The modern slavery act 2015
Section 54 of the Modern Slavery Act 2015 (the “Act”) requires commercial organisations supplying goods or services in the United Kingdom which have a turnover of over £36 million per annum to publish a “Slavery and Human Trafficking Statement”.
This statement must set out the steps an organisation has taken, if any, during its financial year to ensure that slavery or human trafficking is not taking place in any part of its business and supply chain, or to declare that no such steps have been taken.
Gender pay gap
Organisations with 250 or more employees have to report on their gender pay gap annually, by publishing the results on their website and uploading them to a Government website for public availability.
Our report shows the difference in average hourly pay between men and women at Paxton, the bonus pay gaps and the proportions of men and women in each pay band. It also highlights the steps we’re taking to close the gap.
This statement explains how the Paxton Directors have had regard to broader stakeholder interests when performing their duty under section 172 of the Companies Act 2006, to promote the success of the company for the benefit of its members as a whole.
Vulnerability Disclosure Policy
Like all good technology companies we have a clear, formal and robust process for the reporting of bugs and issues. We have a schedule of improvement updates that we release throughout the year. We operate a policy of responsible disclosure for reporting security vulnerabilities.
Product conformity declaration
A Declaration of Conformity (DoC) is used to show compliance with the following European Directives:
- Low Voltage Directive (LVD)
- Electromagnetic Compatibility (EMC) Directive
- Radio Equipment Directive (RED)
- Restriction of the use of certain hazardous substances (RoHS)
To obtain a DoC for any given product, please contact Paxton Technical Support with the product name and sales code.
Paxton product compliance
Paxton has worked to ensure its compliance with legislation covering data protection including the General Data Protection Regulation (GDPR) by 25th May 2018.
Our access control products also include the features necessary for our customers to achieve compliance.
- Our systems are protected with password protection and operator rights, limiting the access to the data within the system. For the benefit of increased security, the systems can be set to automatically log out an operator if the system is inactive for an extended period.
- You can set the system to report on information held for an individual, as well as permanently delete a user and all associated information if requested.
- User activity in the system, in the form of events, can be deleted manually at any given point or a set timescale (i.e. 30 days) automatically. In the case of Paxton10, video records can also be deleted in the same way. Event information can be retained in the case of Net2, but can be anonymised. Net2 does not hold video data but any links to associated video can also be removed as part of the deletion of user information and events.
- Data security is achieved within the systems by the use of best practice methods and database structure
There are two new application notes relating to the security update within Net2 v5.04:
- Net2 Security Settings – Data Protection and Strong Password Enforcement
- Net2 Default System Engineer password – update
We have made sure that our products will provide the tools required to allow compliance if used correctly, however, Paxton is not responsible for a user’s compliance with GDPR and do not offer advice on how to be compliant.
Paxton10 End User License Agreement
The Paxton10 EULA is a legal agreement between the end-user and Paxton Access Limited for the Paxton10 software product, which includes computer software and any data supplied with it, printed materials and online or electronic documentation.
Paxton Telemetry & Analytics – Net2 Access Control
Paxton gathers information about your system composition and use. The information provided will allow us to improve the products and services we offer you and does not include any personal data or identifiable information held within the system.
The information we collect includes:
- The version of Net2 originally installed
- The date of original install
- Upgrade history; when Net2 was upgraded and to which version
- Number & Types of devices – ACU’s, I/O Boards, PaxLocks & Entry
- Number of users within the system
- Number of credentials within the system
- Number of events generated by the system
- The Language in use
- PC/Server information – OS, RAM, CPU, HDD/SSD size/space remaining
- Feature use; which Net2 features are being used and when
- Integrations used with the Net2 system
- User activity; when the system is being used and for how long
- Net2 Operator types and the number of operator accounts
In accordance with GDPR, we do not gather or store identifying personal information contained within the system. Information gathered is used purely for the continued improvement of our products and services. We will not pass any information we gather onto any third-party companies and we will not use the information to engage you in marketing activities.