Privacy Policy & GDPR
Last updated: 7 March 2026
GB Online Backup ("we", "us", "our") is committed to protecting your personal data and respecting your privacy. This policy explains how we collect, use, store and protect your information in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Data Controller
The data controller responsible for your personal data is:
GB Online Backup
Email: privacy@gbonlinebackup.com
Website: www.gbonlinebackup.com
2. What Data We Collect
We collect and process the following personal data:
Account Information
- Full name
- Email address
- Phone number (optional)
- IP address
- Chosen backup plan
Backup Service Data
- Livedrive account username
- Account status and provisioning information
- Storage usage statistics
Technical Data
- Browser type and version
- Operating system
- Pages visited and time spent
- Referring website
3. Lawful Basis for Processing
We process your personal data under the following lawful bases:
- Contract: To provide the backup services you have signed up for (Article 6(1)(b))
- Legitimate Interest: To improve our services, ensure security, and communicate service updates (Article 6(1)(f))
- Consent: For marketing communications, where applicable (Article 6(1)(a))
- Legal Obligation: To comply with applicable laws and regulations (Article 6(1)(c))
4. How We Use Your Data
Your personal data is used to:
- Create and manage your cloud backup account
- Provision your Livedrive backup service
- Provide technical support and customer service
- Send service-related communications (account setup, changes, renewals)
- Improve our website and services
- Comply with legal and regulatory obligations
5. Data Storage & Security
Your backed-up files are stored in secure UK and EU data centres operated by Livedrive, encrypted with 256-bit AES encryption both in transit and at rest. All data centres are ISO 27001 certified.
Your account information is stored in our secure database hosted in the UK. We implement appropriate technical and organisational measures to protect your data, including:
- 256-bit AES encryption for all backed-up data
- SSL/TLS encryption for all website traffic
- Secure password hashing (bcrypt)
- Two-factor authentication for admin access
- Regular security audits and updates
- Access controls and monitoring
6. Data Sharing & Third Parties
We share your data only with:
- Livedrive (Maytech Technologies Ltd): Our cloud backup infrastructure provider, to create and manage your backup account. Livedrive processes data in the UK/EU under their own privacy policy.
- Payment processors: If applicable, to process subscription payments.
We do not sell, rent, or trade your personal data to any third parties for marketing purposes.
7. Data Retention
We retain your personal data for:
- Active accounts: For the duration of your subscription plus 30 days
- Cancelled accounts: Up to 90 days after cancellation, to allow for reactivation
- Enquiry data: Up to 12 months if no account is created
- Financial records: Up to 7 years as required by UK tax law
After these periods, your data will be securely deleted or anonymised.
8. Your Rights Under GDPR
You have the following rights regarding your personal data:
- Right of Access: Request a copy of the personal data we hold about you
- Right to Rectification: Request correction of inaccurate or incomplete data
- Right to Erasure: Request deletion of your personal data ("right to be forgotten")
- Right to Restrict Processing: Request limitation of how we use your data
- Right to Data Portability: Receive your data in a structured, commonly used format
- Right to Object: Object to processing based on legitimate interests or direct marketing
- Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time
To exercise any of these rights, contact us at privacy@gbonlinebackup.com. We will respond within 30 days.
9. Cookies
Our website uses essential cookies only:
- Session cookies: Required for form submissions and admin authentication. These are temporary and deleted when you close your browser.
- CSRF tokens: Security cookies to prevent cross-site request forgery.
We do not use tracking cookies, advertising cookies, or analytics cookies.
10. International Transfers
Your data is stored and processed within the UK and European Economic Area (EEA). We do not transfer your personal data outside of the UK/EEA. Our backup infrastructure (Livedrive) operates UK and EU data centres exclusively.
11. Children's Privacy
Our services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children.
12. Changes to This Policy
We may update this privacy policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.
13. Complaints
If you have concerns about how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Phone: 0303 123 1113
Website: ico.org.uk
14. Contact Us
For any questions about this privacy policy or your personal data, please contact:
GB Online Backup — Data Protection
Email: privacy@gbonlinebackup.com