Privacy Policy

Last Updated: July 21, 2025 GXP-Storage LLC (“GXP”, “Company”, “us”, “we”, or “our”) operates the gxp-storage.com website and related services (collectively, the “Service”). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Service. By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you disagree with this Privacy Policy, do not use our Service.

What Personal Information Do We Collect

We collect several types of information to provide and improve our Service:

  • Contact Information: Name, email address, phone number, mailing address
  • Account Information: Username, user permissions, password, and system preferences
  • Communication Data: Information you provide when contacting us, including support requests, feedback, and survey responses
  • Payment Information: Billing Profile information, such as Contact Information and client billing references
  • Profile Information: Any additional information you choose to provide in your user profile

Information We Collect Automatically

  • Usage Data: How you interact with our Service, including pages visited, time spent, features used, and click patterns
  • Device Information: IP address, browser type and version, device type, operating system, and device identifiers
  • Location Data: General geographic location based on IP address
  • Cookies and Tracking Data: Information collected through cookies, web beacons, and similar technologies

SMS and Communication Consent

When you provide your phone number and consent to receive SMS messages, we collect:

  • Your phone number and mobile carrier information
  • Your consent preferences for different types of messages
  • Message delivery and engagement data

SMS Messaging Terms:

  • Message Types: You can expect to receive appointment reminders, order alerts, account notifications, service updates, and promotional messages (with your consent)
  • Messaging frequency may vary
  • Message and data rates may apply
  • To opt out at any time, text STOP
  • For assistance, text HELP or visit our website at https://www.gxp-storage.com
  • Visit https://www.gxp-storage.com/privacy-policy/ for privacy policy and https://www.gxp-storage.com/terms-of-use/ for Terms of Service

Important: SMS consent is not shared with third parties or affiliates.

How We Use Your Personal Information

We collect and process only the personal information that is necessary for the specific purposes outlined below. We regularly review the data we hold to ensure it remains relevant and not excessive for our stated purposes. Our Data Protection Officer conducts annual assessments to ensure compliance with data minimization principles. We use your personal information for the following purposes:

Service Provision and Operation

  • Capture client requirements to provision, maintain, and improve our Service
  • Process transactions and manage your account
  • Authenticate users and prevent unauthorized access
  • Provide customer support and respond to inquiries

Communication

  • Send service-related notifications and updates
  • Deliver marketing communications (with your consent for prospects; based on legitimate interest for existing customers, with opt-out rights)
  • Send SMS messages (only with your explicit opt-in consent)
  • Respond to your questions and requests

Analytics and Improvement

  • Analyze usage patterns to improve our Service
  • Conduct research and development
  • Monitor Service performance and troubleshoot issues
  • Generate aggregate statistics about Service usage

Legal and Security

  • Comply with legal obligations and enforce our terms
  • Protect against fraud, abuse, and security threats
  • Investigate and prevent illegal activities
  • Defend our rights and interests

Legal Basis for Processing (EU/UK Residents)

Under the General Data Protection Regulation (GDPR) and UK GDPR, we process your personal information based on the following lawful grounds:   Consent (Article 6(1)(a))

    • SMS messaging (with your explicit opt-in consent)
    • Marketing communications (with your consent)
    • Non-essential cookies and tracking

Contract (Article 6(1)(b))

    • Processing transactions and managing your account
    • Providing customer support related to our services
    • Authenticating users and providing Service access

Legitimate Interests (Article 6(1)(f))

    • Analyzing usage patterns to improve our Service
    • Preventing fraud, abuse, and security threats
    • Conducting research and development
    • Generating aggregate statistics about Service usage
    • Website analytics and performance monitoring

Legal Obligation (Article 6(1)(c))

    • Complying with legal requirements and regulations
    • Retaining records as required by law
    • Responding to valid legal processes

Vital Interests (Article 6(1)(d))

    • Protecting against immediate threats to health or safety

You have the right to object to processing based on legitimate interests. For more information about your rights, see the “Your Privacy Rights” section below.

Automated Decision-Making and Profiling

We do not engage in automated decision-making that produces legal effects or significantly affects you without human intervention.

