Paradox Security Systems (Bahamas) Ltd

PRIVACY & COOKIE POLICY

Effective date: Mar 1st, 2025

Paradox Security Systems (Bahamas) Ltd., a corporation incorporated under the laws of Bahamas and its Affiliates (“Paradox”, “us”, “we”, or “our”) operates the Paradox online interface for its mobile application (the “Mobile Application”), the access and use of which are reserved to its Customers (defined below), and operates a website at www.paradox.com (the “Website”), which is accessible to the public, except certain pages that are reserved to Customers and Third Party Installers (defined below). For the purpose of this privacy & cookie policy (the “Privacy Policy”), Paradox Security Systems (Bahamas) Ltd is the entity among its Affiliates that controls the finalities of the process of your Personal Data.

You may reach us at:

Paradox Security Systems (Bahamas) Ltd.

Data Protection Officer

Email:dpo@paradox.com

 

Or, for residents of the European Union, you may reach our

representative in the European Union which is:

Paradox Bucharest SRL

Data Protection Officer

Email:dpo@paradox.com

This page informs you of our policies regarding the collection, use, disclosure and any other processing of Personal Data (as defined below) when you use our Mobile Application, our Website, and any Paradox Services and/or Paradox Devices and the choices you have associated with the processing of such data.

Our Privacy Policy has been developed in compliance with the General Data Protection Regulation (RGPD) and other similar legislation.

This Privacy Policy does not apply to data collected by means other than those set out in this Privacy Policy, including on any other website operated by a third party.

1.             Definitions

“Affiliates” means the entities of Paradox Group, being Paradox Security Systems (Bahamas) Ltd and Paradox Bucharest SRL.

“Cookies” are small pieces of data stored on your devices. They contain small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your devices.

“Customer” means a purchaser of Paradox Devices and/or Paradox Services.

“Customer Site” means a site, area, zone or location where any Paradox Devices and/or Paradox Services are installed and operational for a Customer.

“Data Controller” is an expression frequently used in personal information protection laws to mean a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.

For the purpose of this Privacy Policy, we have two separate and distinct roles:

(a)   We are a "Data Controller" only in respect of the Personal Data we collect from our Customers, Users, Third Party Installers and from Website visitors.

(b)   When our Customers and the Users upload Personal Data to the Mobile Application or Paradox Devices, we are not the Data Controller but solely act as Data Processor of that information. In such a case, the Customer acts as the Data Controller and is responsible for compliance of its affiliated Users with applicable personal information protection laws. Through its Users acting as representatives, the Customer is responsible for complying with applicable Personal Data protection laws, which entails ñ among others ñ obtaining the consent of Data Subjects whose Personal Data is collected and processed, managing the consent-revoking process and enabling the right to access the Personal Data collected.

“Data Processor” (or “Service Providers”) means a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Data Controller (other than its own employees).

We may use the services of various Service Providers in order to process your data more effectively, all in accordance with this policy.

“Data Subject” means any natural person who is the subject of Personal Data. For the purpose of this privacy policy, the Data Subject may be the User or any person who is the subject of Personal Data processed on the Mobile Application, Paradox Devices or through Paradox Services.

“Device Data” means, with respect to Paradox Devices, the IP address, last communication time, LAN IP address, MAC address, panel serial number, panel version, communication ports, serial number, device type and firmware version, which in certain cases when associated together or with other data may constitute Personal Data;

“Identity Provider” means the authentication system used on our Mobile Application, and to access certain pages of our Website or the Dealer Portal.

“Paradox Devices” means Paradox products that are installed in or on a Customer Site.

“Paradox Services” means a Paradox service that is active and operational with respect to a Paradox Device, including the Mobile Application.

“Personal Data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Site Data” means the following data regarding a Customer Site: site name, the identification of each Paradox Device contained in a Customer Site, your email associated with the main Customer Site, the email of the Third Party Installer (if provided by the Customer or Paradox authorized distributor), panel information (panel serial number, Customer Site associated with, whether panel has been used in a paid Customer Site or not and panel type), push devices (e.g.: Phone) registered to the Customer Site and site expiration date, which in certain cases when associated together or with other data may constitute Personal Data.

“Technical Data” may include internet protocol (IP) address, browser type and version, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access the Website or Mobile Application.

“Third Party Installer” means a natural or legal person, which is authorized to install Paradox Devices and/or Paradox Services on or in a Customer Site.

“Third Party Installer Data” means all Personal Data of Third Party Installers processed by Paradox, which essentially includes information entered during authentication via the Identity Provider connection, such as name, phone number and e-mail address.

“User” means the natural person using our Mobile Application, Paradox Devices and/or Paradox Services. The User may correspond to the Data Subject, who is the subject of Personal Data.

2.             Sources of Personal Data

We process the Personal Data that originated from the creation of your account and from your use of the Mobile Application, including the portion of the Mobile Application that requires the creation of an account to access Paradox Devices and/or Paradox Services. We also process the Personal Data provided by our Customers and Users in the context of their use of the Mobile Application, Paradox Devices and/or Paradox Services.

For authentication purposes, we collect the contact details of Customers and Third Party Installers who wish to connect to the Mobile Application or specific sections of our Website. Such Personal Data is also collected directly from our Customers or Thid Party Installers.

Also, as you interact with our Website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this Personal Data by using Cookies.

3.             Purposes of Processing and Legal Basis

Among the data we collect, either directly or through Third Party Installers, we process the following types of Personal Data for the following purposes to provide and improve our Mobile Application, Website, Paradox Devices and/or Paradox Services:

3.1.         Account Information

To use our Mobile Application, some features of our Website, Paradox Device and/or Paradox Services, the User will need to activate their account using their email address. The User will receive a temporary One-Time-Password code to complete the activation.

Every time you log in, whether on the Website or when connecting to the Mobile Application, we process identification Personal Data (name, address, e-mail address and telephone number) in order to authenticate our Customers or Third Party Installer who wish to connect to their Dealer Portal.

(a)            Purposes and Legal Basis

We process each User′s email address because the User needs to use them to sign in and connect to their account. The multi-factor authentication enabled by Identity Provider is implemented to provide enhanced security. The legal basis to this processing is our legitimate interest in protecting Personal Data.

We also process our User′s email address to recognize them when they use our customer support. The legal basis for this processing is our legitimate interest in providing the best customer support we may offer you.

We also process our User′s email address for the purpose of sending them important information about the Mobile Application, the Website, Paradox Device and/or Paradox Services such as important safety information or material changes to this policy. The legal basis to this processing is our legitimate interest in providing our Users with important safety or other important information regarding the Mobile Application, the Website, Paradox Devices and/or Paradox Services or changes in this policy.

3.2.         Device Data

We associate Device Data to your email address and the Customer Site.

(a)            Purposes and Legal Basis

We process the Device Data to be able to connect your Paradox Devices with our systems in order to provide you with Paradox Services. Device Data is required to identify the exact Paradox Product that needs to be operated remotely. The legal basis to this processing is the performance of the agreement between you and Paradox to provide you Paradox Services.

3.3.         Site Data

For each Customer Site, we process Site Data.

(a)            Purposes and Legal Basis

We process the Site Data to link each of your Paradox Devices with a Customer Site, with you, with the Third Party Installer, if any, who installed the Paradox Device and with your push devices (e.g.: Phone) in order to provide you with Paradox Services. The legal basis to this processing is the performance of the agreement between you and Paradox to provide you Paradox Services.

We also process the Site Data to deactivate the Paradox Services at the expiration or termination of Paradox Services to a Customer. The legal basis to this processing is our legitimate interest to cease to provide Paradox Services when Customer no longer has a Paradox Service agreement in force with Paradox.

3.4.         Image Data

We process the image data that our Customers elect to record and to transmit pursuant to the features available through the Mobile Application, Paradox Devices and/or Paradox Services. By using the Mobile Application, Paradox Devices and/or Paradox Services, you hereby certify that you either (i) have a legal right to film or record such images; or (ii) you have obtained, prior to filming or recording, the consent of all individuals which images are to be recorded and transmitted on the Mobile Application, Paradox Devices and/or Paradox Services (in such case, you will not record any minors, except if you have obtained the consent of their legal guardians). The image that you choose for your “avatar” in the Mobile Application is a public feature of the Mobile Application. Therefore, any image that you so choose will be accessible to all other Users of the Mobile Application.

(a)            Purposes and legal basis

We process image data in order to offer the features provided through the Mobile Application, Paradox Devices and/or Paradox Services. The legal basis for this processing is the performance of the agreement between you and Paradox to provide you with Paradox Services.

The legal basis of the processing of the image of your “avatar” in the Mobile Application is your consent. You may change your “avatar” as you wish in the Mobile Application in order to protect your privacy.

3.5.         Push Data

We process your push devices (e.g.: Phone) data such as token, device type, model, OS version and application version and process different push notification data such as: title of notification, message body, module type which sent the notification, push device type (Android/iOS), serial number, type of notification (Alarm, Arm/Disarm/Trouble/Loss/ Restore/etc.), video filename, event time, Customer Site linked to device, zone, area and your email address.

(a)            Purpose and legal basis

We process such data in order to send you notifications and alerts which are features provided through the Mobile Application, Paradox Devices and/or Paradox Services and to allow you to access your Paradox Services, your Paradox Devices and manage and configure your Customer Site. The legal basis for this processing is the performance of the agreement between you and Paradox to provide you with Paradox Services.

3.6.         Web Site Data

We process access logs, orders of Paradox Devices and Paradox Services and the tracking of such orders via our Web Site.

(a)            Purposes and legal basis

We process such data to allow our distributors or Third Party Installers to access to firmware, software downloads and place orders. The legal basis for this processing is our legitimate interest to have a Third Party Installer install your Paradox Devices adequately and facilitate its work.

3.7.         Technical Data

We collect Personal Data via our Cookies in order to operate a functional Website and Mobile Application.

(a)            Purposes and legal basis

We only use session Cookies. The legal basis for such processing is the performance of the agreement between you and Paradox, to ensure that our Mobile Application and Website can meet your needs.

3.8.         Receipt Data

When we issue a receipt for Paradox Services, we process the Customer Site, the email address, the panel data, the service plan, the date, the end of subscription, the type of services (new vs renewal), the last 4 digits and type of the credit card used to pay the Paradox Services, linked to the receipt.

(a)            Purposes and legal basis

We process such data to properly identify the Paradox Services provided to the Customer for billing purposes. The legal basis for this processing is our legitimate interest in providing you with the best possible customer service.

3.9.         Account Index Data

We process the type of notification sent to your device or your Paradox Device (Alarm/Arm/Disarm/Trouble/Loss/Restore/etc.), video filename (if your Paradox Device has a camera), event time, zone, area and associated email.

(a)            Purposes and legal basis

We process such data for monitoring alarm and other events between Third Party Installers and the central monitoring station. The legal basis for such processing is the performance of the agreement between you and Paradox to provide you Paradox Services

4.             COOKIE POLICY

Our Website and Mobile Application use Cookies to distinguish you from other users of our Website or Mobile Application. This helps us to provide you with a good experience when you browse our Website and Mobile Application and also allows us to improve our Website and Mobile Application. We only use Cookies that are required for the operation of our Website and our Mobile Application. They include, for example, Cookies that enable you to log into secure areas of our Website such as :

(a)   ParadoxLogin

(b)   ASP.NET_Sessionld

(c)   ASPSESSIONIDXXXXXXX

(d)   __Host-next-auth.csrf-token

(e)   __Secure-next-auth.callback-url

(f)    __Secure-next-auth.session-token

Note that if you use your browser settings to block all Cookies (including essential Cookies) you may not be able to access all or parts of our Website or Mobile Application.

5.             Retention of Personal Data

Paradox will retain your Personal Data for the duration of your continued access to and use of the Mobile Application, the Website, Paradox Devices and/or Paradox Services and for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies. Note that we do not keep or store any video feeds, we only relay such data to your own device. Nevertheless, push data is kept for 60 days and deleted afterwards and image data referred in Section Image Data, is only stored on your personal device (e.g. phone).

6.             Processing and Transfer of Personal Data

We process your Personal Data on the servers of our cloud Service Providers mentioned in Section Service Providers. hereafter which are located in United States of America. Therefore, your information, including Personal Data, may be processed on – and maintained on – computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction of residence.

We have put in place with such Data Processors, when required by privacy laws, appropriate safeguards to ensure your rights under this Privacy Policy and applicable privacy laws will be respected by such Data Processors. You may contact our Data Protection Officer at the coordinates provided at the beginning of this Privacy Policy to obtain a copy of such safeguards, if any.

Paradox will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your Personal Data. For any transfer of Personal Data to a jurisdiction that is not automatically considered as an adequate jurisdiction for a transfer of your Personal Data without additional requirement, all steps necessary to satisfy those requirements are taken by us, such as using Model Contractual Clause, for the European Union. In the case of our U.S. suppliers, the transfer of personal information is essentially covered and legitimized by the EU-U.S. Data Privacy Framework.

7.             Disclosure of Personal Data

7.1.         General

Paradox commits to keeping your Personal Data confidential and not to share your Personal Data with third parties, except in the limited cases and solely for the purposes described below.

7.2.         Service Providers

We may employ third-party Service Providers to facilitate our Mobile Application, to provide the Mobile Application on our behalf, such as distributors and Third Party Installers, to perform services related to the Mobile Application or the Website or to assist us in analyzing how our Mobile Application or the Website is used. These third-party Service Providers have access to such portions of your Personal Data that is necessary for them to perform these tasks on our behalf and are obligated to maintain the confidentiality of your Personal Data and not to use such Personal Data for any purpose other than providing services to us.

More precisely, here are the recipients or categories of recipients to whom we may transfer your Personal Data.

Third-party Cloud Servers. We use the following Data Processor to store and otherwise process your Personal Data on their servers:

Amazon Web Services, Inc. We invite you to consult its privacy policy that you may find by clicking this hyperlink or by visiting its Web site: https://aws.amazon.com/privacy/?nc1=f_pr.

7.3.         Business Transaction

If Paradox is involved in a merger, acquisition or asset sale, your Personal Data may be transferred if the assignee is compliant with all legislations regarding Personal Data that apply to you and is taking equal or better means than us to protect your Personal Data. We will notify you before transferring your Personal Data and subjecting it to a different Privacy Policy.

7.4.         Disclosure for Law Enforcement

Under certain circumstances, Paradox may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

7.5.         Legal Requirements

Paradox may disclose your Personal Data in the good faith belief that such action is necessary to:

(a)            To comply with a legal obligation;

(b)           To protect and defend the rights or property of Paradox;

(c)            To prevent or investigate possible wrongdoing in connection with the Mobile Application or the Website;

(d)           To protect the personal safety of users of the Mobile Application, Website or the public; or

(e)            To protect against legal liability.

8.             Security of Data

The security of your Personal Data is important to us but remember that no method of transmission over the Internet, or method of electronic storage is 1.6 secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

Nevertheless, we are providing you with updated measures of protection and physical, electronic and operational security, pursuant to the best standards and practices of the industry.

Our security measures are adapted to the amount and sensitivity of Personal Data.

TYPES OF MEASURES	EXAMPLES OF MEASURES
Technical measures	●      Use of strong internal passwords; ●      Use of self-signed TLS/mTLS certificates ●      Two-factor authentication; ●      Data encryption; ●      Access logs; ●      Encryption at rest. ●      DoS/Brute Force and Firewall protection
Administrative measures	●      Access management on a “need-to-know” basis; ●      Internal policies and training on the protection of Personal Data; ●      Our employees are bound by confidentiality undertakings that survive the end of their employment.
Material measures	●      Locking of filing cabinets; ●      Access to offices limited; ●      Surveillance cameras.

 

 

If you believe that your Personal Data has been compromised or if you have any concerns in this regard, we invite you to contact our Data Protection Officer.

9.             Your Rights

9.1.         Customer Rights

Paradox aims to take reasonable steps to allow its Customers to correct, amend, delete, limit or oppose to the process of their Personal Data.

Whenever made possible, you can update your Personal Data directly within your account settings section. If you are unable to change your Personal Data, please contact us to make the required changes. If you wish to be informed what Personal Data we hold about you and if you want it to be removed from our systems, please contact us.

Our Customers may at any time withdraw any consent they gave us to process your Personal Data in the preference settings of their account or, in such instances where they do not have an account within the Mobile Application or the Website, by contacting us. In this case, we will, as soon as commercially and reasonably possible, delete from our systems all your Personal Data obtained on the legal basis of your consent and request our Data Processors, if any, to do the same. By doing so, please be aware that you may not access all of the features of the Mobile Application or some features of the Website.

In addition, please note that if you withdraw your consent to the collection and use of your personal data required to log in via Identity Portal, you will no longer be able to access your account on the Mobile Application. Two-factor authentication is required for security purposes. You may, however, withdraw your consent to the processing of your telephone number, as this information is optional rather than mandatory.

Without limiting the foregoing, in certain circumstances, our Customers have the right:

(a)            To access and receive a copy of your Personal Data held by Paradox;

(b)           To rectify any of your Personal Data held by Paradox that is inaccurate;

(c)            To request the deletion of your Personal Data held by Paradox; and/or

(d)           To object and request restrictions to the processing of your Personal Data.

Our Customers have the right to data portability for the information provided to Paradox. Our Customers have the right to receive their Personal Data in a structured, commonly used and machine-readable format and have the right to transmit such data to another Data Controller without hindrance from us. Our Customers have the right to have their Personal Data transmitted directly from us or the Data Controller to another Data Controller, where technically feasible.

Depending of your jurisdiction (e.g.: Canada and European Union), you may have the right to lodge a complaint with a supervisory authority.

Please note that we may ask you to confirm your identity before responding to such requests.

9.2.         Third Party Installer Right

In order to ensure the security of Customer Personal Data accessible to you through your Dealer Portal, we have implemented a double authentication system (Identity Provider), requiring the collection of Third Party Installer Data. Please note that these Third Party Installer Data are necessary, and that by withdrawing your consent to its collection and storage by Paradox, you will no longer be able to access your Dealer Portal.

Without limiting the foregoing, in certain circumstances, as Third Party Installer, you have the right:

(a)            To access and receive a copy of your Personal Data held by Paradox;

(b)           To rectify any of your Personal Data held by Paradox that is inaccurate;

(c)            To request the deletion of your Personal Data held by Paradox; and/or

(d)           To object and request restrictions to the processing of your Personal Data.

Like our Customers, Third Party Installer have the right to data portability for the information provided to Paradox. Third Party Installer have the right to receive their Personal Data in a structured, commonly used and machine-readable format and have the right to transmit such data to another Data Controller without hindrance from us. Third Party Installer have the right to have their Personal Data transmitted directly from us or the Data Controller to another Data Controller, where technically feasible.

Depending on your jurisdiction (e.g.: Canada and European Union), you may have the right to lodge a complaint with a supervisory authority.

Please note that we may ask you to confirm your identity before responding to such requests.

9.3.         Third-Party Rights

As described in Section Definitions, we may process Personal Data in the role of a Data Processor. If your Personal Data has been submitted to us by a Customer or a User and you wish to exercise any rights you may have under applicable data protection laws, please inquire with the applicable Customer or User directly. We may only access a Customer’s data upon instruction from that Customer. If you wish to make your request directly to us, please provide to us the name of the User or Customer who submitted your Personal Data to us. We will refer your request to that Customer or to the Customer associated with the User you provided, and will support them as needed in responding to your request within a reasonable timeframe. Customers and Users of Paradox are required to comply with all applicable privacy laws.

10.          Links to Other Sites

Our Mobile Application or Website may contain links to other sites that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the privacy policy of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.

11.          Children's Privacy

Our Mobile Application does not address anyone under the age of 16 (“Children”).

We do not knowingly collect Personal Data from anyone under the age of 16. If you are a parent or guardian and you are aware that your Children have provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.

12.          Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.

We will let you know via email and/or a prominent notice on our Mobile Application or Website, prior to the change becoming effective and update the "effective date" at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

If you have any question about this Privacy Policy, please contact our Data Protection Officer at the address, telephone number and email address mentioned at the beginning of this Privacy Policy.