Terms of Service

Terms of Service

These Terms of Service (“Terms”) govern the use of the Shopguard iDKey platform and related cloud services (“Service”), operated by Shopguard (“we”, “us”, “our”). By accessing or using the Service, the customer (“Customer”, “you”, “your”) agrees to be bound by these Terms. If you do not agree to these Terms, you may not use the Service. These Terms apply to the iDKey SaaS platform, its integrations (including Microsoft Entra ID / Azure Active Directory), device management functions, alerting services, and associated online components.

1. Definitions

“Service”
The Shopguard iDKey cloud platform, web applications, integrations, APIs, and all related services.

“Customer”
The legal entity using the Service, including its employees, contractors, and authorized users.

“Device”
Any Shopguard hardware product or third-party device connected to iDKey.

“User”
Any individual authorized by Customer to access the Service.

“Customer Data” or “Data”
All information submitted to the Service by the Customer or acquired through the use of Devices.

“Personal Data”
Any information relating to an identified or identifiable natural person, as defined under the EU General Data Protection Regulation (GDPR).

2. Access to the Service

2.1 Eligibility

The Service is intended for business and professional use. Customer is responsible for ensuring that Users have valid authorization and access rights.

2.2 Account Provisioning

Access to iDKey typically requires authentication through Microsoft Entra ID (Azure AD) or another supported identity provider. Customer is responsible for configuring its identity provider, including user assignments, roles, and access policies.

2.3 User Responsibility

Customer must ensure that:
  • User accounts are not shared between individuals.
  • Users comply with these Terms and with Customer’s internal policies.
  • Credentials and access tokens are kept secure and confidential.
We are not responsible for unauthorized access caused by configuration errors, compromised accounts, or failures in Customer’s identity provider or internal processes.

3. Customer Data

3.1 Ownership

Customer retains all rights, title, and interest in and to Customer Data. These Terms do not transfer ownership of Customer Data to Shopguard.

3.2 License to Operate the Service

Customer grants Shopguard a limited, non-exclusive, worldwide, royalty-free license to host, process, transmit, and display Customer Data as reasonably necessary to:
  • Provide and maintain the Service.
  • Perform support and troubleshooting.
  • Ensure security, performance, and availability.

3.3 Data Protection

Processing of Customer Data is subject to Shopguard’s Privacy Statement and applicable data protection laws. Where required, additional data processing terms may be agreed in a separate Data Processing Agreement.

3.4 Roles under GDPR

For the purposes of the EU General Data Protection Regulation (GDPR):
  • The Customer acts as the Data Controller in relation to Personal Data that is entered into or generated by the Service on behalf of the Customer (including User identity data and Device-related Personal Data).
  • Shopguard acts as the Customer’s Data Processor when processing such Personal Data on the Customer’s documented instructions.
Nothing in these Terms prevents the Customer from fulfilling its obligations as Data Controller under GDPR.

3.5 Data Processing Agreement (DPA)

Where required by applicable data protection laws (including GDPR), Shopguard and Customer shall enter into a Data Processing Agreement (DPA) governing Shopguard’s processing of Personal Data on behalf of the Customer. If Shopguard provides a DPA and the Customer continues to use the Service or formally accepts it, the DPA becomes an integral part of these Terms.

3.6 Sub-processors

Customer authorizes Shopguard to engage third-party sub-processors for hosting, infrastructure, communications, monitoring, and related services necessary to provide the Service. Shopguard shall:
  • Ensure that all sub-processors are bound by written agreements that impose data protection obligations no less protective than those set out in these Terms and the DPA.
  • Remain responsible towards the Customer for the performance of its sub-processors.
A current list of main sub-processor categories (e.g. cloud hosting, email delivery, monitoring) is available from Shopguard upon request.

