do not offer an adequate level of protection, we ensure the use of appropriate data transfer tools such as the entering into of the standard contractual clauses issued by the European Commission.
6. Cookies
6.1 What are cookies?
Technologies such as cookies, tags and scripts are used by us and our partners, affiliates, or analytics or service providers. These technologies are used in analysing trends, administering our website, tracking users’ movements around our website and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an aggregated basis.
We use cookies, for example, to remember users’ settings (e.g. language preference). Users can control the use of cookies at the individual browser level. If you reject cookies, you may still use our website, but your ability to use some features or areas of our website may be limited.
Please note that blocking cookies may lead to a less complete web-browsing experience, as in that case we cannot guarantee its full functionality.
For more information about how we use cookies and what information is collected using cookies, see “Use of cookies” section below.
6.2 Cookies we use
We use cookies on our website for the following purposes:
- to be able to display the website to you (“technically necessary” cookies) (Section 6.1(b) of the GDPR; § 25.2 of the Telecommunications-Telemedia Data Protection Act)
- to compile statistics on the use of our website, which enable us to understand how users use our website and which help us to improve our website and its functions and to design it in line with requirements. We only do this if you have given your consent (Section 6.1(a) of the GDPR; § 25.1, p.1 of the Telecommunications-Telemedia Data Protection Act)
- to provide you with various functions of the website, e.g. so that we can recognise you as an individual visitor the next time you visit our website. However, we only do this if you have given us consent to do so (Section 6.1(a) of the GDPR; § 25.1, p.1 of the Telecommunications-Telemedia Data Protection Act; and
- to enable us to show you advertising tailored to your preferences and interests, or to avoid showing you the same advertising more than once; again, only if you have given us consent to do so (Section 6.1(a) of the GDPR; § 25.1, p.1 of the Telecommunications-Telemedia Data Protection Act).
If you have given us consent regarding a cookie, you can revoke this at any time. However, this does not render unlawful the data processing carried out until your revocation. You may revoke your consent by, among other things, adjusting the settings of this website accordingly.
If you wish, you may set your internet browser to accept or reject cookies. Note that if cookies are disabled, you may not be able to use all the interactive features of our website.
If you don’t want to receive certain categories of cookies on our website, you can change your permission settings at any time in your browser settings. This only affects future cookies. To remove cookies that were placed in the past, delete them from your browser's cache.
The table below shows all the cookies that are used on our website:
7. Security
We take appropriate technical and organisational measures to safeguard the personal information that you provide to us against unauthorized or unlawful processing and against accidental destruction, loss or damage, for example:
- we store your personal data on secure servers; and
- payment details are encrypted on the secure server.
While we will use all reasonable efforts to keep your personal data safe, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data that is transferred from you or to you via the internet. If you have any particular concerns about your information, please contact us (see ‘How can you contact us?’ below).
8. How long do we retain your personal data?
We will retain your personal data for as long as is necessary to provide the services you have obtained, to comply with our legal obligations, to assert and defend legal claims, and to resolve disputes. Specifically, this means the following:
For your personal data contained or recorded in connection with the management of our buildings and facilities:
- Data contained in our visitors' books will be retained for six (6) months from the date of entry.
- Video recordings will be retained for one (1) month from the date they were made, unless they can assist in proving a breach of law, damage or misconduct. In this case, the recordings may be retained until the proceedings or litigation concerning the breach, damage or misconduct have been concluded.
- Security incident reports are retained for ten (10) years after their completion or twenty (20) years from the date of the incident, whichever is longer.
For your personal data collected for training and quality assurance purposes:
- records of incoming and outgoing telephone calls between you and Shurgard will be retained for ninety (90) days from the date of the recording, after which time all telephone records will be permanently deleted.
- emails containing questions or enquiries that you send to Shurgard will be stored for a period of twelve (12) months from the date of sending before being deleted. In this context, Shurgard will also retain anonymised data and analytics relating to email volume, content and service levels for a further twelve (12) months before deletion.
For your personal data collected for customer relationship management, customer identification or other commercial purposes:
- all data and documents relating to Shurgard's business transactions that are required to be included in annual financial statements and other corporate reports required by law (e.g. identification documents received when entering into contracts, leases, insurance contracts, reminders and receipts for their dispatch, bank statements, purchase orders, delivery notes from vendors for goods and services, receipts for refunds and product returns (receipts), minutes of conversations and emails) will be retained for a maximum of 10 years after the business relationship comes to an end.
- Documents relating to complaints and legal disputes (e.g. photos, damage reports, price quotations, parts lists (damaged items) and letters/emails (evidence of any communication) will be retained for the duration of the dispute.
With regard to your personal data collected when you use our website:
- any data we process during your visit to our website in order to make the website available and to enable its functions, will only be stored by us for the duration of your visit to our website. If this is necessary for individual functions, we also store your data for a longer period.
- The storage periods of the cookies set on our website can be found above in Clause 6.
9. Third party websites
Shurgard website contains links to other websites operated by third parties. The Shurgard Privacy Policy applies only to the personal information that we collect through our website and it does not apply to other websites to which our website may be linked, with or without our permission. We are not responsible for personal data collected, stored and used by third parties through their website. You should always carefully read the privacy policy of each website you visit.
10. What are your rights?
You have the following rights as a data subject:
- the right to be informed about the personal data we store concerning you;
- the right to ask us to update or correct any out-of-date or incorrect personal information that we retain concerning you;
- if the processing is based on your consent, you have the right to revoke your consent at any time; this will not affect the lawfulness of the processing based on your consent prior to the withdrawal;
- the right to erasure where the conditions of Section 17 of the GDPR have been met;
- the right to restriction of processing where the conditions of Section18 of the GDPR have been met;
- the right to data portability insofar as the conditions of Section 20 of the GDPR apply to you;
- the right to object to the processing of personal data concerning them, provided that the conditions under Section 21 of the GDPR are met;
- the right to lodge a complaint with a supervisory authority; and
- the right to opt out of any direct marketing communications that we (with your consent) may send you.
You may (except as provided in clause 10(h) of this policy) exercise your rights, for example, at any time by emailing us at dataprotection@shurgard.eu.
11. Updates to the Shurgard Privacy Policy
This policy may be updated periodically to reflect changes in our personal data practices. You should check this policy occasionally to ensure that you are aware of the most recent version.
12. Our contact details
If you have any questions about this Privacy Policy and/or how we collect, store and use your personal data, you may contact us by email at: dataprotection@shurgard.eu.