Privacy Policy

This privacy policy ("Privacy Policy") provides you with information about the personal data we collect about you, how we use that data, and your rights regarding the personal data we hold about you. It was last updated on January 21, 2021. The purpose of the Privacy Policy is to inform customers, prospects and suppliers about the processing of personal data by ANNEXX group companies ("ANNEXX") and their rights in this respect in the context of responding to requests for quotations and managing its contractual relationship with its customers. The Privacy Policy is accessible from the website of Annexx and in any case it is made available to any client and supplier before the conclusion of a contract of provision / provision of services with It may be modified to take into account the evolution of the data processing implemented and the applicable legislation. Thus, our suppliers, prospects and clients will be invited to take note of any new version by any means.

1. Who are we? Selfstorage’s identity

If you have any questions about our Privacy Policy, you can contact us using the following details:
Annexx SAS
70 Rue Jacques Babinet- 31100 Toulouse
Tel.: 05 34 60 31 16
SIRET: 44470492800035

All our customers can send their questions concerning the problems of personal data protection, confidentiality and security to our legal department. Selfstorage is in charge of the treatment of Data, as a professional offering to individuals and professionals, a service of provision of storage boxes, offices and domiciliation. is subject in this capacity to the obligations imposed by the regulations in force in France and within the European Union regarding personal data in particular the Regulation (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and the free movement of such data ("RGPD"). The persons concerned by the processing of personal data are the suppliers, customers and prospects of including in particular the Internet users browsing the website of (the "Users" or "You").

2. Definitions

"Personal data" means any information that may identify you directly, such as your first and last name, postal address, e-mail address, telephone numbers, date of birth, payment details or indirectly, such as an IP address (the "Data"). Data processing means any operation carried out or envisaged directly or indirectly with the Data, such as collection, recording, organization, conservation, modification, consultation, use, transmission, dissemination or any other form of provision, reconciliation or interconnection, limitation, or destruction, etc.

3. Collected and processed data

Data that you provide to us collects Data directly from its prospects and customers via forms accessible from the website or by phone, from your mobile terminals or not, or directly when you visit one of our establishments. This Data is updated directly with the Users. In this respect, Users undertake to communicate to the marketing/customer service any update of the said Data without delay. When you visit one of our establishments, video surveillance cameras are also likely to collect Data, in order to ensure the safety of goods and people.
Telephone conversations, particularly with our Customer Care Center, and e-mail exchanges may be recorded and stored in order to improve the quality of our customer service and to train our employees.
The Data of the suppliers are collected during the contact and during the execution of the contract binding the supplier to limits the collection of personal data to adequate, relevant and strictly necessary data for the processing and management of the commercial relationship. The non-provision of this data can, depending on the case, result in the impossibility to conclude the contract and/or to provide the Services and/or to propose commercial offers.

Data obtained by third-parties Cookies

Data may also be provided indirectly via Google, Safari, for example, for user behavioral data collected through the use of cookies and/or trackers. Technologies such as cookies, beacons and scripts are used by us and our partners, affiliates or service providers. These technologies are used to analyze trends, administer our website, track users' movements around our website and gather demographic information about our users. We may receive reports based on the use of these technologies by these companies on an aggregate basis.
For more information on how we use cookies and what information is collected using cookies, please see the "Cookie Policy" section below. We may also receive Data about you from banks or credit institutions. In this case, we will update your Data in our database.

Third party data you provide to us

In the event that you provide us with Data relating to another person for emergency contact purposes (such as a relative...), you warrant to us that, you have the authority to consent to the processing of Data on their behalf, you will receive on their behalf all correspondence relating to their Data, and where applicable, you consent on their behalf to the transfer of their Data overseas.
We do not voluntarily collect Data from minors under the age of 16, however, if you are a parent or legal guardian of such minor and you believe that we have Data on such minor, you may obtain deletion of the Data upon proving your identity and legal authority over the minor.

Cookie Policy

4. Processing basis

When the Data of a client, prospect or supplier are processed by, only the data necessary for the purposes of processing are processed.
The bases on which these treatments are based are the respect of a legal obligation, the execution of the contract, the legitimate interest and your consent. In addition, the Data whose collection is mandatory are identified as such (eg by an asterisk in the forms).

