Introduction
At Milestone Systems A/S and our subsidiaries ("Milestone," "we," "us," or "our"), we value your privacy and are committed to protect your personal data. This privacy policy outlines how we collect, use, and safeguard your personal data in accordance with global standards and European requirements. Our goal is to ensure compliance and transparency by providing you with information regarding our data processing practices.
Milestone Privacy Policy is based on the European Union General Data Protection Regulation 5419/16 (GDPR). However, Milestone’s processing of personal data must always adhere to applicable data privacy legislation.
Personal data refers to any information that can identify an individual, either directly or indirectly. This includes, but is not limited to, names, titles, email addresses, physical addresses, phone numbers, IP addresses, and many other types of information.
ㅤ
Purposes of processing and the personal data we process
We collect and process personal data in various contexts including but not limited to:
- Conducting our business: Contact information, such as name, email, title, company address and phone number, IP address and other similar information depending on the type of enquiry of the employees and consultants of our partners, customers, and suppliers. The personal data is needed for facilitating business transactions and communications with partners, customers and suppliers. This involves processing orders, managing contracts, and handling invoicing and payments, including maintaining records of interactions and transactions to ensure smooth operations, for license management, program management, program related service messages, including legal notices to the partners, customers and suppliers and issuing invoices.
- Research and Development: information on feedback and usage data from the individuals participating in our surveys, usability tests, and other research methods. This is for the purpose of developing new products and solutions and enhancing our current products and services through continuous improvement initiatives.
- Marketing: Name, email, title, company name and address for the purpose of sending newsletters, promotional materials, and event invitations of the individuals consented for such materials. We also collect your preferences in receiving marketing materials from us in order to send you the correct information.
- Opening of newsletters and other marketing communication: Information about opening of the newsletter by who and when and whether any links in the newsletter has been activated for the purpose of personalizing the newsletter. This is collected and processed for the individuals consenting to such tracking pixels.
- Product and services data: Personal data related to the use of our products, mobile applications, portals and services, like email, passport, device ID, usage statistics, feedback, and support requests. This is needed for us to provide our products and services, gaining insights into their usage and it helps us improve and develop them.
- Website usage: Data on the visitors of our website about user-statistics related to the use our sites, what actions is taken by the visitor, IP address, the time used at the website, browser type etc. The personal data is linked to any existing company accounts if possible and used for maintenance and optimization our websites. For more information, please see our cookie policy below.
- Use of our portals: Email and password and other contact information related to the user’s company. This information is processed of the users to our portals for the purpose of securing access to the portal.
- Event participation: Contact information about the participants in our events, including courses, exhibitions, presentations, and research studies. The data collected is email address, title, company details, phone number etc. for the purpose of coordinating logistics, enhance participant satisfactory for the events and follow up with the participants. In some cases, we also process pictures from the event used for our marketing of our events.
- Interviews and presentations: If we have your consent to do so, we may take and edit photographs/videos and recording of your voice to make global and public marketing materials. You can always withdraw your consent.
- Customer support or contact: Contact information when you use our forms on the website to get in touch with us for the purpose of us supporting your inquiry and providing comprehensive support to users, including troubleshooting, resolving technical issues, and offering guidance on product usage. We maintain detailed support logs to improve our services and training. This helps us understand common issues and enhance user experience.
- Surveillance: Images and related physical appearance, geographical location and place of individuals caught on the security cameras places on all our business locations. We collect and process the personal data for protecting our premises and assets through surveillance systems. Surveillance data helps us monitor activities, prevent unauthorized access, and ensure a safe environment for employees and visitors. We also use this data to investigate security incidents and enhance our security protocols.
- Compliance: Contact data, and management and owners’ data for the purpose adhering to legal and regulatory requirements, including those related to data protection, export controls, and customs regulations. We ensure that our practices comply with the relevant laws and industry standards.
