Compliance Policies

Privacy policy

This privacy policy explains how we (Paxton Access Ltd) use any personal information we collect about you. We hold personal data about our customers, employees and suppliers (known as “data subjects”) for a variety of business purposes and this falls within the scope of this policy and the requirements of the General Data Protection Regulation 2016 (‘GDPR’) effective from 25th May 2018.

Click here to read in full

The modern slavery act 2015

Section 54 of the Modern Slavery Act 2015 (the “Act”) requires commercial organisations supplying goods or services in the United Kingdom which have a turnover of over £36 million per annum to publish a “Slavery and Human Trafficking Statement”.

This statement must set out the steps an organisation has taken, if any, during its financial year to ensure that slavery or human trafficking is not taking place in any part of its business and supply chain, or to declare that no such steps have been taken.

Click here to read in full

Gender pay gap

Organisations with 250 or more employees have to report on their gender pay gap annually, by publishing the results on their website and uploading them to a Government website for public availability.

Our report shows the difference in average hourly pay between men and women at Paxton, the bonus pay gaps and the proportions of men and women in each pay band. It also highlights the steps we’re taking to close the gap.

Click here to read in full

Vulnerability Disclosure Policy

Like all good technology companies we have a clear, formal and robust process for the reporting of bugs and issues. We have a schedule of improvement updates that we release throughout the year. We operate a policy of responsible disclosure for reporting security vulnerabilities.

Click here to read in full

Product conformity declaration

A Declaration of Conformity(DoC) is used to show compliance with the following European Directives:

  • Low Voltage Directive (LVD)
  • Electromagnetic Compatibility (EMC) Directive
  • Radio Equipment Directive (RED)
  • Restriction of the use of certain hazardous substances (RoHS)


To obtain a DoC for any given product, please contact Paxton Technical Support with the product name and sales code.

Contact Paxton Support


Paxton product compliance

Paxton has worked to ensure its compliance with legislation covering data protection including the General Data Protection Regulation (GDPR) by 25th May 2018.

Our access control products also include the features necessary for our customers to achieve compliance.

  • Our systems are protected with password protection and operator rights, limiting the access to the data within the system. For the benefit of increased security, the systems can be set to automatically log out an operator if the system is inactive for an extended period.
  • You can set the system to report on information held for an individual, as well as permanently delete a user and all associated information if requested.
  • User activity in the system, in the form of events, can be deleted manually at any given point or a set timescale (i.e. 30 days) automatically. In the case of Paxton10, video records can also be deleted in the same way. Event information can be retained in the case of Net2, but can be anonymised. Net2 does not hold video data but any links to associated video can also be removed as part of the deletion of user information and events.
  • Data security is achieved within the systems by the use of best practice methods and database structure.

There are two new application notes relating to the security update within Net2 v5.04:

We have made sure that our products will provide the tools required to allow compliance if used correctly, however, Paxton is not responsible for a user’s compliance with GDPR and do not offer advice on how to be compliant.


Paxton Telemetry & Analytics – Net2 Access Control

Paxton gathers information about your system composition and use. The information provided will allow us to improve the products and services we offer you and does not include any personal data or identifiable information held within the system.

The information we collect includes:

  • The version of Net2 originally installed
  • The date of original install
  • Upgrade history; when Net2 was upgraded and to which version
  • Number & Types of devices – ACU’s, I/O Boards, PaxLocks & Entry
  • Number of users within the system
  • Number of credentials within the system
  • Number of events generated by the system
  • The Language in use
  • PC/Server information – OS, RAM, CPU, HDD/SSD size/space remaining
  • Feature use; which Net2 features are being used and when
  • Integrations used with the Net2 system
  • User activity; when the system is being used and for how long
  • Net2 Operator types and the number of operator accounts