Privacy Policy

Privacy Policy


This privacy policy sets out the approach which Storman Software Pty Ltd will take in relation to the treatment of personal information. It includes information on how Storman Software Pty Ltd collects, uses, discloses and keeps secure, individuals’ personal information within the Storman Site Network (SSN). It also covers how Storman Software Pty Ltd makes the personal information it holds available for access to and correction by the individual.

Please note that this policy does not cover our self storage software products (refer to our Software Licence Agreement), but rather our online entities (such as this website).

We want our users to always be aware of any information we collect, how we use it, and under what circumstances, if any, we disclose it.

Website administration

Storman Software Pty Ltd

Office 16,
25 St Margarets Street
United Kingdom (view full contact info).

Information Collection & Use

We respect each site visitor’s right to personal privacy. To that end, we collect and use information throughout the Storman Site Network(SSN) only as disclosed in this privacy policy. This statement applies solely to information collected within the SSN. For each visitor to a site within the SSN, our web server automatically recognises no information regarding the e-mail address.

The information we collect is:

  • Used to improve the content of our web pages.
  • Used to notify visitors about updates to our web site.
  • Never shared with other organisations for commercial purposes.

In order to use this website, visitors and/or members are not required to complete any registration forms – unless you wish to make contact with us via a web-form for:

  • General email contact.
  • Requesting information from us, such as a quotation.
  • Requesting a downloadable product or demonstration from us.

During the aforementioned (and similar) events, a user must give certain contact information – but we never sell or give away this information. It is only gathered to contact the user about services on our site for which s/he has expressed interest. It is optional for the user to provide demographic information and unique identifiers (username, password, etc – excluding the myStorman customer services portal).

Giving additional information helps provide a more personalised experience on our site, but is not required. When we transfer and receive certain types of sensitive information such as financial information, we redirect visitors to a secure server and will notify visitors of this feature through a notice on the website in question.

While we publish an electronic newsletter, we never sell or share our subscribers’ email addresses. We operate online surveys, and we never sell or share our subscribers’ email addresses. You will see a link on our email where you are able to unsubscribe, if you wish to do so. Please unsubscribe all of your email addresses to make sure you do not receive any emails on those addresses.

Use of Cookies

Sites within the SSN utilise a number of cookies in order to present a personalised browsing experience. Cookies in use within SSN websites will:

  • Remember whether you dismissed a general message dialog.
  • Remember last-visit data (for statistical purposes only).
  • Remember your myStorman login details (only if you select the ‘Keep me logged in’ option).


Storman Software is committed to making our website accessible to all. We use the guidelines stipulated by W3C.

For questions/feedback about the accessibility of our website, please contact us.

Client Data Processing Notice

This Client Data Processing Notice (“Notice”) applies if you have entered into an agreement with Storman Software Limited  (“Storman”) for the provision of hosting services, Storman Payments and/or Storman Reservations. When we refer to “you” in this notice, we refer to the individuals who use the above services.

1.      Who we are and how to contact us and our data protection officer

Storman of Office 16, 25 St Margarets Street, Ipswich, IP4 2BN, United Kingdom is a Data Controller of your personal data. This means information that is about you or from which we can identify you. This notice describes how we deal with your personal data.

We are the data controller of this personal data under relevant data protection laws because in the context of our business relationship with you, we decide how and why it is processed in the ways explained in this notice. When we use terms such as “we”, “us” and “our” in this Notice, we mean Storman.

If you have queries about this Notice or wish to exercise any of the rights mentioned in it, you may do so by emailing

Use our online form on our website: contact us

Contact us by mail:

Office 16,
25 St Margarets Street
United Kingdom

Contact us by phone:

UK 0800 228 9784

Europe +44 (0) 1473 875 014

2.      Where do we get your personal data?

We will generally collect your personal data from you directly.

3.      What kinds of personal data about you do we process?

We process the personal data that you provide to us during the application process for our services. The personal data includes:

  • Your title, full name, your contact details, including for instance your email address, home and mobile telephone numbers;
  • Your home address, correspondence address (where different from your home address) and address history;
  • Records of how you have contacted us and, if you get in touch with us online, details such as your mobile phone location data, IP address and MAC address;
  • Data you provide to us to verify your identity, such as copies of passports, driving licenses or utility bills;
  • Where relevant, data about any guarantor that you provide in any application; and
  • Your management and use of the Services.

If you make a joint application or provide a guarantor, we will also collect the Personal Data mentioned above about that person. You must show this Notice to the other applicant and ensure they confirm that they know you will share it with us for the purposes described in it.

