Privacy Policy
In this privacy policy, we describe the personal data we collect and process to pursue our purposes. Please refer to the schedule in section 5 for a summary of these activities. We strive to be a responsible business partner and data privacy is important to us. Milestone seeks to respect all universally recognized human rights in our global operations and relationships. and we have recognized privacy as among the most salient rights for our business. As an information technology company, we access, rely on, and build from data. That is critical in many parts of our business and wish to do so responsibly. We recognize that the right to privacy enables the fulfilment and protecting of many other rights and is central to upholding democratic societies. For more information about our commitment to human rights due diligence in our business activities and relationships, please see our human rights policy.
Find more information in our GDPR Privacy Guide specific to Milestone XProtect. Here you can also find information on how you can work with privacy when using XProtect.
1. What personal data we process
Personal data is information about an identifiable, natural person. Typically, this includes the person’s contact information such as name, title, email address, physical address, and phone number.
Milestone Systems is a company which sells video management software solutions. Primarily, we interact with other legal persons that are businesses and entities. Therefore, ordinary business contact information is at the center of our processing activities. However, we do also process personal data on the persons using our products on behalf of the end-user (e.g. employees of the end-user). In rarer cases, we may sell our products to individual natural persons or sole proprietorships. In such cases, it is typical for us to process ordinary information.
Please refer to the table in section 5 for information on the personal data, we process in connection to our defined purposes.
2. Categories of persons
Milestone processes the personal data of our partners in sales channels (distributors, resellers), technology partners, end-users, knowledge partners, and suppliers, including employees of the foregoing where necessary, as well as the users of our website, recipients of marketing material and potential leads.
3. Sources we get personal data from
We source personal data from multiple sources such as directly from the person or from a third party such as our partners, end-users, suppliers, third-party contractors, and public authorities.
4. How we process personal data
Our processing activities are basically any of our activities that involve personal data. Hence, an activity of processing covers the collection, recording, structuring, storage, alteration, retrieval, disclosure, and erasure of data, etc.
Essentially, we process personal data in order to conduct our business, selling our products, research and development of our products, delivering products, delivering services, submitting invoices and to perform our due diligence on customers and partners ensuring compliance with legal obligations, export controls and customs, and enforcing our contractual agreements and exercising or defending legal claims. Our processing activities are limited to what is necessary for the specific purpose. In section 5, we have outlined the purposes and the legal basis on which we base our processing activities.
5. The purpose and legal basis for our processing of personal data
Where we have based our processing activity on your consent, you have the right to withdraw your consent at any time. Please find our contact details in section 9.
|
|
|
|
|
|
|
|
|
|---|---|---|---|---|---|---|---|
|
Id
|
Activity
|
Purpose
|
Persons
(categories) |
Data
|
Legal basis
|
Recipients/
transfers |
Storage
|
|
|
|
|
|
|
|
|
|
|---|---|---|---|---|---|---|---|
|
Id
|
Activity
|
Purpose
|
Persons
(categories) |
Data
|
Legal basis
|
Recipients/
transfers |
Storage
|
| 1 | When we conduct business with you, whether prospective or ongoing dealings, as a partner, technology partner or end-user. |
We conduct our business, sell our products, and we answer questions and process enquiries. We collect the personal data with the purpose of having contact with our customers, partners, and suppliers and for their users to have access to our products and receive relevant information on the product purchased. Milestone only sends information as necessary, unless we have consent to do otherwise. In relation to end-users we collect the personal information for providing technical support on our products with the purpose of supporting the performance of the products for the end-users with such service, in order for Milestone to be able to enforce the license management on end-users usage of the Product according to the EULA and to compliant with our legal obligations on sanctions,export control and business etichs compliance. |
Customers and partners who are natural persons, employees of our customers, end-users and partners and visitors to our website. |
Contact details, including names, email addresses, IP addresses, company association, addresses and telephone numbers, type of supplier, country or region and other information depending on the nature of the enquiry. |
Point (b) of article 6(1) of the GDPR, re-garding our customers and partners who are natural persons. Point (f) of arti-cle 6(1) of the GDPR, regard-ing other natu-ral persons, as we pursue our legitimate inter-est in answering questions, make contact to employees with our end-user and potential customers and partners. |
