Privacy policy
1. General
Storo respects your privacy, regardless of whether you come into contact with Storo as a customer, user, supplier, etc. You are always entitled to the protection of your Personal Data (as defined below). This data may be related to your name, telephone number, email address, etc.
In this privacy statement (hereinafter “Privacy Statement”) we describe how we collect your Personal Data, why we collect it, for what purposes, with whom we share it, how we protect it and the choices you can make regarding your Personal Data.
We process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"). This means we collect, use, store, and protect personal data based on lawful grounds, with transparency, and for specified purposes. We ensure that individuals' rights under the GDPR—such as the rights to access, rectification, erasure, restriction, objection, and data portability—are respected and upheld.
This Privacy Statement applies to the processing of your Personal Data in the context of various services, tools, applications, websites, portals, online promotions, marketing campaigns, etc. that are provided or used by us or on our behalf.
In this Privacy Statement, the following terms shall have the following meaning:
(a) EEA means the European Economic Area (i.e. Member States of the European Union + Iceland, Norway and Liechtenstein).
(b) ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, etc.
(c) ‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
2. Who is responsible for proccessing your personal data?
This Privacy Statement applies to the processing of all your Personal Data by or on behalf of:
Storo BV, with registered office at Ringlaan 17/E, 2960 Brecht, registered in the register of legal entities (Antwerp, Antwerp division) under number 0717.595.310. Storo BVBA is responsible for processing your Personal Data and acts as data controller.
3. Processing of your personal data: what personal data do we collect and on what legal basis is it processed?
Depending on your concrete situation - as described below - you will find below an overview of the Personal Data that we will process, on the basis of which legal ground(s), for which purpose(s) the Personal Data are processed and the applicable retention periods:
1. Questions from customers, suppliers, complaints and comments
We offer users the opportunity to submit their concerns, complaints or comments regarding Storo BV's products and services through our website, including via our contact form hosted by HubSpot.
When you submit a contact request, the following Personal Data may be collected, stored, and processed:
- Name
- Sex (optional)
- E-mail address
- Telephone number
- Address
- Any additional information you provide in the message field
Providing your Personal Data is necessary for responding to your inquiry, except for the optional fields. If you do not provide it, we may be unable to assist you or provide the requested service.
The processing of your Personal Data serves only to handle your concern, complaint or comment and is based on GDPR Article 6(1)(b): necessary for the performance of a contract or to take steps at your request prior to entering into a contract.
We use HubSpot as a third-party service provider to process contact form submissions. By default, data in the EU is stored in data centers located in Ireland. However, in limited cases, data may still be accessed from or transferred to countries outside the EEA, such as the United States, for support or redundancy purposes. Where this occurs, it is done under appropriate safeguards, including Standard Contractual Clauses (SCCs) approved by the European Commission.
Your Personal Data will be kept for as long as necessary to respond to your request. After the request is resolved, we will retain records for up to 10 years, unless we are legally required to keep them longer.
2. Commercial relationship management
As part of our commercial activities, in particular related to the management of our (current and potential) customers and (current and potential) suppliers. These activities include: meeting requests, account creation, contractual information we may receive or collect the following Personal Data:
- Name
- Address
- Sex
- Date of birth
- E-mail address
- Telephone number
- Employer
- Payment details
Providing your Personal Data is necessary for creating a commercial relationship. If you do not provide it, we may be unable to provide the service to you.
We use the following services:
- StoreIT – used for managing customer storage box reservations and contracts.
- Exact Online – used for accounting and invoicing. This includes processing billing data and VAT information.
- Adyen – used to securely process online payments. This includes payment method, status, and transaction identifiers (not full card data).
- Umbraco – used as a CRM to store and manage customer information and interactions.
- Rollo – used to calculate and apply dynamic pricing based on availability and other factors.
Personal Data in these tools is processed in line with Article 6(1)(b) of the GDPR (contract performance), and where required, Article 6(1)(c) (compliance with legal obligations, e.g. tax or financial records). We use Rollo
The processing of this Personal Data only serves to manage relationships with our (current and potential) customers and (current and potential) suppliers and is therefore based on GDPR 6(1)(f): legitimate interest to improve our services.
Your Personal Data will be kept for as long as necessary to manage the aforementioned relationships and is subject to ongoing monitoring. After the end of the relationship, we will retain records for up to 10 years, unless required longer by law.
