Privacy

Page

Verisure Desktop Hero

You are a business customer of Verisure

Summary - Privacy Notice for Business Customers

If you are a business representative or an assigned user

General information and the scope of this Privacy Notice

Your right to data protection is very important for us at Verisure. We aim to ensure that you feel comfortable about our processing of your personal data. The purpose of this privacy notice (“Privacy Notice”) is to provide information about how we ensure that your personal data is processed in compliance with applicable data protection legislation. This Privacy Notice concerns the processing of personal data when a business customer (“Business Customer”) uses our services, including our products provided for the delivery of our security alarm monitoring services, devices and cameras (“Services”). As such, this Privacy Notice applies to you as the representative of our business customers (“Business Representative”) and, when applicable, you as a user assigned by our Business Customer (“Assigned User”) who uses our Services.

The Business Customer is asked to ensure that this Privacy Notice is shared with their Business Representatives and Assigned Users.

  • If you are a Residential Customer, please find the applicable Privacy Notice here.

  • If you visit a business premises using Verisure Services, please find the applicable Privacy Notice here.

  • If you visit a residential premises using Verisure Services, please find the applicable Privacy Notice here.

Verisure is the data controller for the processing of your personal data in accordance with this Privacy Notice and we are thus responsible for ensuring that our processing of personal data complies with applicable data protection legislation. For certain processing of personal data, the Business Customer is the data controller, either independently or jointly with Verisure.

When we are processing personal data as a data controller, we ensure that applicable data protection legislation is always complied with and that we only process your personal data for the purposes described in this Privacy Notice.

For more information about the Services which you have chosen to use and the functionality of those Services, please refer to Verisure's General Terms and Conditions, Terms of Service as well as available instructions and manuals. Our Data Processing Agreement (Appendix I and II - Data Processing Agreement and Joint Controller Arrangement) can be found here.

How and why we process your personal data

We only process your personal data if the processing is necessary to fulfil the purposes of the processing described below.

We process your personal data for the following purposes:

  1. Establishment and maintenance of the customer relationship

    1. To enter into a contract with the Business Customer

    2. To administer the contract with the Business Customers, including payments for Services

    3. To administer and enable the existing and returning customer relationship with the utmost care

  2. Provision of Services

    1. To monitor the premises through the Services

    2. To manage alarm triggering events

    3. To follow up previous alarm triggering events

    4. To ensure that we meet our legal obligations to previously active customers

  3. Provision of support to the Business Customers in relation to the Services

    1. To provide customer service and technical support in relation to our Services

    2. To assist Business Customers in case of an insurance claim or other legal claims

    3. To handle customer complaints

    4. To cooperate with law enforcement or regulators to fight crime, comply with our legal obligations or protect the security interests of our Business Customers

  4. Development of Verisure’s Services

    1. Quality assurance

    2. Training of Verisure’s personnel

    3. Development of Verisure’s Services

  5. Provision of Verisure App and Customer Area

  6. Provision of the Verisure web shop

    1. To provide and administer the Business Customer’s orders in our online shop

  7. Marketing and analytics

    1. To market our Services

    2. To administer and analyse our campaigns, promotions, referral programmes, etc. or perform marketing analysis

  8. Verisure’s legal interests

    1. To comply with our legal obligations

    2. To enable restructurings or mergers of the business

    3. To protect our legal interests in the event of a dispute

Complete information about how we process your personal data, including information about the applicable legal bases, the recipients of your personal data, international transfers of personal data and the criteria used to determine applicable retention periods is available here.

Your rights

You have the right to be informed about which personal data relating to you we process and what we do with your personal data. You also have the right of access to your personal data. In certain situations you also have the right to have your personal data erased, to request restriction of the processing of your personal data, the right to data portability as well as the right to object to our processing of your personal data. If we process your personal data based on your consent, you always have the right to withdraw your consent. If you believe that we have processed your data in an unlawful manner, you have the right to lodge a complaint with the Data Protection Commission, whose contact details are:

21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland

Telephone: +353 (01) 765 01 00 (local rate) or 1 800 437 737.

Contact details

If you have any questions regarding this Privacy Notice, our processing of your personal data or if you wish to exercise your rights, please do not hesitate to contact us:

Verisure Services DAC, company registration number 696619

Postal address: F2, Eastpoint Business Park, Dublin 3, Dublin, Ireland, D03 T6P8

E-mail: [email protected]

Website: www.verisure.ie

Complete Privacy Notice for Business Customers

If you are a business representative or an assigned user

Contents
  1. General

    1. 1.1 Your right to data protection is very important to us Verisure Services DAC, reg. no. 696619 (“Verisure”). We aim at ensuring that you feel comfortable about our processing of your personal data. The purpose of this privacy notice (“Privacy Notice”) is to provide information about how we ensure that your personal data is processed in compliance with applicable data protection legislation.

    2. This Privacy Notice concerns the processing of personal data when a business customer (“Business Customer”) uses our services, including our products provided for the delivery of our security alarm monitoring services, devices and cameras (“Services”). As such this Privacy Notice applies to you as the representative of our Business Customer (“Business Representative”) and you as a user assigned by our Business Customer (“Assigned User”), such as an employee of our business customer, who uses our Services.

      The Business Customer is asked to ensure that this Privacy Notice is shared with their Business Representatives and Assigned Users.

      • If you are a Residential Customer, please find the applicable Privacy Notice here.

      • If you visit a business premises using Verisure Services, please find the applicable Privacy Notice here.

      • If you visit a residential premises using Verisure Services, please find the applicable Privacy Notice here.

    3. For more detailed information about the Services which the Business Customer has chosen to use and their functionality, please refer to Verisure's general terms and conditions, terms of service, instructions and manuals.

  2. Data Controller and Data Protection Officer

    1. Verisure is the data controller for the processing of your personal data in accordance with this Privacy Notice and we are thus responsible for ensuring that our processing of personal data complies with applicable data protection legislation.

    2. For certain processing of personal data, the Business Customer is the data controller, either independently or jointly with Verisure.

      Verisure and the Business Customer are joint controllers for processing of personal data when personal data is collected through the Services and when such personal data is made available to the Business Customer via the Verisure App during an alarm triggering event. The personal data processed in this manner may consist of live streaming or continuous video recording (“CVR”) material (limited to devices which have this functionality), video recordings, pictures or audio from an alarm triggering event. This personal data is available to the Assigned Users automatically and in real time via the Verisure App. Verisure is the designated contact point for the processing of your personal data when Verisure and the Business Customer are joint controllers, including for the exercise of the data subjects’ rights under the GDPR (see section 9). You will find our contact details in section 13.

      The Business Customer is an independent data controller when the Business Customer is processing personal data for the following purposes:

      • Self-controlled monitoring functionalities for the Business Customer’s convenience use (not related to an alarm triggering event), such as live streaming, CVR, recording of video, pictures or audio, or use of video doorbell or smart lock.

      • Management of the Verisure Services such as the provision of access permissions to Assigned Users by the Business Customer (e.g. employees).

      • Business Customer’s subsequent processing of the personal data outside of the Verisure environment, e.g., sharing of material with law enforcement or an insurance company.

      The scope of this Privacy Notice is limited to the processing of personal data for which Verisure is a data controller, either independently or jointly with the Business Customer. For further information about the Business Customer’s processing of personal data, please contact the Business Customer.

    3. We have designated a Data Protection Officer (“Data Protection Officer”), who is responsible for monitoring our processing of personal data to ensure that it is carried out in accordance with applicable legislation.

    4. The Data Protection Officer can be reached via [email protected].

  3. Our Processing of Personal Data

    In the tables below you can read more about how we at Verisure process your personal data when you use Verisure Services.

    Purposes

    1. Establishment and maintenance of the customer relationship

      1. To enter into a contract with the Business Customer

        Verisure is the data controller

      2. What we do:

        Categories of personal data:

        Legal basis:

        The criteria used to determine retention period:

        We process personal data of the Business Representative in the context of providing the Business Customer with a quote and to enter into a contract with the Business Customer.

        Contact details of the Business Representative such as name, telephone number, postal address, and email address.

        Miscellaneous information which the Business Representative provides us with, constituting personal data, and which is relevant for the purpose of processing.

        The processing is based on Verisure’s legitimate interest to enter into a contract with the Business Customer (Article 6.1.f GDPR).

        Our assessment is that Verisure’s legitimate interest outweighs the Business Representative’s interests and fundamental rights.

        The personal data is retained for the duration of the contractual relationship with the Business Customer and for a period of up to 6 years after the termination of the contract.

      3. To administer the contract with the Business Customers, including payments for Services

        Verisure is the data controller

      4. What we do:

        Categories of personal data

        :

        Legal basis

        :

        The criteria used to determine retention period

        :

        We process personal data to administer contracts with our Business Customers, for example to manage the installation profile, the user accounts and to process payments for the Services.

        Contact details of the Business Representative and Assigned Users such as name, telephone number, postal address, and email address.

        Payment related data such as information about the person attesting invoices and other personal data related and necessary for processing of payments.

        Miscellaneous information which the Business Representative or Assigned Users provide us with, constituting personal data, and which is relevant for the purpose of processing.

        The processing is based on Verisure’s legitimate interest to administrate the contract with the Business Customer (Article 6.1.f GDPR).

        Our assessment is that Verisure’s legitimate interest outweighs the Business Representative’s interests and fundamental rights.

        The personal data is retained for the duration of the contractual relationship with the Business Customer and for a period of up to 6 years after the termination of the contract.

      5. To administer and enable the existing and returning customer relationship with the utmost care

        Verisure is the data controller

      6. What we do:

        Categories of personal data:

        Legal basis:

        The criteria used to determine retention period:

        We process personal data to be able to administer existing customers and reconnect to the installations once the customer relationship is renewed and the equipment needs to be reactivated.

        Technical data such as signals as tamper, power restore, periodic test and loose internet connectivity, device/node id number and (past) customer contact details.

        The processing is necessary for the commercial legitimate interest of Verisure to enable the device’s reconnection (Article 6.1.f GDPR).

        The personal data is retained for a period of up to 6 years after the termination of the contract.

    2. Provision of Services

      Verisure and the Business Customer are joint controllers

      1. To monitor the premises through the Services

        Verisure and the Business Customer are joint controllers

      2. What we do:

        Categories of personal data:

        Legal basis:

        The criteria used to determine retention period:

        Personal data is collected via Verisure devices to ensure the functioning of the Services as well as to enable detection of alarm triggering events contributing to the safety and security of the Business Customer and individuals present in the monitored premises.

        Personal data collected during an on-going alarm triggering event may be shared with the Business Customer’s Assigned Users in real time during an alarm triggering event in the Verisure App in case such technology settings are available to the Business Customer.

        Passive monitoring:

        Usage information, such as whether the Services are activated or not.

        Active monitoring:

        Personal data collected during an on-going alarm triggering event, such as pictures, video, and audio from the monitored premises.

        The processing is based on Verisure’s legitimate interest to provide Services to the Business Customers and the Business Customer’s legitimate interest to ensure security of their business and employees (Article 6.1.f GDPR).

        Our assessment is that Verisure’s and the Business Customer’s legitimate interests outweigh the affected data subjects’ interests and fundamental rights relating to protection of personal data.

        Please contact us if you would like to receive more information about our legitimate interest assessment.

        Signals from Verisure devices and usage information are stored for a period of up to 90 days from the alarm triggering event unless the data is required under sub-section 8.3.

        Personal data collected during an on-going alarm triggering event are stored for a period of 90 days from the alarm triggering event unless the data is required under sub-section 8.3.

      3. To manage alarm triggering events

        Verisure is the data controller

      4. What we do:

        Categories of personal data:

        Legal basis:

        The criteria used to determine retention period:

        We process personal data to verify the cause of an alarm triggering event.

        During the management of an alarm triggering event Verisure processes personal data and may for example:

        - contact the Business Representative or an Assigned User;
        - identify authorised persons detected in the monitored premises with the help of code words; and
        - share personal data with a privacy security company, law enforcement or other emergency services.

        Personal data collected during an on-going alarm triggering event, such as pictures, video and audio from the monitored premises. The real-time monitoring during an alarm triggering event may entail that sensitive personal data, such as signs of a natural person’s health condition, appear in the content.

        Information provided by the Business Representative or another Assigned User to allow efficient management of alarm triggering events.

        Usage information, such as whether the Services are activated or not and by whom.

        Contact details of the Business Representative and Assigned Users such as name and telephone number.

        Miscellaneous information provided to the ARC and noted by the alarm operator during an on-going alarm triggering event.

        The processing is based on Verisure’s legitimate interest to provide Services to the Business Customers and the Business Customer’s legitimate interest to ensure security of their business and employees (Article 6.1.f GDPR).

        Our assessment is that Verisure’s and the Business Customer’s legitimate interests outweigh the affected data subjects’ interests and fundamental rights relating to protection of personal data.

        Please contact us if you would like to receive more information about our legitimate interest assessment.

        Personal data collected during an on-going alarm triggering event are stored for this purpose for a period of 90 days from the alarm triggering event unless the data is required under sub-section 8.3.

        Other personal data is stored for a period of up to 90 days from the alarm triggering event unless the data is required under sub-section 8.3.

      5. To follow up previous alarm triggering events

        Verisure is the data controller

      6. What we do:

        Categories of personal data:

        Legal basis:

        The criteria used to determine retention period:

        We follow up previously managed alarm triggering events by contacting the Business Representative to ensure that the management of the alarm triggering event was as efficient as possible and to receive information which could be relevant for any future alarm triggering events.

        We may also offer additional or modified security services following an alarm triggering event.

        All information which is processed for the purpose of managing the alarm triggering event (see purpose 2.2).

        Miscellaneous Information and feedback received from the Business Representative which is relevant for future management of alarm triggering events.

        The processing is based on Verisure’s legitimate interest to provide Services to the Business Customers and to follow-up and ensure as efficient provision of the Services as possible (Article 6.1.f GDPR).

        Our assessment is that Verisure’s legitimate interest outweighs the affected data subjects’ interests and fundamental rights relating to protection of personal data.

        Please contact us if you would like to receive more information about our legitimate interest assessment.

        Personal data collected during an on-going alarm triggering event are stored for this purpose for a period of 90 days from the alarm triggering event unless the data is required under sub-section 8.3.

        Other personal data is stored for a period of up to 90 days from the alarm triggering event unless the data is required under sub-section 8.3.

      7. To ensure that we meet our legal obligations to previously active customers

        Verisure is the data controller

      8. What we do:

        Categories of personal data:

        Legal basis:

        The criteria used to determine retention period:

        We process personal data to maintain our compliance with legal (consumer) obligations.

        Past customer contact details as submitted originally for entering into the contract

        The processing is necessary for Verisure’s compliance with legal obligations with customers (Article 6.1.c GDPR).

        The personal data is retained for a period of up to 6 years after the termination of the contract.

    3. Provision of support to the Business Customers in relation to the Services

      1. To provide customer service and technical support in relation to our Services

        Verisure is the data controller

      2. What we do:

        Categories of personal data:

        Legal basis:

        The criteria used to determine retention period:

        We process personal data when we provide the support which is requested by the Business Customer relating to the contract, the Services or the technical functioning of the installation.

        We process personal data to provide support in the event that an alarm is triggered by you or for routine service and maintenance purposes.

        We also process personal data when we manage other requests, such as requests to exercise the rights of a data subject.

        Depending on the request, any personal data processed for the purposes described in this Privacy Notice.

        Miscellaneous information provided by the Business Representative in connection with the customer service situation.

        The processing is based on Verisure’s legitimate interest to provide support to the Business Customers (Article 6.1.f GDPR).

        Our assessment is that Verisure’s legitimate interest outweighs the affected data subjects’ interests and fundamental rights relating to protection of personal data.

        Please contact us if you would like to receive more information about our legitimate interest assessment.

        The personal data is retained for the duration of the customer service matter and for a period of up to 90 days unless the data is required under sub-section 8.3.

      3. To assist Business Customers in case of an insurance claim or other legal claims

        Verisure is the data controller

      4. What we do:

        Categories of personal data:

        Legal basis:

        The criteria used to determine retention period:

        To be able to provide the Business Customer with relevant information in case of insurance or other legal claims, we store personal data and the Business Customers’ requests in an archive with appropriate access restrictions.

        Personal data collected during an on-going alarm triggering event, such as pictures, video, and audio from the monitored premises.

        The processing is based on the Business Customer’s legitimate interest to have access to necessary information in order to handle insurance claims or other legal claims (Article 6.1.f GDPR).

        Our assessment is that the Business Customer’s legitimate interests outweighs the affected data subjects’ interests and fundamental rights relating to protection of personal data.

        Please contact us if you would like to receive more information about our legitimate interest assessment.

        Once we remove the Business Representative’s or other Assigned Users’ personal data from the internal database available to the customer service agents, we maintain the personal data collected during an on-going alarm triggering event with accompanying details in an archive with appropriate access restrictions for a period of time to support customers where evidence is required for insurance or other claims based on what practically is deemed a reasonable timeline for receiving such inquiries from customers and the time needed for insurance companies to handle such claims.

      5. To handle customer complaints

        Verisure is the data controller

      6. What we do:

        Categories of personal data:

        Legal basis:

        The criteria used to determine retention period:

        Depending on the nature of the complaint, we may for example investigate how an alarm triggering event was handled to ensure it was properly conducted.

        Depending on the nature of the complaint, any necessary personal data processed for the purposes described in this Privacy Notice.

        Information about the complaint and any additional information provided by the Business Representative in relation to the management of the complaint.

        The processing is based on Verisure’s legitimate interest to handle and investigate customer complaints (Article 6.1.f GDPR).

        Our assessment is that Verisure’s legitimate interest outweighs the affected data subjects’ interests and fundamental rights relating to protection of personal data.

        Please contact us if you would like to receive more information about our legitimate interest assessment.

        We maintain the personal data collected during the handling of a complaint for a period of 3 years from the date of settlement or closure of the complaint.

      7. To cooperate with law enforcement or regulators to fight crime, comply with legal obligations or protect the security interests of our Business Customers

        Verisure is the data controller

      8. What we do:

        Categories of personal data:

        Legal basis:

        The criteria used to determine retention period:

        We may, when necessary, assist law enforcement or regulators where a legal obligation to provide assistance applies or such cooperation is otherwise motivated and based on a formal and written request for information.

        Personal data collected during an on-going alarm triggering event, such as pictures, video and audio from the monitored premises.

        Other information requested by law enforcement or a regulator which Verisure must share or otherwise considers is necessary to share.

        Processing is necessary to comply with a legal obligation (Article 6.1.c GDPR) or

        The processing is based on Verisure’s legitimate interest to assist law enforcement or regulators in case they receive a formal and written request for information (Article 6.1.f GDPR).

        Our assessment is that Verisure’s legitimate interest outweighs the affected data subjects’ interests and fundamental rights relating to protection of personal data.

        Please contact us if you would like to receive more information about our legitimate interest assessment.

        For as long as is required under applicable law.

    4. Development of Verisure’s Services

      1. Quality assurance

        Verisure is the data controller

      2. What we do:

        Categories of personal data:

        Legal basis:

        The criteria used to determine retention period:

        We record incoming calls to our customer service for quality assurance purposes.

        We also perform analyses of previous alarm triggering events and handling of customer complaints to ensure efficient and correct management of alarm triggering events.

        Personal data processed for the purposes of (1) managing alarm triggering events (see 2.2), (2) following up alarm triggering events (see 2.3) and (3) handling customer complaints (see 3.3).

        Recorded phone calls.

        The processing is based on Verisure’s legitimate interest to investigate and ensure that the Services have been provided in the correct manner (Article 6.1.f GDPR).

        Our assessment is that Verisure’s legitimate interest outweighs the affected data subjects’ interests and fundamental rights relating to protection of personal data.

        Please contact us if you would like to receive more information about our legitimate interest assessment.

        The recorded phone calls are stored for up to 6 months from the call between you and Verisure unless the data is required under sub-section 8.3.

        Other personal data is processed for a period of up to 6 years after the termination of the contract.

      3. Training of Verisure’s personnel

        Verisure is the data controller

      4. What we do:

        Categories of personal data:

        Legal basis:

        The criteria used to determine retention period:

        We record incoming calls to our customer service for the training purposes.

        We also perform analyses of previous alarm triggering events to train our personnel and thus ensure correct management of alarm triggering events.

        Any personal data used for the purpose of training Verisure’s personnel will be pseudonymised so that the natural persons are not identifiable to personnel.

        Personal data processed for the purposes of (1) managing alarm triggering events(see 2.2), following up alarm triggering events (see 2.3) and (3) handling customer complaints (see 3.3) in pseudonymised format.

        Recorded phone calls.

        The processing is based on Verisure’s legitimate interest to train its personnel and thus ensure the highest possible level of Service (Article 6.1.f GDPR).

        Our assessment is that Verisure’s legitimate interest outweighs the affected data subjects’ interests and fundamental rights relating to protection of personal data.

