We are a ‘controller’ of your personal data (information about you as an identified or identifiable individual), meaning we decide how and why your personal data is used and we are responsible for making sure its use complies with data protection laws.
This privacy statement applies to you when you contact us or communicate with us (with requests, queries or otherwise), or make other use of our services, visit our website, provide services to us (directly or indirectly through your employer or business), or engage with us in some other fashion (including when we provide services to you, or your business or employer) and which involves us processing your personal data. ‘Processing’ is any activity using your personal data, including data collection, updates, disclosure, storage and deletion.
This privacy notice may be supplemented with other more specific privacy notices from time to time, in which case they should be read together unless otherwise stated.
We value your privacy and are committed to transparency and safeguarding your data. This privacy statement outlines what personal data is processed by us and how we protect it.
We may share your personal data with other companies within our Stellanor Datacenters Group where they support us in our activities, and in cases where these group companies are controllers of your personal data, their privacy notices will be provided or made available.
Where do we collect your personal data from?
We process different types of personal data about you for different purposes. In most cases, personal data is collected directly from you, such as when you enter into a contract with us, contact us or ask us to provide you with information.
In other cases, we collect details from you but less obviously. Indirect collection is used in cases such as where we are working with your employer and they provide your details to us, where you choose to engage with us using social media or third parties and/or their services, when you visit our Website at www.stellanordatacenters.com, and necessary data is automatically collected from your device so we can show you the Website pages you request and so you can see (and where relevant use) them on your device, or through use of additional cookies on our Website with your informed consent (and details of these are explained more fully in our cookies statement and banner) .
What personal data we collect, from whom and for what purposes
| Category of data subject | Data collected | Purpose of processing and lawful basis |
| Visitors to our Website
|
We automatically collect (subject to consent where required):
· IP-address; · location data; · internet browser and device type; · the name of the service provider granting you access; · data concerning previous visits to the Website; · the website you are coming from; · search queries; and · the content visited on our Website. |
to display web pages and content in an appropriate format for your device;
to ensure access to our systems and content are secure; and to better understand how our Website and its content are used, ensure smooth and effective operation and to make improvements.
This use is for the legitimate interests of our business allowing us to provide you with relevant information and to interact and communicate with you through our Website.
Sometimes we rely on consent where the personal data we collect is optional, or where we must rely on consent by law. This applies to personal data used by us (including with the help of third party partners) to better understand use of our Website and to improve it (analytics). |
| People we communicate with via our contact methods | First and last name, email address, phone number, name of the organization you work for, details of your communication, and any additional information you provide to us.
If you work for a customer or supplier/subcontractor, we may use details of the name, title, role and work contact details of their nominated account relationship managers and/or contract managers and contract and relationship related points of contact. |
The legal basis for processing is the legitimate interest of processing relevant data to enable us to respond to a contact request by phone, post, or email. The purpose of this is:
· contacting you; · answering a question; · dealing with a complaint.
Legitimate interests will also be the basis we use for dealing with communications to establish, defend or enforce legal rights and obligations. Where we are responding to you in relation to a statutory request or similar, this will be based on compliance with our legal obligations.
Where the communication is contract related and under contract provisions, where the contract is with you as an individual it will be for contract performance, and where it is with your employer, it is for our legitimate interests in performing the contract and dealing with related rights and obligations. |
| Non-corporate customers (and individual contacts at corporate customers) | First and last name, job title, name and address of the organization you work for, (business) email address, (mobile) phone number, bank details of the organization you work for, details about the services purchased or to be purchased, contracts regarding the services purchased or to be purchased, biometric data to facilitate access control of our locations, license plate of your vehicle for access to the grounds, CCTV camera footage during visits, and any other data you provide to us. | Where the contract is with you as an individual the legal basis for processing is our contractual relationship with customers or supplier and the preparations thereto and where the contract is with your employer, it is for our legitimate interests in performing the contract and dealing with related rights and obligations. The purpose of this is:
· providing you with services and/or products; · adjusting our services to your needs; · sending an invoice and processing payment; and · complying with administrative obligations.
Where we process your personal data for making promotional offers for services or sending you our newsletter or invitations to events, if you are a corporate customer, supplier or subcontractor (or a staff member representing them who we contact in that capacity), this is for our legitimate interests in promoting and marketing our business; and if you are an unincorporated business, supplier or subcontractor, where required by law, this will be with your consent but otherwise based on our above legitimate interests. |
| Non-corporate suppliers or subcontractors (and individual contacts at suppliers or subcontractors) | First and last name, job title, name and address of the organization you work for, (business) email address, (mobile) phone number, bank details of the organization you work for, details about the services provided or to be provided, contracts regarding these services, biometric data to facilitate access control of our locations, your vehicle license plate for access to the grounds, CCTV camera footage during visits, and any other data you provide to us. | |
| Visitors | First and last name, job title, name of the organization you work for, address of the organization you work for, (business) email address, (mobile) phone number, biometric data to facilitate access control of our locations, your vehicle license plate for access to the grounds, CCTV footage of your visit to our location. | The legal basis is the legitimate interest and related legal obligations that our company has in maintaining a well-secured data center. The purpose of this is to provide secured access to the data center.
|
Security and compliance
We also use personal data to comply with our legal and regulatory obligations, for our legitimate interests in maintaining regulatory compliance and safeguarding our business, data, people and interests to manage the security of our systems, properties, data centres and people.
