Digilock Privacy Policy

Last Reviewed and Approved: November 8, 2021

Who We Are

Security People, Inc., dba Digilock (“Digilock”), ('we' or 'us' or 'our') provide electronic lock products and services to our customers. In connection with our business and providing our products and services, we gather and process your personal information in accordance with this privacy policy (notice) and in compliance with the relevant data privacy laws and regulations. This notice provides you with the necessary information regarding your rights and our obligations, and explains how, why, and when we process your personal data.

Information We Collect

We process (i.e., collect, use, store, etc.) your personal information to conduct our business, meet our legal, statutory, and contractual obligations and to provide you with our products and services. We intend to only process your information as specified within this privacy policy (notice).

Personal Data Collection

The personal data that we collect includes:

  • Name
  • Job title
  • Business name
  • Business address
  • Business email
  • Telephone number
  • Mobile telephone number
  • Cookies
  • Website usage data (Google Analytics)
  • Behavior and response to direct marketing campaigns (email, social media, postal, telephone)

How We Collect Information

  • Orders
  • Email correspondence
  • Inquiries
  • Face-to-face meetings and events
  • Customer referrals
  • Social media
  • Purchased lists, directories and adverstising
  • IP address information and website browsing activity
  • Web application usage for our DigiLink and PackageHold solutions
  • Website activity
  • Interaction with email marketing campaigns

How We Use Your Personal Data

Digilock takes your privacy very seriously and does not disclose, share, or sell your data without your consent, unless required to do so by law. We only retain your data for as long as is necessary and for the purpose(s) specified in this notice or required by law. Where you have consented to us providing you with promotional offers and marketing, you are free to withdraw this consent at any time.

The purposes and reasons for processing your personal data are detailed below:

  • We collect your personal data in the performance of a contract or to provide a service and to ensure that orders are completed and can be sent out to your preferred address
  • We collect and store your personal data as part of our legal obligation for business accounting and tax purposes
  • We will occasionally send you marketing information where we have assessed that it is beneficial to you as a customer and in our interests. Such information will be non-intrusive and is processed on the grounds of legitimate interests

Your Privacy Rights

Under data privacy laws and regulations, you are entitled to several individual rights pertaining to your personal information processed by Digilock, including:

  • Right to Access - Your right to request access to the personal information our business collects about you. This includes your right to request a copy of the personal information we process about you. Upon request, we will provide you with a copy of your personal information, as deemed necessary and appropriate considering your rights under privacy law, our privacy practices, and any applicable legal exceptions. If you want to access your information, submit a detailed request for your information using our Data Privacy Request Form (see Data Privacy Request Form section below)
  • Right to be Informed - Your right to be informed about our processing activities of your personal information. This includes the right to:
    • Know the type of personal data we collect about you
    • The categories of personal data concerned
    • Why we collect your data
    • Where the information is collected (If we did not collect the data directly from you, information about the source)
    • Our purposes for processing your information
    • Recipients to whom the personal data has/will be disclosed
    • How long we intend to store your personal data
  • Right to Consent - Your right to object to our processing or selling of your personal information.
  • Right to Equality - Your right to not be discriminated against due to your refusal to consent to our marketing and data processing activities.
  • Right to Erasure (Deletion, or to be Forgotten) - Your right to request erasure of your personal data or to restrict processing (where applicable) in accordance with the data protection laws; as well as to object to any direct marketing from us. Upon request, we can delete your personal information processed by our company, as deemed necessary and appropriate considering your rights under privacy law, our privacy practices, and any applicable legal exceptions. If you want to request deletion of your information, submit a detailed request for your information using our Data Privacy Request Form (see Data Privacy Request Form section below).
  • Right to Modification - Your right to request that we update or correct your personal information. If you believe that we hold any incomplete or inaccurate data about you, you have the right to ask us to correct and/or complete the information and we will strive to do so as quickly as possible; unless there is a valid reason for not doing so, at which point you will be notified.

Depending on the privacy law or regulation applicable to our business and your personal information, you may have additional rights under privacy law, including the right to data portability of your information and the right to be informed about any automated decision-making we may use.

Data Privacy Request Form

If you would like to request that we perform any activities related to your rights under privacy law, please submit a request to our team using our Data Privacy Request Form.We will review your request and process as deemed necessary and appropriate considering your rights under privacy law, our privacy practices, and any applicable legal exceptions. If we receive a request from you to exercise any of the above rights, we may ask you to verify your identity before acting on the request; this is to ensure that your data is protected and kept secure.