3.7 International Data Transfers

If Customer Data (including Personal Data) is transferred outside the European Union (EU) or European Economic Area (EEA) in connection with the Service, Shopguard shall ensure that such transfers comply with GDPR by using appropriate safeguards, which may include:
  • Standard Contractual Clauses (SCCs) approved by the European Commission,
  • Adequacy decisions for the destination country, or
  • Other lawful transfer mechanisms recognized under applicable data protection laws.

3.8 Data Subject Rights and Assistance

To the extent that Shopguard processes Personal Data on behalf of the Customer, Shopguard shall provide reasonable assistance to the Customer in fulfilling its obligations to respond to requests from data subjects under GDPR, such as:
  • Right of access,
  • Right to rectification,
  • Right to erasure (“right to be forgotten”),
  • Right to restriction of processing,
  • Right to data portability, and
  • Right to object to certain processing.
Such assistance will be provided insofar as it is technically feasible and legally required, and may be subject to reasonable costs where permitted by law. Data subjects should direct their requests primarily to the Customer as the Data Controller.

3.9 Security Measures

In addition to the measures described in Section 7 (Security), Shopguard shall implement appropriate technical and organizational measures to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access, as required by Article 32 GDPR, taking into account the state of the art, implementation costs, and the nature, scope, context, and purposes of processing.

3.10 Personal Data Breach Notification

In the event of a Personal Data breach affecting Personal Data processed by Shopguard on behalf of the Customer, Shopguard shall notify the Customer without undue delay after becoming aware of the breach, and shall provide information reasonably required by the Customer to meet its legal obligations under Articles 33 and 34 GDPR. The Customer is responsible for any required notifications to supervisory authorities and affected data subjects, unless otherwise agreed in writing.

3.11 Deletion or Return of Personal Data

Upon termination of the Service or upon the Customer’s written request, Shopguard shall, within a reasonable period and subject to technical feasibility and applicable law:
  • delete Personal Data processed on behalf of the Customer, or
  • return such Personal Data to the Customer in a commonly used format,
unless Shopguard is legally required or entitled to retain certain data for a longer period (for example, for accounting or legal defense purposes).

4. Device Data and Events

The Service processes data from Devices, including but not limited to:
  • Device identifiers, serial numbers, and firmware versions.
  • Device status (online/offline), battery level, RSSI and other metrics.
  • Alarm and sensor events (e.g., tamper, loop, motion, nogo-zone).
  • Communication and diagnostic logs related to system operation.
Customer is responsible for ensuring that Devices are installed, configured, maintained, and updated according to manufacturer guidelines and local regulations.

5. Acceptable Use

Customer agrees not to:
  • Use the Service for any unlawful or unauthorized purpose.
  • Interfere with or disrupt the integrity or performance of the Service.
  • Attempt to gain unauthorized access to systems or data.
  • Reverse engineer, decompile, or attempt to derive source code from the Service.
  • Misuse APIs or automate access in a way that causes excessive load or abuse.
  • Upload or transmit malicious code, malware, or harmful content.
We may suspend or restrict access to the Service if we reasonably believe there is a violation of this section or a risk to security, system integrity, or other customers.

6. Service Availability

6.1 Best-Effort Availability

Shopguard aims to provide reliable and continuous availability of the Service but does not guarantee uninterrupted uptime unless agreed in a separate Service Level Agreement (SLA).

6.2 Maintenance Windows

We may perform scheduled maintenance, upgrades, or improvements, which may result in temporary unavailability of the Service. Where practical, we will schedule such maintenance to minimize disruption.

6.3 Emergency Interruptions

We may suspend or restrict access without prior notice to address emergency issues, including security incidents, system instability, or legal/regulatory obligations.

7. Security

Shopguard implements industry-standard technical and organizational measures to secure the Service and Customer Data, including:
  • Encrypted communications (e.g., TLS) for data in transit.
  • Hardened infrastructure and secure hosting environments.
  • Role-based access control and logging.
  • Secure development and change management practices.
Customer is responsible for securing its own networks, endpoints, and identity provider configurations, and for ensuring that Users follow good security practices.