5. Summary of purposes, processed data, grounds for processing, conservation period

Hereunder you will find a summary of all Data that is processed as well as its purpose:

Data processing PROSPECTS
Context of collection Type of Data Purpose of the processing Legal basis Persons / Departments with access to the data Conservation period
Sending quotes and additional information
  • First and last name
  • Email address
  • Telephone number
  • Browsing data (cookies)
  • Analysing the prospect's needs
  • Preparing a quote and sending it to the prospect
  • Sales department
  • Marketing department
  • Associates on relevant sites
  • Regional directors
  • General management
  • Electronic record management solution for storing data
3 years from the date of collection or from the last contact with the prospect

Data processing CUSTOMERS
Context of collection Type of Data Purpose of the processing Legal basis Persons / Departments with access to the data Conservation period
Providing a service: supplying a modem, an office, a legal address, letter box
  • First and last name;
  • Email address;
  • Telephone number;
  • Mailing address
  • Kbis (company registration)
  • Banking information, for direct debits
  • Establishing a contract
  • Providing access to the storage facility
  • Carrying out the contract
  • Sales department
  • Associates on the relevant site
  • Regional directors
  • Throughout the contractual relationship and an additional 5-year period
Managing litigation
  • See above
  • Date of birth/ age
  • Collecting and processing data relating to delays and defaults on payments by clients, in order to prepare, carry out and monitor a recovery action or a judicial remedy and, when necessary, enforce the rendered decision
  • Legal obligation
  • Legitimate interest
  • Legal department
  • Third parties (bailiffs, auctioneers, debt collecting agencies, lawyers)
  • Every department at ANNEXX
  • Pre-litigation: until an amicable settlement of the dispute is concluded, or, if not, until the action is filed with the relevant authorities.
  • Judicial litigation: until ordinary and extraordinary procedures are no longer possible against the rendered decision
Customer relationship management
  • Data as a whole
  • Managing contract termination (ex: refunding extra charges…)
  • Recording telephone and email exchanges
  • Commercial offer
  • Survey regarding the quality of provided services
  • Carrying out the contract
  • Legitimate interest
  • Sales department
  • Finance and accounting department
  • Exterior service providers
  • Electronic record management solution for storing data
  • Throughout the contractual relationship and an additional 5-year period. Except for audio files: within 6 months of recording them
  • Images
  • Ensuring the security of people’s goods
  • Ensuring that security rules are met
  • Legitimate interest
  • Security department
  • Legal department
  • Public authority
  • Lawyers
  • 1 month
Credit check
  • Banking data
  • Banking information from the credit institution
  • Allowing for decisions to be made regarding requests about your solvency
  • Preventing fraudulent transactions and money laundering
  • Verifying the veracity of provided information
  • Legitimate interest
  • Legal obligation
  • Financial department
  • Legal department
  • General Management
  • Establishment’s director
  • Public authorities
  • Lawyers
  • Credit institutions
  • Throughout the contractual relationship and an additional 5-year period.

Data processing PROVIDERS
Contexte of collection Type of Data Purpose of the processing Legal basis Persons / Departments with access to the data Conservation period
Providing a service
  • First and last name
  • Email address
  • Telephone number
  • Contract
  • Invoice and purchase order
  • Kbis
  • Establishing a contract
  • Providing and monitoring a service
  • Carrying out the contract
  • Sales department
  • Marketing department
  • Accounting department
  • Throughout the contractual relationship and an additional 5-year period.
Managing provider litigation
  • See above
  • Monitoring and processing disputes relating to contact with the provider
  • Legal obligation
  • Legitimate interest
  • Legal department
  • Third parties (bailiffs, lawyers…))
  • Every department at the ANNEXX headquarters
  • Pre-litigation: until an amicable settlement of the dispute is concluded, or, if not, until the action is filed with the relevant authorities.
  • Judicial litigation: until ordinary and extraordinary procedures are no longer possible against the rendered decision..

6. Who can access your Data?

The personal data collected are accessible within by the competent services for the management of the different treatments concerned.
Access to personal data is strictly reserved to persons who need to have access to it in the framework of their mission within, see table above.