We will review your request and process as deemed necessary and appropriate considering your rights under privacy law, our privacy practices, and any applicable legal exceptions. If we receive a request from you to exercise any of the above rights, we may ask you to verify your identity before acting on the request; this is to ensure that your data is protected and kept secure.

Sharing and Disclosing Your Personal Information

We do not share or disclose any of your personal information without your consent, other than for the purposes specified in this notice or where there is a legal requirement. Digilock uses third-parties to perform business activities described within this privacy policy (defined within the “Who We Are” and “Information We Collect” sections above); however, all processors acting on our behalf only process your data in accordance with instructions from us and comply fully with this privacy notice, the data protection laws and any other appropriate confidentiality and security measures.

Digilock Third Party Data Processors

Digilock utilizes the third-party systems and service providers to conduct business activities and delivery our products and services. Use of our products and services may include the collection and processing of your personal information via use of these third-party services. We have established agreements with these third parties, which include the appropriate safeguarding of any personal information being processed by their services, and we monitor the activities of our third-party service providers to evaluate their adherence to these agreements.

Digilock takes your privacy seriously and takes reasonable measures and precautions to protect and secure your personal data. We work hard to protect your information from unauthorized access, alteration, disclosure or destruction and have several layers of security measures in place, including implementation and use of:

  • User authentication systems and controls
  • Restriction of user access to our systems and data
  • Network security systems and controls, including firewalls, VPN, encryption, etc.
  • Anti-virus/malware solutions and controls
  • App-based enhanced mobile security
  • Risk management and governance activities

Access to Your Data

Access. We implement user authentication and user access management procedures to prevent unauthorized access to your data. Customers that use our DigiLink or PackageHold web applications may input personal information into the web applications to facilitate the functioning and use of the application and our services. These users are required to validate their identity via user authentication and are responsible for managing access to their web application environment.

Least-Privilege. Our policies and procedures for access control require that access to your data be limited to our personnel as required to perform necessary and appropriate roles and responsibilities, in connection with our services and commitments for security, confidentiality, and privacy. We restrict access to your information based on these commitments and requirements, limiting access to your data to authorized personnel that must have the access to perform job roles and responsibilities.

Transfers Outside the EU

Digilock, and our subsidiary Digilock Europe BV, utilizes some products or services (or parts of them) that may be hosted/stored in the USA, which means that we may transfer any information, which is submitted by you through the website, outside the European Economic Area ("EEA") for the below purposes:

  • Website Hosting
  • Email Communication
  • Customer Relations and Marketing Activities

Considering, when you use our website, send us an email, or sign up to our newsletter, the personal information you submit may be stored on servers which are hosted in the USA. Where this is the case, we will take steps to ensure that we use secure technologies and solutions when handling for your information and abide by applicable laws, regulations, and contractual obligations to protect your data and comply with the relevant data protection laws.

Additionally, we may share personal data across the Digilock entities. Access to this data is highly restricted outside the EU and can only be processed by limited members of Digilock’s global team.

Failure to Provide Your Data

You are not obligated to provide your personal information to Digilock; however, the receipt of your personal information may be required for us to provide you with our services or deliver your products. If you do not consent or provide other authorization to use your personal information, we may not be able to offer some of our services without it.

Digilock Business and Marketing - Legitimate Interests

As mentioned in the 'How We Use Your Personal Data' section of this policy, we occasionally process your personal information under the legitimate interest legal basis. Where this is the case, we have carried out a thorough Legitimate Interests Assessment (LIA) to ensure that we have weighed your interests and any risk posed to you against our own interests; ensuring that they are proportionate and appropriate.

We use the legitimate interests as our legal basis for processing your personal data and have identified that our interests are direct marketing, keeping our records up to date, identifying and recording which of our products are of interest to you, and seeking your consent when we needed for further data processing.

DigiLink and PackageHold Systems - Contractual Obligation

For our DigiLink and PackageHold web applications, we have determined that we process personal information to adhere to contractual obligations of our customers (system users) which have legally engaged to use our smart lock management and/or package locker management web applications, DigiLink/PackageHold.

How Long We Keep Your Data

Digilock, and our subsidiaries retain personal information for as long as it is necessary to conduct our legitimate interest or contractual obligations, with exception to any legal or regulatory requirements applicable to our business. We follow established policies and procedures for data security and data retention to meet our objectives for data protection and appropriate management of your data.

