Privacy Policy
Last updated: 15 February 2026

Who We Are

Croydon Workspace is operated by MY Backyard Limited, a company registered in England and Wales (Company No. 14604760). Our registered office is 61 Bridge Street, Kington, HR5 3DJ and our principal place of business is Unit 1, The Exchange, 6 Scarbrook Road, Croydon, CR0 1UH.

For the purposes of UK data protection law, MY Backyard Limited is the data controller.

If you have any questions about this Privacy Policy or your personal data, please contact: info@croydonworkspace.com

How We Operate

The workspace is managed operationally by MY Facilities Management on behalf of MY Backyard Limited. MY Facilities Management acts as a data processor and processes personal data only on documented instructions and for operational purposes such as membership administration, access control management, CCTV review where necessary, incident investigation and customer support. Some processing activities may be carried out remotely from Jordan.

Categories of Personal Data We Collect

Membership and account information may include your name, email address, telephone number, billing address and company details where applicable. This information is processed to manage membership and provide services. The lawful basis is performance of a contract. Membership records are retained for six years after membership ends.

Access control data through the Bold Smart Lock system may include your name and email linked to your digital key and entry or exit timestamps and access logs. This data is processed for security, misuse prevention and incident investigation. The lawful basis is legitimate interests and performance of a contract. Access logs are retained for twelve months unless required longer for investigation or legal proceedings.

CCTV operates within the premises for crime prevention, member safety and protection of property. The lawful basis is legitimate interests. CCTV footage is normally retained for thirty days unless required for investigation, insurance or legal proceedings. Appropriate signage is displayed on site.

Website data is collected via our website hosted by Squarespace and may include IP address, browser type, usage information and analytics data. This information is processed for website functionality, security and performance monitoring. The lawful basis is legitimate interests and consent where required for cookies.

Payments are processed securely through Stripe. We do not store full card details. Stripe may process your name, billing address, email address, payment method details and transaction history. The lawful basis is performance of a contract and compliance with legal obligations. Stripe’s privacy policy is available at https://stripe.com/gb/privacy.

We may retain communications you send to us for support and record keeping purposes. The lawful basis is legitimate interests and performance of a contract. Correspondence linked to membership or financial matters may be retained for up to six years.

International Transfers

Some personal data may be accessed or processed outside the United Kingdom, including in Jordan, where MY Facilities Management provides operational support. Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place, including the UK International Data Transfer Addendum to Standard Contractual Clauses or other lawful safeguards recognised under UK data protection law. All processors are contractually required to maintain confidentiality, implement appropriate security measures and process data only on our instructions.

Data Sharing

We may share personal data with MY Facilities Management as our data processor, Stripe as our payment processor, Squarespace as our website hosting provider, Bold Smart Lock as our access control provider, IT service providers, insurers and professional advisers, and law enforcement or regulatory bodies where legally required. We do not sell personal data.

Data Retention

We retain personal data only for as long as necessary. Membership and financial records are retained for six years in line with legal and tax requirements. Access logs are retained for twelve months. CCTV footage is retained for thirty days unless required longer for investigation. Website analytics retention is determined by Squarespace settings.

Your Rights

Under UK GDPR you have the right to access your personal data, request correction of inaccurate data, request erasure in certain circumstances, restrict processing, object to processing, request data portability where applicable and withdraw consent where processing is based on consent. To exercise your rights please contact info@croydonworkspace.com. We may request proof of identity before responding.

Complaints

If you are not satisfied with how we handle your personal data, you have the right to complain to the Information Commissioner’s Office at www.ico.org.uk or by telephone on 0303 123 1113.

Security

We implement appropriate technical and organisational measures to protect personal data, including role-based access controls, secure payment processing, controlled system access, CCTV monitoring, access log monitoring and confidentiality obligations for those processing data on our behalf.

Changes to This Policy

We may update this Privacy Policy from time to time. The most current version will always be available on our website with the updated date shown above.