Limited Automated Processing

    • We use automated systems for basic website functionality (e.g., login authentication, spam filtering)
    • Marketing automation through HubSpot may involve automated email sequences based on your interactions
    • Analytics tools automatically collect usage data for website improvement

Your Rights

If we ever implement automated decision-making that significantly affects you, you have the right to:

    • Obtain human intervention in the decision-making process
    • Express your point of view and contest the decision
    • Request an explanation of the decision and its consequences

For questions about our automated processing, contact privacy@gxp-storage.com.

Who We Share Your Personal Information With

We may share your personal information in the following circumstances:

Service Providers

We work with trusted third-party service providers who assist us in operating our Service, including:

  • Cloud hosting and infrastructure providers
  • Email and communication platforms
  • Analytics and monitoring services
  • Customer support tools
  • Customer relationship management platforms
  • Business communication and telephony services

These providers are bound by data processing agreements (DPAs) that require them to protect your information and use it only for the specific services they provide to us.

Data Controller Relationships

Independent Controllers

For most processing activities, GXP-Storage LLC acts as an independent data controller. Our third-party service providers act as data processors under our instructions.

No Joint Controllers

We do not currently have joint controller arrangements with other organizations. If this changes, we will update this Privacy Policy and notify you of any joint controller agreements and how they affect your rights.

Specific Third-Party Services

We use the following third-party services that may process your personal information:

Analytics Services

We use analytics providers to analyze website traffic and user behavior. These services collect information such as:

    • Pages visited and time spent on pages
    • Geographic location (city/country level)
    • Device and browser information
    • Traffic sources and referral information

These providers may use this data to contextualize and personalize ads in its advertising network. You can opt out of analytics tracking by:

    • Installing opt-out browser add-ons
    • Adjusting your browser settings to block tracking cookies
    • Using privacy-focused browsers or extensions

For more information about our analytics providers’ privacy practices, please contact us.

 

Marketing Automation Platform

We use a marketing automation platform for customer relationship management, marketing automation, and communication. This platform may process:

    • Contact information (name, email, phone number)
    • Communication preferences and history
    • Website interaction data
    • Lead scoring and behavioral data
    • Marketing campaign engagement metrics

This platform acts as a data processor on our behalf and is bound by data processing agreements that ensure appropriate data protection measures.  For more information about this platform’s privacy practices, please contact us.

Customer Relationship Management (CRM)

We use a CRM platform for customer relationship management and business operations. This platform may process:

    • Customer and prospect contact information
    • Sales and support interaction history
    • Account and opportunity data
    • Custom data fields relevant to our business operations

This platform acts as a data processor on our behalf and maintains appropriate security certifications and data protection measures.  For more information about this platform’s privacy practices, please contact us.

Business Communication Platform

We use a business communication platform for voice calls, video conferencing, and messaging services. This platform may process:

    • Contact information (name, phone number, email address)
    • Call logs and communication records
    • Voice recordings and voicemail messages (when recording is enabled)
    • Video conference recordings and chat messages
    • Meeting attendance and participation data
    • Device and location information related to communications

This platform acts as a data processor on our behalf and maintains industry-standard security measures and compliance certifications.  Call recordings and video conferences may be recorded for quality assurance and training purposes, and you will be notified when recording is active.  For more information about this platform’s privacy practices, please contact us.

Legal Requirements

We may disclose your information when required by law or in response to:

  • Valid legal processes (subpoenas, court orders, warrants)
  • Requests from government authorities
  • Compliance with applicable laws and regulations
  • Protection of our rights, property, or safety, or that of others

Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal information may be transferred to the acquiring entity, subject to the same privacy protections.

With Your Consent

We may share your information with third parties when you provide explicit consent for specific purposes. SMS Consent Protection: SMS consent is not shared with third parties or affiliates under any circumstances.

