Privacy Statement

Privacy Statement

Shopguard (“we”, “us”, “our”) is committed to protecting the privacy and personal data of all visitors, customers, and users of our products and online services. This Privacy Statement explains how we collect, use, share, and protect personal data in connection with our website, hardware products, support services, and cloud-based software platforms, including the Shopguard iDKey system and other SaaS offerings. By using our website or services, you agree to the terms of this Privacy Statement.

1. Data Controller

The data controller for personal data collected through this website and for certain services is:
Shopguard Ltd.
41st, Szépvölgyi road
Budapest – 1037
Hungary

Email for privacy-related inquiries:
info@shopguard.com

Depending on the product or service, Shopguard may act as a data controller (for website visitors, general inquiries, marketing) or as a data processor (for SaaS platforms used by customer organizations).

If you use Shopguard services through your employer or organization, your organization acts as the primary data controller, and Shopguard processes data strictly on their instructions.

2. Information We Collect

We collect different types of information depending on how you interact with us.

2.1. When You Visit Our Website

When you browse our website, we may collect:
  • IP address
  • Browser type and settings
  • Pages visited, date and time
  • Session cookies required for site functionality
We do not use advertising cookies unless explicitly disclosed in a separate cookie notice or banner.

2.2. When You Contact Us or Request Support

When you get in touch with us (e.g., via contact form, email, phone), we may collect:
  • Name
  • Email address
  • Phone number
  • Company name and role
  • Message content and any attachments or logs you choose to share

2.3. When You Interact with Shopguard Hardware Products

In connection with our hardware products and security devices, we may process:
  • Device ID and serial number
  • Firmware version
  • Battery level, RSSI (signal quality), and device status
  • Sensor data (e.g., tamper alarms, loop status, motion events)
  • Diagnostic information needed for support and troubleshooting

2.4. When You Use Our SaaS Platforms (Including iDKey)

When you use our SaaS and cloud-based platforms (including the Shopguard iDKey system and related device management services), we may process identity information, device data, event logs, and platform usage data. Details on this processing are provided in Section 7 below.

3. How We Use Your Information

We use collected data for the following purposes:
  • Providing and operating our website and online services
  • Responding to your inquiries and support requests
  • Operating and improving our hardware and SaaS platforms
  • Ensuring system security, fraud prevention, and reliability
  • Managing customer relationships and contracts
  • Complying with legal and regulatory obligations
We do not sell personal data or use it for unrelated advertising purposes.

4. Legal Basis for Processing

Depending on your region and the context of the data processing, we rely on the following legal bases:
  • Performance of a contract – to provide products and services you or your organization have requested.
  • Legitimate interest – for security, fraud prevention, service improvement, and customer support, where these interests are not overridden by your rights.
  • Compliance with legal obligations – where we must retain or disclose information to comply with applicable laws.
  • Consent – when we explicitly ask for your consent (e.g., for certain marketing or optional cookies).
When our SaaS platforms are used by your organization, your organization determines the applicable legal basis for processing user data in that context.

5. Data Sharing

We only share personal data with third parties when necessary and appropriate:
  • Your employer or organization, if you access our services on their behalf
  • Trusted service providers who assist us with hosting, infrastructure, support, and other operational services
  • The Microsoft identity platform or similar identity providers, for authentication and single sign-on integrations
  • Public authorities, regulators, or law enforcement, where required by law
All third parties are bound by contractual obligations to protect your data and to process it only according to our documented instructions and applicable data protection laws (e.g., GDPR).

6. International Data Transfers

If personal data is transferred outside the European Union (EU) or European Economic Area (EEA), we ensure that appropriate safeguards are in place, such as:
  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions for certain countries
  • Other lawful transfer mechanisms as required by applicable law

7. Processing of Data in iDKey and Other SaaS Platform Services

This section describes data processing specifically related to our cloud and SaaS solutions, including:
  • Shopguard iDKey
  • Shopguard device cloud and monitoring services
  • Remote alerting and event forwarding platforms
  • Any application that integrates with Microsoft Entra ID (Azure AD) for sign-in

7.1. Information Provided by Your Organization

To activate and configure our SaaS platforms, your organization may provide:
  • Tenant information and organization identifiers
  • API keys, Client IDs, and related application registration details
  • User roles, permissions, and access policies
  • Store or site configuration fields (e.g., SiteID, ExternalID)

7.2. Microsoft Entra ID (Azure AD) Sign-In

When you sign in via Microsoft Entra ID (Azure AD), we may receive from Microsoft:
  • User principal name or email address
  • Display name
  • Object ID (OID)
  • Tenant ID
  • Assigned roles or group membership (if configured by your organization)
We do not receive or store your password or multi-factor authentication secrets. Authentication is handled securely by the Microsoft identity platform.

7.3. Device and Event Data

In order to operate iDKey-connected devices and related solutions, we may process:
  • Device identifiers, serial numbers, and firmware versions
  • Device status (online/offline), battery level, RSSI, and related metrics
  • Sensor and alarm events (e.g., tamper, loop, motion, nogo-zone)
  • Communication logs required for reliability and diagnostics

7.4. Platform Usage Data

We may also collect certain usage data in our SaaS platforms, such as:
  • Login timestamps and user activity logs
  • Configuration changes (e.g., which user changed what setting and when)
  • Error logs and performance metrics
  • API usage details

7.5. Purpose of Processing in the SaaS Platforms

We process data in our SaaS environments to:
  • Authenticate and authorize users via Microsoft Entra ID or other identity providers
  • Provide role-based access to devices, sites, and configuration settings
  • Display device status, alarms, and history in dashboards
  • Generate notifications and alerts according to customer rules
  • Maintain and improve the reliability, stability, and security of the platform
  • Support customers in troubleshooting and incident management
We do not use iDKey or SaaS platform data for advertising, profiling unrelated to service provision, or selling personal data to third parties.

7.6. Data Retention (iDKey & SaaS)

Retention periods may be defined by your organization’s policies. In general:
  • Identity and login data is retained for as long as the user account remains active or as required by your organization.
  • Device logs and event data are typically retained according to customer configuration and contract.
  • Diagnostic and troubleshooting logs are usually kept for up to 12 months, unless a longer period is required by law or specific agreements.
When data is no longer required, it is deleted or anonymized in accordance with our data retention procedures and any applicable contractual obligations.

8. Security Measures

We implement appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These include, where appropriate:
  • Encrypted communications (e.g., TLS 1.3) for data in transit
  • Encryption at rest where appropriate
  • Strict access controls and role-based access management
  • Use of Microsoft Entra ID and other secure identity mechanisms
  • Regular system monitoring and logging
  • Secure development and change management processes

9. Your Rights

Depending on your jurisdiction and, where applicable, your organization’s policies, you may have certain rights regarding your personal data, including:
  • The right to access the personal data we hold about you
  • The right to request correction of inaccurate or incomplete data
  • The right to request deletion of your data (in certain circumstances)
  • The right to restrict or object to certain types of processing
  • The right to data portability (where applicable)
  • The right to withdraw consent where processing is based on consent
When you use our services through your employer or organization, your requests should generally be directed to your organization, which is the primary data controller. We will assist your organization in responding to such requests where required.

10. Changes to This Privacy Statement

We may update this Privacy Statement from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will update the “Last updated” date at the top of this page and, where appropriate, notify you through our services or by other means.

11. Contact Information

If you have any questions about this Privacy Statement or about how we process personal data, please contact us at:

Shopguard Ltd.
41st, Szépvölgyi road
Budapest – 1037
Hungary

Email:
info@shopguard.com