- Contract execution and enforcement: Contact data and similar information connected with the execution of agreements for upholding our contractual agreements and defending against legal claims. This includes managing disputes, enforcing terms and conditions, and protecting our legal interests. We maintain thorough records of contracts and related communications.
- Job application: When you apply for a position on our website we collect contact information, reference, skills and experience etc. For more information please see our specific privacy notice here.
ㅤ
Sources of personal data
We obtain personal data from multiple sources, including:
- Direct collection: Personal data provided directly by individuals, such as when filling out forms on our website, registering for events, creating an account, contacting Milestone, becoming a partner or subscribing to newsletters.
- Third-party sources: Personal data obtained from third parties, such as partners, end-users or suppliers providing information on their employees, public authorities, and data aggregators. We work with third-party service providers who may collect data on our behalf, such as market research firms, advertising networks, and data analytics companies.
- Automated technologies: Personal data collected through automated technologies, such as cookies and web beacons, during interactions with our website and applications.
- Publicly available sources: Information from publicly available sources such as social media, public databases, and professional networks.
- Public authorities: We may receive data from public authorities or regulatory bodies as part of compliance requirements or legal obligations.
- Automated technologies: We use automated technologies to collect data during interactions with our website and applications:
- Cookies: We use cookies to track user behavior, preferences, and engagement with our website. Cookies help us enhance user experience, deliver personalized content, and analyze website performance. For detailed information on our use of cookies, please refer to our Cookie Policy.
- Web beacons: Web beacons (also known as pixel tags) are embedded in our emails and web pages to track user interactions and measure the effectiveness of our marketing campaigns.
- Log files: We collect log files that capture details such as IP addresses, browser types, operating systems, and pages visited. This information helps us understand user behavior and improve our services.
- Social media: Information from social media platforms, such as LinkedIn, Twitter, and Facebook, where individuals have made their profiles publicly available.
- Public databases: Data from public databases, such as government records, industry directories, and professional associations.
- Professional networks: Information from professional networking sites and industry forums where individuals share their professional information
ㅤ
Legal basis for processing
We base our data processing activities on the following legal grounds:
- Consent: Where you have given clear consent for us to process your personal data e.g. for marketing communications, participating in a interview or the like.
- Contractual obligations: Where processing is necessary for the performance of a contract, or to process payments and invoices.
- Legal obligations: Where processing is necessary to comply with the law.
- Legitimate interests: Where processing is necessary for our legitimate interests, provided your rights and interests do not override these. This can be the case where you have registered on one of our portals, contacted us through one of our forms at the website, signed up for participation in an event or to manage our business relationship with your company.
ㅤ
Disclosure of your personal data
In certain cases, we share your personal data with others where necessary for the purposes as described above. We seek to be a socially responsible player in the video surveillance industry. Due to the nature of our product and its potential adverse impact on the right to privacy if misused, we rely on our commitment to the United Nations Guiding Principles for Business and Human Rights. These principles guide our data disclosure in areas of operation identified as presenting higher levels of human rights risks. For more information, please refer to our human rights policy.
Recipients to whom we disclose data could be:
- public authorities,
- Milestone local offices
- partners via our Partner community.
- third-party providers who as data processors are processing personal data on our behalf. For example, by providing our IT systems, including hosting, backup, and support.
For some of the purpose above, we transfer your personal data to recipients outside the EU and EEA. The typical recipients could be our customers and our sales channel partners, but recipients may also include our technology partners, data processors, or third-party providers.
For transfers to third countries, we ensure adequate protection by entering into EU standard contractual clauses approved by the European Commission. With recipients located in the U.S., we rely on the EU-U.S. Data Privacy Framework, which ensures an adequate level of protection for personal data transferred from the EU to the U.S.
For information on the safeguards for your personal data, please contact us at privacy@milestone.dk
ㅤ
How long we keep personal data
We store personal data for the period necessary for the purposes for which it was collected. Retention periods are based on the functionality and requirements derived from applicable laws, including demonstration and auditing requirements. Specific retention periods for each type of data processing activity are as follows:
- Business Transactions: Personal data related to business transactions is retained for the duration of the business and/or partner relationship and up to the period required by the applicable tax and accounting regulations.