4.      What are the legal grounds for our processing of your personal data (including when we share it with others)?

Data protection laws require us to explain what legal grounds justify our processing of your personal data (this includes sharing it with other organisations). For some processing more than one legal ground may be relevant. Here are the legal grounds that are relevant to us:

  1. Processing necessary to perform our contract with you for supplying you with our Services or for taking steps prior to entering into an agreement with us:
    1. Verifying your identity;
    2. Administering and managing your Services and updating your records;
    3. Where we consider that it is appropriate for us do so, processing necessary for the following legitimate interests, which apply to us and, in some cases, other organisations (who we list below) are:
      • Administering and managing our relationship and your Services and keeping appropriate records;
      • To improve our products and services, by reviewing which products you take up and use and the frequency and type of use you make of the Services, and to test their performance;
      • To adhere to guidance and best practice under the regimes of governmental and regulatory bodies such as Companies House, Prudential Regulation Authority (PRA) and the Bank of England (BoE);
      • To administer good governance for us and other members of our Group, and for audit of our business operations including accounting;
      • To carry out monitoring (including of telephone calls) and to keep records;
      • For market research and analysis and developing statistics;
      • When we share your personal data with these other people or organisations;
        • Members of our Group;
        • Our legal and other professional advisers, auditors and actuaries;
        • Financial institutions and trade associations;
        • Governmental and regulatory bodies such as the Companies House, Prudential Regulation Authority (PRA), Information Commissioner’s Office (ICO) and the Bank of England (BoE);
        • Other organisations and businesses who provide services to us such as back up and server hosting providers, IT software and maintenance providers, document storage providers and suppliers of other back office functions;
        • Buyers and their professional representatives as part of any restructuring or sale of our business or assets;
        • Market research organisations who help us to develop and improve our products and services; and
        • Other organisations and businesses, who provide services directly to Merchants to enable transaction processing.
  2. Processing necessary to comply with our legal obligations:
    • For compliance with laws that apply to us;
    • For establishment, defence and enforcement of our legal rights or those of any other member of our Group;
    • For activities relating to the prevention, detection and investigation of crime;
    • To carry out monitoring and to keep records;
    • To deal with requests from you to exercise your rights under Data Protection Laws; and
    • When we share your personal data with these other people or organisations:
      • Law enforcement agencies and governmental and regulatory bodies; and
      • Courts and to other organisations where that is necessary for the administration of justice, to protect vital interests and to protect the security or integrity of our business operations.
  3. Processing with your consent:
    • For direct marketing communications;
    • When you consent for us to share your information with a third party; and
    • Where information has been gathered via cookies or similar technologies, you may block such cookies using your browser. Some parts of our website may not work properly if you do.

5.      How and when can you withdraw your consent?

Much of what we do with your personal data is not based on your consent, instead it is based on other legal grounds. For processing that is based on your consent, you have the right to take back that consent for future processing at any time. You can do this by contacting us by email as detailed above or calling on +44 800 228 9784. The consequence might be that we cannot send you some marketing communications or that we cannot take into account special categories of personal data.

6.      Is your personal data transferred outside the UK or the EEA?

We don’t process personal data outside of EEA.

7.      For how long is your personal data retained by us?

Unless we explain otherwise to you, we will hold your Personal Data whilst you are receiving Services from us, and for a period of up to eighteen months afterwards, in case you have any queries or any legal claim arises, and to comply with our own legal, regulatory and record keeping requirements.

8.     What are your rights under data protection laws?

Here is a list of the rights that all individuals have under data protection laws. They do not apply in all circumstances. If you wish to exercise any of them, we will explain at that time if they are applicable or not.

  • The right to be informed about our processing of your Personal Data;
  • The right to have your Personal Data corrected if it is inaccurate and to have incomplete personal data completed;
  • The right to object to processing of your personal data;
  • The right to restrict processing of your Personal Data;
  • The right to have your personal data erased (the ‘right to be forgotten’);
  • The right to request access to your Personal Data and to obtain information about how we process it;
  • The right to move, copy or transfer your personal data (‘data portability’); and
  • Rights in relation to automated decision making that has a legal effect or otherwise significantly affects you.

You have the right to complain to the ICO which enforces data protection laws:

9.      Data anonymisation and use of aggregated information

Your personal data may be converted into statistical or aggregated data, which cannot be used to re-identify you. It may then be used to produce statistical research and reports. This aggregated data may be shared and used in all the ways described in this Notice.

This document was issued in May 2018 and may be amended from time to time. 

Important Changes to your Terms and Conditions  

Storman Software Ltd (Storman) has made several important amendments to our Terms and Conditions as a result of the new General Data Protection Regulation (GDPR), which will came into force in May 2018.

This document should be read in conjunction with your existing Agreement. Please retain this document for future reference.


  • “Client” means you, the user of the Services.  
  • “Data Protection Laws” means (a) on and from 25 May 2018, the General Data Protection Regulation (EU) 2016/679 (“GDPR”) (together with laws implementing or supplementing the GDPR in Member States, in each case as amended and superseded from time to time), and/or all applicable laws, rules, regulations, regulatory guidance, regulatory requirements from time to time, in each case in each jurisdiction.
  • “Effective Date of this Agreement” means 25 May 2018.
  • “Services” means the provision of software support and hosting of software.    

