Privacy Policy

Welcome to Bagdock's Privacy Policy. At Bagdock ("we", "us", "our"), we take your privacy seriously. This policy explains how we collect, use, share, and protect your personal information when you use our platform, website, mobile applications, and related services (collectively, the "Platform").

Bagdock operates as a marketplace connecting customers seeking luggage and bag storage with storage facilities. We also provide operator platform software for storage partners to manage their facilities and bookings. This Privacy Policy applies to all users of our Platform, including customers, storage partners, and visitors.

By using Bagdock, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Platform.

Data Controller: Bagdock Limited is the data controller responsible for your personal information. We are registered in England and Wales and comply with UK GDPR and the Data Protection Act 2018.

2.1 Information You Provide

We collect information that you voluntarily provide when using our Platform:

2.2 Information Collected Automatically

When you use our Platform, we automatically collect certain information:

• Device Information: Device type, operating system, browser type, unique device identifiers
• Usage Data: Pages viewed, features used, time spent on Platform, search queries, click patterns
• Location Data: Approximate location based on IP address; precise location if you grant permission (for finding nearby storage)
• Cookies & Similar Technologies: See Section 7 for detailed information
• Log Data: IP address, browser type, referring/exit pages, date/time stamps, clickstream data

2.3 Information from Third Parties

We may receive information about you from:

• Payment Processors: Transaction confirmations and payment status
• Social Media: If you connect your social media accounts or use social login
• Marketing Partners: If you came to us through a referral or partnership programme
• Public Sources: Business information for storage partner verification

We use your personal information for the following purposes:

3.1 Providing Our Services

• Processing and managing your storage bookings
• Facilitating communication between customers and storage partners
• Processing payments and issuing refunds
• Providing customer support and responding to enquiries
• Sending booking confirmations, reminders, and updates
• Enabling storage partners to manage their facilities and bookings

3.2 Improving Our Platform

• Analysing usage patterns to improve features and user experience
• Conducting research and development for new services
• Testing and optimising Platform performance
• Personalising your experience and providing relevant recommendations
• Generating anonymised analytics and insights

3.3 Safety & Security

• Verifying identity and preventing fraud
• Detecting and preventing unauthorised access or activity
• Investigating and resolving disputes or policy violations
• Ensuring the safety of users and facilities
• Maintaining Platform security and integrity

3.4 Communications

• Sending transactional emails and notifications about your bookings
• Providing customer support and responding to your requests
• Sending marketing communications (with your consent)
• Conducting surveys and requesting feedback
• Notifying you about Platform updates and changes

3.5 Legal & Compliance

• Complying with legal obligations and regulations
• Responding to legal requests and preventing harm
• Enforcing our Terms of Service and other policies
• Protecting our rights, property, and safety
• Maintaining records for tax and accounting purposes

3.6 Legal Basis for Processing (UK GDPR)

We process your personal information under the following legal bases:

• Contract Performance: Processing necessary to fulfil our contract with you (bookings, payments, services)
• Legitimate Interests: Our legitimate business interests (fraud prevention, security, platform improvement)
• Consent: Where you've given explicit consent (marketing communications, optional data collection)
• Legal Obligation: Where required by law (tax records, legal requests)

Important: We never sell your personal information to third parties. We only share your information as described below.

4.1 With Storage Partners

When you make a booking, we share necessary information with the storage partner to fulfil your booking (your name, contact details, booking details, and any special requirements). Storage partners are independent businesses and are responsible for their own data protection practices.

4.2 With Service Providers

We share information with trusted third-party service providers who help us operate our Platform:

• Payment Processors: For processing transactions and payouts
• Cloud Hosting: For data storage and Platform infrastructure
• Email Services: For sending transactional and marketing emails
• Analytics Providers: For understanding Platform usage and performance
• Customer Support Tools: For managing support tickets and communications
• Security Services: For fraud detection and prevention

4.2.1 Third-Party Services We Use

Below is a list of the third-party service providers we use and the purposes for which they process your data:

All service providers are contractually bound to protect your information and use it only for the specific purposes we authorise.

4.3 For Legal Reasons

We may disclose your information when required to:

• Comply with applicable laws, regulations, or legal processes
• Respond to government or law enforcement requests
• Enforce our Terms of Service and protect our legal rights
• Protect the safety and security of our users and the public
• Prevent fraud, security breaches, or other illegal activity

4.4 Business Transfers

If Bagdock is involved in a merger, acquisition, asset sale, or bankruptcy, your personal information may be transferred as part of that transaction. We will notify you before your information is transferred and becomes subject to a different privacy policy.