Milestone Group companies, affiliates, our partners, and our local offices. Our global logistics partners, for the purpose of shipping our hardware prod-ucts. |
We keep personal data for as long as we have a collaboration with the customer, end-user, our partner, our technology partner, or supplier and up to five years after the end of the collaboration. |
| 2 |
When you visit our website. Cookies and third-party services. |
Keeping statistics on how many users use our sites and how they use them with the purpose of maintenance and optimization our websites. Milestone has implemented the service Cookiebot provided by Cybot to manage the cookie consent/settings. Please refer to our cookie policy . |
Natural persons who interact with our website. Visitors to our website. |
IP addresses when placing cookies. Activity and preferences.Please refer to our cookie policy |
Point (a) of article 6(1) of the GDPR. Point (a) of article 49(1) of the GDPR with respect to the transfer to third countries. |
Milestone Group companies and our local offices Microsoft ARRAffinity, USA Google cookies analytics, Google tag manager and adds Google Analytics YouTube which is also a Google company Pardot We use Cookiebot from Cybot for management of consent/settings. |
Please refer to our cookie policy . |
| 3 |
When you use our mobile Application. |
We analyze usage data of our mobile applications with the purpose of gaining insights into their usage. We send push-notifications to the user with the purpose of delivery of our video management system. We send push-notifications to the user with the purpose of communication with the user. |
Customers and partners who are natural persons and employees of our customers and partners. |
Instance ID Identifier for mobile clients – globally unique identifier and registration token. |
Point (a) of article 6(1) of the GDPR with respect to the processing. Point (a) of article 49(1) of the GDPR with respect to the transfer to third countries. You can withdraw your consent at any time by making changes in the settings within the app. |
Apple via the Apple Push Notification Service. Google via the Google Firebase Cloud Messaging, USA. |
Two months after ended usage. |
| 4 | When you receive our newsletters and other marketing communication. | We distribute newsletters for the purpose of marketing. | Recipients of our newsletters. |
Contact information, including names, email addresses, job title and if relevant, associated company. Information about opening of the newsletter by who and when and whether any links in the newsletter have been activated. |
Point (a) of article 6(1) of the GDPR. You can withdraw your consent at any time. | We do not disclose or transfer this personal data outside our group companies. | We keep the personal data on our “newsletter lists” as long as your consent is valid. |
| 5 | When you participate in our events, including courses, exhibitions, presentations, competition, or research studies. |
We plan events and distribute invitations to participants. We take and edit photographs and record videos and audio, including live streaming with the purpose to make global and public marketing materials and to improve our products. We issue product specific Milestone Certificates as a part of participation on our partner program upon completion of our product specific training modules. |
Persons who participate in our events. |
Contact information, including names and email addresses, Depending on the event, we may process images and voice. Other type of personal information depending on the nature of the event. |
Point (a) of article 6(1) of the GDPR. You can withdraw your consent at any time. | We may share contact information with venues, co-organizers and sponsors. |
We keep data for up to five years after completion of the event. |
| 6 | When you file a whistleblower concern or if we receive a concern in which you are mentioned. |
We are obligated to have a whistleblower scheme which is available here. |
Persons who are either raising a concern through the whistleblower system or persons who are mentioned in concerns raised by others. |
Contact details, including names and job titles, and other information which we receive in relation to the reported concerns. This may include information on criminal offences. |
Article 8 of the EU directive on protection of persons who report breaches under Union Law and section 9 of the Danish Whistleblower Act. |
We may share the raised concerns with our external legal counsel. We may be obligated to disclose necessary information to law enforcement. |
As long as necessary and appropriate for our management of the raised concern. |
| 7 | When you are recorded by our surveillance cameras. |
We surveil our locations with the purpose of physical security, prevention and solving criminal offences. |
Persons who are caught on our cameras and appear on the surveillance recordings. |
Images and related physical appearance, geographical location, and place. |
Generic data: Point (f) of article 6(1) of the GDPR. Where we pursue our legitimate interest in being able to enable our physical security measures by monitoring our entry areas, corridors etc. Criminal offences: Section 8 of the DPA. |
Under relevant circumstances we may disclose video recordings to law enforcement agencies. |
We keep the video recording for up to 30 days in accordance with the Danish CC TV Act. |
.