        Please contact us if you would like to receive more information about our legitimate interest assessment.

        The recorded phone calls are stored for up to 6 months from the call between you and Verisure unless the data is required under sub-section 8.3.

        Other personal data is processed for a period of up to 6 years after the termination of the contract.

      5. Development of Verisure’s Services

        Verisure is the data controller

      6. What we do:

        Categories of personal data:

        Legal basis:

        The criteria used to determine retention period:

        We process personal data to further develop our Services, for example by making our devices more precise, improving the customer experience etc.

        We record incoming calls to our customer service. We also perform analyses of previous alarm triggering events.

        Any personal data used for the purpose of developing Verisure’s Services will be pseudonymised so that the natural persons are not identifiable to personnel.

        Personal data processed for the purposes of (1) managing alarm triggering events (see 2.2), following up alarm triggering events (see 2.3) and (3) handling customer complaints (see 3.3) in pseudonymised format.

        Recorded phone calls.

        The processing is based on Verisure’s legitimate interest to develop Verisure’s services thus ensure the highest possible level of Service (Article 6.1.f GDPR).

        Our assessment is that Verisure’s legitimate interest outweighs the affected data subjects’ interests and fundamental rights relating to protection of personal data.

        Please contact us if you would like to receive more information about our legitimate interest assessment.

        The recorded phone calls are stored for up to 6 months from the call between you and Verisure unless the data is required under sub-section 8.3.

        Other personal data is processed for a period of up to 6 years after the termination of the contract.

    5. Provision of Verisure App and Customer Area

      1. Provision of Verisure App and Customer Area

        Verisure is the data controller

      2. What we do:

        Categories of personal data:

        Legal basis:

        The criteria used to determine retention period:

        We process personal data to provide certain services online or through mobile devices and to provide information through so-called push messages (e.g., status messages about the alarm system, payment deadlines etc.) to you and your Business Representatives/Assigned Users who have the Verisure App.

        GPS position and Geo-location: We process the GPS position of protected locations in order to, for example, dispatch a private security guard as quickly as possible.

        Where you have consented, we may track the GPS position of your mobile device to provide you with the @Home SOS service, allowing us under some conditions to process an SOS signal launched from your Verisure App, and/or send you push notifications relevant to your location. You can turn off your mobile device's geolocation at any time from your device settings (in which case you will not be able to take advantage of all the services offered by the app). Geo-location relies on default maps SDKs, such as Google Maps SDK to geo-localise the device.

        The Verisure App uses the map service of Google Maps from Google Ireland Limited for users from the Republic of Ireland. If you visit the Google Maps service on the Verisure App whilst you are logged into your Google profile, Google can also link this event to your Google profile. You can object to this data collection by contacting Google.

        When installing the Verisure App, necessary information is transferred to the respective app store (username, email address and your account’s customer number), the time of download and the individual device identification number. We have no control over this data collection and are not responsible for it.

        Contact details such as name, telephone number, postal address, and email address.

        Contact details of the Business Representative and Assigned Users such as name and telephone number.

        Information about the Business Representative such as job title.

        Username, password and account details including account number and service payments details.

        Standard technical data such as IP address of the device used, date and time of request, operating system details, location, the ISP, online identifiers (e.g. device identifiers, session IDs) etc.,

        Personal data related to cookies used. Please refer to our Cookie Policy for further details.

        The processing is necessary for the performance of the contract with the Business Customer (Article 6.1.b GDPR).

        The processing is based on Verisure’s legitimate interest to enable the use of the Versiure App and Verisure services, facilitate the functionality and safety of Verisure’s systems, and provide product recommendations (Article 6.1.f GDPR).

        Our assessment is that Verisure’s legitimate interest outweighs the affected data subjects’ interests and fundamental rights relating to protection of personal data.

        Please contact us if you would like to receive more information about our legitimate interest assessment.

        The personal data is retained for the duration of the contractual relationship with the Business Customer and for a period of up to 6 years after the termination of the contract.

    6. Provision of the Verisure web shop

      1. To provide and administer the Business Customer’s orders in our online shop

        Verisure is the data controller

      2. What we do:

        Categories of personal data:

        Legal basis:

        The criteria used to determine retention period:

        We offer online web shop platforms to provide our product assortment for direct sale to business customers.

        Account details for placing an order including customer contact details such as name, email address, phone number, password of choice, financial details for payment.

        For performance of a contract (Article 6.1.b GDPR), as you as a customer agree to our Terms and Conditions to establish the sale of goods.

        The account details are maintained for the period of an active customer account and after termination of a customer account in accordance with applicable law in order to meet consumer law obligations applying to our provision of service and queries.

    7. Marketing and analytics

      1. To market our Services

        Verisure is the data controller

      2. What we do:

        Categories of personal data:

        Legal basis:

        The criteria used to determine retention period:

        We may market our Services to you via email, post, SMS or telephone. Further, we may use customised online advertising to market our Services. If you do not wish to receive direct marketing, you may always object to this by using the “unsubscribe” link in our communications or by contacting us via[email protected].

        When it comes to customised online advertising, we may share your personal data with third parties acting as data controllers, joint controllers together with Verisure or as independent data controllers. For example, we use analytics tools to provide relevant marketing online.

        Contact details of the Business Representative such as name, telephone number, postal address, and email address.

        Information about the Business Representative such as job title.

        Behavioural data, such as which emails you have opened, which links you have chosen to click on and an IP address.

        The processing is based on Verisure’s legitimate interest to market its services to Verisure’s existing Business Representatives (Article 6.1.f GDPR).

        Our assessment is that Verisure’s legitimate interest outweighs the Business Representatives’ interests and fundamental rights relating to protection of personal data.

        Please contact us if you would like to receive more information about our legitimate interest assessment.

        The processing is based on your consent where you have consented to Verisure marketing its services to you (Article 6.1.a GDPR).

        -->

        You can withdraw your consent at any time, by using the “unsubscribe” link contained in our marketing emails or contacting us via [email protected].

        The personal data is stored and used throughout the contractual relationship and up to 6 months after the contractual relationship ends.

      3. To administer and analyse our campaigns, promotions, referral programmes, etc. or perform marketing analysis

        Verisure is the data controller

      4. What we do:

        Categories of personal data:

        Legal basis:

        The criteria used to determine retention period:

        When may use your data for market and opinion research purposes. In principle, we evaluate the data anonymously for internal purposes. If, exceptionally, surveys are not evaluated anonymously, the data will only be collected with your consent.

        We use your personal data, such as data derived from statistical compilations, market segmentations and satisfaction surveys for the purposes of conducting marketing analyses. The results of our analyses are used to improve our customer service, to offer new solutions or to adapt our website and/or app, improving, replacing and developing new products and services, processes or working methods with the goal of developing our business, and to improve our standards.

        We use various third-party providers of satisfaction surveys including Medallia and Kantar.

        We may use your personal data for marketing personalisation (creating marketing profiles in order to understand preferences in relation to our products and services, and to deliver personalised advertising), list-based matching via social media providers such as Facebook, (to show our adverts on their platform), lookalike matching and matching activity with the following third parties: Meta Platforms, Nextdoor, TikTok and Snapchat.

        We may contact prospective customers who you have referred to Verisure. Please ensure that you have obtained their consent prior to providing their personal data to Verisure.

        Contact details of the Business Representative such as name, telephone number, postal address, email address and IP address.

        The categories of personal data we process for business development include contact details, demographic data, etc.

        Contact details of the Business Representative referred individual such as name, telephone number and email address.

        The processing is based on Verisure’s legitimate interest to promote and improve its products and services, as well as to administer and analyse its marketing strategies (Article 6.1.f GDPR).

        Our assessment is that Verisure’s legitimate interest outweighs the affected data subjects’ interests and fundamental rights relating to protection of personal data.

        Please contact us if you would like to receive more information about our legitimate interest assessment.

        The processing is based on your consent where you have consented to Verisure marketing its services to you (Article 6.1.a GDPR).

        You can withdraw your consent at any time, by using the “unsubscribe” link contained in our marketing emails or contacting us via[email protected].

        The personal data is stored and used throughout the contractual relationship and up to 6 months after the contractual relationship ends.

    8. Verisure’s legal interests

      1. To comply with our legal obligations

        Verisure is the data controller

      2. What we do:

        Categories of personal data:

        Legal basis:

        The criteria used to determine retention period:

        We may need to process personal data in order to comply with our legal obligations.

        All categories of personal data processed for the purposes described in this Privacy Notice.

        The processing of personal data is necessary for the performance of Verisure's legal obligations (Article 6.1.c GDPR)

        The personal data is retained for as long as necessary to comply with the applicable legal obligation.

      3. To enable restructurings or mergers of the business

        Verisure is the data controller

      4. What we do:

        Categories of personal data:

        Legal basis:

        The criteria used to determine retention period:

        In the event that Verisure is restructured, e.g. split into several different businesses, or if a merger occurs, the new company may continue to use your personal data for the same purposes as we have stated in this Privacy Notice, unless you receive different information in connection with the restructuring or merger.

        All categories of personal data processed for the purposes described in this Privacy Notice.

        The processing is based on Verisure’s legitimate interest to enable a restructuring process or a merger (Article 6.1.f GDPR).

        Our assessment is that Verisure’s legitimate interest outweighs the affected data subjects’ interests and fundamental rights relating to protection of personal data.

        Please contact us if you would like to receive more information about our legitimate interest assessment.

        If Verisure ceases to exist through a merger, or in the event of restructuring, we will erase the personal data as long as the retention of such personal data is not required by law.

        In other cases, your personal data will be processed in accordance with this Privacy Notice.

      5. To protect our legal interests in the event of a dispute

        Verisure is the data controller

      6. What we do:

        Categories of personal data:

        Legal basis:

        The criteria used to determine retention period:

        We may need to process your personal data in order to protect our legal interests in the event of a dispute, such as to establish, exercise or defend legal claims.

        All categories of personal data processed for the purposes described in this Privacy Notice.

        The processing is based on Verisure’s legitimate interest to protect our legal interests in the event of a dispute (Article 6.1.f GDPR).

        Our assessment is that Verisure’s legitimate interest outweighs the affected data subjects’ interests and fundamental rights relating to protection of personal data.

        Please contact us if you would like to receive more information about our legitimate interest assessment.

        The personal data is retained for as long as they are needed to establish, exercise or defend a legal claim, in any event, for a maximum of 6 years after the termination of the contract.

  4. Collection of Personal Data

    1. The personal data that we process may be provided directly by the data subject or from the data subject’s use of or interaction with our Services. Personal data may also be collected via the Business Customer.

    2. In certain situation, we also collect and/or receive personal data from various companies we work with, such as lead generation companies and customer list providers. Whenever possible, we aim to work with companies based in the United Kingdom or the EU/EEA.

    3. Special category personal data

      You may consider it necessary to provide information to Verisure about special requirements in order to receive our services, such as health data (i.e. hearing impairment or physical disability), which are relevant for the efficient management of delivering our alarm monitoring services to you. In such cases, Verisure may have to process this information about your health (e.g. regarding impairment of hearing that prevents you from hearing the siren), or other form of disability. In some cases, there may also be instances where we may have to collect and process this information for other legal requirements.

      Such health data is a special category of personal data. This means we must treat it with extra care under applicable data protection requirements.

      This special category personal data may be provided by you or indirectly during or following your interactions with us (through e.g., chat, e-mail, text messages, calls to our customer services centre or in person during a maintenance visit recorded by our employees).

      Where we process such special category personal data we will do so, based on the following legal basis and purposes where:

      1. it is necessary to protect your, or someone else’s, vital interests:

        • we reasonably believe that you or another person are at risk of harm (if we do not process the data about you) and the processing is necessary to protect you or them from harm or to protect physical, mental or emotional well-being;

        • we reasonably believe it is necessary to protect the economic well-being of you or another person, where you or that person is less able to protect your own economic well-being by reason of physical or mental injury, illness or disability;

      2. it is necessary for the prevention or detection of an unlawful act;

      3. we need to carry out our obligations or rights in connection with employment, for example where we need to protect our staff members from harm.

      4. we may also collect such data where we have your consent to do so.

      Where you choose to provide health data voluntarily which it is not clear to us obviously falls into any of the categories above, we will discuss with you whether we should retain it and, if necessary (and not for the above purposes) will obtain your consent to future processing of that data.

      This paragraph only applies to your special category personal data and should be read in conjunction with our wider privacy notice which governs the collection and processing of all personal data about you. If you need more information on the above, or have any queries, please do not hesitate to contact us.

  5. Retention of Personal Data

    1. We will only process personal data for the period set out in this Privacy Notice (see section 3).

    2. When we no longer need to process the personal data for the pre-identified purposes or a retention period for the personal data lapses, we will delete it from our systems, databases and backups.

  6. With Whom Do We Share Your Personal Data

    1. Verisure may share personal data with trusted third parties if such sharing is necessary either based on Verisure’s legitimate interest or a legal obligation. Sharing of personal data may also be necessary for us to perform our contractual obligations towards our Business Customers.

    2. Personal data may be shared with other companies in the Verisure Group or with our partner companies in connection with the provision of our Services, as described in the table below. Each recipient of your personal data is subject to corresponding legal or contractual obligations to those obligations which apply to Verisure, including an obligation to process your personal data securely and in accordance with applicable data protection legislation.

    3. We may share your data with:

      Categories of personal data that are shared:

      Customer experience providers such as Amazon Cloud Cam which provide us with storage services.

      Contact details, such as name, telephone number, postal address and e-mail address.

      Information in the alarm log, such as information about when the Services are activated and de-activated and any communications between you and Verisure in the context of management of alarm triggering events.

      Service providers such as KHC Ltd who process personal data in order to provide requested services.

      Contact details, such as name, telephone number, postal address and e-mail address.

      Telephone service providers such as Inconcert, who provide services connected to our contact with individuals by phone.

      Personal data provided through calls with Verisure.

      Partners such as business introducers and online sales sites who provide us with sales services.

      Contact details, such as name, telephone number, postal address and e-mail address.

      Payment data, such as credit and debit card details, bank account number and other information related to payment of the Service.

      Information about the Assigned Users of our Services.

      Additional personal data provided by the Business Representative in the correspondence with Verisure regarding sales or customer service matters relating to our contractual relationship (through e.g., chat, e-mail, text messages).

      Cloud infrastructure providers, such as Microsoft, constituting part of the Verisure infrastructure. The processing of personal data is subject to strict technical and organisational security measures.

      All categories of personal data except alarm log data.

      FFinancial Services providers to process payments (e.g. SUMUP, HUMM, PAYPLANET, GoCardless and Accountis Europe Limited), handle claims, collect debts and for advisory.

      In addition, Verisure shares personal data with debt collection agencies to enforce unpaid debts.

      Contact details, such as name, telephone number, postal address and e-mail address.

      Information in the alarm log, such as information about when you activate and de-activate the alarm monitoring system and any communications between you and Verisure in the context of alarm management.

      Marketing and market research providers such as Medallia, Kantar, Meta, Google which Verisure works with to conduct marketing activities, market research and customer research.

      Your contact details, such as name, telephone number, postal address and e-mail address.

      Information in the alarm log, such as information about when you activate and de-activate the alarm monitoring system and any communications between you and Verisure in the context of alarm management.

      Information shared with Meta and Google: Verisure only shares encrypted email addresses with these recipients.

      Private security companies, such as Securitas Security Services (UK) Limited, process your personal data in order to respond to incidents when Verisure sends security guards to your property.

      Your contact details, such as name, telephone number, postal address and e-mail address.

      Images and audio in in an alarm situation, such as images, video and audio that may include your personal data and the personal data of others if they are present when the alarm is triggered.

      Additional personal data provided by the Business Representative in your correspondence with us (through e.g., phone, chat, e-mail, text messages).

      Collaboration partners such as insurance companies and leasing companies who may process your personal data for different purposes if you consent to such sharing.

      All categories of personal data, subject to your explicit consent.

      Authorities or equivalent third parties, such as the police authority or emergency centre, for example in the event of a break-in or accident.

      Your contact details, such as name, telephone number, postal address and e-mail address.

      Images and audio in in an alarm situation, such as images, video and audio that may include your personal data and the personal data of others if they are present when the alarm is triggered.

      Additional personal data provided by the Business Representative in your correspondence with us (through e.g., chat, e-mail, text messages).

      The acquirer or other successor in the event of mergers, divestments, restructuring, reorganisation, dissolution and other sale or transfer of Verisure's assets.

      All categories of personal data.

      Authority or equivalent third party in connection with audits, court proceedings or other similar purposes. The information may be shared for the purposes of complying with legal obligations and protecting our legal interests in the event of a dispute.

      All categories of personal data.

    4. Please note that this list may be updated from time to time.

  7. Automated Decision-Making

    1. We do not use automated decision-making.

  8. Where is Your Data Processed?

    1. We aim to always process your personal data in the United Kingdom and the EU/EEA. In some circumstances we may need to transfer your personal data to a country outside of the United Kingdom and the EU/EEA (“Third Country”). In case your personal data is transferred to a Third Country, we will ensure that your personal data will continue to be subject to an essentially equivalent level of protection as in the United Kingdom and the EU/EEA.

  9. Your Rights

    1. Our responsibility for your rights

      1. As a data controller, we are responsible for ensuring that your personal data is processed in compliance with applicable data protection laws and that you can effectively exercise your rights as a data subject. You may contact us at any time if you wish to exercise your rights. You will find the contact details in the end of this Privacy Notice.

      2. We have an obligation to respond to your requests to exercise your rights within one month from receiving your request. If your request is complex or if we have received many requests, we may extend this deadline by two more months. If we are unable to take the action which you have requested within one month, we will inform you about the reason for the delay and about your right to lodge a complaint to a supervisory authority and to seek a judicial remedy.

      3. You will not be charged for any information, communication or measures that we take to manage and answer to your request. However, if your request is manifestly unfounded or excessive, we may charge an administrative fee for providing the information or taking the action requested or refuse to act on your request altogether.

    2. Your right to access, rectification, erasure and restriction

      1. You have the right to request:

        1. Access to your personal data. This means that you have the right to request access to personal data that we hold about you. You also have the right to be provided, at no cost, information about what personal data we are processing about you. We have the right to charge a reasonable administration fee if you request further copies. If you make a request by electronic means, e.g. via email, we will provide you with the information in commonly used electronic format.

        2. Rectification of your personal data. At your request or on our own initiative, we will correct, anonymise, delete or complete data which we find out is inaccurate, incomplete or misleading. Also, you have the right to request that we correct your personal data if something relevant is missing.

        3. Erasure of your personal data. You have the right to request that we erase your personal data if there is no compelling reason for us to continue processing the personal data. Compelling reasons for us to continue processing may be:

          1. processing is necessary for the right of freedom of expression and information,

          2. processing is necessary to comply with a legal obligation,

          3. processing is necessary for reasons of public interests in the area of public health,

          4. processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes or

          5. processing is necessary for the establishment, exercise or defence of legal claims.

          Your personal data will be erased if none of the circumstances above are applicable and if:

          1. the personal data is no longer needed for the purpose for which we collected them,

          2. we process your personal data based on your consent and you withdraw your consent,

          3. you object to us processing your personal data which is based on a legitimate interest assessment, and we have no compelling interests that overrides your interests or rights and freedoms,

          4. we have processed your personal data unlawfully or

          5. we have a legal obligation to erase your personal data.

        4. Right to request restriction processing. Right to request restriction of processing means that we temporarily restrict the processing of your data. You have the right to request restriction when:

          1. you consider your data to be inaccurate and you have requested rectification as defined in paragraph 9.2.1 b), while we establish the accuracy of the personal data,

          2. the processing is unlawful, and you do not want the data to be erased,

          3. as the data controller, we no longer need to process the personal data for our processing purposes, but you need your personal data to be able to establish, exercise or defend a legal claim, or

          4. you have objected to processing as defined in paragraph 9.3, while waiting for our assessment of whether our legitimate interests override yours.

      2. We will take all reasonable measures possible to notify everyone who has received personal data as stated in Section 6 above if we have rectified, erased or restricted access to your personal data after you have requested us to do so. At your request, we will provide you with more information about the recipients of your personal data.
    3. Your right to object to processing

      1. You have the right to object to the processing of your personal data if our processing is based upon legitimate interest (see Section 3 above). If you object to such processing, we will only continue to process your personal data if we have compelling reasons for doing so which override your interests or rights and freedoms or if the processing is necessary for the establishment, exercise or defence of legal claims.

      2. If you do not wish that we use your personal data for direct marketing purposes, you always have the right to object to such processing by contacting us. We will cease to use your personal data for that purpose when we have received your objection.

    4. Your right to withdraw consent

      1. If we process your personal data based on your consent as the legal basis, you always have the right to withdraw your consent. You can do this at any time by contacting us. Our contact details are found in the end of this Privacy Notice.

    5. Your right to data portability

      1. You have right to data portability when we process your personal data by automated means and when the legal basis for the processing is your consent or performance of a contract.