Data Retention

We retain your personal information only as long as necessary for the purposes outlined in this Privacy Policy, unless applicable laws and regulations require a more extended retention period.  Specific retention periods include:

  • Account Data: Retained while your account is active and archived after account deactivation to comply with applicable regulations
  • SMS Consent Records: Retained for at least 5 years to comply with telecommunications regulations
  • Analytics Data: Analytics data is retained according to the analytics provider’s data retention policies (typically 26 months for user-level data)
  • CRM Data: CRM and marketing automation data are retained according to our business needs and legal requirements
  • Communication Records: Communication platform call logs and communication data are retained according to our business needs and legal requirements; call recordings are typically retained for 90 days unless extended for training or compliance purposes

Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

Universal Rights

  • Access: Request information about what personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information (subject to legal requirements)
  • Portability: Request a copy of your data in a structured, machine-readable format
  • Marketing Opt-Out: Unsubscribe from marketing communications at any time via the unsubscribe link in emails or by emailing unsubscribe@gxp-storage.com

Additional Rights for EU/EEA Residents (GDPR)

  • Restriction: Request limitation of processing your personal information
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent for processing activities that rely on consent

Additional Rights for UK Residents (UK GDPR)

UK residents have the same rights as EU/EEA residents under UK GDPR, including:

  • Right of Access: Request confirmation of whether we process your personal data and obtain a copy
  • Right of Rectification: Request correction of inaccurate personal data
  • Right of Erasure: Request deletion of your personal data in certain circumstances
  • Right to Restrict Processing: Request limitation of processing in certain circumstances
  • Right to Data Portability: Request transfer of your data in a structured, commonly used format
  • Right to Object: Object to processing for legitimate interests, direct marketing, or scientific/historical research
  • Rights Related to Automated Decision Making: Right not to be subject to decisions based solely on automated processing

Additional Rights for California Residents (CCPA/CPRA)

  • Know: Right to know what personal information is collected, used, and disclosed
  • Delete: Right to request deletion of personal information
  • Opt-Out: Right to opt out of the sale of personal information (we do not sell personal information)
  • Non-Discrimination: Right to non-discriminatory treatment for exercising privacy rights

Exercising Your Rights with Third-Party Services

For data processed by our third-party service providers:

  • Analytics: You can opt out using browser opt-out tools or by adjusting your browser settings
  • Marketing Automation: Contact us to exercise rights regarding data stored in our Marketing Automation Platform
  • CRM: Contact us to exercise rights regarding data stored in our CRM Platform
  • Business Communication: Contact us to exercise rights regarding communication data stored in our Business Communication Platform

To exercise these rights, please contact us at privacy@gxp-storage.com. Where we process your personal information based on consent, you have the right to:

Withdraw Consent

  • Withdraw consent at any time without affecting the lawfulness of processing before withdrawal
  • Contact us at privacy@gxp-storage.com to withdraw consent for specific processing activities

Consent Records

  • We maintain records of when and how you provided consent
  • We can provide you with information about your current consent status upon request

Specific Consent Withdrawal Methods

  • SMS Messages: Text STOP to opt out, or contact us directly
  • Marketing Emails: Use the unsubscribe link in emails or by emailing unsubscribe@gxp-storage.com
  • Analytics Cookies: Adjust your browser settings or use our cookie preference center (if available)
  • Marketing Cookies: Contact us to opt out of marketing-related tracking

Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.  These measures include:

  • Encryption of data in transit and at rest
  • Regular security assessments and vulnerability testing
  • Access controls and authentication systems
  • Employee training on data protection practices
  • Incident response procedures

Our third-party service providers maintain industry-standard security certifications and implement appropriate security measures to protect your data. However, no method of transmission over the Internet or electronic storage is 100% secure, so we cannot guarantee the absolute security of your information.

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

Regulatory Notification

  • Notify the relevant supervisory authority within 72 hours of becoming aware of the breach, where feasible
  • Provide details of the breach, its likely consequences, and measures taken to address it

Individual Notification

  • Notify affected individuals without undue delay when the breach is likely to result in a high risk to their rights and freedoms
  • Provide clear information about the nature of the breach and recommended protective measures

Breach Response

  • Immediately investigate and contain the breach
  • Assess the risk to affected individuals
  • Implement measures to prevent future breaches
  • Document the breach and our response in accordance with regulatory requirements

If you believe you have been affected by a data breach, please contact us immediately at privacy@gxp-storage.com.