6.To whom we disclose personal data
In general, we only disclose personal data when required by law, or where disclosure is necessary for our pursuit of the purposes, described in the schedule above. We seek to be a socially responsible player in the video surveillance industry. Due to the nature of our product and its potential adverse impact on the right to privacy if misused, we rely on our commitment to the United Nations Guiding Principles for Business and Human Rights. These principles guide our data disclosure in areas of operation identified as presenting higher levels of human rights risks. For more information, please refer to our human rights policy.
Recipients to whom we disclose data could be:
- public authorities,
- Milestone Group Companies and our local offices
- partners via Our Partner network
- third-party providers who as data processors are processing personal data on our behalf. For example, by providing our IT systems, including hosting, backup, and support.
Transfers to third countries
In certain cases, we transfer personal data to recipients outside the EU and EEA. The typical recipients could be our customers and our sales channel partners, but recipients may also include our technology partners, our data processors, or third-party providers.
With recipients located outside the EU or the EEA, we enter into EU standard contractual clauses, which have been approved by the European Commission, before the transfer of the personal data. If you wish a list of our recipients, please contact us. Our contact information is found in section 9. Regardless of entering into data processing agreements and model clauses with our third-party providers’ European entities, it is necessary to inform you that the EU Court of Justice has in general found (Schrems II) that, from an EU perspective (please see latest status here), for US owned companies there are not an adequacy decision nor appropriate safeguards in place in the US, as they may possibly be required to give data access to the United States Intelligence Community without any judicial review. This means that, depending on the circumstance, Milestone also collects and transfers your personal data to the US either based on your consent, and for Milestone also based on Milestone’s legitimate interest (see Microsoft section above).
7. How long we keep personal data
We store personal data for the period necessary for the purpose(s) for which the personal data was collected. Please refer to the above schedule for the specific retention periods for each of the outlined purposes. Our internal guidelines outline our concrete deletion processes which are determined on either functionality or requirements deriving from applicable law, including demonstrations and auditing requirements.
8. Your rights
If you wish to exercise your rights, please reach out to us at privacy@milestone.dk
According to the GDPR, you have the following rights:
- The right of access: You have the right to view which personal data we process about you.
- The right to rectification: You have the right to have inaccurate data about you corrected.
- The right to erasure: In particular cases, you have the right to have your data erased before we erase such data based on our retention and erasure period.
- The right to restriction of processing: In particular cases, you have the right to have the processing of your personal data restricted. If this is the case, we will limit our processing to activities based on (i) your consent, (ii) for the establishment, exercise, or defense of a legal claim or for (iii) the protection of a person or important public interests. Regardless, we may still store your personal data.
- Right to object: In particular cases, you have the right to object to our otherwise lawful processing of your personal data.
- Right to data portability: In some cases, you have the right to receive your personal data in a structured, commonly used, and machine-readable format and to have such personal data transferred from one controller to another.
You can read more about your rights here:
The Danish Data Protection Agency
9. Contact us
The legal entity responsible for the processing of your personal data is:
.
Milestone Systems A/S
Company Registration No: 20341130
Banemarksvej 50
2605 Brøndby, Denmark
Tel.: +45 88 30 03 00
.
If you have any questions or concerns about our processing of personal data or wish to withdraw your consent, please reach out to us.
10. Making a complaint to the authorities
If you wish to complain about our processing of your personal data, you have the right to submit a complaint to the competent supervisory authority. In Denmark, the relevant authority is the Danish Data Protection Agency:
.
Datatilsynet
Carl Jacobsensvej 35
DK-2500 Valby
Denmark
phone + 45 33 19 32 00
Please visit www.datatilsynet.dk for more information.
For other relevant European supervisory authorities, please visit Your Europe.
11. Changes to this privacy policy
We update our privacy policy on a regular basis. We recommend that customers, partners, and visitors to our website re-visit this Privacy Policy on occasion to learn of new privacy practices or changes to our Privacy Policy.
This privacy policy was last updated on February 28, 2024.