      2. Right to data portability means that you have the right to receive the personal data we process about you in machine-readable format which allows you to transfer these personal data to another data controller. You may also request us to transfer the personal data directly to another data controller.

    6. Your right to complain to the supervisory authority

      1. 9.6.1 You have the right to lodge a complaint with a supervisory authority in the European Member State of your residence if you are not satisfied with our processing of your personal data. The contact details are:

        21 Fitzwilliam Square South, Dublin 2, D0 RD38,

        Tel: +353 (01) 765 01 00 (local rate) or 1 800 437 737.

  10. We Protect Your Personal Data

    1. We are committed to ensuring that you always feel comfortable when providing your personal data to us. We have therefore implemented both technical and organisational security measures, including access restrictions and regular internal controls, to best protect your personal data against, for example, unauthorised access, alteration, or loss. Should a data breach that materially impacts you or your personal data, e.g. entailing risk of fraud or identity theft, occur, we will contact you to explain what has happened and to provide you with advice on how you can mitigate any potential adverse effects of such data breach relevant for you.

  11. Cookies

    1. We use cookies and similar technologies (“Cookies”) on our website and app in order to, inter alia, improve your experience with us and to simplify and adapt our website to your needs and preferences. In our Privacy Notice for Website Visitors, we inform you about how we process your personal data when you visit our website or app. If you would like to know more about our use of cookies, please refer to our Cookie Policy here.

  12. Changes to this Privacy Notice

    1. This Privacy Notice was updated in June 2024.

    2. We reserve the right to change this Privacy Notice at any time. The latest version of the notice will always be available on our website.

    3. When we make changes which are not purely linguistic or editorial, you will be notified about the changes within a reasonable time prior to the changes taking effect. If you do not agree to the changes, you have the right to object to the processing before the changes take effect.

  13. How to Contact Us

    Our Data Protection Officer acts as the main point of contact for all matters relating to our Privacy Notice. The Data Protection Officer or the local contact person can be contacted by email at [email protected].

    If you have any complaints or questions about how we use your personal data, please do not hesitate to contact us:

    Verisure Services DAC, company registration number 696619

    Postal address: 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland

    E-mail: [email protected]

    Website: www.verisure.ie

You are a visitor to a business customer of Verisure

Summary - Privacy Notice for Business Customers’s Data Subjects

If you visit premises with Verisure Services

General information and the scope of this Privacy Notice

Your right to data protection is very important for us at Verisure. We aim to ensure that you feel comfortable about our processing of your personal data. The purpose of this privacy notice (“Privacy Notice”) is to provide information about how we ensure that your personal data is processed in compliance with applicable data protection legislation. This Privacy Notice applies to individuals whose personal data is collected through our security alarm monitoring services, devices and cameras used by our Business Customers (“Services”), e.g. if you visit premises where the Services are installed and used.

  • If you are a Business Customer, please find the applicable Privacy Notice here.

  • If you are a Residential Customer, please find the applicable Privacy Notice here.

  • If you visit a residential premises using Verisure Services, please find the applicable Privacy Notice here.

Verisure is the data controller for the processing of your personal data in accordance with this Privacy Notice and we are thus responsible for ensuring that our processing of personal data complies with applicable data protection legislation. For certain processing of personal data, the Business Customer is the data controller, either independently or jointly with Verisure. For further information about the Business Customer’s processing of personal data, please refer to the Business Customer’s own privacy notice.

When we are processing personal data as a data controller, we ensure that applicable data protection legislation is always complied with and that we only process your personal data for the purposes described in this Privacy Notice.

If you believe that your data protection rights may have been breached, you have the right to lodge a complaint with the Data Protection Commission, whose contact details are:

21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland

Telephone: +353 (01) 765 01 00 (local rate) or 1 800 437 737.

How and why we process your personal data

We only process your personal data if the processing is necessary to fulfil the purposes of the processing described below.

We process your personal data for the following purposes:

  1. Provision of Services

    1. To monitor the premises through the Services

    2. To manage alarm triggering events

    3. To follow up previous alarm triggering events

    4. To ensure that we meet our legal obligations in respect of previously active customers

  2. Provision of support to the Business Customers in relation to the Services

    1. To provide customer service and technical support in relation to our Services

    2. To assist Business Customers in case of an insurance claim or other legal claims

    3. To handle customer complaints

    4. To cooperate with law enforcement or regulators to fight crime, comply with our legal obligations or protect the security of our Business Customers

  3. Development of Verisure’s Services

    1. Quality assurance

    2. Training of Verisure’s personnel

    3. Development of Verisure’s Services

  4. Verisure’s legal interests

    1. To comply with our legal obligations

    2. To enable restructurings or mergers of the business

    3. To protect our legal interests in the event of a dispute

Complete information about how we process your personal data, including information about the applicable legal bases, the recipients of your personal data, international transfers of personal data and the criteria used to determine applicable retention periods is available here.

Your rights

You have the right to be informed about which personal data relating to you we process and what we do with your personal data. You also have the right of access to your personal data. In certain situations you also have the right to have your personal data erased, to request restriction of the processing of your personal data, the right to data portability as well as the right to object to our processing of your personal data. If we process your personal data based on your consent, you always have the right to withdraw your consent. If you believe that we have processed your data in an unlawful manner, you have the right to lodge a complaint to the Data Protection Commission whose contact details are:

21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland

Telephone: +353 (01) 765 01 00 (local rate) or 1 800 437 737.

Contact details

If you have any questions regarding this Privacy Notice, our processing of your personal data or if you wish to exercise your rights, please do not hesitate to contact us:

Verisure Services DAC, company registration number 696619

Postal address: F2, Eastpoint Business Park, Dublin 3, Dublin, Ireland, D03 T6P8

E-mail: [email protected]

Website: www.verisure.ie

Complete Privacy Notice for Business Customers’s Data Subjects

If you visit premises with Verisure Services

Contents
  1. General

    1. Your right to data protection is very important to us at Verisure Services DAC, reg. no. 696619 ("Verisure"). We aim at ensuring that you feel comfortable about our processing of your personal data. The purpose of this privacy notice (“Privacy Notice”) is to provide information about how we ensure that your personal data is processed in compliance with applicable data protection legislation.

    2. This Privacy Notice applies to individuals whose personal data is collected through our business customer’s (“Business Customer”) security alarm systems and devices provided by Verisure (“Services”), e.g. if you are visiting or working at premises which use the Services.

      • If you are a Business Customer, Assigned User or Emergency Contact please find the applicable Privacy Notice here.

      • If you are a Residential Customer, please find the applicable Privacy Notice here.

      • If you are a visitor of residential premises using Verisure Services, please find the applicable Privacy Notice here.

  2. Data Controller and Data Protection Officer

    1. Verisure is the data controller for the processing of your personal data in accordance with this Privacy Notice and we are thus responsible for ensuring that our processing of personal data complies with applicable data protection legislation.

    2. For certain processing of personal data, the Business Customer is the data controller, either independently or jointly with Verisure.

      Verisure and the Business Customer are joint controllers for processing of personal data when personal data is collected through the Services and when such personal data is made available to the Business Customer via the Verisure App during an alarm triggering event. The personal data processed in this manner may consist of live streaming or continuous video recording (“CVR”) material (limited to devices which have this functionality), video recordings, pictures or audio from an alarm triggering event. This personal data is available to the Assigned Users automatically and in real time via the Verisure App. Verisure is the designated contact point for the processing of your personal data when Verisure and the Business Customer are joint controllers, including for the exercise of the data subjects’ rights under the GDPR (see section 9). You will find our contact details in section 13.

      The Business Customer is an independent data controller when the Business Customer is processing personal data for the following purposes:

      • Self-controlled monitoring functionalities for the Business Customer’s convenience use (not related to an alarm triggering event), such as live streaming, CVR, recording of video, pictures or audio, or use of video doorbell or smart lock.

      • Business Customer’s management of the Verisure Services such as the provision of access permissions to third parties by the Business Customer (e.g., employees).

      • Business Customer’s subsequent processing of the personal data outside of the Verisure environment, e.g., sharing of material with law enforcement or an insurance company.

      The scope of this Privacy Notice is limited to the processing of personal data for which Verisure is a data controller, either independently or jointly with the Business Customer. For further information about the Business Customer’s processing of personal data, please contact the Business Customer.

    3. We have designated a Data Protection Officer (“Data Protection Officer”), who is responsible for monitoring our processing of personal data to ensure that it is carried out in accordance with applicable legislation.

    4. The Data Protection Officer can be reached via [email protected].

  3. Our Processing of Personal Data

    In the tables below you can read more about how we at Verisure process your personal data when you use Verisure Services.

    Purposes

    1. Provision of Services

      1. To monitor the premises through the Services

        Verisure and the Business Customer are joint controllers

      2. What we do:

        Categories of personal data:

        Legal basis:

        The criteria used to determine retention period:

        Personal data is collected via Verisure devices to ensure the functioning of the Services as well as to enable detection of alarm triggering events contributing to the security of the Business Customer and the safety of the individuals in the monitored premises.

        Personal data collected during an on-going alarm triggering event may be shared with the Business Customer and/or Assigned Users in real time during an alarm triggering event in the Verisure App in case such technology settings are available to the Business Customer.

        Personal data collected during an on-going alarm triggering event, such as pictures, video, and audio from the monitored premises.

        The processing is based on Verisure’s legitimate interest to provide Services to the Business Customers and the Business Customer’s legitimate interest to ensure security of their premises (Article 6.1.f GDPR).

        Our assessment is that Verisure’s and the Business Customer’s legitimate interests outweigh the affected data subjects’ interests and fundamental rights relating to protection of personal data.

        Please contact us if you would like to receive more information about our legitimate interest assessment.

        Personal data collected during an on-going alarm triggering event are stored for a period of 90 days from the alarm triggering event unless the data is required under sub-section 4.3.

      3. To manage alarm triggering events

        Verisure is the data controller

      4. What we do:

        Categories of personal data:

        Legal basis:

        The criteria used to determine retention period:

        We process personal data to verify the cause of an alarm triggering event.

        During the management of an alarm triggering event Verisure processes personal data and may for example:

        - identify authorised persons detected in the monitored premises with the help of code words; and

        - share personal data with a privacy security company, law enforcement or other emergency services.

        Personal data collected during an on-going alarm triggering event, such as pictures, video and audio from the monitored premises. The real-time monitoring during an alarm triggering event may entail that sensitive personal data such as signs of a natural person’s health condition appear in the content.

        The processing is based on Verisure’s legitimate interest to provide Services to the Business Customers and the Business Customer’s legitimate interest to ensure security of their premises (Article 6.1.f GDPR).

        Our assessment is that Verisure’s and the Business Customer’s legitimate interests outweigh the affected data subjects’ interests and fundamental rights relating to protection of personal data.

        Please contact us if you would like to receive more information about our legitimate interest assessment.

        Sensitive personal data:

        In the exceptional situations where health information or other sensitive personal data is processed during an on-going alarm triggering event, sensitive personal data may be processed based on the exemption relating to the vital interests of the data subject or another natural person (Article 9.2.c GDPR).

        Personal data collected during an on-going alarm triggering event are stored for this purpose for a period of 90 days from the alarm triggering event unless the data is required under sub-section 4.3.

      5. To follow up previous alarm triggering events

        Verisure is the data controller

      6. What we do:

        Categories of personal data:

        Legal basis:

        The criteria used to determine retention period:

        We follow up previously managed alarm triggering events by contacting the Business Customer to ensure that the management of the alarm triggering event was as efficient as possible and to receive information which could be relevant for any future alarm triggering events.

        Personal data collected during an on-going alarm triggering event, such as pictures, video, and audio from the monitored premises.

        Miscellaneous information provided to the ARC and noted by the alarm operator during an on-going alarm triggering event.

        The processing is based on Verisure’s legitimate interest to provide Services to the Business Customers and to follow-up and ensure as efficient provision of the Services as possible (Article 6.1.f GDPR).

        Our assessment is that Verisure’s legitimate interest outweighs the affected data subjects’ interests and fundamental rights relating to protection of personal data.

        Please contact us if you would like to receive more information about our legitimate interest assessment.

        Personal data collected during an on-going alarm triggering event are stored for this purpose for a period of 90 days from the alarm triggering event unless the data is required under sub-section 4.3.

        Other personal data is stored for a period of up to 90 days from the alarm triggering event unless the data is required under sub-section 4.3.

      7. To ensure that we meet our legal obligations in respect of previously active customers

        Verisure is the data controller

      8. What we do:

        Categories of personal data:

        Legal basis:

        The criteria used to determine retention period:

        We process personal data to maintain our compliance with legal (consumer) obligations.

        Past customer contact details as submitted originally for entering into the contract

        The processing is necessary for Verisure’s compliance with legal obligations with customers (Article 6.1.c GDPR).

        The personal data is retained for a period of up to 6 years after the termination of the contract.

    2. Provision of support to the Customers in relation to the Services

      1. To provide customer service and technical support in relation to our Services

        Verisure is the data controller

      2. What we do:

        Categories of personal data:

        Legal basis:

        The criteria used to determine retention period:

        We process personal data when we provide the support which is requested by the Business Customer relating to the contract, the Services or the technical functioning of the installation.

        We also process personal data when we manage other requests, such as requests to exercise the rights of a data subject.

        Personal data collected during an on-going alarm triggering event, such as pictures, video, and audio from the monitored premises.

        Miscellaneous information provided to the ARC and noted by the alarm operator during an on-going alarm triggering event.

        The processing is based on Verisure’s legitimate interest to provide support to the Business Customers (Article 6.1.f GDPR).

        Our assessment is that Verisure’s legitimate interest outweighs the affected data subjects’ interests and fundamental rights relating to protection of personal data.

        Please contact us if you would like to receive more information about our legitimate interest assessment.

        The personal data is retained for the duration of the customer service matter and for a period of up to 90 days unless the data is required under sub-section 4.3.

      3. To assist Customers in case of an insurance or other legal claim

        Verisure is the data controller

      4. What we do:

        Categories of personal data:

        Legal basis:

        The criteria used to determine retention period:

        To be able to provide the Business Customer with relevant information in case of insurance or other legal claims, we store personal data and the Business Customers’ requests in an archive with appropriate access restrictions.

        Personal data collected during an on-going alarm triggering event, such as pictures, video, and audio from the monitored premises.

        Miscellaneous information provided to the ARC and noted by the alarm operator during an on-going alarm triggering event.

        The processing is based on the Business Customer’s legitimate interest to have access to necessary information in order to handle insurance claims or other legal claims (Article 6.1.f GDPR).

        Our assessment is that the Business Customer’s legitimate interests outweighs the affected data subjects’ interests and fundamental rights relating to protection of personal data.

        Please contact us if you would like to receive more information about our legitimate interest assessment.

        Once we remove the Business Customer’s personal data from the internal database available to the customer service agents, we maintain the personal data collected during an on-going alarm triggering event with accompanying details in an archive with appropriate access restrictions for a period of time to support customers where evidence is required for insurance or other claims based on what practically is deemed a reasonable timeline for receiving such inquiries from customers and the time needed for insurance companies to handle such claims.

      5. To handle customer complaints

        Verisure is the data controller

      6. What we do:

        Categories of personal data:

        Legal basis:

        The criteria used to determine retention period:

        Depending on the nature of the complaint, we may for example investigate how an alarm triggering event was handled to ensure it was properly conducted.

        Personal data collected during an on-going alarm triggering event, such as pictures, video, and audio from the monitored premises.

        Miscellaneous information provided to the ARC and noted by the alarm operator during an on-going alarm triggering event.

        The processing is based on Verisure’s legitimate interest to handle and investigate customer complaints (Article 6.1.f GDPR).

        Our assessment is that Verisure’s legitimate interest outweighs the affected data subjects’ interests and fundamental rights relating to protection of personal data.

        Please contact us if you would like to receive more information about our legitimate interest assessment.

        We maintain the personal data collected during the handling of a complaint for a period of 3 years from the date of settlement or closure of the complaint.

      7. To cooperate with law enforcement or regulators to fight crime, comply with our legal obligations or protect the security of our Business Customers

        Verisure is the data controller

      8. What we do:

        Categories of personal data:

        Legal basis:

        The criteria used to determine retention period:

        We may, when necessary, assist law enforcement or regulators in case a legal obligation to provide assistance applies or such cooperation is otherwise motivated and based on a formal and written request for information.

        Personal data collected during an on-going alarm triggering event, such as pictures, video and audio from the monitored premises.

        Other information requested by law enforcement or regulator which Verisure must share or otherwise considers is necessary to share.

        Processing is necessary to comply with a legal obligation (Article 6.1.c GDPR) or

        The processing is based on Verisure’s legitimate interest to assist law enforcement or regulators in case they receive a formal and written request for information (Article 6.1.f GDPR).

        Our assessment is that Verisure’s legitimate interest outweighs the affected data subjects’ interests and fundamental rights relating to protection of personal data.

        Please contact us if you would like to receive more information about our legitimate interest assessment.

        For as long as is required under applicable law.

    3. Development of Verisure’s Services

      1. Quality assurance

        Verisure is the data controller

      2. What we do:

        Categories of personal data:

        Legal basis:

        The criteria used to determine retention period:

        We perform analyses of previous alarm triggering events to ensure efficient and correct management of alarm triggering events.

        Personal data collected during an on-going alarm triggering event, such as pictures, video and audio from the monitored premises.

        The processing is based on Verisure’s legitimate interest to investigate and ensure that the Services have been provided in the correct manner (Article 6.1.f GDPR).

        Our assessment is that Verisure’s legitimate interest outweighs the affected data subjects’ interests and fundamental rights relating to protection of personal data.

        Please contact us if you would like to receive more information about our legitimate interest assessment.

        The personal data is processed for a period of up to 6 years after the termination of the contract.

      3. Training of Verisure’s personnel

        Verisure is the data controller

      4. What we do:

        Categories of personal data:

        Legal basis:

        The criteria used to determine retention period:

        We perform analyses of previous alarm triggering events to ensure efficient and correct management of alarm triggering events.

        Any personal data used for the purpose of training Verisure’s personnel will be pseudonymised so that the natural persons are not identifiable to the personnel.

        Personal data collected during an on-going alarm triggering event, such as pictures, video and audio from the monitored premises in strongly pseudonymised format.

        The processing is based on Verisure’s legitimate interest to train its personnel and thus ensure the highest possible level of Service (Article 6.1.f GDPR).

        Our assessment is that Verisure’s legitimate interest outweighs the affected data subjects’ interests and fundamental rights relating to protection of personal data.

        Please contact us if you would like to receive more information about our legitimate interest assessment.

        The personal data is processed for a period of up to 6 years after the termination of the contract.

      5. Development of Verisure’s Services

        Verisure is the data controller

      6. What we do:

        Categories of personal data:

        Legal basis:

        The criteria used to determine retention period:

        We process personal data to further develop our Services, for example by making our devices more precise, improving the customer experience etc.

        Any personal data used for the purpose of developing Verisure’s Services will be pseudonymised so that the natural persons are not identifiable to personnel.

        Personal data collected during an on-going alarm triggering event, such as pictures, video and audio from the monitored premises in strongly pseudonymised format.

        The processing is based on Verisure’s legitimate interest to develop their Services and thus ensure the highest possible level of Service (Article 6.1.f GDPR).

        Our assessment is that Verisure’s legitimate interest outweighs the affected data subjects’ interests and fundamental rights relating to protection of personal data.

        Please contact us if you would like to receive more information about our legitimate interest assessment.

        The personal data is processed for a period of up to 6 years after the termination of the contract.

    4. Verisure’s legal interests

      1. To comply with our legal obligations

        Verisure is the data controller

      2. What we do:

        Categories of personal data:

        Legal basis:

        The criteria used to determine retention period:

        We may need to process personal data in order to comply with our legal obligations.

        All categories of personal data processed for the purposes described in this Privacy Notice.

        The processing of personal data is necessary for the performance of Verisure's legal obligations(Article 6.1.c GDPR)

        The personal data is retained for as long as necessary to comply with the applicable legal obligation.

      3. To enable restructurings or mergers of the business

        Verisure is the data controller

      4. What we do:

        Categories of personal data:

        Legal basis:

        The criteria used to determine retention period:

        In the event that Verisure is restructured, e.g. split into several different businesses, or if a merger occurs, the new company may continue to use the personal data for the same purposes as we have stated in this Privacy Notice, unless you receive different information in connection with the restructuring or merger.

        All categories of personal data processed for the purposes described in this Privacy Notice.

        The processing is based on Verisure’s legitimate interest to enable a restructuring process or a merger (Article 6.1.f GDPR).

        Our assessment is that Verisure’s legitimate interest outweighs the affected data subjects’ interests and fundamental rights relating to protection of personal data.

        Please contact us if you would like to receive more information about our legitimate interest assessment.

        If Verisure ceases to exist through a merger, or in the event of restructuring, we will erase the personal data as long as the retention of such personal data is not required by law.

        In other cases, your personal data will be processed in accordance with this Privacy Notice.