Accountability Measures

We implement comprehensive accountability measures to demonstrate GDPR compliance:

  • Data Protection Impact Assessments: We conduct DPIAs for high-risk processing activities
  • Privacy by Design: We integrate privacy considerations into all new systems and processes
  • Regular Audits: We perform regular internal reviews of our data processing activities
  • Staff Training: All personnel receive regular training on data protection principles and procedures
  • Documentation: We maintain detailed records of all processing activities and their legal basis
  • Third-Party Agreements: All data processors are bound by comprehensive data processing agreements

 

Children’s Privacy

Our Service is not intended for children under 18 years of age.  We do not knowingly collect personal information from children under 18.  If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.  If we discover we have collected personal information from a child under 18 without parental consent, we will take steps to delete that information.

Privacy by Design

We implement privacy by design principles in all our systems and processes:

  • Proactive Protection: We anticipate and prevent privacy invasions before they occur
  • Default Settings: Privacy protection is built into our systems by default
  • Data Minimization: We collect only the data necessary for specified purposes
  • End-to-End Security: We implement comprehensive security measures throughout the data lifecycle
  • Transparency: We ensure all stakeholders can verify our privacy practices
  • Respect for User Privacy: We prioritize your privacy interests in all business decisions

 

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our Service. The types of cookies we use include:

  • Essential Cookies: Necessary for the Service to function properly
  • Analytics Cookies: Help us understand how the Service is used
  • Functionality Cookies: Remember your preferences and settings
  • Marketing Cookies: Used to deliver relevant advertisements and track marketing campaign effectiveness. When you first visit our website, you will be presented with a cookie consent banner allowing you to accept or customize your cookie preferences.

Third-Party Cookies

Our Service may set cookies from third-party services:

  • Analytics Services: Uses cookies to track website usage and generate analytics reports
  • Marketing Automation Platform: Uses cookies to track visitor behavior and support marketing automation
  • CRM Platform: May use cookies when integrated features are accessed

You can control cookie preferences through your browser settings, but disabling certain cookies may limit Service functionality.

International Data Transfers

Your personal information may be transferred to and processed in countries other than your own, including the United States, where our servers and third-party service providers are located. These countries may have different data protection laws from those in your jurisdiction. We only transfer personal data internationally when we have a lawful basis to do so under applicable data protection laws. When we transfer your data internationally, we ensure appropriate safeguards are in place, such as:

  • Standard contractual clauses approved by the relevant authorities
  • Adequacy decisions by competent authorities
  • Certification schemes and codes of conduct
  • Service provider commitments to data protection standards

UK-Specific Transfer Safeguards

For UK residents, when we transfer your personal data outside the UK, we ensure appropriate safeguards are in place as required by UK GDPR, including:

  • Adequacy regulations made under UK GDPR
  • Standard contractual clauses approved by the UK Information Commissioner’s Office
  • Binding corporate rules approved by the UK Information Commissioner’s Office
  • An approved code of conduct or certification mechanism

 

Third-Party Links and Services

Our Service may contain links to third-party websites or services.  We are not responsible for these third parties’ privacy practices or content.  We encourage you to review the privacy policies of any third-party services you visit.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.  We will notify you of material changes by:

  • Posting the updated policy on our website
  • Sending email notifications to registered users
  • Displaying prominent notices on our Service
  • Updating the “Last Updated” date at the top of this policy

Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.

Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us: Privacy Contact: privacy@gxp-storage.com General Contact: contact@gxp-storage.com To opt-out of marketing communications: unsubscribe@gxp-storage.com Mailing Address: GXP-Storage LLC Attn: Data Protection Officer 8078 Middlesex Corporate Parkway Middlesex, NC 27557 USA For UK Residents If you are a UK resident and have concerns about our privacy practices, you may contact the UK Information Commissioner’s Office (ICO): ICO Website: https://ico.org.uk/ ICO Helpline: 0303 123 1113 ICO Email: casework@ico.org.uk Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF For EU/EEA Residents For EU/EEA residents, you may also contact your local data protection authority if you have concerns about our privacy practices.