We conduct a regular review of data processed by our company to ensure that we only retain information needed to conduct our processing activities. Where deemed necessary based on our legal and regulatory requirements, including Dutch tax law, retain your basic personal data (name, address, contact details) for the duration of time needed to conduct necessary processing activities and comply with applicable law and regulation.

We collect consent from our website visitors to collect and process data needed for our company to conduct direct marketing activities. Where you have consented to us using your details for direct marketing, we will keep such data until you notify us otherwise and/or withdraw your consent. When you have withdrawn consent, we will remove your data from our system to ensure that we cease processing activities.

Special Categories Data

Regarding our offered product and services, Digilock is unlikely to collect or process “special category” data (i.e., ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, etc.) about you. In the event that we collect such information, we will only request and process the minimum necessary for the specified purpose and identify a compliant legal basis for doing so.

Our Use of Cookies

A 'cookie' is a small piece of data sent from a website and stored on the user's computer by the user's web browser while the user is browsing. When you visit a site that uses cookies for the first time, a cookie is downloaded onto your computer/mobile device so that the next time you visit that site, your device will remember useful information such as items added in the shopping cart, visited pages or logging in options. Cookies are widely used in order to make websites work, or to work more efficiently, and our site relies on cookies to optimize user experience and for features and services to function properly.

Most web browsers allow some control to restrict or block cookies through the browser settings; however, if you disable cookies, you may experience a different, more restrictive, ability to use certain parts of our website or services. For more information about cookies visit https://www.aboutcookies.org.

In connection with the use of our products and services, we may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer until you delete them) to provide you with a more personal and interactive experience on our website, products, or services. We obtain consent to use these cookies via use of our cookie banner on our website, which allows you to allow or deny cookies, and any contractual agreements in place with the delivery of our products or services.

Changes To This Privacy Policy

This privacy policy is subject to occasional revision. If we make any material changes in the way we use your personal data, we will notify you by sending you an e-mail to the last e-mail address you provided to us and/or by prominently posting notice of the changes on our Site. Any changes to this privacy policy will be effective upon the earlier of thirty (30) calendar days following our dispatch of an e-mail notice to you or thirty (30) calendar days following our posting of notice of the changes on our website. These changes will be effective immediately for new users of our products or services.

Please note: At all times you are responsible for updating your personal data to provide us with your most current e-mail address. In the event that the last e-mail address that you have provided us is not valid, or for any reason is not capable of delivering to you the notice described above, our dispatch of the e-mail containing such notice will nonetheless constitute effective notice of the changes described in the notice.

File a Complaint

Digilock processes your personal information in compliance with this privacy policy and in accordance with the relevant data protection laws and regulations. If, however, you wish to raise a complaint regarding the processing of your personal data or are unsatisfied with how we have handled your information, you have the right to file a complaint with our company, using our Data Privacy Request Form (linked above), or with a data privacy supervisory authority:

Contact Digilock (United States)

Digilock
9 Willowbrook Court
Petaluma, CA 94954
United States

telephone / 707-766-6000
email / sales@digilock.com

Contact Digilock (Europe)

Digilock Europe BV
Contact: Geert.N.W van Dijk
Schillingweg 22, 2153 PL Nieuw-Vennep, The Netherlands

telephone / +31 6 53751414
email / geert.vandijk@digilock.eu

Information Commissioner’s Office

Schillingweg 22, 2153 PL Nieuw-Vennep
telephone / +31 20 303 30 60

GDPR Statement

At Digilock, we understand the importance of protecting your data. It’s a big deal. With security at the core of our business, products, and services, we understand the importance of protecting valuables, including your personal information.

This articleis designed to provide insight into our plans for privacy and compliance with the General Data Protection Regulation (GDPR) and our procedures to ensure that the sensitive, confidential, and personal information we collect is handled with care and protected from unauthorized access, disclosure, manipulation, or subject to data breach.

Data Security

There are many components to data privacy compliance with GDPR, including our responsibility to implement systems and processes that protect personal information processed by our company.

Considering security is one of the primary and fundamental components to GDPR compliance, let’s review security related to our business, products, services. As a security company, maintaining our security practices is a part of our culture. We implement various policies, procedures, systems, and roles and responsibilities to implement and operate our information security program established to safeguard (or protect) our users' data and limit exposure to data breaches.

Our SaaS web applications, the Digilink and PackageHold, have successfully completed a SOC 2 Type1 examination and received a SOC report from an independent CPA firm. This provides a professional opinion that we have implemented appropriate internal controls (or processes) for security, availability, and confidentiality for the IT network of our Digilink and PackageHold applications.