      5. To protect our legal interests in the event of a dispute

        Verisure is the data controller

      6. What we do:

        Categories of personal data:

        Legal basis:

        The criteria used to determine retention period:

        We may need to process your personal data in order to protect our legal interests in the event of a dispute, such as to establish, exercise or defend legal claims.

        All categories of personal data processed for the purposes described in this Privacy Notice.

        The processing is based on Verisure’s legitimate interest to protect our legal interests in the event of a dispute (Article 6.1.f GDPR).

        Our assessment is that Verisure’s legitimate interest outweighs the affected data subjects’ interests and fundamental rights relating to protection of personal data.

        Please contact us if you would like to receive more information about our legitimate interest assessment.

        The personal data is retained for as long as they are needed to establish, exercise, or defend a legal claim, in any event, for a maximum of 6 years after the termination of the contract.

  4. Collection of Personal Data

    1. The personal data that we process may be provided directly by the data subject or from the Business Customer.

  5. Retention of Personal Data

    1. We will only process personal data for the period set out in this Privacy Notice (see section 3).

    2. When we no longer need to process the personal data for the pre-identified purposes or a retention period for the personal data lapses, we will delete it from our systems, databases and backups.

  6. With Whom Do We Share Your Personal Data

    1. Verisure may share personal data with trusted third parties if such sharing is necessary either based on Verisure’s legitimate interest or a legal obligation. Sharing of personal data may also be necessary for us to perform our contractual obligations towards our Business Customers.

    2. Personal data may be shared with other companies in the Verisure Group or with our partner companies in connection with the provision of our Services, as described in the table below. Each recipient of your personal data is subject to corresponding legal or contractual obligations to those obligations which apply to Verisure, including an obligation to process your personal data securely and in accordance with applicable data protection legislation.

      We may share your data with:

      Categories of personal data that are shared:

      Telephone service providers such as Inconcert, who provide services connected to our contact with individuals by phone.

      Personal data provided through calls with Verisure.

      Cloud infrastructure providers, such as Microsoft, constituting part of the Verisure infrastructure. The processing of personal data is subject to strict technical and organisational security measures.

      All categories of personal data.

      Private security companies, such as Securitas Security Services (UK) Limited, process your personal data in order to respond to incidents when Verisure sends security guards to your property.

      Your contact details, such as name, telephone number, postal address and e-mail address.

      Images and audio in in an alarm situation, such as images, video and audio that may include your personal data and the personal data of others if they are present when the alarm is triggered.

      Sensitive personal data, such as health data, if provided by the customer for a specific purpose.

      Additional personal data provided by you in your correspondence with us (through e.g., phone, chat, e-mail, text messages).

      Authorities or equivalent third parties, such as the police authority or emergency centre, for example in the event of a break-in or accident.

      Your contact details, such as name, telephone number, postal address and e-mail address.

      Images and audio in in an alarm situation, such as images, video and audio that may include your personal data and the personal data of others if they are present when the alarm is triggered.

      Sensitive personal data, such as health data, if provided by the customer for a specific purpose.

      Additional personal data provided by you in your correspondence with us (through e.g., chat, e-mail, text messages).

      The acquirer or other successor in the event of mergers, divestments, restructuring, reorganization, dissolution and other sale or transfer of Verisure's assets.

      All categories of personal data.

      Authority or equivalent third party in connection with audits, court proceedings or other similar purposes. The information may be shared for the purposes of complying with legal obligations and protecting our legal interests in the event of a dispute.

      All categories of personal data.

    3. Please note that this list may be updated from time to time.

  7. Automated Decision-Making

    1. We do not use automated decision-making.

  8. Where is Your Data Processed?

    1. We aim to always process your personal data in the United Kingdom and the EU/EEA. In some circumstances we may need to transfer your personal data to a country outside of the United Kingdom and the EU/EEA (“Third Country”). In case your personal data is transferred to a Third Country, we will ensure that your personal data will continue to be subject to an essentially equivalent level of protection as in the United Kingdom and the EU/EEA.

  9. Your Rights

    1. Our responsibility for your rights

      1. As a data controller, we are responsible for ensuring that your personal data is processed in compliance with applicable data protection laws and that you can effectively exercise your rights as a data subject. You may contact us at any time if you wish to exercise your rights. You will find the contact details in the end of this Privacy Notice.

      2. We have an obligation to respond to your requests to exercise your rights within one month from receiving your request. If your request is complex or if we have received many requests, we may extend this deadline by two more months. If we are unable to take the action which you have requested within one month, we will inform you about the reason for the delay and about your right to lodge a complaint to a supervisory authority and to seek a judicial remedy.

      3. You will not be charged for any information, communication or measures that we take to manage and answer to your request. However, if your request is manifestly unfounded or excessive, we may charge an administrative fee for providing the information or taking the action requested or refuse to act on your request altogether.

    2. Your right to access, rectification, erasure and restriction

      1. You have the right to request:

        1. Access to your personal data. This means that you have the right to request access to personal data that we hold about you. You also have the right to be provided, at no cost, information about what personal data we are processing about you. We have the right to charge a reasonable administration fee if you request further copies. If you make a request by electronic means, e.g. via email, we will provide you with the information in commonly used electronic format.

        2. Rectification of your personal data. At your request or on our own initiative, we will correct, anonymise, delete or complete data which we find out is inaccurate, incomplete or misleading. Also, you have the right to request that we correct your personal data if something relevant is missing.

        3. Erasure of your personal data. You have the right to request that we erase your personal data if there is no compelling reason for us to continue processing the personal data. Compelling reasons for us to continue processing may be:

          1. processing is necessary for the right of freedom of expression and information,

          2. processing is necessary to comply with a legal obligation,

          3. processing is necessary for reasons of public interests in the area of public health,

          4. processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes or

          5. processing is necessary for the establishment, exercise or defence of legal claims.

          Your personal data will be erased if none of the circumstances above are applicable and if

          1. the personal data is no longer needed for the purpose for which we collected them,

          2. we process your personal data based on your consent and you withdraw your consent,

          3. you object to us processing your personal data which is based on a legitimate interest assessment, and we have no compelling interests that overrides your interests or rights and freedoms,

          4. we have processed your personal data unlawfully or

          5. we have a legal obligation to erase your personal data.

        4. Right to request restriction processing. Right to request restriction of processing means that we temporarily restrict the processing of your data. You have the right to request restriction when:

          1. you consider your data to be inaccurate and you have requested rectification as defined in paragraph 9.2.1 b), while we establish the accuracy of the personal data,

          2. the processing is unlawful, and you do not want the data to be erased,

          3. as the data controller, we no longer need to process the personal data for our processing purposes, but you need your personal data to be able to establish, exercise or defend a legal claim, or

          4. you have objected to processing as defined in paragraph 9.3, while waiting for our assessment of whether our legitimate interests override yours.

      2. We will take all reasonable measures possible to notify everyone who has received personal data as stated in Section 6 above if we have rectified, erased or restricted access to your personal data after you have requested us to do so. At your request, we will provide you with more information about the recipients of your personal data.

    3. Your right to object to processing

      1. You have the right to object to the processing of your personal data if our processing is based upon legitimate interest (see Section 3 above). If you object to such processing, we will only continue to process your personal data if we have compelling reasons for doing so which override your interests or rights and freedoms or if the processing is necessary for the establishment, exercise or defence of legal claims.

      2. If you do not wish that we use your personal data for direct marketing purposes, you always have the right to object to such processing by contacting us. We will cease to use your personal data for that purpose when we have received your objection.

    4. Your right to withdraw consent

      1. If we process your personal data based on your consent as the legal basis, you always have the right to withdraw your consent. You can do this at any time by contacting us. Our contact details are found in the end of this Privacy Notice.

    5. Your right to data portability

      1. You have right to data portability when we process your personal data by automated means and when the legal basis for the processing is your consent or performance of a contract.

      2. Right to data portability means that you have the right to receive the personal data we process about you in machine-readable format which allows you to transfer these personal data to another data controller. You may also request us to transfer the personal data directly to another data controller.

    6. Your right to complain to the supervisory authority

      1. You have the right to lodge a complaint with a supervisory authority in the European Member State of your residence if you are not satisfied with our processing of your personal data. The contact details are:

        21 Fitzwilliam Square South, Dublin 2, D0 RD38,

        Tel: +353 (01) 765 01 00 (local rate) or 1 800 437 737.

  10. We Protect Your Personal Data

    1. We are committed to ensuring that you always feel comfortable when providing your personal data to us. We have therefore implemented both technical and organisational security measures, including access restrictions and regular internal controls, to best protect your personal data against, for example, unauthorised access, alteration, or loss. Should a data breach that materially impacts you or your personal data, e.g. entailing risk of fraud or identity theft, occur, we will contact you to explain what has happened and to provide you with advice on how you can mitigate any potential adverse effects of such data breach relevant for you.

  11. Cookies

    1. We use cookies and similar technologies (“Cookies”) on our website and app in order to, inter alia, improve your experience with us and to simplify and adapt our website to your needs and preferences. In our Privacy Notice for Website Visitors, we inform you about how we process your personal data when you visit our website or app. If you would like to know more about our use of cookies, please refer to our Cookie Policy here.

  12. Changes to this Privacy Notice

    1. This Privacy Notice was updated in June 2024.

    2. We reserve the right to change this Privacy Notice at any time. The latest version of the notice will always be available on our website.

    3. When we make changes which are not purely linguistic or editorial, you will be notified about the changes within a reasonable time prior to the changes taking effect. If you do not agree to the changes, you have the right to object to the processing before the changes take effect.

  13. How to Contact Us

    1. Our Data Protection Officer acts as the main point of contact for all matters relating to our Privacy Notice. The Data Protection Officer or the local contact person can be contacted by email at [email protected].

      If you have any complaints or questions about how we use your personal data, please do not hesitate to contact us:

      Verisure Services DAC, company registration number 696619

      Postal address: F2, Eastpoint Business Park, Dublin 3, Dublin, Ireland, D03 T6P8

      E-mail: [email protected]

Camera Guidance for Business Customers

This guidance will help you to understand what you need to do if you are considering installing, or have already installed, a Verisure camera system at your place of business.

The information in this document is intended to be helpful and practical guidance on generic, common-sense approaches to the installation and use of Verisure alarm system cameras. It is not intended to be legal advice nor a comprehensive explanation of applicable laws and regulations. If readers require specific advice, they should contact a legal professional.

  1. Verisure Camera Systems

    Whilst Verisure is able to use the camera system to verify and respond to an alarm signal, you as a business owner are otherwise responsible for using the camera system in a manner which does not infringe applicable laws and regulations.

    This guidance is intended to help you understand the potential implications of your use of the camera system at a place of business. As use of the camera system involves the processing of images, videos and voices, it is important that you bear in mind that camera, data protection and labour laws may apply.

  2. Laws and Regulations

    The following legislation may apply:

    • Camera surveillance laws and national rules on the operation of cameras. These may contain obligations regarding notification or registration of camera systems, appropriate positioning and notices required in the monitored premises.

    • Data protection laws, primarily the General Data Protection Regulation (GDPR), which regulate the processing (i.e. all types of action) of personal data. The GDPR may be complemented by national legislation. These laws aim to protect individuals’ right to privacy. As the operator of the camera system, you fall within the definition of a "controller" with respect to the processing of personal data due to the use of the camera system. You are therefore responsible for ensuring that the personal data of individuals captured by the camera system is processed in a compliant way and with due consideration for the privacy of the individuals concerned.

    • Labour laws or collective agreements, which may include provisions regarding monitoring of employees.

  3. Your Responsibilities

    1. Find out about requirements for a license, registration, or other obligations

      In certain instances, video monitoring may only be lawful if you have obtained a valid license or have duly registered the camera system. Additionally, labour laws or collective agreements may impose certain prerequisites that must be met prior to the initiation of video monitoring. Thus, it is essential that you ensure whether any such requirements or obligations are applicable to you prior to the installation of a camera system.

    2. Consider if you have a lawful basis to monitor individuals

      The monitoring of individuals entails an invasion of their privacy. Accordingly, any installation of a camera system must be undertaken with due consideration for the privacy rights of such individuals.

      You must be able to demonstrate a lawful basis for the operation of the camera system. To achieve this, a distinct purpose for the video monitoring must be established. The mere act of surveillance does not constitute a sufficiently specific purpose, whereas for instance, the prevention of criminal activity or accidents may qualify as such.

      A lawful basis that is commonly used in a business context is legitimate interest. For a legitimate interest you must demonstrate that your interest in monitoring certain individuals outweighs their interest in not being monitored.

      For instance, an interest in averting criminal activity or accidents may constitute a legitimate interest, provided that the risk of such activities is so significant that the interest in their prevention supersedes the interest of the individuals’ right to privacy. Prior to making this decision, relevant factors such as the nature and frequency of past crimes committed in the area, the severity and consequences of criminal activity, and temporal patterns of criminality should be carefully considered to determine the scope of the monitoring. The scope of the monitoring must be limited to what is necessary to achieve the intended purpose.

    3. Monitoring employees

      As a general rule, in order for employee monitoring to be considered legally permissible, the interest of the employer in conducting such monitoring must be of a greater magnitude than the interest of the employee in avoiding such monitoring. This implies that the employer's interest in monitoring should be significant and justified by a legitimate interest, while the employees' interest in not being monitored may be outweighed by this interest. Therefore, the employer should be able to demonstrate that the monitoring is necessary and proportional to the legitimate purpose it serves, and that alternative means of achieving the same purpose are not feasible.

      When planning the scope of the camera system, at least the following factors should be taken into consideration:

      • What is the purpose of the video monitoring?

      • Is it necessary to monitor the employees or could the purpose be achieved through alternative methods?

      • How long will the monitoring take place?

      • How extensive is the area that is being monitored?

      • How sensitive is the area that is being monitored from a privacy perspective (e.g., bathrooms, lunchrooms, and dressing rooms are most likely prohibited)?

      • Who has access to images, recordings and audio?

      The scope of the camera system should be designed to limit the invasion on the employees’ privacy as much as possible.

      In general, it is not considered legitimate to monitor employees to evaluate their work performance. However, monitoring for the purpose of preventing accidents in a potentially hazardous area may be considered a legitimate interest.

      Ensure that you are aware of any specific obligations concerning monitoring of employees. Examples of specific obligations could include an obligation to negotiate with the trade union regarding video monitoring measures or an obligation to ensure that personnel having access to the content of the camera system is strictly limited and subjected to a confidentiality agreement. Under certain circumstances, it may be unlawful or prohibited to conduct monitoring of employees.

    4. Installation and positioning of cameras

      Our security experts will recommend areas to be monitored, the position of the camera system and how to install cameras in a way that also helps you avoid capturing areas outside your business setting.

      They are happy to provide this support based on their experience from advising other customers in similar situations as part of setting up camera systems. However, as you have actual control of the equipment, you are ultimately responsible for ensuring that the equipment is positioned appropriately and that it respects other people’s right to privacy. We strongly recommend that once the system has been installed by our security experts, you do not change the location, placement, or field of view of any of the cameras.

      If you are installing or repositioning cameras yourself, here are some principles to bear in mind:

      • Do not capture outside public areas (e.g. streets and pavements, public parks or parking areas and communal bin collection areas) or someone else’s premises. Some cameras have settings that allow you to mask certain areas in view which can help with avoiding areas outside your premises.

      • Do not capture indoor public areas within your business (café and restaurant areas, seating areas, counters, bars, etc.) where they are used for recovery, regeneration, and leisure activities as well as in places where individuals stay and/or communicate. Some cameras have settings that allow you to mask certain areas in view which can help with avoiding these areas within your premises. Note, it will still likely be acceptable to monitor entrance and exit areas, corridors and stairways as well as risk areas such as front of cashiers, coat hangers/lockers etc. If just protecting these areas are not effective to protect against break-ins, cameras may be operated at the above-mentioned locations outside opening hours.

      • Think about the problem you are trying to tackle. It will usually be to safeguard you and your property against crime. If this is the case, only place cameras in areas where you are concerned about a safety or security risk (e.g. potentially vulnerable areas).

      • Avoid placing cameras in sensitive areas, such as bedrooms, toilets or similar locations where people have high expectations of privacy.

      • Take particular care to avoid any areas where children or vulnerable adults might be captured by the camera. Vulnerable people are specifically protected under privacy laws.

    5. Capturing audio

      Some devices in the camera system may allow you to turn on an audio capture functionality. Typically, the audio capture is turned off by default, but it is possible for you to turn it on. Before turning on the audio capture functionality, you should make sure that this is allowed under applicable laws and regulations. Silently listening in on other people’s conversations through devices may be considered covert surveillance and thus breach laws, including individuals’ right to privacy.

    6. Inform the individuals who are captured by the camera system – Information and signage

      You must provide clear and transparent information regarding the camera system to people (e.g. customers, employees and visitors) who may be captured by it. This information should be communicated through clear signage and refer to a privacy notice that contains more comprehensive information, in accordance with the information requirements of the GDPR.

      If the camera system has an impact on employees who work in the monitored area, you must also directly and comprehensively explain to them how the system operates.

      In addition to being able to answer questions from your customers, employees and visitors about the monitoring, you should set up clear signage providing the most important information about the monitoring. Verisure will provide appropriate signage to you during installation.

      • The signage should be visible to people before they enter the monitored area.

      • Multiple signs may be required if you have several entrances and multiple monitored areas.

      Your privacy notice ought to be readily available to anyone requesting further information about the monitoring. Your privacy notice should include comprehensive details regarding the intended use, storage, and sharing of any personal data captured by the system, as well as the legal rights of individuals under the GDPR.

      This notice can be made available online, and/or maintained in a visible location, such as at a front desk or with a cashier in a shop.

      It should also clearly articulate that Verisure may access the content for verification purposes if an alarm is triggered. Below is an example of text that may be used to explain how and when Verisure may process such data in the privacy notice:

      “In case an alarm is triggered with the Verisure alarm system, video, pictures and sound can be sent to Verisure’s Alarm Receiving Centre. Such data is processed by Verisure only to the extent that it is strictly necessary to verify an alarm event and manage ongoing incidents. Verisure acts as a controller for this data and you can read more about Verisure’s alarm monitoring practices in their privacy notice which is accessible at this site: www.verisure.ie/privacy-notice

    7. Viewing content

      The camera system includes a “remote access” functionality which, depending on the camera type, allows you to capture and view images on your phone or computer (e.g. via My Verisure App or Arlo App).

      It is important that you use these features selectively, where there is a genuine need to look back at the image, e.g. where you are concerned that there has been a security incident at the premises which you would like to review or investigate further. You should not use these features to, e.g. monitor an individual or their behaviour. You are responsible for ensuring that your use of the functionality does not breach any applicable laws or regulations.

    8. Sharing content

      It is also possible for you to download and share your content, but it is important that you are careful when sharing images and videos of other people. Even when the content is captured in legitimate circumstances, sharing it could violate other people’s right to privacy.

      • You should only share images with others where you are comfortable that disclosure is necessary and appropriate and will not cause embarrassment or harm to anyone captured in the images.

      • Be particularly careful about sharing images in any public or semi-public environment, e.g. on the internet or social media.

      We recommend that you do not post images on these platforms unless you have explicit consent from each of the individuals in the images.

    9. Plan how the camera system is to be used in a manner that respects privacy

      The video monitoring ought to be carefully planned in a manner that minimizes the invasion of the privacy of the individuals who are captured by the camera system. The following considerations should be taken into account, at a minimum:

      • Determine the areas in which the video monitoring is required and the reasons why it is necessary.

      • Consider which functions of the camera system are essential in relation to the defined purpose. For instance, recording of sound may not be essential for the prevention of crime.

      • Adopt internal policies for your business that explicitly state that the material obtained from the camera system shall not be used for any other purpose than the one for which the video monitoring was installed initially.

      • Ensure that you have the knowledge and capability to handle recordings in case, for instance, a criminal offence is detected.

    10. Make necessary assessments

      It may be necessary for you, as a data controller, to prepare a documented risk assessment concerning the video monitoring prior to the installation and utilization of the system. This is required to establish that you have made a knowledgeable decision regarding the reasons for which the system has been installed, the manner in which it is utilised, and the necessity and appropriateness of capturing and utilizing data from the camera system. In particular, a privacy risk assessment is of utmost significance if the video monitoring captures vulnerable individuals who are obliged to spend time in a monitored area, such as children or employees.

    11. Ensure the security of the camera system

      While Verisure is responsible for ensuring the technical security and integrity of the camera system, you are responsible for ensuring that the camera system is secure from an organisational perspective, i.e. by determining who is authorised to access and use the camera system. You should take several aspects into account, including:

      • Only individuals who require access to the material from the camera system should be authorised.

      • Consider the circumstances under which recorded material can be shared.

      • Determine whether you are capable of detecting and managing data breaches, such as when an authorised individual uses the camera system in an unauthorised manner.

