Privacy Policy
Last updated: 23 April 2026
This Privacy Policy is intended to inform you of the general rules on privacy and the processing of your personal data, which we collect and process.
This Privacy Policy relates to the current website (www.controlspacestorage.com) and mobile application (jointly referred to as the “Platform”). We are not responsible for any content or privacy policy of other websites. Any external link will be clearly identified.
By accessing our Platform, you undertake to accept and comply with this Privacy Policy.
Who is responsible for processing my information?
Your personal data is processed by MyStorage, Unipessoal, Lda. (hereinafter referred to as the "Operator" or “Control Space”). The company will act as data controller and the Client may contact us through the following channels:
- Address: Av. da Liberdade 240, 2ª 1250-148 Lisboa, Portugal.
- Telephone: 210540869
- E-mail: privacidade@controlspacestorage.com
What categories of personal data are collected?
We may collect the following categories of data:
- Identification data, such as the Client's name, tax identification number, and the number and expiry date of the Citizen's Card.
- Contact data, such as address, email and telephone number.
- Browsing and usage data (including cookies), such as the Client's IP address for analytical purposes, where you have given us consent to do so.
Why is my personal data needed?
| Purpose | Legal basis | Description |
|---|---|---|
| Creation and management of user account | Performance of a contract | Account registration on the Platform, including the collection of identification and contact data necessary to create and keep the account active |
| Contract management | Performance of a contract, compliance with legal obligations and legitimate interests | Conclusion, performance and management of the provision of our services, including invoicing, collection and communications relating to the contract |
| Pre-contractual steps | Pre-contractual steps taken at the request of the data subject | Responding to requests for information and preparing quotes |
| Marketing communications | Consent and legitimate interest (within the scope of the client relationship) | Sending communications with company updates, event invitations, newsletters and other information relating to Control Space |
| Operational communications | Performance of a contract, legitimate interests | Sending communications and notices necessary in the context of the provision of services (for example, changes to opening hours, etc.) |
| Compliance with legal obligations | Legal obligation | Compliance with tax, accounting and document retention obligations, as well as responding to requests from competent authorities |
| Client support | Performance of a contract, legitimate interests | Responding to requests for technical assistance, clarifying questions and resolving issues relating to the provision of services |
How is my personal data protected?
Control Space adopts various technical and organisational security measures to protect your personal data against loss, disclosure, alteration, undue or unauthorised processing or access. In terms of general measures, Control Space adopts the following:
- Regular audits to assess the effectiveness of the technical and organisational measures implemented;
- Awareness-raising and training of staff involved in data processing operations;
- Pseudonymisation and anonymisation of personal data, wherever applicable;
- Adoption of mechanisms capable of ensuring the ongoing confidentiality, availability and resilience of information systems;
- Processes for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures in order to ensure the security of processing;
- Implementation of mechanisms that ensure the prompt restoration of information systems and access to personal data in the event of a physical or technical incident;
- Implementation of rules for the use and storage of secure and strong passwords (e.g., with numbers, special characters, uppercase letters, lowercase letters, frequency of change).
Do you share any of my information with third parties?
Where the provision of the contracted services involves other entities responsible for processing, your data may be transmitted to them to the extent strictly necessary for the performance of those services.
In the context of the processing of your personal data, Control Space may use third-party entities, subcontracted by it, to process personal data on its behalf and in accordance with its instructions, in line with the principles set out in this Privacy Policy and with data protection laws, in order to provide the support services necessary for Control Space's activity.
For example, your personal data may be transmitted to Nokē, the supplier of the access control system for our facilities, to the extent strictly necessary to enable access to the storage units. This transmission includes your telephone number for the purpose of sending the access code to the "Storage Smart Entry by Nokē" application. This application is provided and operated by Nokē, and its use is subject to that supplier's terms and privacy policy.
Control Space undertakes to subcontract only entities that offer the highest level of security in the implementation of appropriate technical and organisational measures, in order to safeguard your rights.
In accordance with the duty of information to which Control Space is bound, the categories of processors to which personal data may be communicated are set out below:
- Companies providing licensing, maintenance, support and technical assistance for software and information systems;
- Companies for the operational, commercial and financial management of our activity, including suppliers of unit and client management software, operations solutions and client interaction solutions;
- Companies processing payment services, EDI and electronic invoicing services, accounting, tax and administrative management, and business support software;
- Direct marketing support companies/digital marketing partners, and client satisfaction assessment companies.
Any processing activity involving an international transfer of data outside the European Economic Area, for example in the context of the use of certain IT systems support service providers, is subject to the implementation of the measures necessary to ensure that such transfers comply with the applicable legislation, in particular Chapter V of the GDPR, and that an essentially equivalent level of protection is guaranteed for the personal data of the data subjects under Control Space's responsibility. This may be achieved, for example, through the existence of an Adequacy Decision of the European Commission in respect of the country of destination or through the conclusion of Standard Contractual Clauses and, where necessary, the implementation of supplementary measures.
