Compliance Policies
Privacy policy
This privacy policy explains how we (Paxton Access Ltd) use any personal information we collect about you. We hold personal data about our customers, employees and suppliers (known as “data subjects”) for a variety of business purposes and this falls within the scope of this policy and the requirements of the General Data Protection Regulation 2016 (‘GDPR’) effective from 25th May 2018.
The modern slavery act 2015
Section 54 of the Modern Slavery Act 2015 (the “Act”) requires commercial organisations supplying goods or services in the United Kingdom which have a turnover of over £36 million per annum to publish a “Slavery and Human Trafficking Statement”.
This statement must set out the steps an organisation has taken, if any, during its financial year to ensure that slavery or human trafficking is not taking place in any part of its business and supply chain, or to declare that no such steps have been taken.
Vulnerability Disclosure Policy
Like all good technology companies we have a clear, formal and robust process for the reporting of bugs and issues. We have a schedule of improvement updates that we release throughout the year. We operate a policy of responsible disclosure for reporting security vulnerabilities.
Product conformity declaration
A Declaration of Conformity(DoC) is used to show compliance with the following European Directives:
- Low Voltage Directive (LVD)
- Electromagnetic Compatibility (EMC) Directive
- Radio Equipment Directive (RED)
- Restriction of the use of certain hazardous substances (RoHS)
To obtain a DoC for any given product, please contact Paxton Technical Support with the product name and sales code.
Product end of life disposal
When our products reach the end of their useful life, we encourage consumers to ensure they dispose/recycle metal and plastic components in accordance with local and national environmental regulations.
At the end of its serviceable life a Paxton product should not be treated as household or general waste, it should be handed over to the applicable collection point for the recycling of waste electrical and electronic equipment (WEEE) or returned to your supplier for disposal.
Paxton product compliance
Paxton has worked to ensure its compliance with legislation covering data protection including the General Data Protection Regulation (GDPR) by 25th May 2018.
Our access control products also include the features necessary for our customers to achieve compliance.
- Our systems are protected with password protection and operator rights, limiting the access to the data within the system. For the benefit of increased security, the systems can be set to automatically log out an operator if the system is inactive for an extended period.
- You can set the system to report on information held for an individual, as well as permanently delete a user and all associated information if requested.
- User activity in the system, in the form of events, can be deleted manually at any given point or a set timescale (i.e. 30 days) automatically. In the case of Paxton10, video records can also be deleted in the same way. Event information can be retained in the case of Net2, but can be anonymised. Net2 does not hold video data but any links to associated video can also be removed as part of the deletion of user information and events.
- Data security is achieved within the systems by the use of best practice methods and database structure.
There are two new application notes relating to the security update within Net2 v5.04:
- Net2 Security Settings – Data Protection and Strong Password Enforcement
- Net2 Default System Engineer password – update
We have made sure that our products will provide the tools required to allow compliance if used correctly, however, Paxton is not responsible for a user’s compliance with GDPR and do not offer advice on how to be compliant.
Paxton10 End User License Agreement
The Paxton10 EULA is a legal agreement between the end-user and Paxton Access Limited for the Paxton10 software product, which includes computer software and any data supplied with it, printed materials and online or electronic documentation.
Paxton Telemetry & Analytics – Net2 Access Control
Paxton gathers information about your system composition and use. The information provided will allow us to improve the products and services we offer you and does not include any personal data or identifiable information held within the system.
The information we collect includes:
- The version of Net2 originally installed
- The date of original install
- Upgrade history; when Net2 was upgraded and to which version
- Number & Types of devices – ACU’s, I/O Boards, PaxLocks & Entry
- Number of users within the system
- Number of credentials within the system
- Number of events generated by the system
- The Language in use
- PC/Server information – OS, RAM, CPU, HDD/SSD size/space remaining
- Feature use; which Net2 features are being used and when
- Integrations used with the Net2 system
- User activity; when the system is being used and for how long
- Net2 Operator types and the number of operator accounts