This privacy notice for Securaze GmbH (doing business as Securaze) (“Securaze,” “we,” “us,” or “our”) describes how and why we might collect, store, use, and/or share (“process”) your information when you use our services (“Services”), such as when you:
This notice covers personal data we process as a controller — primarily information about website visitors, prospects, customer contacts, partners, and event attendees.
Note on data processed through our Services. When our customers (e.g., ITADs, refurbishers, OEMs, enterprises, public-sector bodies) deploy Securaze Work, Mobile, Remote, Motion, Command, Creator, Work Verifier, or Dashboard, the customer is the data controller and Securaze acts as a data processor on their behalf. The processing of personal data through the Services (for example, in erasure reports, asset records, or device diagnostics) is governed by the Data Processing Agreement (DPA) we sign with that customer, not by this notice. If you are an end user whose device was processed by one of our customers, please contact that organisation directly with privacy questions.
Questions or concerns? Reading this privacy notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at office@securaze.com.
This summary provides key points from our privacy notice; you can find more detail in the relevant section below or via the table of contents.
What personal information do we process? When you visit, use, or navigate our website and Services, we may process personal information depending on how you interact with us, the choices you make, and the products and features you use. See What information do we collect?
Do we process any sensitive personal information? No — we do not intentionally process special categories of personal data (e.g., health, biometric, racial or ethnic data) through our website or marketing activities. If you submit such data to us in unsolicited correspondence, we will delete it.
Do we receive any information from third parties? Yes, in limited circumstances — for example, from sales-intelligence and lead-enrichment tools, from referral partners, and from publicly available business sources (e.g., LinkedIn). See Section 1.
How do we process your information? We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, for marketing where lawful, and to comply with law. We process your information only when we have a valid legal basis. See Section 2.
Do we use AI or automated decision-making? We do not use automated decision-making (including profiling) to make decisions that produce legal or similarly significant effects about you. Where we use AI tools internally (e.g., for drafting assistance or analytics), the outputs are reviewed by our staff. See Section 4.
With whom do we share personal information? We share information with vetted service providers (acting as our processors), our group entities, and authorities where legally required. See Section 5.
Where do we transfer personal information? Securaze operates from offices in Austria, Germany, the United Kingdom, the United States (Arizona), and Malaysia. We use safeguards such as the EU Standard Contractual Clauses and the EU–US Data Privacy Framework where applicable. See Section 6.
How do we keep your information safe? We apply organisational and technical measures appropriate to the risk, including those expected of an EAL2+-certified vendor. See Section 8.
What are your rights? Depending on where you are located, you may have rights of access, rectification, erasure, restriction, portability, and objection, and the right to lodge a complaint with a supervisory authority. See Section 10.
How do you exercise your rights? Submit a data subject access request or contact us at dpo@securaze.com.
Do we have a Data Protection Officer? Securaze is not legally required to appoint a Data Protection Officer (DPO) under Article 37 GDPR — our core activity does not involve large-scale systematic monitoring of individuals or large-scale processing of special-category data. We have nevertheless designated an internal Privacy Officer as a single point of contact for data protection matters. See Section 17.
We collect personal information that you voluntarily provide when you express an interest in our products or Services, sign up for a trial or demo, participate in events or surveys, contact support, apply for a job, or otherwise communicate with us. The categories may include:
We do not intentionally collect special categories of personal data (e.g., health, biometric, political opinions). Please do not send us such data unless we specifically request it.
When you visit our website, we automatically collect certain technical information, which generally does not by itself identify you but may, in combination, qualify as personal data under GDPR:
We may receive limited information about you from:
Where we receive personal data from third parties, we ensure the source has an appropriate legal basis for the disclosure.
We process your personal information for the following purposes:
If you are located in the EU, EEA, UK, or Switzerland, we rely on the following legal bases under the GDPR / UK GDPR / Swiss FADP:
If you are in Canada, we rely on express or implied consent, except in the limited circumstances permitted by PIPEDA.
If you are in the United States, we process personal information consistently with the applicable state privacy laws (CCPA/CPRA, Virginia CDPA, Colorado CPA, and others). See Section 11.
We do not use automated decision-making, including profiling, to make decisions about you that produce legal or similarly significant effects (such as creditworthiness, employment, or eligibility decisions).
We use AI-assisted tools internally — for example, to draft communications, summarise documents, analyse usage trends, or assist customer support. Where AI tools are used in connection with personal data, output is reviewed by Securaze staff before action is taken, and we apply contractual and technical safeguards with our AI vendors (no training on our customer data, EU-region processing where available, no unauthorised cross-border transfer).
If our use of AI changes in a way that materially affects your rights, we will update this notice and, where required, obtain consent.
We share personal information only with the following categories of recipients, and only to the extent necessary:
| Category | Examples of providers |
|---|---|
| Website hosting | Raidboxes GmbH (Germany) — managed WordPress hosting for securaze.com |
| Productivity and email | Microsoft 365, Google Workspace |
| CRM, marketing automation, and sales | HubSpot |
| Customer support and ticketing | HubSpot, Jira |
| Analytics and website tools | HubSpot, Google Analytics |
| Payment and invoicing | BMD, QuickBooks |
| Remote support / connectivity | RustDesk (self-hosted on Hetzner), AnyDesk |
| Communications | Microsoft Teams, Slack |
| Professional advisors | Auditors, lawyers, tax advisors |
We have data processing agreements in place with each provider, designed to ensure they process personal data only on our instructions and apply appropriate security measures.
A current list of sub-processors used in delivering our Services (i.e., where Securaze acts as a processor for customers) is maintained separately and made available to customers under their DPA.
We may share personal information among Securaze GmbH (Austria) and our affiliated entities in Germany, the United Kingdom, the United States (Securaze North America LLC, Arizona), and Malaysia, for the purposes described in this notice. Intra-group transfers are governed by an internal data sharing arrangement and, where required, the EU Standard Contractual Clauses.
Where you have requested it, or where it is necessary to fulfil a referral or joint go-to-market arrangement, we may share limited contact details with channel partners or technology partners. Such partners are independent controllers and process your data under their own privacy notices.
We may disclose personal information where required by law, court order, regulatory request, or to establish, exercise, or defend legal claims.
If Securaze is involved in a merger, acquisition, sale of assets, financing, or restructuring, personal information may be transferred to the relevant counterparty subject to appropriate confidentiality and data protection obligations.
We do not sell your personal information, and we do not share it for cross-context behavioural advertising as those terms are defined under the CCPA/CPRA.
Securaze operates internationally. Your personal information may be transferred to, processed in, and stored in countries outside the EU/EEA, including:
For all transfers outside the EEA to a country without an adequacy decision, we apply the 2021 SCCs and, where appropriate, supplementary technical and organisational measures (encryption in transit and at rest, access controls, audit logging) following the EDPB Recommendations 01/2020. Copies of the SCCs are available on request from office@securaze.com.
We retain personal information only for as long as necessary for the purposes set out in this notice, taking into account legal, accounting, regulatory, and contractual requirements. Indicative retention periods:
| Category | Retention period |
|---|---|
| Customer contract and licence records | Duration of contract + 7 years (Austrian Federal Fiscal Code – BAO §132 and Commercial Code – UGB §212) |
| Invoices and accounting records | 7 years from end of fiscal year |
| Prospect and CRM records (no contract concluded) | Up to 3 years from last meaningful contact, then deleted or anonymised |
| Marketing email subscribers | Until unsubscribe + 30 days for suppression-list purposes |
| Website server logs | Up to 6 months, except where required for security investigation |
| Job applications (unsuccessful) | 6 months after the recruitment decision, unless you consent to longer retention for our talent pool |
| Support tickets and correspondence | Up to 3 years after closure |
When we have no ongoing legitimate need to process your personal information, we delete or anonymise it; where deletion is not technically feasible (e.g., backups), we securely isolate the data until deletion is possible.
We apply organisational and technical security measures appropriate to the risk. These include, where relevant:
Securaze’s products are independently certified to Common Criteria EAL2+, ADISA, and conform to NIST SP 800-88. While these certifications relate to the products rather than to our corporate IT, they reflect the security culture we apply across the business.
No system is 100% secure; you should access our Services from a trusted environment.
If a personal data breach is likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority (the Austrian Datenschutzbehörde for our establishment in Austria) without undue delay and, where feasible, within 72 hours of becoming aware of it, as required by Article 33 GDPR.
Where the breach is likely to result in a high risk to your rights and freedoms, we will also inform affected individuals without undue delay (Article 34 GDPR), unless one of the exceptions in Article 34(3) applies.
For breaches affecting personal data we process as a processor on behalf of a customer, we will notify that customer without undue delay in accordance with their DPA.
Depending on where you are located, you may have the following rights:
To exercise any of these rights, please submit a data subject access request or email dpo@securaze.com. We will respond within one month (extendable by two further months for complex requests, with notice to you).
If you are in the EEA, your lead supervisory authority is most likely the Austrian Data Protection Authority (Datenschutzbehörde), Barichgasse 40-42, 1030 Vienna, Austria — https://www.dsb.gv.at. You may also contact your local authority. A list is available at https://edpb.europa.eu/about-edpb/about-edpb/members_en.
If you are in Switzerland, you may contact the Federal Data Protection and Information Commissioner (FDPIC).
If you are a California resident, the California Consumer Privacy Act, as amended by the CPRA (“CCPA”), provides you with additional rights:
The “business” responsible under CCPA is Securaze North America LLC, 222 South Mill Ave, Suite 800, Tempe, AZ 85281, +1 480 630-8551.
To exercise these rights, contact dpo@securaze.com or use our data subject access request form. We will verify your request using the contact information we have on file. You may designate an authorised agent in writing.
We do not knowingly collect personal information of California residents under 16 years of age.
If you are in the United Kingdom, you have the rights set out in Section 10 under the UK GDPR and Data Protection Act 2018. You have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at https://ico.org.uk, telephone 0303 123 1113.
We and selected third parties use cookies, pixels, local storage, and similar technologies on our website. Strictly necessary cookies are set automatically; all other categories (analytics, functional, marketing) are set only with your consent through our cookie banner.
You can review and change your cookie preferences at any time through the cookie settings link in the website footer, and you can configure your browser to refuse cookies (which may affect website functionality).
For full details — categories, providers, retention periods, and how to opt out — see our Cookie Policy.
Our website and Services are directed to businesses and not to children. We do not knowingly collect personal data from individuals under 16 (or under 18 where local law requires). If we learn that we have collected such data without verified parental consent, we will delete it. If you believe a minor has provided us with personal information, please contact dpo@securaze.com.
There is currently no widely accepted industry standard for responding to Do-Not-Track (“DNT”) browser signals. We do not currently respond to DNT signals. Where the Global Privacy Control (GPC) signal is sent by your browser, we treat it as a valid opt-out of sale/sharing for the purposes of the CCPA and equivalent state laws.
We may update this privacy notice to reflect changes in our practices or in applicable law. The updated version will be indicated by an updated “Last updated” date at the top of this notice and will be effective when posted. Where changes are material, we will provide additional notice (e.g., a banner on our website or a direct email).
For any question about this notice or about how we handle your personal data:
Securaze GmbH Donaustraße 98/16/55 3400 Klosterneuburg Austria Email: dpo@securaze.com or dsb@securaze.com (data protection matters) Email: office@securaze.com (general enquiries)
Privacy Officer Friesinger Email: dpo@securaze.com
Note on the dpo@ / dsb@ email aliases. These email addresses are provided as a convenience contact for data protection enquiries and reflect the labels most commonly used by data subjects and procurement teams (English “DPO” and German “Datenschutzbeauftragter / DSB”). Their use does not imply that Securaze has formally appointed a Data Protection Officer under Article 37 GDPR. As explained in the summary of this notice, Securaze’s core activity does not trigger the mandatory designation requirement under Article 37(1) GDPR; we have instead designated an internal Privacy Officer as our point of contact for data subjects, customers, and supervisory authorities on data protection matters.
Securaze North America LLC (for California residents) 222 South Mill Ave, Suite 800 Tempe, AZ 85281, USA Phone: +1 480 630-8551
To request access, correction, or deletion of your personal information, please send an email to dpo@securaze.com. We will respond within the timeframes required by applicable law.
This notice is provided in English. Translations may be made available; in case of discrepancy, the English version prevails.