What is the importance of the SOC 2 Report?

Our SOC 2 Type 1report demonstrates that we have implemented appropriate security practices and safeguards for our data processing activities. The SOC 2 examination included working with auditors to evaluate the organization, technical, and procedural controls that we have implemented within our IT network to secure our users' data.

The examination includes inspection of security configurations and procedural documentation that supports our implementation of data security best practices technologically, organizationally and culturally.

We will be conducting our SOC 2 Type 2 examination annually to continue to demonstrate our security practices and our ability to implement appropriate safeguards for protecting our users' sensitive, confidential, and personal information.

SOC 2 Type 1Report

You can request a copy of our SOC 2 Type 1report by submitting a request to our Contact Us page. This details all of the above-mentioned security practices for our Digilink and PackageHold web applications.

Data Privacy Compliance and GDPR roadmap

Data security and data privacy compliance is a significant project for most companies, including Digilock. It involves identifying the right people, systems, and processes that should exist within our company to ensure that we adhere to data security and privacy compliance requirements applicable to our organization.

Our company has recently completed our procedures to appropriately adhere to SOC 2 standards for data security; however, we are currently completing our procedures to ensure that we fully implement appropriate data privacy processes and adhere GDPR compliance.

Data protection is very important in our business, and so is GDPR compliance, so we want to communicate our plans and timeline for Digilock’s full GDPR compliance implementation.

Digilock’s Current State of GDPR Compliance

Currently, we have implemented several important pieces to our GDPR compliance program. These include the implementation of the following technologies, activities, or justifications supporting GDPR compliance within our company:

Documentation of our Privacy Policy (Notice)

We have published our Privacy Policy on our website to communicate our overall practices for the use of personal information that we collect and process during the performance of our services.

Our Data Privacy Request Form

We have updated our Contact Us page to include a form to submit inquiries related to Privacy. This form can be used to request our team to assist with any matters concerning data privacy, personal information, or data subject rights. Our team will review the request and process all valid requests, as deemed appropriate.

Documentation of our Lawful Basis for Processing

Our data processing activities are necessary for the performance of our service contracts with our customers, to which data subjects are an indirect party.Companies that have purchased our smart lock products have entered into an agreement with our company to use our products and services. As a result, we process personal information in connection with the delivery of these products and services.

Additionally, we have legitimate interest to collect and process personal information to conduct marketing activities for our business. These activities are performed to identify customers that would benefit from the use of our products and services. We communicate our privacy practices for data collection within our cookie consent banner display on our company website anduse this cookie banner notification to collect consent from our website visitors to use cookie to perform these data collection activities.

Implementation of Appropriate Technical and Organizational Safeguards (Security)

As mentioned, we have a SOC 2 Type 1 report that speaks to our security practices for protecting our customers' data. These security practices include the implementation of encryption and access controls technologies/ procedures to ensure we protect our data.

Our SOC 2 and GDPR Compliant Third-Party Data Processors

We utilize third-party processors that are compliant with SOC 2 standards and GDPR. Their compliance with these standards and regulations helps our company to protect personal data, including providing guidance and technologies that help us maintain GDPR compliance.

Designated Individual Responsible for GDPR Compliance and a Data Protection Officer (DPO)

We have designated a DPO within our organization, and our DPO works closely with our Executive Management team (President and Vice President) to provide oversight and execution of Digilock’s risk management and data security and privacy practices, including GDPR compliance.

Established a Process for Notifying Supervisory Authorities and Data Subjects of Data Breaches

We have identified the appropriate supervisory authority to notify in the event of a data breach, which is a requirement for GDPR compliance.

Appoint a Representative within a European Member State

A GDPR requirement for companies that operate outside of the EU, includes appointing a representative within an EU member state that can communicate with data protection authorities in the event of a data breach.Our EU representative is as follows:

Information Commissioner’s Office

Douglassingel 47, 1119MD, Schiphol-Rijk
telephone / +31 20 303 30 60

GDPR Information Audit

We have performed an information audit of our data processing activities and data privacy control activities to evaluate their operation and ensure our full compliance with GDPR standards.This process included the implementation of systems and procedures that will allow our team to have appropriate insight into our data processing activities and procedures for processing requests pertaining to data subject rights.We will continue to perform regular information audits to evaluate the state of our environment and GDPR compliance.

Questions

If you have any questions regarding our GDPR compliance and privacy practices, please contact our team using our Data Privacy Request Form on our Contact Us page.