How can I exercise my rights?
You may exercise any of your rights (the right to be informed, the right of access, the right to rectification, the right to erasure, the right to restrict processing, the right to data portability, the right to object, and the rights in relation to automated decision-making and profiling) at any time.
If you have any questions about exercising these rights or need assistance, please contact us at privacidade@controlspacestorage.com. For requests to delete personal information or to know what personal information has been collected, we will first verify your identity using a combination of at least two pieces of identifying information already in our possession, including your email address. If an authorised representative exercises the right on your behalf, we will require proof of that authorisation.
If you consider that the processing of your personal data infringes the applicable data protection legislation, you may lodge a complaint with the Portuguese Data Protection Authority (Comissão Nacional de Proteção de Dados — CNPD) via the website www.cnpd.pt.
How long will you keep my information?
We will only keep your personal information for the period strictly necessary to fulfil the purposes described in this Privacy Policy, except where retention for a longer period is required or permitted by law.
Personal data collected for purposes relating to the performance of a contract between Control Space and the Client will be kept until that contract has been fully performed. As regards invoicing and tax data, the applicable period will be 10 years from the issuance of the invoice.
Personal data collected on the basis of consent will only be kept until consent is withdrawn. We may also retain cached copies or archives of information about the user for a certain period of time.
You may opt out of receiving promotional emails and newsletters by following the opt-out instructions provided in those emails.
You may also opt out of receiving promotional emails and other communications from us at any time by sending an email to privacidade@controlspacestorage.com with your specific request.
If you opt out, we may still send you non-promotional communications, such as security alerts and notices relating to your access to or use of the Platform, your online account, or our ongoing business relationship.
How will I know if changes are made to this Privacy Policy?
Control Space reserves the right to amend this Privacy Policy at any time, and you are therefore advised to consult it regularly. If the change is substantial, a notice will be placed on the Site or similar steps will be taken to ensure that the necessary information is provided.
Is this Privacy Policy valid for data collected through other sources?
This Privacy Policy applies only to information collected through our Platform and not to information collected offline. For those channels, we will have specific privacy notices.
Use of Artificial Intelligence
Control Space uses an artificial intelligence (“AI”) system to support sales and customer service. This system:
- Responds to contacts made via email, telephone, WhatsApp and webchat;
- Answers general questions about our services and describes the options available based on the needs indicated by the Client;
- Acts as a first point of contact, transferring the communication to our team whenever necessary.
The AI system does not make autonomous decisions, does not conclude contracts and does not process payments. The data collected during these interactions is used exclusively to follow up on your contact and to create the corresponding client record.
Whenever you interact with our AI system, you will be clearly informed that you are communicating with an AI. If you prefer to speak directly with someone at Control Space, you may request this at any time.
Information About Cookies
On our Platform we use cookies to help us optimise the various pages and improve your user experience. Cookies are small files that a website, when visited by the user, places on their device through the internet browser. Cookies do not cause any harm and do not contain viruses, trojan horses or other harmful software.
The information stored in cookies from our Platform is used exclusively by us and is never provided to third parties, with the exception of third-party cookies, which are used and managed by external entities and are intended for statistical analysis and possible security mechanisms.
We use cookies to:
• Provide essential functionality without which the Platform would not work;
• Display your order;
• Ensure that you remain logged in while browsing the various pages of the website after logging in;
• Collect information about how you use the Platform, for example, which pages you visited, the average duration of your visit, etc., where you have given us consent to do so;
You may always block the use of cookies by activating that option in your browser, and you may do so for all cookies or only some of them. Please note that if you block or delete one or more cookies used by our Platform, it may not work as expected.
For more information on this subject and to learn how to manage cookies, please visit: www.allaboutcookies.org.
Which cookies do we collect?