    12. Ensure that you are able to accommodate individuals’ requests to exercise their legal rights

      Individuals whose personal data, e.g. images, are captured by the camera system have rights under the GDPR. It is important to establish procedures to address any requests from individuals to exercise their rights within one month of receiving such requests.

      For more information about the rights of data subjects, please visit the Ireland Data Protection Commission’s website at https://www.dataprotection.ie/.

  4. In case of an alarm (Verisure access to the camera system)

    If the alarm system triggers an alarm, Verisure’s Alarm Receiving Centre (ARC) will have access to some of the devices in the camera system and to content which the system has automatically captured. Verisure’s access is limited to what is strictly necessary for our ARC to verify and respond to the alarm event. The ARC follows strict protocols and security measures when accessing the content from the camera system. This may involve sharing camera images with law enforcement, emergency services and/or guard services.

    In certain jurisdictions, Verisure also provides monitoring functionalities specifically for alarm events through your phone or computer. These functionalities may encompass various features such as live view streaming, continuous video recording, and the capability to record video, photos, and audio. Verisure’s involvement in this processing activity is limited to the initial stages, when personal data is transmitted from Verisure to your phone or computer (e.g. through My Verisure App or Arlo App. Hence, it is important to emphasize that Verisure and the customer are joint controllers for such processing. However, Verisure does not exercise control or influence over any potential subsequent stages of data processing. For instance, if you choose to download material for additional purposes, such as filing a police report or an insurance claim, you are the sole controller and assume full responsibility for such data processing activities.

You are a residential customer of Verisure

Summary - Privacy Notice for Residential Customers

General information and the scope of this Privacy Notice

Your right to data protection is very important for us at Verisure. We aim to ensure that you feel comfortable about our processing of your personal data. The purpose of this privacy notice (“Privacy Notice”)is to provide information about how we ensure that your personal data is processed in compliance with applicable data protection legislation. This Privacy Notice applies to our residential customers (“Residential Customers”) and, when applicable, the individuals assigned by our residential customers (“Assigned Users”) who use our services, including our products provided for the delivery of our security alarm monitoring services, devices and cameras (“Services”) as well as emergency contact persons assigned by the Residential Customer (“Emergency Contact”).

  • If you are a Business Customer, please find the applicable Privacy Notice here.

  • If you visit a residential premises using Verisure Services, please find the applicable Privacy Notice here.

  • If you visit a business premises using Verisure Services, please find the applicable Privacy Notice here.

Verisure is the data controller for the processing of your personal data in accordance with this Privacy Notice and we are thus responsible for ensuring that our processing of personal data complies with applicable data protection legislation. For certain processing of personal data, the Residential Customer is the data controller, either independently or jointly with Verisure.

When we are processing personal data as a data controller, we ensure that applicable data protection legislation is always complied with and that we only process your personal data for the purposes described in this Privacy Notice.

For more information about the Services which you have chosen to use and the functionality of those Services, please refer to Verisure's General Terms and Conditions, Terms of Service as well as available instructions and manuals.

How and why we process your personal data

We only process your personal data if the processing is necessary to fulfil the purposes of the processing described below.

We process your personal data for the following purposes:

  1. Establishment and maintenance of the customer relationship

    1. To enter into a contract with you

    2. To perform credit checks prior to entering into contract with a Residential Customer

    3. To administer the contract with the Residential Customer, including payments for Services

    4. To administer and enable the existing and returning customer relationship with the utmost care

  2. Provision of Services

    1. To monitor the premises through the Services

    2. To manage alarm triggering events

    3. To follow up previous alarm triggering events

    4. To ensure that we meet our legal obligations to previously active customers

  3. Provision of support to the Residential Customers in relation to the Services

    1. To provide customer service and technical support in relation to our Services

    2. To assist Residential Customers in case of an insurance claim or other legal claims

    3. To handle customer complaints

    4. To cooperate with law enforcement or regulators to fight crime, comply with our legal obligations or protect the safety of our Residential Customers

  4. Development of Verisure’s Services

    1. Quality assurance

    2. Training of Verisure’s personnel

    3. Development of Verisure’s Services

  5. Provision of Verisure App and Customer Area

  6. Provision of the Verisure web shop

    1. To provide and administer your orders in our online shop

  7. Marketing and analytics

    1. To market our Services

    2. To administer and analyse our campaigns, promotions, referral programmes, etc. or perform marketing analysis

  8. Verisure’s legal interests

    1. To comply with our legal obligations

    2. To enable restructurings or mergers of the business

    3. To protect our legal interests in the event of a dispute

Complete information about how we process your personal data, including information about the applicable legal bases, the recipients of your personal data, international transfers of personal data and the criteria used to determine applicable retention periods is available here.

Your rights

You have the right to be informed about which personal data relating to you we process and what we do with your personal data. You also have the right of access to your personal data. In certain situations you also have the right to have your personal data erased, to request restriction of the processing of your personal data, the right to data portability as well as the right to object to our processing of your personal data. If we process your personal data based on your consent, you always have the right to withdraw your consent. If you believe that we have processed your data in an unlawful manner, you have the right to lodge a complaint with the Data Protection Commission, whose contact details are:

21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland

Telephone: +353 (01) 765 01 00 (local rate) or 1 800 437 737.

Contact details

If you have any questions regarding this Privacy Notice, our processing of your personal data or if you wish to exercise your rights, please do not hesitate to contact us:

Verisure Services DAC, company registration number 696619

Postal address: F2, Eastpoint Business Park, Dublin 3, Dublin, Ireland, D03 T6P8

E-mail: [email protected]

Website: www.verisure.ie

Complete Privacy Notice for Residential Customers

If you are a Residential Customer, Assigned User or Emergency Contact

Contents
  1. General

    1. 1.1 Your right to data protection is very important to us at Verisure Services DAC, reg. no. 696619 (“Verisure”). We aim at ensuring that you feel comfortable about our processing of your personal data. The purpose of this privacy notice (“Privacy Notice”) is to provide information about how we ensure that your personal data is processed in compliance with applicable data protection legislation.

    2. This Privacy Notice applies to our residential customers (“Residential Customers”) and the individuals assigned by our residential customers (“Assigned Users”), such as household members, who use our services, including our products provided for the delivery of our security alarm monitoring services, devices and cameras (“Services”). If the Residential Customer designates contact persons who may be contacted in case of an alarm triggering event (“Emergency Contact”), we also process the personal data of such Emergency contacts.

      You, as a Residential Customer, are asked to ensure that you share this Privacy Notice with your Assigned Users and Emergency Contacts.

      • If you are a Business Customer, please find the applicable Privacy Notice here.

      • If you are a visitor of residential premises using Verisure Services, please find the applicable Privacy Notice here.

      • If you are a visitor of business premises using Verisure Services, please find the applicable Privacy Notice here.

    3. For more detailed information about the Services which you have chosen to use and their functionality, please refer to Verisure's general terms and conditions, terms of service, instructions and manuals.

  2. Data Controller and Data Protection Officer

    1. Verisure is the data controller for the processing of your personal data in accordance with this Privacy Notice and we are thus responsible for ensuring that our processing of personal data complies with applicable data protection legislation.

    2. For certain processing of personal data, the Residential Customer is the data controller, either independently or jointly with Verisure.

      Verisure and the Residential Customer are joint controllers for processing of personal data when personal data is collected through the Services and when such personal data is made available to the Residential Customer via the Verisure App during an alarm triggering event. The personal data processed in this manner may consist of live streaming or continuous video recording (“CVR”) material (limited to devices which have this functionality), video recordings, pictures or audio from an alarm triggering event. This personal data is available to the Assigned Users automatically and in real time via the Verisure App. Verisure is the designated contact point for the processing of your personal data when Verisure and the Residential Customer are joint controller, including for the exercise of the data subjects’ rights under the GDPR (see section 9). You will find our contact details in section 13.

      The Residential Customer is an independent data controller when the Residential Customer is processing personal data for the following purposes:

      • Self-controlled monitoring functionalities for the Residential Customer’s convenience use (not related to an alarm triggering event), such as live streaming, CVR, recording of video, pictures or audio, or use of video doorbell or smart lock.

      • Personal management of the Verisure Services such as the provision of access permissions to third parties by the Residential Customer (e.g., a cleaner, Airbnb guests or neighbours).

      • Residential Customer’s subsequent processing of the personal data outside of the Verisure environment, e.g., sharing of material with law enforcement or an insurance company.

      The scope of this Privacy Notice is limited to the processing of personal data for which Verisure is a data controller, either independently or jointly with the Residential Customer. For further information about the Residential Customer’s processing of personal data, please contact the Residential Customer.

    3. We have designated a Data Protection Officer (“Data Protection Officer”), who is responsible for monitoring our processing of personal data to ensure that it is carried out in accordance with applicable legislation.

    4. The Data Protection Officer can be reached via [email protected].

  3. Our Processing of Personal Data

    In the tables below you can read more about how we at Verisure process your personal data when you use Verisure Services.

    Purposes

    1. Establishment and maintenance of the customer relationship

      1. To enter into a contract with you

        Verisure is the data controller

      2. What we do:

        Categories of personal data:

        Legal basis:

        The criteria used to determine retention period:

        We process personal data to provide the Residential Customer with a quote and to enter into a contract with the Residential Customer.

        Contact details of the Residential Customer such as name, telephone number, postal address, and email address.

        Information which is necessary to provide a quotesuch as description of the Residential Customer’s property and number of Assigned Users in the household.

        Payment related data such as the chosen method of payment.

        Miscellaneous information which the Residential Customer provides us with, and which is relevant for the purpose of processing.

        The processing is necessary for theperformance of a contract with the Residential Customer (Article 6.1.b GDPR).

        The personal data is retained for the duration of the contractual relationship with the Residential Customer and for a period of up to 6 years after the termination of the contract.

      3. To perform credit checks prior to entering into contract with a Residential Customer

        Only if you choose credit payment

      4. What we do:

        Categories of personal data:

        Legal basis:

        The criteria used to determine retention period:

        We may perform a high-level “soft” external credit check (through a credit reference agency) of new Residential Customers.

        These are ‘soft’ credit checks (i.e. the search will appear on your credit file but it will not impact your credit score).

        During the credit score check, Verisure and the credit agency act as independent data controllers.

        Information included in the credit check report received from the credit check agency in relation to your financial standing based on publicly available data such as county court judgements and credit search history.

        Information shared with the credit check agency, i.e. name and address.

        The processing is based on your consent to secure payment for the Services when credit payment is chosen as the method of payment (Article 6.1.a GDPR).

        The personal data is retained for the duration of the contractual relationship with the Residential Customer and for a period of up to 6 years after the termination of the contract.

      5. To administer the contract with the Residential Customer, including payments for Services

        Verisure is the data controller

      6. What we do:

        Categories of personal data:

        Legal basis:

        The criteria used to determine retention period:

        We process personal data to administer our contract with the Residential Customer, for example to manage the installation profile, the user accounts and to process payments for the Services.

        WWhere you opt for credit financing, we may share your information with credit financing companies such as SUMUP, HUMM, Gocardless and PAYPLANET who process your payment of our subscription fees and provide you with the requested credit facilities.

        Contact details of the Residential Customer such as name, telephone number, postal address, and email address.

        Information included in the contract and the underlying quote.

        Payment related data such as your chosen method of payment, debit or credit card details, bank account number and other information related and necessary for processing payments.

        Additional information which the Residential Customer provides us with which is relevant for the purpose of administrating the contracts, including payments.

        The processing is necessary for the performance of a contract with the Residential Customer (Article 6.1.b GDPR).

        The personal data is retained for the duration of the contractual relationship with the Residential Customer and for a period of up to 6 years after the termination of the contract.

      7. To administer and enable the existing and returning customer relationship with the utmost care

        Verisure is the data controller

      8. What we do:

        Categories of personal data:

        Legal basis:

        The criteria used to determine retention period:

        We process personal data to be able to administer existing customers and reconnect to the installations once the customer relationship is renewed and the equipment needs to be reactivated.

        Technical data such as signals as tamper, power restore, periodic test and loose internet connectivity, device/node id number and (past) customer contact details.

        The processing is necessary for the commercial legitimate interest of Verisure to enable the device’s reconnection (Article 6.1.f GDPR).

        The personal data is retained for a period of up to 6 years after the termination of the contract.

    2. Provision of Services

      1. To monitor the premises through the Services

        Verisure and the Residential Customer are joint controllers

      2. What we do:

        Categories of personal data:

        Legal basis:

        The criteria used to determine retention period:

        Personal data is collected via Verisure devices to ensure the functioning of the Services as well as to enable detection of alarm triggering events contributing to the safety and security of the Residential Customer and other individuals in the monitored premises.

        Personal data collected during an on-going alarm triggering event may be shared with the Residential Customer and/or Assigned Users in real time during an alarm triggering event in the Verisure App in case such technology settings are available to the Residential Customer.

        Passive monitoring:

        Signals from Verisure devices, such as status information indicating that the devices are connected and functioning.

        Usage information, such as whether the Services are activated or not.

        Active monitoring:

        Personal data collected during an on-going alarm triggering event, such as pictures, video, and audio from the monitored premises.

        The processing is based on Verisure’s legitimate interest to provide Services to the Residential Customers and the Residential Customer’s legitimate interest to ensure security of their home (Article 6.1.f GDPR).

        Our assessment is that Verisure’s and the Residential Customer’s legitimate interests outweigh the affected data subjects’ interests and fundamental rights relating to protection of personal data.

        Please contact us if you would like to receive more information about our legitimate interest assessment.

        Signals from Verisure devices and usage information are stored for a period of up to 90 days from the alarm triggering event unless the data is required under sub-section 8.3.

        Personal data collected during an on-going alarm triggering event are stored for a period of 90 days from the alarm triggering unless the data is required under sub-section 8.3.

      3. To manage alarm triggering events

        Verisure is the data controller

      4. What we do:

        Categories of personal data:

        Legal basis:

        The criteria used to determine retention period:

        We process personal data to verify the cause of an alarm triggering event.

        During the management of an alarm triggering event Verisure processes personal data and may for example:

        - contact the Residential Customer or the Emergency contact;

        - identify authorised persons detected in the monitored premises with the help of code words; and

        - share personal data with a privacy security company, law enforcement or other emergency services.

        Personal data collected during an on-going alarm triggering event, such as pictures, video and audio from the monitored premises. The real-time monitoring during an alarm triggering event may entail that sensitive personal data, such as signs of a natural person’s health condition appear in the content.

        Information provided by the Residential Customer to allow efficient management of alarm triggering events, potentially including sensitive personal data, such as hearing disability of an Assigned User or other physical disabilities.

        Property related data

        Usage information, such as whether the Services are activated or not and by whom.

        Contact details of the Residential Customer, Assigned Users or Emergency contacts such as name and telephone number.

        Miscellaneous information provided to the ARC and noted by the alarm operator during an on-going alarm triggering event.

        The processing is based on Verisure’slegitimate interest to provide Services to the Residential Customers and the Residential Customer’s legitimate interest to ensure security of their home (Article 6.1.f GDPR).

        Our assessment is that Verisure’s and the Residential Customer’s legitimate interests outweigh the affected data subjects’ interests and fundamental rights relating to protection of personal data.

        Please contact us if you would like to receive more information about our legitimate interest assessment.

        Sensitive personal data:

        In the exceptional situations where health information or other sensitive personal data is processed during an on-going alarm triggering event, sensitive personal data may be processed based on the exemption relating to the vital interests of the data subject or another natural person (Article 9.2.c GDPR).

        If the Residential Customer or an Assigned User determines that it is necessary for Verisure to be aware of information classified as sensitive personal data, processing of such sensitive personal data will take place based on the data subject’s explicit consentprovided simultaneously with the provision of such information (Article 9.2.a GDPR).

        Personal data collected during an on-going alarm triggering event are stored for this purpose for a period of 90 days from the alarm triggering event unless the data is required under sub-section 8.3.

        Other personal data is stored for a period of up to 90 days from the alarm triggering event unless the data is required under sub-section 8.3.

      5. To follow up previous alarm triggering events

        Verisure is the data controller

      6. What we do:

        Categories of personal data:

        Legal basis:

        The criteria used to determine retention period:

        We follow up previously managed alarm triggering events by contacting the Residential Customer to ensure that the management of the alarm triggering event was as efficient as possible and to receive information which could be relevant for any future alarm triggering events.

        We may also offer additional or modified security services following an alarm triggering event.

        All information which is processed for the purpose of managing the alarm triggering event (see purpose 2.2).

        Miscellaneous Information and feedback received from the Residential Customer which is relevant for future management of alarm triggering events.

        The processing is based on Verisure’s legitimate interest to provide Services to the Residential Customers and to follow-up and ensure as efficient provision of the Services as possible (Article 6.1.f GDPR).

        Our assessment is that Verisure’s legitimate interest outweighs the affected data subjects’ interests and fundamental rights relating to protection of personal data.

        Please contact us if you would like to receive more information about our legitimate interest assessment.

        Personal data collected during an on-going alarm triggering event are stored for this purpose for a period of 90 days from the alarm triggering event unless the data is required under sub-section 8.3.

        Other personal data is stored for a period of up to 90 days from the alarm triggering event unless the data is required under sub-section 8.3.

      7. To ensure that we meet our legal obligations in respect to previously active customers

        Verisure is the data controller

      8. What we do:

        Categories of personal data:

        Legal basis:

        The criteria used to determine retention period:

        We process personal data to maintain our compliance with legal (consumer) obligations.

        Past customer contact details as submitted originally for entering into the contract.

        The processing is necessary for Verisure’s compliance with legal obligations with customers (Article 6.1.c GDPR).

        The personal data is retained for a period of up to 6 years after the termination of the contract.

    3. Provision of support to the Residential Customers in relation to the Services

      1. To provide customer service and technical support in relation to our Services

        Verisure is the data controller

      2. What we do:

        Categories of personal data:

        Legal basis:

        The criteria used to determine retention period:

        We process personal data when we provide the support which is requested by the Residential Customer relating to the contract, the Services or the technical functioning of the installation.

        We process personal data to provide support in the event that an alarm is triggered by you or for routine service and maintenance purposes.

        We also process personal data when we manage other requests, such as requests to exercise the rights of a data subject.

        Depending on the customer request, any personal data processed for the purposes described in this Privacy Notice.

        Miscellaneous information provided by the Residential Customer in connection with the customer service situation.

        The processing is based on Verisure’s legitimate interest to provide support to the Residential Customers (Article 6.1.f GDPR).

        Our assessment is that Verisure’s legitimate interest outweighs the affected data subjects’ interests and fundamental rights relating to protection of personal data.

        Please contact us if you would like to receive more information about our legitimate interest assessment.

        The personal data is retained for the duration of the customer service matter and for a period of up to 90 days unless the data is required under sub-section 8.3.

      3. To assist Customers in case of an insurance claim or other legal claims

        Verisure is the data controller

      4. What we do:

        Categories of personal data:

        Legal basis:

        The criteria used to determine retention period:

        To be able to provide you with relevant information in case of insurance or other legal claims, we store personal data and the Residential Customers’ requests in an archive with appropriate access restrictions.

        Personal data collected during an on-going alarm triggering event, such as pictures, video, and audio from the monitored premises.

        Property related data

        Usage information, such as whether the Services are activated or not and by whom.

        Miscellaneous informationprovided to the ARC and noted by the alarm operator during an on-going alarm triggering event.

        The processing is based on the Residential Customer’s legitimate interest to have access to necessary information in order to handle insurance claims or other legal claims (Article 6.1.f GDPR).

        Our assessment is that the Residential Customer’s legitimate interests outweighs the affected data subjects’ interests and fundamental rights relating to protection of personal data.

        Please contact us if you would like to receive more information about our legitimate interest assessment.

        Once we remove the Residential Customer’s personal data from the internal database available to the customer service agents, we maintain the personal data collected during an on-going alarm triggering event with accompanying details in an archive with appropriate access restrictions for a period of time to support customers where evidence is required for insurance or other claims based on what practically is deemed a reasonable timeline for receiving such inquiries from customers and the time needed for insurance companies to handle such claims.

      5. To handle customer complaints

        Verisure is the data controller

      6. What we do:

        Categories of personal data:

        Legal basis:

        The criteria used to determine retention period:

        Depending on the nature of the complaint, we may for example investigate how an alarm triggering event was handled to ensure it was properly conducted.

        Depending on the nature of the complaint, any necessary personal data processed for the purposes described in this Privacy Notice.

        Information about the complaint and any additional information provided by the Residential Customer in relation to the management of the complaint.

        The processing is based on Verisure’s legitimate interest to handle and investigate customer complaints (Article 6.1.f GDPR).

        Our assessment is that Verisure’s legitimate interest outweighs the Residential Customer’s interests and fundamental rights relating to protection of personal data.

        Please contact us if you would like to receive more information about our legitimate interest assessment.

        We maintain the personal data collected during the handling of a complaint for a period of 3 years from the date of settlement or closure of the complaint.