- Marketing Activities: Personal data used for marketing purposes is retained as long as you remain subscribed to our communications and for a short period afterwards. You can withdraw your consent at any time.
- Event Participation: Personal data related to event participation is retained for up to five years after the event, unless longer period required by the local regulations.• Whistleblower Reports: Personal data related to whistleblower reports is retained only as long as necessary to manage and resolve the concern, in accordance with legal requirements and our internal policies.
- Surveillance Data: Surveillance footage is retained for up to 30 days unless required for an ongoing investigation or legal proceedings.
ㅤ
Your Rights
Under the GDPR, you have the following rights regarding your personal data:• Right of access: You have the right to request access to the personal data we process about you.
- Right to rectification: You have the right to request correction of any inaccurate or incomplete data.• Right to erasure: You have the right to request the deletion of your personal data under certain conditions.
- Right to restriction of processing: You have the right to request the restriction of processing your personal data under specific circumstances.
- Right to object: You have the right to object to the processing of your personal data based on legitimate interests or for direct marketing purposes.
- Right to data portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to have your personal data transferred to another controller.
- To exercise any of these rights, please contact us at privacy@milestone.dk
ㅤ
Contact us
The legal entity responsible for processing your personal data is:
ㅤㅤㅤㅤㅤㅤㅤㅤMilestone Systems A/S
ㅤㅤㅤㅤㅤㅤㅤㅤCompany Registration No: 20341130
ㅤㅤㅤㅤㅤㅤㅤㅤBanemarksvej 502605 Brøndby, Denmarkㅤㅤㅤㅤㅤㅤㅤㅤ
ㅤㅤㅤㅤㅤㅤㅤㅤEmail: privacy@milestone.dk
ㅤㅤㅤㅤㅤㅤㅤㅤTel.: +45 88 30 03 00
If you have questions or concerns about our data processing practices or wish to withdraw your consent, please reach out to us.
ㅤ
Making a complaint to the authorities
If you wish to complain about our processing of your personal data, you have the right to submit a complaint to the competent supervisory authority. In Denmark, this is the Danish Data Protection Agency:
ㅤㅤㅤㅤㅤㅤㅤㅤDatatilsynet
ㅤㅤㅤㅤㅤㅤㅤㅤCarl Jacobsens Vej 35
ㅤㅤㅤㅤㅤㅤㅤㅤDK-2500 Valby, Denmarkㅤㅤㅤㅤㅤㅤㅤㅤ
ㅤㅤㅤㅤㅤㅤㅤㅤPhone: +45 33 19 32 00
ㅤㅤㅤㅤㅤㅤㅤㅤWebsite: www.datatilsynet.dk
For other relevant European supervisory authorities, please visit Your Europe.
ㅤ
Changes to this privacy policy
Milestone may update our privacy policy from time to time. We recommend that you re-visit this privacy policy on occasion to learn of new privacy practices or changes to our privacy policy. For any material changes in our privacy policy, a notice will be posted on our website along with the updated privacy policy.
If you have any questions or need further information, please contact us at privacy@milestone.dk
ㅤ
Additional Information
Cookies and similar technologies: We use cookies and similar tracking technologies to enhance your experience on our website and applications. These technologies also help us deliver targeted advertisements and analyze the effectiveness of our marketing campaigns.
- Cookies: Cookies are small text files stored on your device that help us understand how you use our services and personalize your experience. For more details, please refer to our Cookie Policy.
- Types of cookies used:
- Essential cookies: Necessary for the website to function and cannot be switched off in our systems.
- Performance cookies: Help us understand how visitors interact with our website by collecting and reporting information anonymously.
- Functional cookies: Enable enhanced functionality and personalization, such as remembering your preferences.