We may use personal data to establish, exercise and defend complaints and legal claims; to protect property, staff, and others; prevent and detect crime, and support the investigation and prosecution of suspected breaches of our policies, obligations and related laws. Depending on the circumstances, the legal basis for our use will be to comply with our legal obligations or for our legitimate interests in protecting our business and people.
We deploy organizational and technical security measures to secure personal data and keep these under review in light of new developments.
Security is central to our services and we sometimes use pseudonymization and encryption – especially for biometric data used for authentication or access to our data centers.
Retention periods
We retain processed personal data no longer than required for the purpose of the data processing. We only retain data longer when this is mandatory based on a legal retention period under UK law, such as the UK Companies Act or other applicable legislation.
Sharing your personal data with other parties
We may share personal data with third parties who support our operations, activities and services. This includes service providers (which may include our group companies and/or may be in other countries) acting on our behalf under strict contractual controls and safeguards (such as for facilities management support, security, IT support and maintenance, reception services and cleaning). These parties must adhere to appropriate security measures to protect your personal data.
In some cases, we need to share your personal data with other third parties (including group entities such as our subsidiaries in Germany), who use your personal data independently on their own account (where they are the controller for their use and must comply with their own data protection obligations). This includes as follows:
- If (for the legitimate interests of our business and shareholders and funders) we transfer, purchase, reorganise, merge or sell our business or the business of a third party (in each case in whole or part), and we disclose or transfer your personal data to the prospective seller, buyer or other third party involved in a business transfer, reorganisation or merger arrangement (and their advisors); and
- Disclosures required by law, or to enforce a contract, or to protect the rights, property or safety of our business, employees, customers or others.
We may also share personal data with:
- clients;
- consultants and professional advisors including legal advisors, auditors, funders and accountants;
- courts, court-appointed persons/entities, receivers and liquidators;
- business partners and joint ventures;
- trade associations and professional bodies;
- insurers; and
- governmental departments/bodies/agencies, regulators, statutory and regulatory bodies including the Department for Work & Pensions, the UK’s data protection regulator, the police and Her Majesty’s Revenue and Customs.
We may also share your personal data with third parties, as directed by you.
Location
We store personal data within the United Kingdom. When cooperating with international service providers, they are required to keep the processing of personal data within the United Kingdom or the European Economic Area (EEA), or to implement adequate or appropriate protection measures as necessary to safeguard personal data in accordance with the UK GDPR.
What are your rights in relation to your personal data and how can you exercise them?
In some circumstances, you may have certain individual legal rights in relation to any personal data about you which we hold. These rights are briefly summarised in the table below.
| Your right | What does it mean? | Limitations and conditions of your right |
| Right of access | Subject to certain conditions, you are entitled to have access to your personal data (this is more commonly known as submitting a “data subject access request”). | If possible, you should specify the type of information you would like to see to ensure that our disclosure is meeting your expectations.
We must be able to verify your identity. Your request may not impact the rights and freedoms of other people, e.g. privacy and confidentiality rights of our staff. |
| Right to data portability | Subject to certain conditions, you are entitled to receive the personal data which you have provided to us and which is processed by us by automated means, in a structured, commonly-used machine readable format.
|
If you exercise this right, you should specify the type of information you would like to receive (and where we should send it) where possible to ensure that our disclosure is meeting your expectations.
This right only applies if the processing is based on your consent or on our contract with you and when the processing is carried out by automated means (i.e. not for paper records). It covers only the personal data that has been provided to us by you. |
| Rights in relation to inaccurate personal or incomplete data | You may challenge the accuracy or completeness of your personal data and have it corrected or completed, as applicable. You have a responsibility to help us to keep your personal information accurate and up to date.
We encourage you to notify us of any changes regarding your personal data as soon as they occur, including changes to your contact details. |
This right only applies to your own personal data. When exercising this right, please be as specific as possible. |
| Right to object to or restrict our data processing | Subject to certain conditions, you have the right to object to, or ask us to restrict, the processing of your personal data. We do not need to implement your request fully or at all in every case. | This right applies where our processing of your personal data is necessary for our legitimate interests. You can also object to our processing of your personal data for direct marketing purposes.
|
| Right to erasure | Subject to certain conditions, you are entitled to have your personal data erased (also known as the “right to be forgotten”), e.g. where your personal data is no longer needed for the purposes it was collected for, or where the relevant processing is unlawful. | We may not be in a position to erase your personal data, if for example, we need it to (i) comply with a legal obligation, or (ii) exercise or defend legal claims. |
| Right to withdrawal of consent | Where our processing of your personal data is based on your consent you have the right to withdraw your consent at any time. | If you withdraw your consent, we will stop affected future processing but this won’t impact processing up to then. If we need to keep processing your personal data for that purpose, we can continue provided we have another lawful basis to do so, explained above. |
To exercise your individual rights, please send your request to us using our email.
We may need to ask for ID to verify your identity and if so, please send a copy securely, with your photo, any MRZ (machine readable zone), passport number, and national insurance number blacked out for privacy and security.
You also have the right to file a complaint with the UK’s data protection authority via: https://ico.org.uk/make-a-complaint/.
Where can you find out more?
If you want more information about any of the subjects covered in this privacy notice or if you would like to discuss any issues or concerns with us, please contact us using the details set out in the paragraph above.
This privacy statement was last updated in August 2025 and is based on applicable UK data protection legislation, including the UK GDPR and Data Protection Act 2018.