Safety is our specialty, and this also applies to handling your personal data and ensuring that your privacy is respected.
Your personal data is typically collected from you or generated by your use of our services such as MyPages or the alarm systems. However, we do in some cases also collect additional information from third parties in order to ensure that we have the correct and necessary information available. The personal data we process can be categorized as follows:
Identity information , including name, address, phone number, e-mail address, customer number, national identity number and address of the location of the alarm system if this is not installed on your home address. If the customer is a corporate entity, we process the corporate identity information as well as contact information (name, phone number and e-mail address) to any designated contact person (s).
Financial information , including payment details (including direct debit agreements if applicable) and credit rating. The latter is received from authorized credit rating agencies, and you will always receive a notification from the credit rating agency with a copy of the information they have shared with us.
Contractual data , including a copy of the contract you have with PhoneWatch, as well as any other documents signed as part of the onboarding or in connection with later contractual changes (for example if you move to a new address). The contract includes the address of the alarm installation, customer number, panel type as well as the price and billing information.
Call recordings, including recordings of all calls to and from our alarm central. Unless you have opted-out from such recording, we also record calls to our customer support center.
Customer activities data , such as information about ownership change, maintenance and customer contact and communication with information from e-mail, contact form, SMS, chat and phone. If you call our customer support center, we log the key information from such contact in our customer system.
User and alarm system data, such as name, address, phone number and e-mail address for you and all third parties enabled by you to operate the alarm system (including emergency contacts such as family members and neighbors). This also includes house type, panel type and location of alarm components as well as your password and code. Alarm installation details and activity log for all activity on the alarm system including detail on arming / disarming, alarm activations and technical alarms. Management of integrated lock, door locks and smart plug controls (if you have these installed).
Logs from use of our platforms , such as your activity in the PhoneWatch app or on PhoneWatch on our website includes login, mobile number and device ID, app ID, app version, browser / browser type and version, operating system and phone / device model and information about which network you use. Use of our digital services, including PhoneWatch on our website and app, is governed by a separate user agreement .
Images , such as verification images or video (if enabled) in connection with alarms, including recordings, streaming and forwarding of video, photos and sound for those persons who are in the perimeter of the camera. We only have access to video recordings if you specifically grant us such access in the PhoneWatch app.
E-mail data, such as aggregated information about how our customers read our communication to them, i.e. whether the e-mail is read or not, whether any links are clicked one and time spent before the e-mail is opened.
Lead data, such as if you fill out our contact form on our website or on a third party website, we process this data in order to contact you for marketing purposes. We may also receive potential leads from our strategic partners based on your contract or interactions with them, for example through trade unions or associations, insurance companies or banks that we cooperate with.
Sales information: We process personal data regarding our marketing activities, both online, by phone or in person. This includes number of contacts, information about the salesperson and installation personnel, dates of contact(s), summary of dialogue and channel/source of the marketing activity.
Hardware maintenance data, such as if you request maintenance or report a defect in your alarm system hardware we will log this information and share if with our installation team who will log the account number, customer name, address, alarm system history and details of the maintenance activities performed or to be performed. We may also share specific information with our hardware supplier if this is deemed necessary to fix the defect.
Below you will find an overview of the purposes for which we process personal data, which categories of data we use for these purposes, and the legal basis of our processing.
Onboarding of new customers
If you contact us via our contact form on our website, we process your Lead data to provide you with relevant offers and services. This based on your consent when submitting the contact form pursuant to GDPR article 6 (1) (a). If we receive your Lead data from our strategic partners, we process this data either based on the consent you have provided to our partner (GDPR article 6 (1) (a)) or based on our legitimate interest in promoting and selling our products and services pursuant to GDPR article 6 (1) (f). Which legal basis is applied depends on the consent you have provided to our partner, and whether it also covers our processing for marketing purposes or not. You may in any event always opt-out from receiving marketing from us by contacting our Customer Support center. When you receive marketing e-mails from us, there will always be an “unsubscribe” link at the bottom of the e-mail which allows you to opt-out from further marketing e-mails.
If you wish to become a PhoneWatch customer, we process your Identity Information, Financial information, Contractual data, Sales information and User and alarm system data in order to provide you with an offer for the rental of the alarm equipment, to enable installation of the alarm system and to register the signed contract. We check your credit rating in order to assess whether you are capable of managing the payment of the monthly subscription fee, which requires us to process your national identity number pursuant to the Data Protection Act §12. All of the above processing of personal data is performed in order to enter into a contract with you pursuant to GDPR article 6(1)(b).
Administration and maintenance of customer relationship
Once you have become a customer of PhoneWatch, we process your Financial information and Identity information in order to issue monthly invoices and register payments in our accounting systems. This processing for invoicing purposes is performed to fulfill our contract with you pursuant to GDPR article 6(1)(b), while our processing for accounting purposes is performed in order to comply with our legal obligations in terms of book keeping and tax reporting pursuant to GDPR article 6(1)(c).
If you contact our Customer Support center, we may store Call recordings unless you have opted-out from such recording. These recordings are used for quality assurance and training purposes based on our legitimate interest in ensuring that our customer support personnel provide the best possible services to our customers pursuant to GDPR article 6(1)(f). We also make a note in our customer database of the nature and subject of your call to us, for the purpose of our ability to respond better to any later inquiries you may have and to log any complaints or defects that may arise. Our legal basis for processing personal data for this purpose is our legitimate interest in providing you with the best possible customer experience and ensuring continuity in the assistance and support you receive from us pursuant to GDPR article 6(1)(f).
If an alarm is triggered, we process Identity data, Images and User and alarm system data in order to follow-up on and if necessary, to act on emergency situations (such as fires or break-ins). This is done for the purpose of providing you with the services you have purchased from us pursuant to GDPR article 6(1)(b). In such cases, we will also store the Call recordings from the alarm central on the basis of our legal obligation as alarm provider pursuant to GDPR article 6(1)(c).
Should you experience defects in your alarm system or digital services, we process your Hardware maintenance data, User and alarm system data and Identity data in order to log the defect, perform maintenance and service on the alarm system and follow-up with you to ensure that you are satisfied with the services provided. If necessary to fulfill this purpose, we may also have to process Contractual data, Financial information and Customer activities data if this is needed in order to perform the necessary maintenance and follow-up of the issue. Our legal basis for processing personal data for this purpose is to fulfill our contractual obligations pursuant to GDPR article 6(1)(b).
Furthermore, we process data regarding the customer relationship and customer activities for statistical and analytical purposes in addition to improvement of our services, optimization of customer satisfaction and customization of our terms. Our legal basis for the processing of personal data for these purposes is our legitimate interest related to innovation and customer satisfaction, ref. GDPR art. 6(1)(f).
Marketing and personalization on digital platforms
We process Lead data, E-mail data, Sales information, Cookie data and Identity information in order to perform marketing activities to new, potential and existing customers. We also measure the effect of our marketing activities on digital platforms as well as by phone in order to optimize our marketing strategies.
We process your personal data in order to personalize the content you see on MyPages and the communication you receive from us. This entails that we have a user profile for you within our customer database based on your Customer activities data, Logs from use of our platforms, E-mail data and Cookie data.
As part of our marketing efforts, we use segmentation as a means of selecting the target group for marketing campaigns. For example, if we are going to send out a campaign for new electronic door locks, we segment out those of our customers who already have such door locks installed. We may also use geography, house type and other relevant and non-discriminatory factors as a basis for our segmentation. Furthermore, we perform automated analysis of our customer databases in order to identify the appropriate marketing activities towards the various customer groups.
Our marketing activities are performed based on our legitimate interest in promoting our products and services pursuant to GDPR article 6(1)(f) and applicable marketing legislation. If consent is required to perform marketing activities pursuant to marketing law, we will only perform such marketing activities based on your consent pursuant to GDPR article 6(1)(a). In all cases, our marketing activities will comply with the requirements of the European Communities (Electronic Communications Networks and Services) (Privacy and Electronic Communications) Regulations 2011. These Regulations set out rules relating to how direct marketing communications may be sent to consumers by businesses.
Quality assurance and training
On an aggregated level, we collect and report our response time on phone and in person to activated alarms, customer satisfaction, sales statistics and other key performance indicators using Call recordings and User and alarm system data to identify where we may need to execute improvement measures and for training and quality purposes. Our legal basis for performing such aggregation is our legitimate interest of self-improvement and providing quality when performing our services pursuant to GDPR article 6(1)(f). Please note that once the data has been aggregated, it cannot be linked to you as an individual and does thus not constitute personal data anymore.
We may also perform quality tests on Call recordings and Customer activities data and User and alarm system data in order to use this for following-up with our employees to ensure that they provide high-quality customer support, and also to train new employees. This is based on our legitimate interest in ensuring quality of service pursuant to GDPR article 6(1)(f).
Partner and supplier management
As part of our supplier and partner management, we process Identity information for the contact person(s) of our partner and suppliers, as well as contact information to those of their employees that we interact with in order to execute the services and contracts in question. This processing is based on our legitimate interest in having physical persons to contact when interacting with legal entities and to maintain such contractual relationships pursuant to GDPR article 6(1)(f).
IT administration and testing
In order to ensure the availability, integrity and confidentiality of all personal data, our IT department performs logging, performance testing, analysis, penetration testing, system monitoring, access management, failure detection and incident management operations on a continuous basis. Certain privileged users within IT therefore have access to all categories of personal data processed by PhoneWatch. We have strict internal access management procedures in order to ensure that all employees have access only to the data they need to perform their tasks and duties as employees.
We have back-ups of all our IT-applications for the purpose of ensuring availability of personal data. The back-ups are not in active use and deleted on a continuous basis when overwritten by new back-up material.
Before we go live with a material update to any of our key IT applications, we perform systematic testing to ensure that the functionality is working as it should. As a starting point we only use synthetic or pseudonymized data for such purposes, however there may be instances during the last phase of testing where it is necessary to test on personal data. In such cases, we document why this is necessary and we limit the testing audience to what is strictly necessary only and the test data is subject to strict access and retention restrictions.
All of the above actions performed by IT are necessary for PhoneWatch to protect your personal data and our internal data, and is thus based on our legitimate interest in ensuring that we have an adequate level of security in our IT applications pursuant to GDPR article 6(1)(f).
Execution of deletion, rectification, pseudonymization and anonymization is also performed by our IT department in order to comply with the legal obligations of GDPR article 13 - 21 and article 32, pursuant to GDPR article 6(1)(c).
Special categories of personal data
We do not actively collect, request or otherwise process special categories of personal data (also called sensitive data) regarding our customers or partners. However, if it is deemed necessary to process such data we will ensure that we have a legal basis for such processing in both GDPR article 6(1) and 9(2).
In the case of activated alarms involving criminal offences (or suspicions thereof), the Images and the User and alarm system data may entail processing of such personal data covered by GDPR article 10 and Part 5 of the Data Protection Act 2018 if such personal data is processed for subsequent police investigations. Normally, we only share personal data with An Garda Siochana on your request
When you contact our Customer Service center by phone, chat or e-mail, please do not state any sensitive information, such as health information, in such communication. We will never ask you for your national identity number, password, code or payment details in any e-mail – please refer to the Security section below.
In some instances, we collaborate with trade unions or other organizations to provide discounted alarm services and products to the members of such organization. In such cases, we process personal data regarding your membership in order to ensure that you qualify for the discounts available to the organization’s members only. Our legal basis for such processing is your consent as per GDPR art. 9(2)(a) which you give us when you register to receive the benefits available to such members.
Other than as set out above, we may process personal data if necessary to determine, pursue, defend or enforce legal claims - for example in a dispute resolution setting pursuant to GDPR article 6 (1) (f) and article 9 (2) ( f), as well as other purposes that are not incompatible with the purposes listed above pursuant to GDPR article 6 (4), such as for bookkeeping purposes or for the purpose of sale of business.
We may share your personal data with third parties only when it is necessary as part of our contract with you, for the conduct of business or when there is a legal or statutory obligation to do so. Whenever we disclose your personal data to third parties, we will only disclose that amount of your personal data necessary to meet such business need or legal requirement. Otherwise, your personal data will not be disclosed to others unless you have given your consent to this, for example in connection with a benefit / special offer or bonus program, or if we are legally obliged to make such disclosure. PhoneWatch may also, with your consent, share personal data you provide to us when contacting us to make an enquiry about our services with other companies within PhoneWatch’s group which offer similar services.
Below is a list of the categories of recipients we share personal data with. When sharing personal data, we will always ensure that we have proper agreements and confidentiality undertakings in place. We do not sell your personal data to any third party for commercial purposes.
We are part of the European Sector Alarm Group, in which the Norwegian entity Sector Alarm Holding AS is the controlling entity. The group IT function administers all of our IT applications on our behalf as our data processor, and we have a data processing agreement in place for this purpose. This means that personnel from group IT has access to the personal data we have stored in our IT applications. Other group functions may also request access to personal data in order to perform analysis and to generate reports on sales statistics, customer satisfaction surveys and similar topics in order to ensure reporting to our group management and board of directors. All accesses to our IT applications are granted on a strict need-to-know basis and limited to what is strictly necessary only.
We use suppliers that provide services to us, where processing of personal data is necessary for the supplier to deliver such services. If the supplier processes personal data on our behalf, they are a data processor. We will only use data processors who can guarantee compliance with applicable data protection laws and our technical and organizational requirements, and we will always have a data processing agreement in place to govern our instructions to such data processor. We have the following key categories of suppliers:
- IT application providers: These suppliers may perform service and maintenance on the IT applications they provide to us. To the extent they have access to, or are otherwise processing, personal data on our behalf as data processor, we have a data processing agreement in place. They may also store data on their servers or in a cloud service provided by them, and if so they are our data processors
- Partners: We collaborate with partners who generate potential customers to us, such as trade unions and associations, moving agencies, insurance companies and others. These parties are not our data processors, and they share your information with us on the basis of their agreements or consents with you
- Invoicing and debt collections: We use external suppliers to execute our invoicing and debt collections services on our behalf. These suppliers are our data processors
- Security guards: We collaborate with professional security guards who execute house visits in case of alarms on our behalf, and in order for the security guards to perform their tasks we must share your name and address with them, as well as any information we have pertaining to that specific alarm in question
- Credit rating agencies: We collaborate with authorized credit rating agencies in order to assess your ability to pay the monthly subscription fee.
Police and other public authorities
In the case of an alarm where there is a burglary or other potentially criminal activity, we will share surveillance material with the police if so requested. In some cases other public authorities may also request personal data in which case we may be legally required to disclose the personal data.
International Data Transfers
As a data subject, you are afforded several rights and freedoms under applicable data protection laws and regulations. To exercise such rights, please contact our customer support center at 1800 753 753 or send an e-mail to our Data Protection Officer at firstname.lastname@example.org. In order to ensure that we do not share personal data with unauthorized third parties, we will request that you confirm your identity before we respond to your request. Provided that we have confirmed your identity, we will respond as soon as possible and normally within 30 days. If we are not able to respond within 30 days, we will notify you of the delay and the reason for it in due course and prior to the 30-day deadline. Below is an overview of your rights. You may read more about this on the website of the Office of the Data Protection Commission
Within the limitations set out in applicable law, you have the following privacy rights:
- Right to information: you have the right to obtain further information on our use of your personal data.
- Right of access: You may request access to a copy of the personal data we process about you. Please note that there are some exceptions to this right, for example if the access infringes on the rights of others (for example it reveals personal information about a third party) or if it pertains to business secrets. If we make any exceptions to your right of access, we will inform you of this specifically
- Right to rectification: It is important for us to ensure that we only process personal data which is correct and up to date. If you see that any of the personal data we process is incorrect, then you have the right to demand rectification. You may correct your Pin-code for the alarm panel, language settings and password for MyPages on your own on MyPages
- Right to data portability: You may obtain an electronic copy of the personal data you have provided to us in a digital format either directly to you or to a third party designated by you
- Right to be forgotten: We only store personal data for the time needed to fulfill the purposes it was collected for. If you are of the opinion that we are storing information that should have been deleted, you may request that we delete such personal data. Please be advised however, that legal obligations such as tax reporting and book keeping may result in us being obligated to not delete the personal data until the statutory retention period has expired. For more information about our retention times, please refer to the section How long do we store your personal data below
- Right to objection: You may object to our processing of your personal data if your particular situation so requires. You may always opt-out of direct marketing from us by contacting our Customer Support center or by pressing the “Unsubscribe” link at the bottom of the e-mails you receive from us
- Right to restriction of processing: You have the right to request that we restrict the processing of your personal data for example if you are of the view that we are processing your data illegally or if you do not want us to delete data that are due for deletion
- Automated decisions and profiling: We do not use automated decisions pertaining to you or your customer relationship with us. For marketing and customer retention purposes, we use segmentation techniques and perform analysis in order to optimize our marketing efforts and to tailor such marketing to our customers’ preferences and needs. Such analysis may influence our marketing decisions, but are not applied in a manner which may result in legal or similar significant effects for you
- Name, address, contact information and customer ID: We store this information in our customer database for 12 months after the end of the contract. In our book keeping archive, we keep the name, address and customer ID for 7 years after the end of the customer relationship
- Copy of contract and invoices: Deleted 7 full accounting years after the end of the customer relationship. Paper copies of contracts and onboarding documents are scanned and thereafter shredded within 30 days of the onboarding
- Customer onboarding information such as credit rating, number of household members etc. to the extent applicable: Deleted 12months after the end of the customer relationship
- Customer activities, such as customer service contacts, ownership change, communication etc.: Deleted 12 months after end of customer relationship
- Alarm system data (installation details, activity logs, alarm activations etc.): Deleted 3 years after the end of the customer relationship
- Verification images and video from the alarm system in case of activated alarm: Normally deleted after 30 days. This may however be stored for 6 months if it is reported to police authorities, as the material may be relevant for a police investigation
- MyPages use activity on web and in the app: Deleted 12 months after the end of the customer relationship
- Call recordings from the alarm central: Deleted 12 months after the recording. Recordings from calls to our customer service center (unless you have not consented to such recordings) are stored for 12 months
- Back-ups: Our IT back-ups are deleted on a rolling two-year basis
Please note that the customer relationship is deemed ended when the last outstanding invoice is settled in full.
In addition to what is set out above, we may on a case-by-case basis need to store personal data for a longer period of time if this is necessary in order to comply with legal obligations, enforce contracts or engage in dispute resolution.
You may at any time make a reservation from receiving marketing communications from us, by contacting our Customer Support Centre or by opting out from marketing e-mails. However, this may limit our ability to engage in relevant dialogue and/or deliver the agreed services without this normally implying a breach of contract on our part.
We have implemented top-notch technical and organizational security measures in order to protect your personal data and to ensure the availability, integrity and confidentiality of your personal data. Our highly qualified IT and security experts are ensuring that our applications are kept safe by only using providers that can guarantee compliance with applicable security standards and laws.
However, you may also help protect your data by observing these simple safeguards:
- Do not send confidential or sensitive information by unencrypted email. We will never ask you to send us your payment details, your code or your password by e-mail, and if we call you we will ask you the agreed security question before giving you any confidential information
- Do not use codes, passwords or security questions that are easy for others to guess. You should always use a strong password, ie a password comprising of both small and capital letters, numbers and a special
- Do not click on links in any emails you receive unless the email is from a trusted sender. Always check the e-mail address of the sender of e-mails that requests any information from you - often the fraudsters use e-mail addresses that are similar to the original. Emails from us will always be sent from email@example.com
- Make sure your contact information is updated so that we can reach you in the event of an alarm or if there is suspicion of fraud
- Keep your online devices updated in order to ensure that you always have the latest version of security settings installed, as these may contain patches for formerly identified security weaknesses
- If you observe any suspicious activity or think that you have been subject to identity theft or fraud, contact our customer support center immediately at 1850 753 753
If you have enabled our video service (available in the PhoneWatch app only), it is important to note that we do not have access to the video recordings unless you explicitly grant us such access in connection with an alarm being triggered and for this reason we are not the data controller for the video service. For this reason, if the recordings are considered “personal data” under the GDPR, you are the data controller for the video service, not PhoneWatch. When we install the video camera, we will install it in a manner that does not infringe on the rights and freedoms of persons not residing on the address where the camera is installed, and we will provide you with signs and stickers that can be used to inform visitors and others about the video surveillance. You must not move the camera, and if you do, PhoneWatch assumes no liability for any illegal video surveillance performed by you as a consequence of such actions. You are responsible for ensuring compliance with all relevant laws and obligations, including the GDPR (if applicable to you), when using the video surveillance function. Please note that even though recording as such may be legal, it may be illegal to publish, share or store such recordings (as well as photos and sound) with any third party not part of public law enforcement agencies. If you are a corporate customer, you must also observe the rules for use of video surveillance by employers in the workplace. when using the video surveillance function. Please note that even though recording as such may be legal, it may be illegal to publish, share or store such recordings (as well as photos and sound) with any third party not part of public law enforcement agencies. If you are a corporate customer, you must also observe the rules for use of video surveillance by employers in the workplace. when using the video surveillance function. Please note that even though recording as such may be legal, it may be illegal to publish, share or store such recordings (as well as photos and sound) with any third party not part of public law enforcement agencies. If you are a corporate customer, you must also observe the rules for use of video surveillance by employers in the workplace.
All recordings and streaming from the video camera are stored in the app cloud and deleted after 7 days, unless prolonged retention is activated due to the recording being necessary in connection with the investigation of a potential criminal offense.
Reference is made to the terms and conditions for the video surveillance service for more information about the functionalities and responsibilities related to the video service.
You may always unfollow our accounts or delete your comments and messages. Please note that unfollowing our account will not delete your personal data. Please note that all of these providers have international data transfers to the USA. We encourage you to read their Privacy Policies for more information about their processing of your personal data.
Furthermore, when using Facebook, we receive aggregated statistical reports from Facebook through a service called Facebook Insights. This service allows us to monitor the activity related to our account. These reports do not comprise any personal data and is anonymous to us, but we are acting as joint controllers with Facebook Inc for the purposes of this service. You may find more information about Facebook Insights here.
About us and contact information
If you consider that our processing of your personal data infringes your rights, please contact us using the contact information below. In addition, you are entitled to make a complaint to the Office of the Data Protection Commission , but we encourage you to contact us first so that we may clear any misunderstandings.
Latest version: 2.0 (2021)