- Targeting cookies: Used to deliver advertisements that are relevant to you and your interests.
- Managing cookies: You can control the use of cookies through your browser settings. However, disabling certain cookies may impact your experience of our website.
Data Security: We implement appropriate technical and organizational measures to ensure the security of your personal data. These measures include encryption, access controls, and regular security assessments to protect against unauthorized access, data breaches, and other security risks. We also conduct regular training for our staff to ensure they understand their responsibilities regarding data protection.
Third-party Links: Our website and applications may contain links to third-party websites and services. We are not responsible for the privacy practices of these third parties, and we encourage you to review their privacy policies before providing any personal data.
Children’s Privacy: Our services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children under 16 without parental consent. If we become aware that we have inadvertently collected personal data from a child under 16, we will take steps to delete such data promptly.Training and Awareness: We provide regular training and awareness programs for our employees to ensure they understand their responsibilities regarding data protection and privacy.
Impact Assessments: We conduct Data Protection Impact Assessments (DPIAs) for processing activities that are likely to result in high risks to the rights and freedoms of individuals. DPIAs help us identify and mitigate privacy risks in our processing activities.
Breach Notification: In the event of a data breach that may pose a risk to your rights and freedoms, we will notify you and the relevant supervisory authority without undue delay, in accordance with the GDPR.
ㅤ
Your Access to Your Personal Data
Milestone makes it easy for you to keep your personal data accurate, complete, and up to date. You can log in to your My Milestone account at My Milestone Login, or when receiving our newsletter, you can use the profile link at the end of our newsletters. If you do not have a My Milestone account, you can contact us at privacy@milestonesys.com
ㅤ
Whistleblower
We are committed to maintaining a transparent and ethical business environment. To this end, we have established a whistleblower scheme that allows individuals to report concerns related to potential misconduct or breaches of law. This section outlines how we handle personal data in connection with whistleblower reports.
Purpose and Scope: The whistleblower scheme is designed to provide a secure and confidential channel for reporting concerns. These concerns may include, but are not limited to, violations of laws, regulations, or company policies, unethical behavior, and any actions that may pose a risk to individuals, the company, or the public.
Categories of Persons: We process personal data of the following categories in connection with whistleblower reports:
- Individuals who file a whistleblower concern
- Individuals mentioned in whistleblower reports
Data Collected: The types of personal data we may process in relation to whistleblower reports include:
- Contact details such as names and job titles
- Details of the reported concern, which may include information on alleged misconduct or criminal offences
Legal Basis for Processing: Our processing of personal data in relation to whistleblower concerns is based on:
- Article 8 of the EU Directive on protection of persons who report breaches under Union law
- Section 9 of the Danish Whistleblower Act
Recipients of Data: In certain circumstances, we may share whistleblower-related data with:
- External legal counsels
- Law enforcement authorities, if required by law or necessary for the investigation of the reported concern
Retention Period: We retain personal data related to whistleblower reports only for as long as necessary to manage and resolve the concern, in accordance with legal requirements and our internal policies.
Confidentiality and Protection: We ensure that all whistleblower reports are handled with the highest level of confidentiality and protection. Access to personal data related to whistleblower reports is restricted to authorized personnel involved in the investigation and resolution of the concern.
Your Rights: Individuals involved in whistleblower reports have the following rights under the GDPR:
- Right of Access: You have the right to know which personal data we process about you.
- Right to Rectification: You can request correction of inaccurate data.
- Right to Erasure: Under certain circumstances, you can request deletion of your data.
- Right to Restriction of Processing: You can request limited processing of your data in specific situations.
- Right to Object: You can object to the processing of your data under certain conditions.
If you wish to exercise your rights or have any concerns about the processing of your personal data in relation to whistleblower reports, please contact us at privacy@milestone.dk.
We are committed to protecting your privacy and ensuring the security of your personal data. If you have any questions or need further information, please contact us at privacy@milestone.dk.
This privacy policy was last updated on September 11, 2024.