7. The recipients and the transfer of this Data

For some of the purposes identified above, has recourse to the services of subcontractors or service providers (e.g. those in charge of providing administrative services such as archiving) such as IT service providers (e.g. the hosting provider), solutions in SaaS mode that need to have access to Data to execute the mission entrusted to them by, including some that are located outside of France. In this case, imposes strong obligations on these co-contractors in terms of processing, confidentiality and security of the Data to which these service providers have access. can also be led to communicate the Data to third parties in certain particular cases:

  • If is obliged to disclose or give access to the Data to comply with a legal obligation or a court order, or to enforce or apply the service contract or any other reasons than those accepted, or to protect the rights, property or safety of, its customers or its employees;
  • If the law allows this transfer by
  • If is considering the transfer of an activity or assets (including the transfer of the company carrying out this activity or owning these assets), the Data can be communicated to the acquirer and to the potential acquirers in the framework of an audit including their advice.
  • If all or part of the assets of are acquired by a third party, the Data will be one of the transferred assets. The Data will be processed by the acquirer who will act as the new data controller and its data protection policy will then govern the processing of the Data.

In general, Your Data are transferred to companies belonging to the ANNEXX group. does not sell the Data to third parties.
Your Data can be shared with the person you have designated as emergency contact in your contract. The contact with this person will result in the exchange of Data.

8. Actions carried out on Data

The following actions are performed on the Data:

  • Data Collection and Storage
  • Organization or structuring of Data
  • Hosting or storing Data via third-party software,
  • Data consultation
  • Sorting (via a third party solution),
  • External archiving
  • Communication of the Data by transmission, dissemination or any other form of provision to the relevant departments
  • Modification / consultation by customer service or marketing
  • Deletion or destruction of Data

9. The location of the Data and the security measures in place

All User Data is hosted within the European Union. The Data are hosted at OVH. takes all necessary precautions to guarantee the confidentiality and security of the Data and prevent alteration, corruption or access by unauthorized persons. A security policy of the information system has been put in place. For example, access to your Data is limited and restricted to only those persons/departments who need to access it, the Data is stored on secure servers, and bank data is also encrypted. Access to the Data requires the use of a login and password.
Nevertheless, the transmission of Data through the Internet is not without risk, therefore does not guarantee the security of the Data transmitted through the Internet once has respected its commitments in terms of security. No Data is transferred to a third party located outside the European Union, except in the case where must serve and/or execute judicial acts (summons, judgment, seizure...) abroad due to the fact that the User resides outside the European Union. In this case, the User's Data shall be transmitted to the authorities responsible for serving and/or executing the documents. In any case, ensures that the transferred Data are adequately protected to guarantee their security, integrity and confidentiality.

10. What are your rights?

In the context of the processing of Data by ANNEXX, you have the following rights:

  • To obtain access / copy to your processed Data;
  • To obtain the rectification of data
  • To obtain the deletion of all or part of the Data when the Data, (i) Are no longer necessary for the purposes for which they were collected, (ii) Are based exclusively on consent,(iii) The following are the subject of an objection
  • To oppose the processing of its Data
  • To obtain the limitation of the processing, temporarily, when the accuracy of the Data is disputed, when you have opposed the processing, when the Data are no longer necessary to but are still necessary for the establishment, exercise or defense of legal claims
  • To unsubscribe or oppose the receipt of commercial prospecting messages at any time by clicking on the link "unsubscribe" in any email or any communication sent by
  • To withdraw consent at any time for processing based on consent
  • To obtain the portability of your Data when the processing is based on consent and the processing is carried out by means of automated processes
  • Provide instructions on what to do with your data post-mortem
  • To file a complaint with the CNIL.

To exercise his rights or any question relating to this Privacy Policy, the User may simply send a request to the following address:dpo@annexx.comenclosing a copy of his identity card.

11. How long do you we keep your personal data?

We will keep your personal information in our system for as long as necessary:

  • To enable us to manage the service(s) you have subscribed to
  • To meet our legal obligations, resolve disputes and/or enforce our agreements.

12. Third-party Websites

The website contains links to other websites operated by third parties. The privacy policy applies only to the personal data we collect through our website and does not apply to other websites to which our website may be linked, with or without our permission. We are not responsible for personal data that third parties may collect, store and use through their websites. You should always carefully read the privacy policy of each website you visit.