      7. To cooperate with law enforcement or regulators to fight crime, comply with legal obligations or protect the safety of our Residential Customers

        Verisure is the data controller

      8. What we do:

        Categories of personal data:

        Legal basis:

        The criteria used to determine retention period:

        We may, when necessary, assist law enforcement or regulators where a legal obligation to provide assistance applies or such cooperation is otherwise motivated and based on a formal and written request for information.

        Personal data collected during an on-going alarm triggering event, such as pictures, video and audio from the monitored premises.

        Other information requested by law enforcement or a regulator which Verisure must share or otherwise considers is necessary to share.

        Processing is necessary to comply with a legal obligation (Article 6.1.c GDPR) or

        The processing is based on Verisure’s legitimate interest to assist law enforcement or regulators in case they receive a formal and written request for information (Article 6.1.f GDPR).

        Our assessment is that Verisure’s legitimate interest outweighs the Residential Customer’s or other affected data subjects’ interests and fundamental rights relating to protection of personal data.

        Please contact us if you would like to receive more information about our legitimate interest assessment.

        For as long as is required under applicable law.

    4. Development of Verisure’s Services

      1. Quality assurance

        Verisure is the data controller

      2. What we do:

        Categories of personal data:

        Legal basis:

        The criteria used to determine retention period:

        We record incoming calls to our customer service for quality assurance purposes.

        We also perform analyses of previous alarm triggering events and handling of customer complaints to ensure efficient and correct management of alarm triggering events.

        Personal data processed for the purposes of (1) managing alarm triggering events ( see 2.2 ), (2) following up alarm triggering events( see 2.3 ) and (3) handling customer complaints ( see 3.3).

        Recorded phone calls.

        The processing is based on Verisure’s legitimate interest to investigate and ensure that the Services have been provided in the correct manner (Article 6.1.f GDPR).

        Our assessment is that Verisure’s legitimate interest outweighs the Residential Customer’s and other affected data subjects’ interests and fundamental rights relating to protection of personal data.

        Please contact us if you would like to receive more information about our legitimate interest assessment.

        The recorded phone calls are stored for up to 6 months from the call between you and Verisure unless the data is required under sub-section 8.3.

        Other personal data is processed for a period of up to 6 years after the termination of the contract.

      3. Training of Verisure’s personnel

        Verisure is the data controller

      4. What we do:

        Categories of personal data:

        Legal basis:

        The criteria used to determine retention period:

        We record incoming calls to our customer service for the training purposes.

        We also perform analyses of previous alarm triggering events to train our personnel and thus ensure correct management of alarm triggering events.

        Any personal data used for the purpose of training Verisure’s personnel will be pseudonymised so that the natural persons are not identifiable to personnel.

        Personal data processed for the purposes of (1) managing alarm triggering events (see 2.2), (2) following up alarm triggering events ( see 2.3 ) and (3) handling customer complaints ( see 3.3 ) in pseudonymised format.

        Recorded phone calls.

        The processing is based on Verisure’s legitimate interest to train its personnel and thus ensure the highest possible level of Service (Article 6.1.f GDPR).

        Our assessment is that Verisure’s legitimate interest outweighs the Residential Customer’s and other affected data subjects’ interests and fundamental rights relating to protection of personal data.

        Please contact us if you would like to receive more information about our legitimate interest assessment.

        The recorded phone calls are stored for up to 6 months from the call between you and Verisure unless the data is required under sub-section 8.3.

        Other personal data is processed for a period of up to 6 years after the termination of the contract.

      5. Development of Verisure’s Services

        Verisure is the data controller

      6. What we do:

        Categories of personal data:

        Legal basis:

        The criteria used to determine retention period:

        We process personal data to further develop our Services, for example by making our devices more precise, improving the customer experience etc.

        We record incoming calls to our customer service. We also perform analyses of previous alarm triggering events.

        Any personal data used for the purpose of developing Verisure’s Services will be pseudonymised so that the natural persons are not identifiable to personnel.

        Personal data processed for the purposes of (1) managing alarm triggering events ( see 2.2 ), (2) following up alarm triggering events( see 2.3 ) and (3) handling customer complaints ( see 3.3 ) in pseudonymised format.

        Recorded phone calls.

        The processing is based on Verisure’slegitimate interest to develop Verisure’s services thus ensure the highest possible level of Service (Article 6.1.f GDPR).

        Our assessment is that Verisure’s legitimate interest outweighs the Residential Customer’s and other affected data subjects’ interests and fundamental rights relating to protection of personal data.

        Please contact us if you would like to receive more information about our legitimate interest assessment.

        The recorded phone calls are stored for up to 6 months from the call between you and Verisure unless the data is required under sub-section 8.3.

        Other personal data is processed for a period of up to 6 years after the termination of the contract.

    5. Provision of Verisure App and Customer Area

      1. Provision of Verisure App and Customer Area

      2. What we do:

        Categories of personal data:

        Legal basis:

        The criteria used to determine retention period:

        We process personal data to provide certain services online or through mobile devices and to provide information through so-called push messages (e.g., status messages about the alarm system, payment deadlines etc.) to you and your Assigned Users who have the Verisure App.

        GPS position and Geo-location: We process the GPS position of protected locations in order to, for example, dispatch a private security guard as quickly as possible.

        Where you have consented, we may track the GPS position of your mobile device to provide you with the @Home SOS service, allowing us under some conditions to process an SOS signal launched from your Verisure App, and/or send you push notifications relevant to your location. You can turn off your mobile device's geolocation at any time from your device settings (in which case you will not be able to take advantage of all the services offered by the app). Geo-location relies on default maps SDKs, such as Google Maps SDK to geo-localise the device.

        The Verisure App uses the map service Google Maps for users from Google Ireland Limited for users from the Republic of Ireland. If you visit the Google Maps service on the Verisure App whilst you are logged into your Google profile, Google can also link this event to your Google profile. You can object to this data collection by contacting Google.

        When installing the Verisure App, necessary information is transferred to the respective app store (username, email address and your account’s customer number), the time of download and the individual device identification number. We have no control over this data collection and are not responsible for it.

        Contact details of the Residential Customer such as name, telephone number, postal address, and email address.

        Contact details of the Residential Customer, Assigned Users or Emergency contacts such as name and telephone number.

        Username, password and account details including account number and service payments.

        Standard technical data such as IP address of the device used, date and time of request, operating system details, location, the ISP, online identifiers (e.g. device identifiers, session IDs) etc,

        Personal data related to cookies used. Please refer to our Cookie Policy for further details.

        The processing is necessary for the performance of the contract with the Residential Customer (Article 6.1.b GDPR).

        The processing is based on Verisure’s legitimate interest to enable the use of the Verisure App and Verisure services, facilitate the functionality and safety of Verisure’s systems, and provide product recommendations (Article 6.1.f GDPR).

        Our assessment is that Verisure’s legitimate interest outweighs the affected data subjects’ interests and fundamental rights relating to protection of personal data.

        Please contact us if you would like to receive more information about our legitimate interest assessment.

        Personal data is retained for the duration of the contract and for a period of up to 6 years after the termination of the contract.

    6. Provision of the Verisure web shop

      1. To provide and administer your orders in our online shop

      2. What we do:

        Categories of personal data:

        Legal basis:

        The criteria used to determine retention period:

        We offer online web shop platforms to provide our product assortment for direct sale to customers.

        Account details for placing an order including customer contact details such as name, email address, phone number, password of choice, financial details for payment.

        For performance of a contract (Article 6.1.b GDPR), as you as a customer agree to our Terms and Conditions to establish the sale of goods.

        The account details are maintained for the period of an active customer account and after termination of a customer account in accordance with applicable law in order to meet consumer law obligations applying to our provision of service and queries.

    7. Marketing and analytics

      1. To market our Services

        Verisure is the data controller

      2. What we do:

        Categories of personal data:

        Legal basis:

        The criteria used to determine retention period:

        We may market our Services to you via email, post, SMS or telephone. Further, we may use customised online advertising to market our Services. If you do not wish to receive direct marketing, you may always object to this by using the “unsubscribe” link in our communications or by contacting us via [email protected].

        When it comes to customised online advertising, we may share your personal data with third parties acting as data controllers, joint controllers together with Verisure or as independent data controllers. For example, we use analytics tools to provide relevant marketing online.

        In some specific situations, we may contact you to ask if we may share a "Good story" as part of our marketing efforts. "Good stories" are short stories about how our Services have led to a particularly good customer experience. We will never share information about you unless we have personally and explicitly agreed to sharing your ”Good story”.

        Contact details of the Residential Customer such as name, telephone number, postal address, and email address.

        Information which is included in the underlying quote such as description of the Residential Customer’s property and number of Assigned Users in the household.

        Demographic data, such as age and area of your residence.

        Behavioural data, such as which emails you have opened, which links you have chosen to click on and an IP address.

        The processing is based on Verisure’s legitimate interest to market its services to Verisure’s existing Residential Customers (Article 6.1.f GDPR).

        Our assessment is that Verisure’s legitimate interest outweighs the affected data subjects’ interests and fundamental rights relating to protection of personal data.

        Please contact us if you would like to receive more information about our legitimate interest assessment.

        The processing is based on your consent where you have consented to Verisure marketing its services to you (Article 6.1.a GDPR).

        You can withdraw your consent at any time, by using the “unsubscribe” link contained in our marketing emails or by contacting us via [email protected].

        Personal data is stored and used throughout the contractual relationship and up to 6 months after the contractual relationship ends.

      3. To administer and analyse our campaigns, promotions, referral programmes, etc. or perform marketing analysis

      4. What we do:

        Categories of personal data:

        Legal basis:

        The criteria used to determine retention period:

        When may use your data for market and opinion research purposes. In principle, we evaluate the data anonymously for internal purposes. If, exceptionally, surveys are not evaluated anonymously, the data will only be collected with your consent.

        We use your personal data, such as data derived from statistical compilations, market segmentations and satisfaction surveys for the purposes of conducting marketing analyses. The results of our analyses are used to improve our customer service, to offer new solutions or to adapt our website and/or app, improving, replacing and developing new products and services, processes or working methods with the goal of developing our business, and to improve our standards.

        We use various third-party providers of satisfaction surveys including Medallia, Kantar etc.

        We may use your personal data for marketing personalisation (creating marketing profiles in order to understand preferences in relation to our products and services, and to deliver personalised advertising), list-based matching via social media providers such as Facebook, (to show our adverts on their platform), lookalike matching and matching activity with the following third parties: Meta Platforms, Nextdoor, TikTok and Snapchat.

        We may contact prospective customers who you have referred to Verisure. Please ensure that you have obtained their consent prior to providing their personal data to Verisure.

        Contact details of the Residential Customer such as name, telephone number, postal address, email address and IP address.

        The categories of personal data we process for business development include contact details, demographic data, etc.

        Contact details of the Residential Customer’s referred individual such as name, telephone number and email address.

        The processing is based on Verisure’s legitimate interest to promote and improve its products and services, as well as to administer and analyse its marketing strategies (Article 6.1.f GDPR).

        Our assessment is that Verisure’s legitimate interest outweighs the affected data subjects’ interests and fundamental rights relating to protection of personal data.

        Please contact us if you would like to receive more information about our legitimate interest assessment.

        The processing is based on your consent where you have consented to Verisure marketing its services to you (Article 6.1.a GDPR).

        You can withdraw your consent at any time, by using the “unsubscribe” link contained in our marketing emails or contacting us via [email protected].

        Personal data is stored and used throughout the contractual relationship and up to 6 months after the contractual relationship ends.

    8. Verisure’s legal interests

      1. To comply with our legal obligations

        Verisure is the data controller

      2. What we do:

        Categories of personal data:

        Legal basis:

        The criteria used to determine retention period:

        We may need to process personal data in order to comply with our legal obligations.

        All categories of personal data processed for the purposes described in this Privacy Notice.

        The processing of personal data is necessary for the performance of Verisure's legal obligations (Article 6.1.c GDPR)

        The personal data is retained for as long as necessary to comply with the applicable legal obligation.

      3. To enable restructurings or mergers of the business

        Verisure is the data controller

      4. What we do:

        Categories of personal data:

        Legal basis:

        The criteria used to determine retention period:

        In the event that Verisure is restructured, e.g. split into several different businesses, or if a merger occurs, the new company may continue to use your personal data for the same purposes as we have stated in this Privacy Notice, unless you receive different information in connection with the restructuring or merger.

        All categories of personal data processed for the purposes described in this Privacy Notice.

        The processing is based on Verisure’s legitimate interest to enable a restructuring process or a merger (Article 6.1.f GDPR).

        Our assessment is that Verisure’s legitimate interest outweighs the affected data subjects’ interests and fundamental rights relating to protection of personal data.

        Please contact us if you would like to receive more information about our legitimate interest assessment.

        If Verisure ceases to exist through a merger, or in the event of restructuring, we will erase the personal data as long as the retention of such personal data is not required by law.

        In other cases, your personal data will be processed in accordance with this Privacy Notice.

      5. To protect our legal interests in the event of a dispute

        Verisure is the data controller

      6. What we do:

        Categories of personal data:

        Legal basis:

        The criteria used to determine retention period:

        We may need to process your personal data in order to protect our legal interests in the event of a dispute, such as to establish, exercise or defend legal claims.

        All categories of personal data processed for the purposes described in this Privacy Notice.

        The processing is based on Verisure’s legitimate interest to protect our legal interests in the event of a dispute (Article 6.1.f GDPR).

        Our assessment is that Verisure’s legitimate interest outweighs the affected data subjects’ interests and fundamental rights relating to protection of personal data.

        Please contact us if you would like to receive more information about our legitimate interest assessment.

        The personal data is retained for as long as they are needed to establish, exercise or defend a legal claim, in any event, for a maximum of 6 years after the termination of the contract.

  4. Collection of Personal Data

    1. The personal data that we process may be provided directly by the data subject or from the data subject’s use of or interaction with our Services.

    2. In certain situation, we also collect and/or receive personal data from various companies we work with, such as lead generation companies and customer list providers. Whenever possible, we aim to work with companies based in the United Kingdom or the EU/EEA.

    3. Special category personal data

      You may consider it necessary to provide information to Verisure about special requirements in order to receive our services, such as health data (i.e. hearing impairment or physical disability), which are relevant for the efficient management of delivering our alarm monitoring services to you. In such cases, Verisure may have to process this information about your health (e.g. regarding impairment of hearing that prevents you from hearing the siren), or other form of disability. In some cases, there may also be instances where we may have to collect and process this information for other legal requirements.

      Such health data is a special category of personal data. This means we must treat it with extra care under applicable data protection requirements.

      This special category personal data may be provided by you or indirectly during or following your interactions with us (through e.g., chat, e-mail, text messages, calls to our customer services centre or in person during a maintenance visit recorded by our employees).

      Where we process such special category personal data we will do so, based on the following legal basis and purposes where:

      1. it is necessary to protect your, or someone else’s, vital interests:

        • we reasonably believe that you or another person are at risk of harm (if we do not process the data about you) and the processing is necessary to protect you or them from harm or to protect physical, mental or emotional well-being;

        • we reasonably believe it is necessary to protect the economic well-being of you or another person, where you or that person is less able to protect your own economic well-being by reason of physical or mental injury, illness or disability;

      2. it is necessary for the prevention or detection of an unlawful act;

      3. we need to carry out our obligations or rights in connection with employment, for example where we need to protect our staff members from harm.

      4. we may also collect such data where we have your consent to do so.

      Where you choose to provide health data voluntarily which it is not clear to us obviously falls into any of the categories above, we will discuss with you whether we should retain it and, if necessary (and not for the above purposes) will obtain your consent to future processing of that data.

      This paragraph only applies to your special category personal data and should be read in conjunction with our wider privacy notice which governs the collection and processing of all personal data about you. If you need more information on the above, or have any queries, please do not hesitate to contact us.

  5. Retention of Personal Data

    1. We will only process personal data for the period set out in this Privacy Notice (see section 3).

    2. When we no longer need to process the personal data for the pre-identified purposes or a retention period for the personal data lapses, we will delete it from our systems, databases and backups.

  6. With Whom Do We Share Your Personal Data

    1. Verisure may share personal data with trusted third parties if such sharing is necessary either based on Verisure’s legitimate interest or a legal obligation. Sharing of personal data may also be necessary for us to perform our contractual obligations towards our Residential Customers.

    2. Personal data may be shared with other companies in the Verisure Group or with our partner companies in connection with the provision of our Services, as described in the table below. Each recipient of your personal data is subject to corresponding legal or contractual obligations to those obligations which apply to Verisure, including an obligation to process your personal data securely and in accordance with applicable data protection legislation.

    3. We may share your data with:

      Categories of personal data that are shared:

      Customer experience providers such as Amazon Cloud Cam which provide us with storage services.

      Contact details, such as name, telephone number, postal address and e-mail address.

      Demographic data, such as age and area of residence.

      Information in the alarm log, such as information about when the Services are activated and de-activated and any communications between you and Verisure in the context of management of alarm triggering events.

      Service providers such as KHC Ltd who process personal data in order to provide requested services.

      Contact details, such as name, telephone number, postal address and e-mail address.

      Telephone service providers such as Inconcert, who provide services connected to our contact with individuals by phone.

      Personal data provided through calls with Verisure.

      Credit reference agencies who conduct an affordability check (“soft” credit checks).

      We may provide details such as name and address.

      Partners such as business introducers and online sales sites who provide us with sales services.

      Contact details, such as name, telephone number, postal address and e-mail address.

      Property-related data, such as a description of property.

      Payment data, such as credit and debit card details, bank account number and other information related to payment of the Service.

      Information about the Assigned Users of our Services.

      Additional personal data provided by the Residential Customerin the correspondence with Verisure regarding sales or customer service matters relating to our contractual relationship (through e.g., chat, e-mail, text messages).

      Cloud infrastructure providers, such as Microsoft, constituting part of the Verisure infrastructure. The processing of personal data is subject to strict technical and organisational security measures.

      All categories of personal data except alarm log data.

      Financial Services providers to process payments (e.g. SUMUP, HUMM, GoCardless, PAYPLANET and Accountis Europe Limited), handle claims, collect debts and for advisory.

      In addition, Verisure shares personal data with debt collection agencies to enforce unpaid debts.

      Contact details, such as name, telephone number, postal address and e-mail address.

      Information in the alarm log, such as information about when you activate and de-activate the alarm monitoring system and any communications between you and Verisure in the context of alarm management.

      Marketing and market research providers such as Medallia, Kantar, Meta, Google which Verisure works with to conduct marketing activities, market research and customer research.

      Your contact details, such as name, telephone number, postal address and e-mail address.

      Demographic data, such as age and area of your residence.

      Household-related data, such as the number of adults and children in the household.

      Information in the alarm log, such as information about when you activate and de-activate the alarm monitoring system and any communications between you and Verisure in the context of alarm management.

      Information shared with Meta and Google: Verisure only shares encrypted email addresses with these recipients.

      Private security companies, such as Securitas Security Services (UK) Limited, process your personal data in order to respond to incidents when Verisure sends security guards to your property.

      Your contact details, such as name, telephone number, postal address and e-mail address.

      Contact details of the contact person assigned by you, such as telephone number and e-mail address.

      Household-related data, such as the number of adults and children in the household.

      Images and audio in in an alarm situation, such as images, video and audio that may include your personal data and the personal data of others if they are present when the alarm is triggered.

      Sensitive personal data, such as health data, if provided by the customer for a specific purpose.

      Additional personal data provided by you in your correspondence with us (through e.g., phone, chat, e-mail, text messages).

      Collaboration partners such as insurance companies and leasing companies who may process your personal data for different purposes if you consent to such sharing.

      All categories of personal data, subject to your explicit consent.

      Authorities or equivalent third parties, such as the police authority or emergency centre, for example in the event of a break-in or accident.

      Your contact details, such as name, telephone number, postal address and e-mail address.

      Contact details of the contact person assigned by you, such as telephone number and e-mail address.

      Property-related data, such as a description of your property.

      Images and audio in in an alarm situation, such as images, video and audio that may include your personal data and the personal data of others if they are present when the alarm is triggered.

      Sensitive personal data, such as health data, if provided by the customer for a specific purpose.

      Additional personal data provided by you in your correspondence with us (through e.g., chat, e-mail, text messages).

      The acquirer or other successor in the event of mergers, divestments, restructuring, reorganisation, dissolution and other sale or transfer of Verisure's assets.

      All categories of personal data.

      Authority or equivalent third party in connection with audits, court proceedings or other similar purposes. The information may be shared for the purposes of complying with legal obligations and protecting our legal interests in the event of a dispute.

      All categories of personal data.

    4. Please note that this list may be updated from time to time.

  7. Automated Decision-Making

    1. We do not use automated decision-making.

  8. Where is Your Data Processed

    1. We aim to always process your personal data in the United Kingdom and the EU/EEA. In some circumstances we may need to transfer your personal data to a country outside of the United Kingdom and the EU/EEA (“Third Country”). In case your personal data is transferred to a Third Country, we will ensure that your personal data will continue to be subject to an essentially equivalent level of protection as in the United Kingdom and the EU/EEA.