8. Support

Shopguard may provide support through email, ticketing systems, or other channels. Response times and support levels may depend on the Customer’s chosen support plan or commercial agreement.

9. Fees and Payment

If the Service is provided on a paid subscription or license basis, pricing, payment terms, and billing cycles will be defined separately in an order form, purchase order, or commercial agreement. Unless required by law or stated otherwise:
  • Fees are non-refundable.
  • Non-payment may result in suspension or termination of access.
  • Taxes, duties, and similar charges are the responsibility of Customer.

10. Intellectual Property

All intellectual property rights in and to the Service, including software, documentation, designs, logos, and branding, are owned by Shopguard or its licensors. These Terms do not grant any rights to Customer except as expressly stated herein.

11. Third-Party Services

The Service may rely on or integrate with third-party services such as identity providers (e.g., Microsoft Entra ID), cloud hosting platforms, or communication providers. Customer acknowledges that:
  • Such services are subject to their own terms and conditions.
  • Shopguard does not control the availability or performance of these third-party services.
  • Shopguard is not liable for interruptions or issues caused by third-party services outside its reasonable control.

12. Termination

12.1 Termination by Customer

Customer may stop using the Service at any time. Any contractual termination conditions (e.g., notice periods, minimum terms) will be governed by the applicable commercial agreement.

12.2 Termination by Shopguard

Shopguard may suspend or terminate access to the Service, in whole or in part, if:
  • Customer materially breaches these Terms and fails to remedy the breach.
  • Customer fails to pay applicable fees (where relevant).
  • There is a risk to security, system integrity, or other customers.
  • Shopguard is required to do so by law or regulation.

12.3 Effect of Termination

Upon termination, Customer’s access to the Service will be disabled. Customer may request export of available Customer Data within a reasonable period, subject to technical feasibility and any contractual provisions. Certain Device features that depend on cloud connectivity may cease to function.

13. Disclaimers

To the maximum extent permitted by law, the Service is provided “as is” and “as available”, without warranties of any kind, whether express, implied, statutory, or otherwise. Shopguard specifically disclaims any implied warranties of merchantability, fitness for a particular purpose, and non-infringement.

Shopguard does not warrant that:
  • The Service will be uninterrupted, error-free, or completely secure.
  • All alerts, notifications, or events will be delivered without delay.
  • The Service will meet all of Customer’s requirements or be suitable for safety-critical use without additional measures.

14. Limitation of Liability

To the maximum extent permitted by law, in no event shall Shopguard be liable for any indirect, incidental, special, consequential, or punitive damages, or for any loss of profits, revenue, data, or business opportunities, arising out of or in connection with the use or inability to use the Service.

To the extent permitted by law, Shopguard’s total aggregate liability for any claims arising out of or relating to the Service or these Terms shall not exceed:
  • The amount paid by Customer for the Service in the twelve (12) months preceding the event giving rise to the claim; or
  • If the Service is provided free of charge, one thousand euros (€1,000), whichever is lower.

15. Governing Law and Jurisdiction

These Terms shall be governed by and construed in accordance with the laws of Hungary, without regard to its conflict of law principles.

Governing Law: These Terms shall be governed by and construed in accordance with the laws of Hungary.
Jurisdiction: Any disputes arising out of or in connection with these Terms shall be subject to the exclusive jurisdiction of the courts of Budapest, in particular the Budapest Metropolitan Court (Fővárosi Törvényszék).

16. Changes to These Terms

Shopguard may update these Terms from time to time. When we make material changes, we will update the “Last updated” date at the top of this page and, where appropriate, provide notice through the Service or other channels. Continued use of the Service after the effective date of the revised Terms constitutes acceptance of the updated Terms.

17. Contact Information

If you have questions about these Terms or the Service, please contact:

Shopguard Ltd.
41st, Szépvölgyi road
Budapest – 1037
Hungary

Email:
info@shopguard.com