4.5 With Your Consent

We may share your information for purposes not described in this Privacy Policy with your explicit consent.

4.6 Anonymised Data

We may share aggregated or anonymised information that cannot reasonably be used to identify you for research, analytics, marketing, and other business purposes.

We take data security seriously and implement appropriate technical and organisational measures to protect your personal information from unauthorised access, disclosure, alteration, and destruction.

5.1 Security Measures

• Encryption: Data is encrypted in transit using TLS/SSL and at rest using industry-standard encryption
• Access Controls: Strict access controls ensure only authorised personnel can access personal information
• Secure Infrastructure: We use reputable cloud hosting providers with robust security measures
• Regular Audits: We conduct regular security assessments and vulnerability testing
• Payment Security: Payment card data is processed by PCI DSS-compliant payment providers
• Employee Training: Our team receives regular training on data protection and security best practices

5.2 Your Responsibility

You can help protect your account by:

• Choosing a strong, unique password
• Not sharing your login credentials
• Logging out after using shared devices
• Keeping your contact information up to date
• Reporting suspicious activity immediately

5.3 Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority as required by UK GDPR, typically within 72 hours of becoming aware of the breach.

Important: While we implement strong security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your information.

Under UK GDPR and data protection laws, you have the following rights regarding your personal information:

6.1 Exercising Your Rights

To exercise any of these rights, please contact us at privacy@bagdock.com. We will respond to your request within one month, though complex requests may take up to three months (we'll let you know if we need extra time).

6.2 Marketing Preferences

You can manage your marketing communication preferences by:

• Clicking the "unsubscribe" link in marketing emails
• Updating your preferences in your account settings
• Contacting us at hello@bagdock.com

Note: Even if you opt out of marketing communications, we'll still send you essential transactional emails about your bookings and account.

We use cookies and similar tracking technologies to collect information and improve your experience on our Platform.

7.1 What Are Cookies?

Cookies are small text files stored on your device that help websites remember your preferences and improve functionality. We use both session cookies (which expire when you close your browser) and persistent cookies (which remain until you delete them or they expire).

7.2 Types of Cookies We Use

7.3 Managing Cookies

You can control and manage cookies through:

• Browser Settings: Most browsers allow you to block or delete cookies. Check your browser's help section for instructions.
• Cookie Preferences: Our cookie consent banner allows you to accept or reject non-essential cookies.
• Opt-Out Tools: You can opt out of interest-based advertising via Your Online Choices or Network Advertising Initiative.

Note: Blocking or deleting cookies may affect your ability to use certain features of the Platform.

7.4 Do Not Track

Some browsers have a "Do Not Track" feature. Currently, there is no industry standard for how to respond to Do Not Track signals, so our Platform does not respond to such signals at this time.

Bagdock is based in the United Kingdom, and your personal information is primarily stored and processed within the UK and European Economic Area (EEA).

In some cases, we may transfer your information to service providers located outside the UK/EEA (e.g., cloud hosting providers in the United States). When we do, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses approved by the UK authorities
• Adequacy decisions recognising equivalent data protection standards
• Certification schemes such as the EU-US Data Privacy Framework
• Binding Corporate Rules for intra-group transfers

For more information about our international data transfers and safeguards, please contact us at privacy@bagdock.com.

We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements.

9.1 Retention Periods

• Account Information: Retained while your account is active and for 3 years after closure (unless you request earlier deletion)
• Booking Information: Retained for 7 years for accounting, tax, and legal compliance purposes
• Payment Information: Card details are not stored by us; transaction records retained for 7 years
• Communications: Customer support communications retained for 3 years; reviews and ratings retained indefinitely (unless removed)
• Marketing Data: Retained until you unsubscribe or withdraw consent, plus 2 years to prove compliance
• Analytics Data: Anonymised and retained indefinitely for business intelligence

9.2 Deletion

When retention periods expire or you request deletion, we securely delete or anonymise your personal information. Some information may remain in backup systems for up to 90 days before being permanently deleted.

Our Platform is not intended for children under the age of 18. We do not knowingly collect personal information from children under 18. If you are under 18, please do not use our Platform or provide any information to us.

If we learn that we have collected personal information from a child under 18, we will delete that information as quickly as possible. If you believe we might have information from or about a child under 18, please contact us at privacy@bagdock.com.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

• Posting the updated Privacy Policy on our Platform with a new "Last Updated" date
• Sending you an email notification (if you have an account)
• Displaying a prominent notice on our Platform

Your continued use of the Platform after we make changes constitutes your acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

Material Changes: If we make material changes that significantly affect your rights, we will obtain your consent where required by law before the changes take effect.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Supervisory Authority

You have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues: