PRIVACY POLICY

Last updated May 4, 2026


This privacy notice for Securaze GmbH (doing business as Securaze) (“Securaze,” “we,” “us,” or “our”) describes how and why we might collect, store, use, and/or share (“process”) your information when you use our services (“Services”), such as when you:

  • Visit our website at https://www.securaze.com, or any website of ours that links to this privacy notice
  • Contact us, request a demo, download materials, or attend our events
  • Engage with us in connection with sales, marketing, partnerships, or support

This notice covers personal data we process as a controller — primarily information about website visitors, prospects, customer contacts, partners, and event attendees.

Note on data processed through our Services. When our customers (e.g., ITADs, refurbishers, OEMs, enterprises, public-sector bodies) deploy Securaze Work, Mobile, Remote, Motion, Command, Creator, Work Verifier, or Dashboard, the customer is the data controller and Securaze acts as a data processor on their behalf. The processing of personal data through the Services (for example, in erasure reports, asset records, or device diagnostics) is governed by the Data Processing Agreement (DPA) we sign with that customer, not by this notice. If you are an end user whose device was processed by one of our customers, please contact that organisation directly with privacy questions.

Questions or concerns? Reading this privacy notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at office@securaze.com.


SUMMARY OF KEY POINTS

This summary provides key points from our privacy notice; you can find more detail in the relevant section below or via the table of contents.

What personal information do we process? When you visit, use, or navigate our website and Services, we may process personal information depending on how you interact with us, the choices you make, and the products and features you use. See What information do we collect?

Do we process any sensitive personal information? No — we do not intentionally process special categories of personal data (e.g., health, biometric, racial or ethnic data) through our website or marketing activities. If you submit such data to us in unsolicited correspondence, we will delete it.

Do we receive any information from third parties? Yes, in limited circumstances — for example, from sales-intelligence and lead-enrichment tools, from referral partners, and from publicly available business sources (e.g., LinkedIn). See Section 1.

How do we process your information? We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, for marketing where lawful, and to comply with law. We process your information only when we have a valid legal basis. See Section 2.

Do we use AI or automated decision-making? We do not use automated decision-making (including profiling) to make decisions that produce legal or similarly significant effects about you. Where we use AI tools internally (e.g., for drafting assistance or analytics), the outputs are reviewed by our staff. See Section 4.

With whom do we share personal information? We share information with vetted service providers (acting as our processors), our group entities, and authorities where legally required. See Section 5.

Where do we transfer personal information? Securaze operates from offices in Austria, Germany, the United Kingdom, the United States (Arizona), and Malaysia. We use safeguards such as the EU Standard Contractual Clauses and the EU–US Data Privacy Framework where applicable. See Section 6.

How do we keep your information safe? We apply organisational and technical measures appropriate to the risk, including those expected of an EAL2+-certified vendor. See Section 8.

What are your rights? Depending on where you are located, you may have rights of access, rectification, erasure, restriction, portability, and objection, and the right to lodge a complaint with a supervisory authority. See Section 10.

How do you exercise your rights? Submit a data subject access request or contact us at dpo@securaze.com.

Do we have a Data Protection Officer? Securaze is not legally required to appoint a Data Protection Officer (DPO) under Article 37 GDPR — our core activity does not involve large-scale systematic monitoring of individuals or large-scale processing of special-category data. We have nevertheless designated an internal Privacy Officer as a single point of contact for data protection matters. See Section 17.


TABLE OF CONTENTS

  1. What information do we collect?
  2. How do we process your information?
  3. What legal bases do we rely on to process your information?
  4. Automated decision-making and AI
  5. When and with whom do we share your personal information?
  6. International data transfers
  7. How long do we keep your information?
  8. How do we keep your information safe?
  9. Data breaches and notification
  10. What are your privacy rights?
  11. Specific notice for California residents
  12. Specific notice for UK residents
  13. Cookies and other tracking technologies
  14. Do we collect information from minors?
  15. Do-Not-Track features
  16. Updates to this notice
  17. How can you contact us?
  18. How can you review, update, or delete your data?

1. What information do we collect?

Personal information you disclose to us

We collect personal information that you voluntarily provide when you express an interest in our products or Services, sign up for a trial or demo, participate in events or surveys, contact support, apply for a job, or otherwise communicate with us. The categories may include:

  • Identity and contact data: name, business email address, phone number, postal address, job title, employer
  • Commercial data: company information, country, industry, role, areas of interest, demo or trial requests
  • Account and authentication data: usernames, passwords (stored hashed), MFA tokens, login history (where you have a partner or customer portal account)
  • Communication content: emails, chat messages, support tickets, meeting notes, recordings of calls or webinars (only with notice and, where required, consent)
  • Marketing preferences: subscription status, communication channels, language preference

We do not intentionally collect special categories of personal data (e.g., health, biometric, political opinions). Please do not send us such data unless we specifically request it.

Information automatically collected

When you visit our website, we automatically collect certain technical information, which generally does not by itself identify you but may, in combination, qualify as personal data under GDPR:

  • Log and usage data: IP address, device identifiers, browser type and version, operating system, language, referring URL, pages viewed, time spent, search terms, click paths, error logs
  • Device data: hardware model, screen resolution, ISP, approximate location (derived from IP)
  • Cookie and tracker data: see Section 13

Information from third parties

We may receive limited information about you from:

  • Sales-intelligence and CRM-enrichment providers (e.g., HubSpot, LinkedIn Sales Navigator)
  • Referral and channel partners who introduce us to potential customers
  • Publicly available business sources (company websites, professional networks, public registries)
  • Event organisers when you opt in to share contact details with us at trade shows or conferences

Where we receive personal data from third parties, we ensure the source has an appropriate legal basis for the disclosure.


2. How do we process your information?

We process your personal information for the following purposes:

  • To deliver and facilitate our Services, respond to demo requests, set up trials, and provide pre-sales technical support
  • To respond to enquiries and provide customer support
  • To send administrative information (e.g., changes to our terms or this notice, security advisories, product updates)
  • To fulfil and manage orders, contracts, licences, invoices, and renewals
  • To request and process feedback about your experience
  • To send marketing and promotional communications in line with your preferences and applicable law (you can opt out at any time)
  • To run events, webinars, and trade-show activities (including the BILLA Cup and other partner events where Securaze participates)
  • To recruit and evaluate job applicants
  • To protect our Services, network, and customers through fraud prevention, abuse detection, and security monitoring
  • To analyse use of our website and Services in order to improve them
  • To comply with legal obligations, including tax, accounting, anti-money-laundering, export-control, and regulatory requirements
  • To establish, exercise, or defend legal claims

3. What legal bases do we rely on to process your information?

If you are located in the EU, EEA, UK, or Switzerland, we rely on the following legal bases under the GDPR / UK GDPR / Swiss FADP:

  • Performance of a contract (Art. 6(1)(b) GDPR) — to provide Services you have requested, manage your account, and process orders, licences, and invoices.
  • Legitimate interests (Art. 6(1)(f) GDPR) — for example, to:
    • run our website and ensure its security
    • communicate with business contacts at our customers, prospects, and partners (B2B outreach)
    • measure and improve our marketing
    • protect our network and Services against fraud and abuse
    • manage our group structure, including internal transfers between Securaze entities We balance these interests against your rights and freedoms; you may object at any time (see Section 10).
  • Consent (Art. 6(1)(a) GDPR) — for non-essential cookies, marketing emails to private individuals, and any other processing where consent is required. You may withdraw consent at any time without affecting prior lawful processing.
  • Legal obligation (Art. 6(1)(c) GDPR) — to comply with Austrian, EU, and other applicable laws (e.g., tax retention, accounting, sanctions screening).
  • Vital interests (Art. 6(1)(d) GDPR) — in rare cases where processing is necessary to protect a person’s life or physical safety.

If you are in Canada, we rely on express or implied consent, except in the limited circumstances permitted by PIPEDA.

If you are in the United States, we process personal information consistently with the applicable state privacy laws (CCPA/CPRA, Virginia CDPA, Colorado CPA, and others). See Section 11.


4. Automated decision-making and AI

We do not use automated decision-making, including profiling, to make decisions about you that produce legal or similarly significant effects (such as creditworthiness, employment, or eligibility decisions).

We use AI-assisted tools internally — for example, to draft communications, summarise documents, analyse usage trends, or assist customer support. Where AI tools are used in connection with personal data, output is reviewed by Securaze staff before action is taken, and we apply contractual and technical safeguards with our AI vendors (no training on our customer data, EU-region processing where available, no unauthorised cross-border transfer).

If our use of AI changes in a way that materially affects your rights, we will update this notice and, where required, obtain consent.


5. When and with whom do we share your personal information?

We share personal information only with the following categories of recipients, and only to the extent necessary:

5.1 Service providers (acting as our processors)

Category Examples of providers
Website hosting Raidboxes GmbH (Germany) — managed WordPress hosting for securaze.com
Productivity and email Microsoft 365, Google Workspace
CRM, marketing automation, and sales HubSpot
Customer support and ticketing HubSpot, Jira
Analytics and website tools HubSpot, Google Analytics
Payment and invoicing BMD, QuickBooks
Remote support / connectivity RustDesk (self-hosted on Hetzner), AnyDesk
Communications Microsoft Teams, Slack
Professional advisors Auditors, lawyers, tax advisors

We have data processing agreements in place with each provider, designed to ensure they process personal data only on our instructions and apply appropriate security measures.

A current list of sub-processors used in delivering our Services (i.e., where Securaze acts as a processor for customers) is maintained separately and made available to customers under their DPA.

5.2 Securaze group entities

We may share personal information among Securaze GmbH (Austria) and our affiliated entities in Germany, the United Kingdom, the United States (Securaze North America LLC, Arizona), and Malaysia, for the purposes described in this notice. Intra-group transfers are governed by an internal data sharing arrangement and, where required, the EU Standard Contractual Clauses.

5.3 Business partners

Where you have requested it, or where it is necessary to fulfil a referral or joint go-to-market arrangement, we may share limited contact details with channel partners or technology partners. Such partners are independent controllers and process your data under their own privacy notices.

5.4 Authorities and legal recipients

We may disclose personal information where required by law, court order, regulatory request, or to establish, exercise, or defend legal claims.

5.5 Business transfers

If Securaze is involved in a merger, acquisition, sale of assets, financing, or restructuring, personal information may be transferred to the relevant counterparty subject to appropriate confidentiality and data protection obligations.

We do not sell your personal information, and we do not share it for cross-context behavioural advertising as those terms are defined under the CCPA/CPRA.


6. International data transfers

Securaze operates internationally. Your personal information may be transferred to, processed in, and stored in countries outside the EU/EEA, including:

  • Austria (HQ)
  • Germany
  • United Kingdom (subject to a UK adequacy decision from the EU)
  • United States (Securaze North America LLC; relies on the EU–US Data Privacy Framework where applicable, or the EU Standard Contractual Clauses (SCCs) under Commission Implementing Decision (EU) 2021/914)
  • Malaysia (transfers governed by the EU SCCs and supplementary measures)

For all transfers outside the EEA to a country without an adequacy decision, we apply the 2021 SCCs and, where appropriate, supplementary technical and organisational measures (encryption in transit and at rest, access controls, audit logging) following the EDPB Recommendations 01/2020. Copies of the SCCs are available on request from office@securaze.com.


7. How long do we keep your information?

We retain personal information only for as long as necessary for the purposes set out in this notice, taking into account legal, accounting, regulatory, and contractual requirements. Indicative retention periods:

Category Retention period
Customer contract and licence records Duration of contract + 7 years (Austrian Federal Fiscal Code – BAO §132 and Commercial Code – UGB §212)
Invoices and accounting records 7 years from end of fiscal year
Prospect and CRM records (no contract concluded) Up to 3 years from last meaningful contact, then deleted or anonymised
Marketing email subscribers Until unsubscribe + 30 days for suppression-list purposes
Website server logs Up to 6 months, except where required for security investigation
Job applications (unsuccessful) 6 months after the recruitment decision, unless you consent to longer retention for our talent pool
Support tickets and correspondence Up to 3 years after closure

When we have no ongoing legitimate need to process your personal information, we delete or anonymise it; where deletion is not technically feasible (e.g., backups), we securely isolate the data until deletion is possible.


8. How do we keep your information safe?

We apply organisational and technical security measures appropriate to the risk. These include, where relevant:

  • Role-based access controls and least-privilege principles
  • Multi-factor authentication for administrative and remote access
  • Encryption of personal data in transit (TLS) and at rest where appropriate
  • Network segmentation, firewalls, and monitoring
  • Secure software development practices and regular dependency reviews
  • Regular backups with tested restore procedures
  • Personnel confidentiality obligations and security awareness training
  • Vetting of sub-processors against ISO 27001, SOC 2, or equivalent standards

Securaze’s products are independently certified to Common Criteria EAL2+, ADISA, and conform to NIST SP 800-88. While these certifications relate to the products rather than to our corporate IT, they reflect the security culture we apply across the business.

No system is 100% secure; you should access our Services from a trusted environment.


9. Data breaches and notification

If a personal data breach is likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority (the Austrian Datenschutzbehörde for our establishment in Austria) without undue delay and, where feasible, within 72 hours of becoming aware of it, as required by Article 33 GDPR.

Where the breach is likely to result in a high risk to your rights and freedoms, we will also inform affected individuals without undue delay (Article 34 GDPR), unless one of the exceptions in Article 34(3) applies.

For breaches affecting personal data we process as a processor on behalf of a customer, we will notify that customer without undue delay in accordance with their DPA.


10. What are your privacy rights?

Depending on where you are located, you may have the following rights:

  • Access — to know what personal data we hold about you and to obtain a copy
  • Rectification — to have inaccurate or incomplete data corrected
  • Erasure (“right to be forgotten”) — to have your data deleted in certain circumstances
  • Restriction of processing
  • Portability — to receive your data in a structured, commonly used, machine-readable format
  • Objection to processing based on legitimate interests, including direct marketing (which you can refuse at any time)
  • Withdrawal of consent, where processing is based on consent
  • Right not to be subject to automated decisions producing legal or similarly significant effects (see Section 4)
  • Right to lodge a complaint with a supervisory authority

To exercise any of these rights, please submit a data subject access request or email dpo@securaze.com. We will respond within one month (extendable by two further months for complex requests, with notice to you).

If you are in the EEA, your lead supervisory authority is most likely the Austrian Data Protection Authority (Datenschutzbehörde), Barichgasse 40-42, 1030 Vienna, Austria — https://www.dsb.gv.at. You may also contact your local authority. A list is available at https://edpb.europa.eu/about-edpb/about-edpb/members_en.

If you are in Switzerland, you may contact the Federal Data Protection and Information Commissioner (FDPIC).


11. Specific notice for California residents

If you are a California resident, the California Consumer Privacy Act, as amended by the CPRA (“CCPA”), provides you with additional rights:

  • Right to know what personal information we have collected, used, disclosed, or sold/shared about you
  • Right to correct inaccurate personal information
  • Right to delete personal information we have collected from you
  • Right to opt out of the sale or sharing of personal information (we do not sell or share personal information as those terms are defined under the CCPA)
  • Right to limit use and disclosure of sensitive personal information (we do not use sensitive personal information for purposes that would trigger this right)
  • Right to non-discrimination for exercising any of the above rights

The “business” responsible under CCPA is Securaze North America LLC, 222 South Mill Ave, Suite 800, Tempe, AZ 85281, +1 480 630-8551.

To exercise these rights, contact dpo@securaze.com or use our data subject access request form. We will verify your request using the contact information we have on file. You may designate an authorised agent in writing.

We do not knowingly collect personal information of California residents under 16 years of age.


12. Specific notice for UK residents

If you are in the United Kingdom, you have the rights set out in Section 10 under the UK GDPR and Data Protection Act 2018. You have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at https://ico.org.uk, telephone 0303 123 1113.


13. Cookies and other tracking technologies

We and selected third parties use cookies, pixels, local storage, and similar technologies on our website. Strictly necessary cookies are set automatically; all other categories (analytics, functional, marketing) are set only with your consent through our cookie banner.

You can review and change your cookie preferences at any time through the cookie settings link in the website footer, and you can configure your browser to refuse cookies (which may affect website functionality).

For full details — categories, providers, retention periods, and how to opt out — see our Cookie Policy.


14. Do we collect information from minors?

Our website and Services are directed to businesses and not to children. We do not knowingly collect personal data from individuals under 16 (or under 18 where local law requires). If we learn that we have collected such data without verified parental consent, we will delete it. If you believe a minor has provided us with personal information, please contact dpo@securaze.com.


15. Do-Not-Track features

There is currently no widely accepted industry standard for responding to Do-Not-Track (“DNT”) browser signals. We do not currently respond to DNT signals. Where the Global Privacy Control (GPC) signal is sent by your browser, we treat it as a valid opt-out of sale/sharing for the purposes of the CCPA and equivalent state laws.


16. Updates to this notice

We may update this privacy notice to reflect changes in our practices or in applicable law. The updated version will be indicated by an updated “Last updated” date at the top of this notice and will be effective when posted. Where changes are material, we will provide additional notice (e.g., a banner on our website or a direct email).


17. How can you contact us?

For any question about this notice or about how we handle your personal data:

Securaze GmbH Donaustraße 98/16/55 3400 Klosterneuburg Austria Email: dpo@securaze.com or dsb@securaze.com (data protection matters) Email: office@securaze.com (general enquiries)

Privacy Officer Friesinger Email: dpo@securaze.com

Note on the dpo@ / dsb@ email aliases. These email addresses are provided as a convenience contact for data protection enquiries and reflect the labels most commonly used by data subjects and procurement teams (English “DPO” and German “Datenschutzbeauftragter / DSB”). Their use does not imply that Securaze has formally appointed a Data Protection Officer under Article 37 GDPR. As explained in the summary of this notice, Securaze’s core activity does not trigger the mandatory designation requirement under Article 37(1) GDPR; we have instead designated an internal Privacy Officer as our point of contact for data subjects, customers, and supervisory authorities on data protection matters.

Securaze North America LLC (for California residents) 222 South Mill Ave, Suite 800 Tempe, AZ 85281, USA Phone: +1 480 630-8551


18. How can you review, update, or delete your data?

To request access, correction, or deletion of your personal information, please send an email to dpo@securaze.com. We will respond within the timeframes required by applicable law.


This notice is provided in English. Translations may be made available; in case of discrepancy, the English version prevails.