  9. Your Rights

    1. Our responsibility for your rights

      1. As a data controller, we are responsible for ensuring that your personal data is processed in compliance with applicable data protection laws and that you can effectively exercise your rights as a data subject. You may contact us at any time if you wish to exercise your rights. You will find the contact details in the end of this Privacy Notice.

      2. We have an obligation to respond to your requests to exercise your rights within one month from receiving your request. If your request is complex or if we have received many requests, we may extend this deadline by two more months. If we are unable to take the action which you have requested within one month, we will inform you about the reason for the delay and about your right to lodge a complaint to a supervisory authority and to seek a judicial remedy.

      3. You will not be charged for any information, communication or measures that we take to manage and answer to your request. However, if your request is manifestly unfounded or excessive, we may charge an administrative fee for providing the information or taking the action requested or refuse to act on your request altogether.

    2. Your right to access, rectification, erasure and restriction

      1. You have the right to request:

        1. Access to your personal data. This means that you have the right to request access to personal data that we hold about you. You also have the right to be provided, at no cost, information about what personal data we are processing about you. We have the right to charge a reasonable administration fee if you request further copies. If you make a request by electronic means, e.g. via email, we will provide you with the information in commonly used electronic format.

        2. Rectification of your personal data. At your request or on our own initiative, we will correct, anonymise, delete or complete data which we find out is inaccurate, incomplete or misleading. Also, you have the right to request that we correct your personal data if something relevant is missing.

        3. Erasure of your personal data. You have the right to request that we erase your personal data if there is no compelling reason for us to continue processing the personal data. Compelling reasons for us to continue processing may be:

          1. processing is necessary for the right of freedom of expression and information,

          2. processing is necessary to comply with a legal obligation,

          3. processing is necessary for reasons of public interests in the area of public health,

          4. processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes or

          5. processing is necessary for the establishment, exercise or defence of legal claims.

          Your personal data will be erased if none of the circumstances above are applicable and if

          1. the personal data is no longer needed for the purpose for which we collected them,

          2. we process your personal data based on your consent and you withdraw your consent,

          3. you object to us processing your personal data which is based on a legitimate interest assessment, and we have no compelling interests that overrides your interests or rights and freedoms,

          4. we have processed your personal data unlawfully or

          5. we have a legal obligation to erase your personal data.

        4. Right to request restriction processing. Right to request restriction of processing means that we temporarily restrict the processing of your data. You have the right to request restriction when:

          1. you consider your data to be inaccurate and you have requested rectification as defined in paragraph 9.2.1 b), while we establish the accuracy of the personal data,

          2. the processing is unlawful, and you do not want the data to be erased,

          3. as the data controller, we no longer need to process the personal data for our processing purposes, but you need your personal data to be able to establish, exercise or defend a legal claim, or

          4. you have objected to processing as defined in paragraph 9.3, while waiting for our assessment of whether our legitimate interests override yours.

      2. We will take all reasonable measures possible to notify everyone who has received personal data as stated in Section 6 above if we have rectified, erased or restricted access to your personal data after you have requested us to do so. At your request, we will provide you with more information about the recipients of your personal data.

    3. Your right to object to processing

      1. You have the right to object to the processing of your personal data if our processing is based upon legitimate interest (see Section 3 above). If you object to such processing, we will only continue to process your personal data if we have compelling reasons for doing so which override your interests or rights and freedoms or if the processing is necessary for the establishment, exercise or defence of legal claims.

      2. If you do not wish that we use your personal data for direct marketing purposes, you always have the right to object to such processing by contacting us. We will cease to use your personal data for that purpose when we have received your objection.

    4. Your right to withdraw consent

      1. If we process your personal data based on your consent as the legal basis, you always have the right to withdraw your consent. You can do this at any time by contacting us. Our contact details are found in the end of this Privacy Notice.

    5. Your right to data portability

      1. You have right to data portability when we process your personal data by automated means and when the legal basis for the processing is your consent or performance of a contract.

      2. Right to data portability means that you have the right to receive the personal data we process about you in machine-readable format which allows you to transfer these personal data to another data controller. You may also request us to transfer the personal data directly to another data controller.

    6. Your right to complain to the supervisory authority

      1. You have the right to lodge a complaint with a supervisory authority in the European Member State of your residence if you are not satisfied with our processing of your personal data. The contact details are:

        21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland

        Telephone: +353 (01) 765 01 00 (local rate) or 1 800 437 737.

  10. We Protect Your Personal Data

    1. 10.1 We are committed to ensuring that you always feel comfortable when providing your personal data to us. We have therefore implemented both technical and organisational security measures, including access restrictions and regular internal controls, to best protect your personal data against, for example, unauthorised access, alteration, or loss. Should a data breach that materially impacts you or your personal data, e.g. entailing risk of fraud or identity theft, occur, we will contact you to explain what has happened and to provide you with advice on how you can mitigate any potential adverse effects of such data breach relevant for you.

  11. Cookies

    1. We use cookies and similar technologies (“Cookies”) on our website and app in order to, inter alia, improve your experience with us and to simplify and adapt our website to your needs and preferences. In ourPrivacy Notice for Website Visitors, we inform you about how we process your personal data when you visit our website or app. If you would like to know more about our use of cookies, please refer to our Cookie Policy here.

  12. Changes to this Privacy Notice

    1. This Privacy Notice was updated in June 2024.

    2. We reserve the right to change this Privacy Notice at any time. The latest version of the notice will always be available on our website.

    3. When we make changes which are not purely linguistic or editorial, you will be notified about the changes within a reasonable time prior to the changes taking effect. If you do not agree to the changes, you have the right to object to the processing before the changes take effect.

  13. How to Contact Us

    Ou r Data Protection Officer acts as the main point of contact for all matters relating to our Privacy Notice. The Data Protection Officer or the local contact person can be contacted by email at [email protected].

    If you have any complaints or questions about how we use your personal data, please do not hesitate to contact us:

    Verisure Services DAC, company registration number 696619

    Postal address: F2, East Point Business Park, North City Centre, Dublin 3, D03 T6P8

    E-mail: [email protected]
    Website:www.verisure.ie

You are a visitor to a residential customer of Verisure

Summary - Privacy Notice for Residential Customers’s Data Subjects

If you visit premises with Verisure Services

General information and the scope of this Privacy Notice

Your right to data protection is very important for us at Verisure. We aim to ensure that you feel comfortable about our processing of your personal data. The purpose of this privacy notice (“Privacy Notice”) is to provide information about how we ensure that your personal data is processed in compliance with applicable data protection legislation. This Privacy Notice applies to individuals whose personal data is collected through our home security alarm monitoring services, devices and cameras used by our Residential Customers (“Services”), e.g. if you visit premises where the Services are installed and used.

  • If you are a Residential Customer, please find the applicable Privacy Notice here.

  • If you are a Business Customer, please find the applicable Privacy Notice here.

  • If you visit a business premises using Verisure Services, please find the applicable Privacy Notice here.

Verisure is the data controller for the processing of your personal data in accordance with this Privacy Notice and we are thus responsible for ensuring that our processing of personal data complies with applicable data protection legislation. For certain processing of personal data, the Residential Customer is the data controller, either independently or jointly with Verisure. For further information about the Residential Customer’s processing of personal data, please refer to the Residential Customer for more information.

When we are processing personal data as a data controller, we ensure that applicable data protection legislation is always complied with and that we only process your personal data for the purposes described in this Privacy Notice.

If you believe that your data protection rights may have been breached, you have the right to lodge a complaint with the Data Protection Commission, whose contact details are:

21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland

Telephone: +353 (01) 765 01 00 (local rate) or 1 800 437 737.

How and why we process your personal data

We only process your personal data if the processing is necessary to fulfil the purposes of the processing described below.

We process your personal data for the following purposes:

  1. Provision of Services

    1. To monitor the premises through the Services

    2. To manage alarm triggering events

    3. To follow up previous alarm triggering events

    4. To ensure that we meet our legal obligations in respect of previously active customers

  2. Provision of support to the Residential Customers in relation to the Services

    1. To provide customer service and technical support in relation to our Services

    2. To assist Customers in case of an insurance claim or other legal claims

    3. To handle customer complaints

    4. To cooperate with law enforcement or regulators to fight crime, comply with our legal obligations or protect the safety of our Residential Customers

  3. Development of Verisure’s Services

    1. Quality assurance

    2. Training of Verisure’s personnel

    3. Development of Verisure’s Services

  4. Verisure’s legal interests

    1. To comply with our legal obligations

    2. To enable restructurings or mergers of the business

    3. To protect our legal interests in the event of a dispute

Complete information about how we process your personal data, including information about the applicable legal bases, the recipients of your personal data, international transfers of personal data and the criteria used to determine applicable retention periods is available here.

Your rights

You have the right to be informed about which personal data relating to you we process and what we do with your personal data. You also have the right of access to your personal data. In certain situations you also have the right to have your personal data erased, to request restriction of the processing of your personal data, the right to data portability as well as the right to object to our processing of your personal data. If we process your personal data based on your consent, you always have the right to withdraw your consent. If you believe that we have processed your data in an unlawful manner, you have the right to lodge a complaint with the applicable supervisory authority, namely the Data Protection Commission, whose contact details are:

21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland

Telephone: +353 (01) 765 01 00 (local rate) or 1 800 437 737.

Contact details

If you have any questions regarding this Privacy Notice, our processing of your personal data or if you wish to exercise your rights, please do not hesitate to contact us:

Verisure Services DAC, company registration number 696619

Postal address: F2, Eastpoint Business Park, Dublin 3, Dublin, Ireland, D03 T6P8

E-mail: [email protected]

Website: www.verisure.ie

Complete Privacy Notice for Privacy Notice for Residential Customers’s Data Subjects

If you visit premises with Verisure Services

Contents
  1. General

    1. Your right to data protection is very important to us at us Verisure Services DAC, reg. no. 696619 (“Verisure”). We aim at ensuring that you feel comfortable about our processing of your personal data. The purpose of this privacy notice (“Privacy Notice”) is to provide information about how we ensure that your personal data is processed in compliance with applicable data protection legislation.

    2. This Privacy Notice applies to individuals whose personal data is collected through our residential customer’s (“Residential Customer”) home security alarm systems and devices provided by Verisure, (“Services”), e.g. if you are visiting a premises which use the Services.

      If you are a Residential Customer, Assigned User or Emergency Contact please find the applicable Privacy Notice here.

      If you are a Business Customer, please find the applicable Privacy Notice here.

      If you are a visitor of business premises using Verisure Services, please find the applicable Privacy Notice here.

  2. Data Controller and Data Protection Officer

    1. Verisure is the data controller for the processing of your personal data in accordance with this Privacy Notice and we are thus responsible for ensuring that our processing of personal data complies with applicable data protection legislation.

    2. For certain processing of personal data, the Residential Customer is the data controller, either independently or jointly with Verisure.

      Verisure and the Residential Customer are joint controllersfor processing of personal data when personal data is collected through the Services and when such personal data is made available to the Residential Customer via the Verisure App during an alarm triggering event. The personal data processed in this manner may consist of live streaming or continuous video recording (“CVR”) material (limited to devices which have this functionality), video recordings, pictures or audio from an alarm triggering event. This personal data is available to the Assigned Users automatically and in real time via the Verisure App. Verisure is the designated contact point for the processing of your personal data when Verisure and the Residential Customer are joint controller, including for the exercise of the data subjects’ rights under the GDPR (see section 9). You will find our contact details in section 13.

      The Residential Customer is an independent data controllerwhen the Residential Customer is processing personal data for the following purposes:

      • Self-controlled monitoring functionalities for the Residential Customer’s convenience use (not related to an alarm triggering event), such as live streaming, CVR, recording of video, pictures or audio, or use of video doorbell or smart lock.

      • Personal management of the Verisure Services such as the provision of access permissions to third parties by the Residential Customer (e.g., a cleaner, Airbnb guests or neighbours).

      • Residential Customer’s subsequent processing of the personal data outside of the Verisure environment, e.g., sharing of material with law enforcement or an insurance company.

      The scope of this Privacy Notice is limited to the processing of personal data for which Verisure is a data controller, either independently or jointly with the Residential Customer. For further information about the Residential Customer’s processing of personal data, please contact the Residential Customer.

    3. We have designated a Data Protection Officer (“Data Protection Officer”), who is responsible for monitoring our processing of personal data to ensure that it is carried out in accordance with applicable legislation.

    4. The Data Protection Officer can be reached via [email protected].

  3. Our Processing of Personal Data

    In the tables below you can read more about how we at Verisure process your personal data when you use Verisure Services.

    Purposes

    1. Provision of Services

      1. To monitor the premises through the Services

        Verisure and the Residential Customer are joint controllers

      2. What we do:

        Categories of personal data:

        Legal basis:

        The criteria used to determine retention period:

        Personal data is collected via Verisure devices to ensure the functioning of the Services as well as to enable detection of alarm triggering events contributing to the safety and security of the Residential Customer and other individuals in the monitored premises.

        Personal data collected during an on-going alarm triggering event may be shared with the Residential Customer and/or Assigned Users in real time during an alarm triggering event in the Verisure App in case such technology settings are available to the Residential Customer

        Personal data collected during an on-going alarm triggering event, such as pictures, video, and audio from the monitored premises.

        The processing is based on Verisure’slegitimate interest to provide Services to the Residential Customers and the Residential Customer’s legitimate interest to ensure security of their home (Article 6.1.f GDPR).

        Our assessment is that Verisure’s and the Residential Customer’s legitimate interests outweigh the affected data subjects’ interests and fundamental rights relating to protection of personal data.

        Please contact us if you would like to receive more information about our legitimate interest assessment.

        Personal data collected during an on-going alarm triggering event are stored for a period of 90 days from the alarm triggering event unless the data is required under sub-section 4.3.

      3. To manage alarm triggering events

        Verisure is the data controller

      4. What we do:

        Categories of personal data:

        Legal basis:

        The criteria used to determine retention period:

        We process personal data to verify the cause of an alarm triggering event.

        During the management of an alarm triggering event Verisure processes personal data and may for example:

        - identify authorised persons detected in the monitored premises with the help of code words and

        - share personal data with a privacy security company, the law enforcement or other emergency services.

        Personal data collected during an on-going alarm triggering event, such as pictures, video and audio from the monitored premises. The real-time monitoring during an alarm triggering event may entail that sensitive personal data such as signs of a natural person’s health condition appear in the content.

        The processing is based on Verisure’s legitimate interest to provide Services to the Residential Customers and the Residential Customer’s legitimate interest to ensure security of their home (Article 6.1.f GDPR).

        Our assessment is that Verisure’s and the Residential Customer’s legitimate interests outweigh the affected data subjects’ interests and fundamental rights relating to protection of personal data.

        Please contact us if you would like to receive more information about our legitimate interest assessment.

        Sensitive personal data:

        In the exceptional situations where health information or other sensitive personal data is processed during an on-going alarm triggering event, sensitive personal data may be processed based on the exemption relating to the vital interests of the data subject or another natural person (Article 9.2.c GDPR).

        Personal data collected during an on-going alarm triggering event are stored for this purpose for a period of 90 days from the alarm triggering event unless the data is required under sub-section 4.3.

      5. To follow up previous alarm triggering events

        Verisure is the data controller

      6. What we do:

        Categories of personal data:

        Legal basis:

        The criteria used to determine retention period:

        We follow up previously managed alarm triggering events by contacting the Residential Customer to ensure that the management of the alarm triggering event was as efficient as possible and to receive information which could be relevant for any future alarm triggering events.

        Personal data collected during an on-going alarm triggering event, such as pictures, video, and audio from the monitored premises.

        Miscellaneous informationprovided to the ARC and noted by the alarm operator during an on-going alarm triggering event.

        The processing is based on Verisure’slegitimate interest to provide Services to the Residential Customers and to follow-up and ensure as efficient provision of the Services as possible (Article 6.1.f GDPR).

        Our assessment is that Verisure’s legitimate interest outweighs the affected data subjects’ interests and fundamental rights relating to protection of personal data.

        Please contact us if you would like to receive more information about our legitimate interest assessment.

        Personal data collected during an on-going alarm triggering event are stored for this purpose for a period of 90 days from the alarm triggering event unless the data is required under sub-section 4.3.

        Other personal data is stored for a period of up to 90 days from the alarm triggering event unless the data is required under sub-section 4.3.

      7. To ensure that we meet our legal obligations in respect of previously active customers

        Verisure is the data controller

      8. What we do:

        Categories of personal data:

        Legal basis:

        The criteria used to determine retention period:

        We process personal data to maintain our compliance with legal (consumer) obligations.

        Past customer contact details as submitted originally for entering into the contract

        The processing is necessary for Verisure’s compliance with legal obligations with customers (Article 6.1.c GDPR).

        The personal data is retained for a period of up to 6 years after the termination of the contract.

    2. Provision of support to the Customers in relation to the Services

      1. To provide customer service and technical support in relation to our Services

        Verisure is the data controller

      2. What we do:

        Categories of personal data:

        Legal basis:

        The criteria used to determine retention period:

        We process personal data when we provide the support which is requested by the Residential Customer relating to the contract, the Services or the technical functioning of the installation.

        We also process personal data when we manage other requests, such as requests to exercise the rights of a data subject.

        Personal data collected during an on-going alarm triggering event, such as pictures, video, and audio from the monitored premises.

        Miscellaneous informationprovided to the ARC and noted by the alarm operator during an on-going alarm triggering event.

        The processing is based on Verisure’slegitimate interest to provide support to the Residential Customers (Article 6.1.f GDPR).

        Our assessment is that Verisure’s legitimate interest outweighs the affected data subjects’ interests and fundamental rights relating to protection of personal data.

        Please contact us if you would like to receive more information about our legitimate interest assessment.

        The personal data is retained for the duration of the customer service matter and for a period of up to 90 days unless the data is required under sub-section 4.3.

      3. To assist Customers in case of an insurance or other legal claim

        Verisure is the data controller

      4. What we do:

        Categories of personal data:

        Legal basis:

        The criteria used to determine retention period:

        To be able to provide the Residential Customer with relevant information in case of insurance or other legal claims, we store personal data and the Residential Customers’ requests in an archive with appropriate access restrictions.

        Personal data collected during an on-going alarm triggering event, such as pictures, video, and audio from the monitored premises.

        Miscellaneous informationprovided to the ARC and noted by the alarm operator during an on-going alarm triggering event.

        The processing is based on the Residential Customer’s legitimate interest to have access to necessary information in order to handle insurance claims or other legal claims (Article 6.1.f GDPR).

        Our assessment is that the Residential Customer’s legitimate interests outweighs the affected data subjects’ interests and fundamental rights relating to protection of personal data.

        Please contact us if you would like to receive more information about our legitimate interest assessment.

        Once we remove the Residential Customer’s personal data from the internal database available to the customer service agents, we maintain the personal data collected during an on-going alarm triggering event with accompanying details in an archive with appropriate access restrictions for a period of time to support customers where evidence is required for insurance or other claims based on what practically is deemed a reasonable timeline for receiving such inquiries from customers and the time needed for insurance companies to handle such claims.

      5. To handle customer complaints

        Verisure is the data controller

      6. What we do:

        Categories of personal data:

        Legal basis:

        The criteria used to determine retention period:

        Depending on the nature of the complaint, we may for example investigate how an alarm triggering event was handled to ensure it was properly conducted.

        Personal data collected during an on-going alarm triggering event, such as pictures, video, and audio from the monitored premises.

        Miscellaneous informationprovided to the ARC and noted by the alarm operator during an on-going alarm triggering event.

        The processing is based on Verisure’slegitimate interest to handle and investigate customer complaints (Article 6.1.f GDPR).

        Our assessment is that Verisure’s legitimate interest outweighs the Residential Customer’s interests and fundamental rights relating to protection of personal data.

        Please contact us if you would like to receive more information about our legitimate interest assessment.

        We maintain the personal data collected during the handling of a complaint for a period of 3 years from the date of settlement or closure of the complaint.

      7. To cooperate with law enforcement or regulators to fight crime, comply with our legal obligations or protect the safety of our Residential Customers

        Verisure is the data controller

      8. What we do:

        Categories of personal data:

        Legal basis:

        The criteria used to determine retention period:

        We may, when necessary, assist law enforcement or regulators where a legal obligation to provide assistance applies or such cooperation is otherwise motivated and based on a formal and written request for information.

        Personal data collected during an on-going alarm triggering event, such as pictures, video and audio from the monitored premises.

        Other information requested by law enforcement or a regulator which Verisure must share or otherwise considers is necessary to share.

        Processing is necessary to comply with a legal obligation (Article 6.1.c GDPR) or

        The processing is based on Verisure’slegitimate interest to assist law enforcement or regulators in case they receive a formal and written request for information (Article 6.1.f GDPR).

        Our assessment is that Verisure’s legitimate interest outweighs the Residential Customer’s or other affected data subjects’ interests and fundamental rights relating to protection of personal data.

