BearBox Privacy Policy

Last updated: 2025-06-05

Effective Date: 2025-07-01

Definitions

In this document, the term “BearBox” refers collectively to the companies operating under the BearBox brand:

  • BearBox International Ltd. - a company incorporated and operating in the United Kingdom.
  • BearBox International S.L. - a company incorporated and operating in Spain.

Depending on the product or service you use, one of these entities may be the data controller or service provider.

1. Scope of Services

1.1 BearBox Admin App (Mobile)

Used by site administrators to manage BearBox functionality. Requires credentials from Bearbox.

1.2 BearBox Control App (Mobile)

Used by storage customers to access physical sites. Data is synced from your storage provider.

1.3 BearBox Web Application

Used for web-based access to BearBox system functionality by authorized users.

2. Information We Collect

2.1 User-Provided Information

Admin App & Web App

We collect name, email, username, password, site details, and any communication sent through support.

Customer App

Your data is provided to BearBox by your storage facility. This includes:

  • Name
  • Email address
  • Phone number (if applicable)
  • Access permissions & site ID
  • Customer reference

BearBox acts as a Data Processor; your storage provider is the Data Controller. Contact them for data requests.

2.2 Automatically Collected Information

We may collect device type, operating system, IP address, browser, and app usage data.

Location Data

  • Customer App: Collects real-time location during site access.
  • Admin & Web App: Does not collect real-time location.

3. How We Use Your Information

To enable secure access, respond to support queries, ensure system security, improve performance, and comply with legal duties.

4. Sharing of Your Information

  • With authorized employees or contractors
  • With secure service providers
  • To comply with legal processes
  • To protect safety and investigate fraud
  • During company restructuring or sale

5. Data Retention & Account Control

We retain your data while your account is active or as required by law.

5.1 Deletion & Opt-Out

  • Admin App: Request deletion via support@bearbox.co.uk
  • Customer App: Contact your storage facility for data removal
  • Web App: Email support@bearbox.co.uk to delete your account

6. Children's Privacy

We do not knowingly collect data from children under 13. If discovered, the data will be deleted. Contact us for concerns.

7. Security

We use physical, electronic, and procedural safeguards to protect data. However, no system is completely secure.

8. International Users

Your data is processed and stored in the United Kingdom. By using the service, you consent to this.

9. Changes to This Policy

Policy updates will be communicated via email, in-app notification, or website notice. Continued use implies consent.

10. Your Consent

By using any BearBox service, you consent to data collection and processing as outlined in this policy.

11. Contact Us

Questions or privacy concerns? Contact us:

Email: support@bearbox.co.uk

12. Terms of Use

By using BearBox services, you agree to:

  • Provide accurate registration data
  • Access only using valid credentials
  • Not tamper with the application or services
  • Comply with all applicable laws

13. Data Received from Third Parties

For BearBox Control users, your data is provided by your storage provider. We only process it to enable site access and act upon their instructions. Review your provider’s privacy policy for full data usage details.

14. GDPR Impact & Response

This section outlines how BearBox International Ltd. complies with the General Data Protection Regulation (GDPR).

Definitions

  • Customer: Direct client of BearBox International Ltd.
  • End User: Client of the Customer, accessing site facilities.
  • BearBox Server: Secure server infrastructure managed by BearBox.
  • BearBox System: Hardware and software powering access control.

Data Stored by BearBox

We store the following information, depending on your relationship with BearBox:

General Access Control Data

  • Site access logs
  • Access codes, Fob IDs
  • Vehicle registration numbers

Customer Data

  • Company and site addresses
  • Contact names, work phone numbers and emails

End User Data

  • Names
  • Email addresses
  • Phone numbers (if applicable)

Data Not Stored

We do not store CCTV footage centrally. All video recordings remain at the Customer’s site.

Purpose of Data

  • Managing and monitoring access to secure sites
  • Customer data: for communication, support, and system administration
  • End User data: for identifying and granting access

Data Retention

  • Customer data: retained while under contract, deleted upon request after termination
  • End User data: retained for the duration of their relationship with the Customer plus 30 days
  • Access logs: retained for operational and security purposes

Data Access

Access to personal data is restricted and password protected:

  • BearBox staff can access data via secure interfaces
  • Customers can access their End User data via the BearBox platform

Data Requests

Customers and End Users may request access to their personal data or request deletion. Some data (e.g. an email) may be required to access services and cannot be deleted without affecting functionality.

Risks & Breach Management

BearBox employs secure access control and minimal personal data storage to reduce risk:

  • Risk of server breach: Low
  • Password protection and limited data scope reduce exposure

Breach Response Plan

  • Notify all affected Customers
  • Reset Customer passwords
  • Identify and isolate breach point
  • Implement updated security protocol