Strictly necessary cookies (essential)
| Category | Provider | Cookie Name | Purpose | First / Third Party | Duration | Intl. Transfer |
|---|---|---|---|---|---|---|
| Essential | Control Space | control_space-token | Secure identification of the user's session. | First party | Session | Portugal / EU |
| Essential | Control Space | control_space-default_lang | Remembers the language preference (pt, en). | First party | Session | Portugal / EU |
| Essential | Control Space | control_space-csrf_token | Protection against CSRF attacks in forms. | First party | ~1 year | Portugal / EU |
| Essential | Control Space | CookiesControl | Records cookie consent choices. | First party | ~1 year | Portugal / EU |
| Essential | Control Space | __dont_show_info_geral_popup | Controls the display of informational pop-ups. | First party | Session | Portugal / EU |
| Essential | Control Space | hs_login_email | Remembers the login email for convenience. | First party | Session | Portugal / EU |
| Essential | HubSpot | csrf.app | CSRF protection for HubSpot integrations. | Third party | ~1 year | USA |
| Essential | Cloudflare | _cfuvid | Visitor identification for anti-bot protection (CDN). | Third party | Session | USA |
| Essential | AEC | Fraud prevention in integrated Google services. | Third party | ~6 months | USA | |
| Essential | APISID / HSID / SAPISID / SID / SSID | Authentication and security of embedded Google services. | Third party | ~2 years | USA |
Analytics cookies (performance)
| Category | Provider | Cookie Name | Purpose | First / Third Party | Duration | Intl. Transfer |
|---|---|---|---|---|---|---|
| Performance | Google Analytics | _ga | Unique visitor ID for Google Analytics statistics. | First party | 2 years | USA |
| Performance | Google Analytics | _ga_CRGHF1JQW9 | GA4 session state (property G-CRGHF1JQW9). | First party | 2 years | USA |
| Performance | Google Analytics | _ga_EP9K2MCB2Y | Session state on a 2nd GA4 property. | First party | 2 years | USA |
| Performance | Control Space | cg_clock_astW8rBrgyClo | Technical performance monitoring (timestamp). | First party | ~1 month | Portugal / EU |
| Performance | Control Space | cg_data_astW8rBrgyClo | Technical performance and browsing data. | First party | ~1 month | Portugal / EU |
| Performance | _gcl_au | Measurement of interaction effectiveness (Google Ads linker). | First party | 3 months | USA | |
| Performance | HubSpot | __hstc | Main HubSpot tracking — identifies visitors over time. | First party | ~6 months | USA |
| Performance | HubSpot | __hssc | HubSpot session control (page views per session). | First party | 30 min | USA |
| Performance | HubSpot | __hssrc | Detects browser restart (session reset). | First party | Session | USA |
| Performance | HubSpot | hs_c2l | HubSpot technical consent management. | Third party | ~6 months | USA |
| Performance | HubSpot | saw_experiment | Record of A/B tests viewed. | Third party | Session | USA |
Advertising cookies (marketing)
| Category | Provider | Cookie Name | Purpose | First / Third Party | Duration | Intl. Transfer |
|---|---|---|---|---|---|---|
| Marketing | Google Ads | Collect requests (AW-448466447) | Google Ads conversion tracking and remarketing. | Third party | Variable | USA |
| Marketing | ADS_VISITOR_ID | Traffic ID for paid Google campaigns. | Third party | ~1 month | USA | |
| Marketing | _conv_r / _conv_v | Campaign conversion and attribution data. | Third party | ~6 months | USA | |
| Marketing | DoubleClick | IDE | Conversions and effectiveness of Google network ads. | Third party | ~1 year | USA |
| Marketing | DoubleClick | ar_debug | Debugging of attribution reports. | Third party | ~1 month | USA |
| Marketing | DoubleClick | __mggpc__ | DoubleClick consent/configuration. | Third party | ~1 year | USA |
| Marketing | __Secure-ENID | Ad personalisation and remarketing (secure). | Third party | ~1 year | USA | |
| Marketing | HubSpot | hubspotutk | Unique visitor ID for personalisation and form tracking. | First party | ~13 months | USA |
| Marketing | HubSpot | hubspotapi-csrf | CSRF protection for the HubSpot marketing API. | Third party | Session | USA |
| Marketing | HubSpot | hubspotapi-strict | Strict version of the HubSpot CSRF token. | Third party | Session | USA |
| Marketing | HubSpot | _hs_cookie_cat_pref | HubSpot cookie category preferences. | Third party | ~6 months | USA |
| Marketing | HubSpot | collected forms (__ptq.gif) | Tracking of captured forms (portalId: 147501284). | Third party | Session | USA |
| Marketing | HubSpot | laboratory-anonymous-id | Anonymous ID for HubSpot experimentation/testing. | Third party | Session | USA |
| Marketing | billing-ui-v3 | Google billing system cookie (integrated services). | Third party | Session | USA | |
| Marketing | __Secure-1P/3PAPISID, -1P/3PSID, -1P/3PSIDCC, -BUCKET | Secure (SameSite) versions of Google authentication cookies. | Third party | ~6 months to 2 years | USA | |
| Marketing | NID | User preferences in Google services. | Third party | ~6 months | USA | |
| Marketing | OTZ | Aggregated tracking of interactions with Google. | Third party | ~1 month | USA | |
| Marketing | UULE | Geolocation for embedded Google services. | Third party | Session | USA | |
| Marketing | S | Session cookie for Google services. | Third party | Session | USA |
How can I accept, configure or refuse cookies?
You may, at any time and entirely free of charge, configure the cookies collected and used, through the cookie configurator.