3. Newsletter Subscription
We offer users the opportunity to subscribe to our newsletter via our website. When you sign up, we collect and process the following Personal Data:
- Email address
The purpose of this processing is to send you email updates, news, offers, and other marketing communications related to our services.
The legal basis for this processing is your consent (GDPR Article 6(1)(a)). You may withdraw your consent at any time by using the unsubscribe link in any newsletter or by contacting us at info@storo.be.
Your data will be stored for as long as you remain subscribed to the newsletter. If you unsubscribe, your data will be removed from our newsletter database within 10 years, unless we are legally required to retain it for longer.
We use Klaviyo as our email platform. Your data may be transferred to and processed by them, but always under adequate safeguards as required by applicable data protection laws.
4. Access to Our Storage Facilities
To allow customers secure access to their storage boxes in our buildings, we may collect and process certain Personal Data such as your name, customer ID, access code, and access timestamps.
This data is used solely to verify your identity, provide access to our premises, and maintain building security. We also log access activity (e.g., time and date of entry, access point used) to ensure proper functioning of our systems and to prevent unauthorized access or misuse.
The legal basis for this processing is GDPR Article 6(1)(b) (performance of a contract) and GDPR Article 6(1)(f) (legitimate interest in ensuring building security and preventing misuse).
Access logs are retained only as long as necessary for security monitoring and incident resolution, or as required by legal or contractual obligations. After that, they are securely deleted.
Any Personal Data we process and store will not be transferred outside the EEA and can be consulted by:
- Fraud prevention, debt collection service providers;
- Insurers
- Person who has indicated whom we can contact
- Potential purchaser of our company
- Your agent or representative, such as an authorized representative
- Governments and law enforcement agencies
4. Protection of your personal data
We employ a number of technical and organizational security measures to protect your Personal Information from unauthorized or unauthorized access or use, as well as accidental loss or damage to the integrity of your Personal Information. These measures are designed taking into account our IT infrastructure, the potential impact on your privacy, the associated costs and in accordance with current industry standards / norms and practice. Your Personal Data will only be processed by a third party if it agrees with our technical and organizational security measures.
We do not use your Personal Data for automated decision-making or profiling that produces legal or similarly significant effects.
5. Use of Cookies
We comply with the applicable provisions of the Directive 2002/58/EC on privacy and electronic communications (the "ePrivacy Directive"), as amended and implemented in national laws. This includes ensuring that we obtain your consent, where required, before storing or accessing information on your device—such as through cookies or similar technologies. Where consent is not required (e.g. for strictly necessary cookies), we still ensure that such technologies are used in a transparent and privacy-respecting manner.
We use cookies and similar technologies on our website to enhance your browsing experience, analyze site usage, and support marketing efforts. Where required by applicable law, we obtain your consent for the use of non-essential cookies, such as analytics and marketing cookies.
For full details about the types of cookies we use, the data they collect, and how you can manage your preferences, please refer to our Cookie Policy.
6. Your rights
You can at any time request information about how your Personal Data is collected, stored and processed by Storo. You have a right of inspection as well as the option to request an improvement if your Personal Data is stored incorrectly.
You also have the right to request a restriction on the processing of your Personal Data (e.g. when the authenticity of your Personal Data is checked).
You can also withdraw your consent to the storage and processing of your Personal Data.
You can also object to the use of your Personal Data for direct marketing purposes or to sharing your Personal Data with a third party for the same purposes. Under certain conditions you can invoke the right to data portability. You will then receive your Personal Data that you have provided to us in a customary, structured format and will be given the option to pass on this Personal Data to a third party of your choice.
You may require us to delete your Personal Data, except in a number of cases such as when Storo is required by law to keep the Personal Data or to prove a transaction.
The above rights can only be exercised in a reasonable manner in accordance with applicable law.
If you do not agree with the way in which Storo processes your Personal Data, you can submit a complaint to the Belgian Data Protection Authority (GBA):
- Drukpersstraat 35, 1000 Brussels
- Tel: +32 (0) 2 274 48 00
- Mail: contact@apd-gba.be
7. Contact
Storo has a data protection contact point that handles all your questions or requests related to this Privacy Statement or (the processing of) your Personal Data.
For questions, requests or complaints, or to exercise your rights as described in this Privacy Statement, you can contact us by e-mail at info@storo.be or by post via Storo BV, Ringlaan 17 / E, 2960 Brecht .
8. Changes to our privacy statement
Our Privacy Statement is kept under constant supervision. Any changes made will be posted on this web page. The Privacy Statement was last updated on 07/08/2025.