        Please contact us if you would like to receive more information about our legitimate interest assessment.

        For as long as is required under applicable law.

    3. Development of Verisure’s Services

      1. Quality assurance

        Verisure is the data controller

      2. What we do:

        Categories of personal data:

        Legal basis:

        The criteria used to determine retention period:

        We perform analyses of previous alarm triggering events to ensure efficient and correct management of alarm triggering events.

        Personal data collected during an on-going alarm triggering event, such as pictures, video and audio from the monitored premises.

        The processing is based on Verisure’slegitimate interest to investigate and ensure that the Services have been provided in the correct manner (Article 6.1.f GDPR).

        Our assessment is that Verisure’s legitimate interest outweighs the Residential Customer’s and other affected data subjects’ interests and fundamental rights relating to protection of personal data.

        Please contact us if you would like to receive more information about our legitimate interest assessment.

        The personal data is processed for a period of up to 6 years after the termination of the contract.

      3. Training of Verisure’s personnel

        Verisure is the data controller

      4. What we do:

        Categories of personal data:

        Legal basis:

        The criteria used to determine retention period:

        We perform analyses of previous alarm triggering events to ensure efficient and correct management of alarm triggering events.

        Any personal data used for the purpose of training Verisure’s personnel will be pseudonymised so that the natural persons are not identifiable to the personnel.

        Personal data collected during an on-going alarm triggering event, such as pictures, video and audio from the monitored premises in strongly pseudonymised format.

        The processing is based on Verisure’slegitimate interest to train its personnel and thus ensure the highest possible level of Service (Article 6.1.f GDPR).

        Our assessment is that Verisure’s legitimate interest outweighs the Residential Customer’s and other affected data subjects’ interests and fundamental rights relating to protection of personal data.

        Please contact us if you would like to receive more information about our legitimate interest assessment.

        The personal data is processed for a period of up to 6 years after the termination of the contract.

      5. Development of Verisure’s Services

        Verisure is the data controller

      6. What we do:

        Categories of personal data:

        Legal basis:

        The criteria used to determine retention period:

        We process personal data to further develop our Services, for example by making our devices more precise, improving the customer experience etc.

        Any personal data used for the purpose of developing Verisure’s Services will be pseudonymised so that the natural persons are not identifiable to personnel.

        Personal data collected during an on-going alarm triggering event, such as pictures, video and audio from the monitored premises in strongly pseudonymised format.

        The processing is based on Verisure’slegitimate interest to develop their Services and thus ensure the highest possible level of Service (Article 6.1.f GDPR).

        Our assessment is that Verisure’s legitimate interest outweighs the Residential Customer’s and other affected data subjects’ interests and fundamental rights relating to protection of personal data.

        Please contact us if you would like to receive more information about our legitimate interest assessment.

        The personal data is processed for a period of up to 6 years after the termination of the contract.

    4. Verisure’s legal interests

      1. To comply with our legal obligations

        Verisure is the data controller

      2. What we do:

        Categories of personal data:

        Legal basis:

        The criteria used to determine retention period:

        We may need to process personal data in order to comply with our legal obligations.

        All categories of personal dataprocessed for the purposes described in this Privacy Notice.

        The processing of personal data is necessary for the performance of Verisure's legal obligations (Article 6.1.c GDPR)

        The personal data is retained for as long as necessary to comply with the applicable legal obligation.

      3. To enable restructurings or mergers of the business

        Verisure is the data controller

      4. What we do:

        Categories of personal data:

        Legal basis:

        The criteria used to determine retention period:

        In the event that Verisure is restructured, e.g. split into several different businesses, or if a merger occurs, the new company may continue to use the personal data for the same purposes as we have stated in this Privacy Notice, unless you receive different information in connection with the restructuring or merger.

        All categories of personal dataprocessed for the purposes described in this Privacy Notice.

        The processing is based on Verisure’slegitimate interest to enable a restructuring process or a merger (Article 6.1.f GDPR).

        Our assessment is that Verisure’s legitimate interest outweighs the affected data subjects’ interests and fundamental rights relating to protection of personal data.

        Please contact us if you would like to receive more information about our legitimate interest assessment.

        If Verisure ceases to exist through a merger, or in the event of restructuring, we will erase the personal data as long as the retention of such personal data is not required by law.

        In other cases, your personal data will be processed in accordance with this Privacy Notice.

      5. To protect our legal interests in the event of a dispute

        Verisure is the data controller

      6. What we do:

        Categories of personal data:

        Legal basis:

        The criteria used to determine retention period:

        We may need to process your personal data in order to protect our legal interests in the event of a dispute, such as to establish, exercise or defend legal claims.

        All categories of personal dataprocessed for the purposes described in this Privacy Notice.

        The processing is based on Verisure’slegitimate interest to protect our legal interests in the event of a dispute (Article 6.1.f GDPR).

        Our assessment is that Verisure’s legitimate interest outweighs the affected data subjects’ interests and fundamental rights relating to protection of personal data.

        Please contact us if you would like to receive more information about our legitimate interest assessment.

        The personal data is retained for as long as they are needed to establish, exercise, or defend a legal claim, in any event, for a maximum of 6 years after the termination of the contract.

  4. Collection of Personal Data

    1. The personal data that we process may be provided directly by the data subject or from the Business Customer.

  5. Retention of Personal Data

    1. We will only process personal data for the period set out in this Privacy Notice (see section 3).

    2. When we no longer need to process the personal data for the pre-identified purposes or a retention period for the personal data lapses, we will delete it from our systems, databases and backups.

  6. With Whom Do We Share Your Personal Data

    1. Verisure may share personal data with trusted third parties if such sharing is necessary either based on Verisure’s legitimate interest or a legal obligation. Sharing of personal data may also be necessary for us to perform our contractual obligations towards our Residential Customers.

    2. Personal data may be shared with other companies in the Verisure Group or with our partner companies in connection with the provision of our Services, as described in the table below. Each recipient of your personal data is subject to corresponding legal or contractual obligations to those obligations which apply to Verisure, including an obligation to process your personal data securely and in accordance with applicable data protection legislation.

      We may share your data with:

      Categories of personal data that are shared:

      Telephone service providers such as Inconcert, who provide services connected to our contact with individuals by phone.

      Personal data provided through calls with Verisure.

      Cloud infrastructure providers, such as Microsoft, constituting part of the Verisure infrastructure. The processing of personal data is subject to strict technical and organisational security measures.

      All categories of personal data.

      Private security companies, such as Securitas Security Services (UK) Limited, process your personal data in order to respond to incidents when Verisure sends security guards to your property.

      Your contact details, such as name, telephone number, postal address and e-mail address.

      Images and audio in in an alarm situation, such as images, video and audio that may include your personal data and the personal data of others if they are present when the alarm is triggered.

      Sensitive personal data, such as health data, if provided by the customer for a specific purpose.

      Additional personal data provided by you in your correspondence with us (through e.g., phone, chat, e-mail, text messages).

      Authorities or equivalent third parties, such as the police authority or emergency centre, for example in the event of a break-in or accident.

      Your contact details, such as name, telephone number, postal address and e-mail address.

      Images and audio in in an alarm situation, such as images, video and audio that may include your personal data and the personal data of others if they are present when the alarm is triggered.

      Sensitive personal data, such as health data, if provided by the customer for a specific purpose.

      Additional personal data provided by you in your correspondence with us (through e.g., chat, e-mail, text messages).

      The acquirer or other successor in the event of mergers, divestments, restructuring, reorganization, dissolution and other sale or transfer of Verisure's assets.

      All categories of personal data.

      Authority or equivalent third party in connection with audits, court proceedings or other similar purposes. The information may be shared for the purposes of complying with legal obligations and protecting our legal interests in the event of a dispute.

      All categories of personal data.

    3. Please note that this list may be updated from time to time.

  7. Automated Decision-Making

    1. We do not use automated decision-making.

  8. Where is Your Data Processed?

    1. We aim to always process your personal data in the United Kingdom and the EU/EEA. In some circumstances we may need to transfer your personal data to a country outside of the United Kingdom and the EU/EEA (“Third Country”). In case your personal data is transferred to a Third Country, we will ensure that your personal data will continue to be subject to an essentially equivalent level of protection as in the United Kingdom and the EU/EEA.

  9. Your Rights

    1. Our responsibility for your rights

      1. As a data controller, we are responsible for ensuring that your personal data is processed in compliance with applicable data protection laws and that you can effectively exercise your rights as a data subject. You may contact us at any time if you wish to exercise your rights. You will find the contact details in the end of this Privacy Notice.

      2. We have an obligation to respond to your requests to exercise your rights within one month from receiving your request. If your request is complex or if we have received many requests, we may extend this deadline by two more months. If we are unable to take the action which you have requested within one month, we will inform you about the reason for the delay and about your right to lodge a complaint to a supervisory authority and to seek a judicial remedy.

      3. You will not be charged for any information, communication or measures that we take to manage and answer to your request. However, if your request is manifestly unfounded or excessive, we may charge an administrative fee for providing the information or taking the action requested or refuse to act on your request altogether.

    2. Your right to access, rectification, erasure and restriction

      1. You have the right to request:

        1. Access your personal data. This means that you have the right to request access to personal data that we hold about you. You also have the right to be provided, at no cost, information about what personal data we are processing about you. We have the right to charge a reasonable administration fee if you request further copies. If you make a request by electronic means, e.g. via email, we will provide you with the information in commonly used electronic format.

        2. Rectification of your personal data. At your request or on our own initiative, we will correct, anonymise, delete or complete data which we find out is inaccurate, incomplete or misleading. Also, you have the right to request that we correct your personal data if something relevant is missing.

        3. Erasure of your personal data. You have the right to request that we erase your personal data if there is no compelling reason for us to continue processing the personal data. Compelling reasons for us to continue processing may be:

          1. processing is necessary for the right of freedom of expression and information,

          2. processing is necessary to comply with a legal obligation,

          3. processing is necessary for reasons of public interests in the area of public health,

          4. processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes or

          5. processing is necessary for the establishment, exercise or defence of legal claims.

          Your personal data will be erased if none of the circumstances above are applicable and if

          1. the personal data is no longer needed for the purpose for which we collected them,

          2. we process your personal data based on your consent and you withdraw your consent,

          3. you object to us processing your personal data which is based on a legitimate interest assessment, and we have no compelling interests that overrides your interests or rights and freedoms,

          4. we have processed your personal data unlawfully or

          5. we have a legal obligation to erase your personal data.

        4. Right to request restriction processing. Right to request restriction of processing means that we temporarily restrict the processing of your data. You have the right to request restriction when:

          1. you consider your data to be inaccurate and you have requested rectification as defined in paragraph 9.2.1 b), while we establish the accuracy of the personal data,

          2. the processing is unlawful, and you do not want the data to be erased,

          3. as the data controller, we no longer need to process the personal data for our processing purposes, but you need your personal data to be able to establish, exercise or defend a legal claim, or

          4. you have objected to processing as defined in paragraph 9.3, while waiting for our assessment of whether our legitimate interests override yours.

      2. We will take all reasonable measures possible to notify everyone who has received personal data as stated in Section 6 above if we have rectified, erased or restricted access to your personal data after you have requested us to do so. At your request, we will provide you with more information about the recipients of your personal data.

    3. Your right to object to processing

      1. You have the right to object to the processing of your personal data if our processing is based upon legitimate interest (see Section 3 above). If you object to such processing, we will only continue to process your personal data if we have compelling reasons for doing so which override your interests or rights and freedoms or if the processing is necessary for the establishment, exercise or defence of legal claims.

      2. If you do not wish that we use your personal data for direct marketing purposes, you always have the right to object to such processing by contacting us. We will cease to use your personal data for that purpose when we have received your objection.

    4. Your right to withdraw consent

      1. If we process your personal data based on your consent as the legal basis, you always have the right to withdraw your consent. You can do this at any time by contacting us. Our contact details are found in the end of this Privacy Notice.

    5. Your right to data portability

      1. You have right to data portability when we process your personal data by automated means and when the legal basis for the processing is your consent or performance of a contract.

      2. Right to data portability means that you have the right to receive the personal data we process about you in machine-readable format which allows you to transfer these personal data to another data controller. You may also request us to transfer the personal data directly to another data controller.

    6. Your right to complain to the supervisory authority

      1. You have the right to lodge a complaint with a supervisory authority in the European Member State of your residence if you are not satisfied with our processing of your personal data. The contact details are:

        21 Fitzwilliam Square South, Dublin 2, D0 RD38,

        Tel: +353 (01) 765 01 00 (local rate) or 1 800 437 737.

  10. We Protect Your Personal Data

    1. We are committed to ensuring that you always feel comfortable when providing your personal data to us. We have therefore implemented both technical and organisational security measures, including access restrictions and regular internal controls, to best protect your personal data against, for example, unauthorised access, alteration, or loss. Should a data breach that materially impacts you or your personal data, e.g. entailing risk of fraud or identity theft, occur, we will contact you to explain what has happened and to provide you with advice on how you can mitigate any potential adverse effects of such data breach relevant for you.

  11. Cookies

    1. We use cookies and similar technologies (“Cookies”) on our website and app in order to, inter alia, improve your experience with us and to simplify and adapt our website to your needs and preferences. In our Privacy Notice for Website Visitors, we inform you about how we process your personal data when you visit our website or app. If you would like to know more about our use of cookies, please refer to our Cookie Policy here.

  12. Changes to This Privacy Notice

    1. This Privacy Notice was updated in June 2024.

    2. We reserve the right to change this Privacy Notice at any time. The latest version of the notice will always be available on our website.

    3. When we make changes which are not purely linguistic or editorial, you will be notified about the changes within a reasonable time prior to the changes taking effect. If you do not agree to the changes, you have the right to object to the processing before the changes take effect.

  13. How to Contact Us

    1. Our Data Protection Officer acts as the main point of contact for all matters relating to our Privacy Notice. The Data Protection Officer or the local contact person can be contacted by email at [email protected].

      If you have any complaints or questions about how we use your personal data, please do not hesitate to contact us:

      Verisure Services DAC, company registration number 696619

      Postal address: F2, East Point Business Park, North City Centre, Dublin 3, D03 T6P8

      E-mail: [email protected]

      Website: www.verisure.ie

Camera Guidance for Residential Customers

This guidance will help you to understand what you need to do if you are considering installing, or have already installed, a Verisure camera system in your home.

The information in this document is intended to be helpful and practical guidance on generic, common-sense approaches to the installation and use of Verisure alarm system cameras. It is not intended to be legal advice nor a comprehensive explanation of applicable laws and regulations. If readers require specific advice, they should contact a legal professional.

  1. Verisure Camera System

    Whilst Verisure is able to use the camera system to verify and respond to an alarm signal, you as a homeowner are otherwise responsible for using the camera system in a manner which does not infringe applicable laws and regulations.

    This guidance is intended to help you understand the potential implications of your use of the camera system in your home. As use of the camera system involves the processing of images, videos and voices, it is important that you bear in mind that camera and data protection laws may apply.

  2. Laws and Regulations

    The following legislation may apply:

    • Camera surveillance laws and national rules on the operation of cameras. These may contain obligations regarding notification or registration of camera systems, appropriate positioning and notices required in the monitored premises.

    • Data protection laws, primarily the General Data Protection Regulation (GDPR), which regulate the processing (i.e. all types of action) of personal data. The GDPR may be complemented by national legislation. These laws aim to protect individuals’ right to privacy. As the operator of the camera system, you fall within the definition of a "controller" with respect to the processing of personal data that is due to the use of the camera system. You are therefore responsible for ensuring that the personal data of individuals captured by the camera system is processed in a compliant way and with due consideration for the privacy of the individuals concerned.

  3. Your Responsibilities

    1. The household exemption

      When you use the camera system in a manner that the content is exclusively captured from your own premises, the processing of personal data is most likely to be considered as being of a purely private nature. Under such circumstances, you are exempted from the extensive legal obligations set out in the GDPR because of the so-called “household exemption”. Nevertheless, it is important that you use the camera system in a responsible manner with respect for affected individuals’ privacy.

      To the extent that the camera system is directed outwards from your private setting and covers - even partially - a public space, the household exemption will not apply. For example, the household exemption probably does not apply if you:

      • rent out your business premises (e.g. through AirBnB),

      • monitor the activities of workers or domestic staff working on your premises,

      • capture content outside your property (e.g. street, parking areas or neighbouring property, communal bin collection area), or

      • share images on social media or other public spaces.

      For more information about the household exemption please visit the Ireland Data Protection Commission’s website at https://www.dataprotection.ie/.

    2. Installation and positioning of cameras

      During installation, our security experts will recommend areas to be monitored, the position of the camera system and how to install cameras in a way that also helps you avoid capturing areas outside your private setting.

      They are happy to provide this support based on their experience from advising other customers in similar situations as part of setting up camera systems. However, as you have actual control of the equipment, you are ultimately responsible for ensuring that the equipment is positioned appropriately and that it respects other people’s right to privacy. We strongly recommend that once the system has been installed by our security experts, you do not change the location, placement, or field of view of any of the cameras.

      If you are installing or repositioning cameras yourself, here are some principles to bear in mind:

      • Do not capture outside public or shared areas (e.g. streets and pavements, public parks or parking areas, communal bin collection area) or your neighbour’s premises. Some cameras have settings that allow you to mask certain areas in view which can help with avoiding areas outside of your premises.

      • Do not capture indoor public/shared areas within your residence (fitness facilities, seating areas, counters, lounge areas, etc.) where they are used for recovery, regeneration, and leisure activities as well as in places where individuals stay and/or communicate. Some cameras have settings that allow you to mask certain areas in view which can help with avoiding these areas within your premises.

      • Think about the problem you are trying to tackle. It will usually be to safeguard you and your property against crime. If this is the case, only place cameras in areas where you are concerned about a safety or security risk (e.g. potentially vulnerable areas).

      • Avoid placing cameras in sensitive areas, such as bedrooms, toilets or similar locations where people have high expectations of privacy.

      • Take particular care to avoid any areas where children or vulnerable adults might be captured by the camera. Vulnerable people are specifically protected under privacy laws.

      • Consider informing your neighbours what you are installing and listen to any objections or concerns they may have. Ensure that you don’t breach any laws or other rules such as a housing association’s rules or code of conduct.

    3. Capturing audio

      Typically, audio capture functionality is turned off by default, but it may be possible for you to turn it on. Before turning on the audio capture functionality, you should make sure that this is allowed under applicable laws and regulations. Silently listening in on other people’s conversations through devices may be considered covert surveillance and thus breach laws, including individuals’ right to privacy.

    4. Information and signage

      You have an obligation to inform people about the camera system. In addition to being able to answer questions from your neighbours and visitors about the monitoring, you should set up clear signage providing the most important information about the monitoring. Verisure will provide appropriate signage to you during installation.

      • The signage should be visible to people before they enter the monitored area.

      • Multiple signs may be required if you have several entrances and multiple monitored areas.

      Learn more about Verisure alarm deterrent signage and stickers.

    5. Viewing content

      The camera system includes a “remote access” functionality which, depending on the camera type, allows you to capture and view images on your phone or computer (e.g. via My Verisure App or Arlo App).

      It is important that you use these features selectively, where there is a genuine need to look back at the image, e.g. where you are concerned that there has been a security incident at the premises which you would like to review or investigate further. You should not use these features to, e.g. monitor an individual or their behaviour. You are responsible for ensuring that your use of the functionality does not breach any applicable laws or regulations.

    6. Sharing content

      It is also possible for you to share your content, but it is important that you are careful when sharing images and videos of other people. Even when the content is captured in legitimate circumstances, sharing it could violate other people’s right to privacy.

      • You should only share images with others where you are comfortable that disclosure is necessary and appropriate and will not cause embarrassment or harm to anyone captured in the images.

      • Be particularly careful about sharing images in any public or semi-public environment, e.g. on the internet or social media.

      We recommend that you do not post images on these platforms unless you have explicit consent from each of the individuals in the images.

  4. In Case of an Alarm (Verisure Access to the Camera System)

    If the alarm system triggers an alarm, Verisure’s Alarm Receiving Centre (ARC) will have access to some of the devices in the camera system and to content which the system has automatically captured. Verisure’s access is limited to what is strictly necessary for our ARC to verify and respond to the alarm event. The ARC follows strict protocols and security measures when accessing the content from the camera system. This may involve sharing camera images with law enforcement, emergency services and/or guard services.

    In certain jurisdictions, Verisure also provides monitoring functionalities specifically for alarm events via phone or computer These functionalities may encompass various features such as live view streaming, continuous video recording, and the capability to record video, photos, and audio. Verisure’s involvement in this processing activity is limited to the initial stages, when personal data is transmitted from Verisure to your phone or computer (e.g. through My Verisure App or Arlo App. Hence, it is important to emphasize that Verisure and its customers do not exercise control or influence over any potential subsequent stages of data processing. For instance, if you choose to download material for additional purposes, such as filing a police report or an insurance claim, you should be mindful of your responsibilities and ensure compliance with the household exemption.