2.1         The parties acknowledge and agree that the Client is the data controller, and Storman is the data processor, of any personal data processed by Storman for the purposes of providing the Services (except as specified otherwise in this clause).  The Client hereby appoints Storman as a data processor and instructs Storman to process the personal data as reasonably necessary for the provision of the Services. Storman is not the data processor for Clients who have software installed on their own hardware or elsewhere to which Storman does not have access to personal data.

       In this clause 2 the terms “personal data”, “data processor”, “data controller”, “personal data breach”, “data subject”, “process/processing”, “special categories of personal data” and “supervisory authority” have the same meanings as set out in the Data Protection Laws.

 2.2 Where Storman processes personal data as a data processor on behalf of the Client as data controller, Storman shall:

(i)  only process the personal data in accordance with the terms of this Agreement and any instructions from the Client, unless required by EU or member state law to which Storman is subject;

(ii)  take appropriate measures as required pursuant to Article 32 GDPR to ensure a level of security for the personal data which is appropriate to the level of risk involved in the processing; 

(iii) take reasonable steps to ensure the reliability of persons authorised to process the personal data, ensuring that all such individuals have committed themselves to obligations of confidentiality;

(iv) promptly notify the Client if it receives any communication from a data subject or supervisory authority under any Data Protection Laws in respect of the personal data, and provide reasonable assistance to the Client in its obligation to respond to these communications;

(v) promptly upon becoming aware, notify the Client of any personal data breach, and provide such information as reasonably required by the Client to comply with its obligations under the Data Protection Laws;

(vi) make available to the Client on request all information necessary to demonstrate compliance with the obligations laid down in Article 28 of the GDPR;

(vii) provide reasonable assistance to the Client with the obligations pursuant to Articles 35 and 36 GDPR, taking into account the nature of the Services and information available to Storman; and

(viii)  at the choice of the Client and if Storman has access to the Clients personal information, delete or return to Client all the personal data of which the Client is data controller as soon as reasonably practicable and in any event within 90 days, upon termination or expiry of this Agreement (unless Storman needs to retain copies to comply with legal, contractual or regulatory requirements applicable to it). In the event Storman is unable to delete the personal information that it has access to then, Storman may provide Clients with instructions on how to delete the personal data.

2.3 The Client authorises Storman to appoint sub-processors subject always to Storman making available to the Client a list of sub-processors which it uses during the term of this Agreement. If at any time Storman wishes to make any changes to the list of sub-processors, (i) Storman shall notify the Client of the proposed change; and (ii) the Client shall have a period of thirty (30) days from the date of such notice to notify Storman if it objects to the proposed new sub-processor. In such cases either party may terminate this Agreement with reasonable prior written notice without fault. In cases of no objection, the new or alternate sub-processor shall be deemed approved by the Client.

2.4 The parties acknowledge that in the course of the performance of this Agreement personal data may be transferred outside the European Economic Area (“EEA”).  To the extent that Storman transfers any personal data to countries outside the EEA that do not have adequate protection under laws that apply to us, we will make sure that suitable safeguards are in place before transferring any personal data.

2.5         The Client represents, undertakes and warrants that all personal data which Storman processes pursuant to this Agreement has been and shall be collected and processed by the Client in accordance with Data Protection Laws and without limitation to the foregoing, the Client shall take all steps necessary, including providing appropriate fair collection notices, ensuring that there is a lawful basis for Storman to process the personal data and if relevant, any special categories of personal data, and obtaining any consents needed to process the personal data, in each case to ensure that the processing of the personal data by Storman in accordance with this Agreement is in accordance with Data Protection Laws.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      

2.6 Where a party processes personal data as data controller pursuant to this Agreement, such party shall comply with its obligations under the Data Protection Laws.

2.7 Clause 3 below contains details of the subject matter, purpose and nature of the processing, and the categories of personal data and data subjects whose personal data is processed pursuant to this Agreement, as required by Article 28(3) GDPR.


This clause sets forth certain details relating to the Processing of Personal Data as required by Article 28(3) GDPR or equivalent provisions of any Data Protection Laws by Storman.

  • Subject matter, nature and purpose: the processing of data in the course of providing services which include, but are not limited to, enabling the Client to rent space, enabling customers of the Client to make online reservations, generating reports for the Client and taking payment from customers for goods or services. 
  • Duration: the period during which the Client uses the Services.
  • Type of personal data: contact details such as names, addresses, phone numbers, email addresses, identification numbers, transactional data required for the provision of services including cardholder names and card numbers.
  • Categories of data subjects: customers of the Client who engage in the rental of facilities, purchase goods or process payment transactions.