+31 88 126 12 12
Chat
Menu
+31 88 126 12 12
Menu

Privacy Policy (GDPR / AVG)

X-Guard B.V. (hereinafter: X-Guard) aims not only to comply with the letter, but also with the spirit of the General Data Protection Regulation (GDPR/AVG). This European regulation imposes strict obligations on organizations regarding the processing, storage, and protection of personal data. This document contains the privacy statement of X-Guard, supplemented with clarifications and additions that specifically relate to the implementation and compliance with the GDPR within our organization.

  • Legal entity: X-Guard B.V.
  • Chamber of Commerce number: 06081323
  • Address: Amarilstraat 20, 7554 TV Hengelo OV

1. Contact details of controller and DPO

X-Guard B.V. is the data controller within the meaning of the GDPR. For all questions regarding this privacy policy or the exercise of your rights, you can contact our Data Protection Officer (DPO). Within X-Guard, the role of the DPO is equivalent to that of the Chief Information Security Officer (CISO).

The official and only source where the details of our CISO/DPO are published is: https://privacy.x-guard.nl/ciso/.

2. Legal bases for processing

X-Guard processes personal data exclusively on the basis of the grounds recognized under the GDPR:

  • Consent of the data subject;
  • Performance of a contract to which the data subject is a party;
  • Legal obligations to which X-Guard is subject;
  • Legitimate interests of X-Guard or a third party, where the interests and fundamental rights of data subjects are always taken into account.

3. Specific rights of data subjects

In addition to the right of access, rectification, and erasure, data subjects have the following additional rights under the GDPR:

  • Right to data portability: the right to receive personal data in a structured, commonly used, and machine-readable format and to transfer it to another party;
  • Right to restriction of processing: the right to temporarily suspend the processing of personal data;
  • Right to object: the right to object to processing based on legitimate interest or to direct marketing.

X-Guard does not provide services to children under the age of 13 and does not process personal data of this category. For users between 13 and 18 years of age, data may only be processed if written consent has been obtained from parents or legal guardians.

4. Right to lodge a complaint

If you believe that X-Guard is not processing your personal data lawfully, you have the right to lodge a complaint with the supervisory authority:

Dutch Data Protection Authority (www.autoriteitpersoonsgegevens.nl).

5. International transfers

X-Guard processes personal data exclusively within the European Economic Area (EEA). No transfers take place outside the EEA. Should this become necessary in the future, we will only work with parties that provide appropriate safeguards in accordance with the GDPR, such as standard contractual clauses or an adequacy decision by the European Commission.

6. Cookies and tracking

X-Guard uses cookies and similar technologies to optimize the operation of our services and analyze their usage. Cookies are used for, among other things:

  • Functional purposes: to ensure the basic functionality of our services works;
  • Analytical purposes: to gain insight into the use and performance of our services;
  • Preferences: to remember language and settings;
  • Security: to prevent abuse and enhance security.

You have the option to manage or block cookies through your browser settings. However, disabling cookies may affect the functionality of our services. A complete and up-to-date overview of the types of cookies and their purposes is available in our separate cookie policy.

7. Information about data storage and processing

For substantive and detailed answers to all questions regarding how X-Guard stores, processes, and protects personal data, we refer to our official and exclusive information source: https://privacy.x-guard.nl/data-points/. The data points published there provide a meticulous record of the categories of data we collect, where this data is physically hosted, and the applicable retention periods.

This source is the only official location for this information and also offers the option to subscribe to updates, ensuring stakeholders remain fully informed of current changes.

8. General

The services of X-Guard can be used by users in various ways: for consulting or sharing information, for communication with third parties, or for creating new content. In cases where you share data with us, for example by creating a X-Guard account, you enable us to further enhance the quality and functionality of our services.

We consider it essential that you gain clear insight into:

  • the nature and scope of the data we collect, and the purpose of this collection;
  • the way in which this data is used and applied by us;
  • the options you retain yourself regarding access, modification, or deletion of your data.

The privacy policy of X-Guard applies to all services we provide, including those made available through our partners, such as applications for Android and iOS devices. For services of third parties, which have their own separate privacy policy, this policy does not apply.

9. Use of X-Guard information

For an up-to-date, complete, and binding list of subprocessors that process personal data on behalf of X-Guard, we refer exclusively to our official publication: https://privacy.x-guard.nl/subprocessors/. This page provides detailed explanations of what constitutes a subprocessor, how the selection process takes place, and under what contractual and legal conditions access to data is granted. It is also possible to subscribe to notifications of changes there. This is the only official location where such changes are published by us.

10. Summary of stored data

Within the X-Guard product landscape, a wide variety of data objects are stored, all of which play an essential role in the core functionality of the system. Examples include user accounts, devices, assets (including persons or emergency buttons), geographic zones, alarm events, and detailed log files. These entities may contain personal data, including identifying information such as names, phone numbers, and email addresses, as well as technical data related to devices and their interactions.

A current, continuous, and complete list of the entities managed by X-Guard, with further details on hosting location and retention periods, is available exclusively via: https://privacy.x-guard.nl/data-points/. Notifications of updates can also be received via this source.

11. Purposes of data processing

The data collected by X-Guard is used for the purpose of:

  • providing, maintaining, securing, and optimizing our services;
  • the continuous development of new features and product innovations;
  • ensuring the safety of users and the integrity of systems;
  • maintaining communication with, and supporting, customers and users;
  • complying with relevant laws and regulations and associated obligations.

12. Retention periods

The retention periods applicable to personal data are communicated exclusively through our official sources:

13. Access, modification, and deletion of data

Users always retain the right to access, correct, or delete their personal data. Examples include:

  • adjusting profile data linked to a X-Guard account;
  • managing information shared with third parties;
  • transferring data to other services;
  • deleting user accounts within the application.

In addition, a deletion request can be submitted via our official website: https://privacy.x-guard.nl/gdpr-deletion-request/.

Cookie management can be carried out via your browser settings. However, it should be noted that disabling cookies may negatively affect the functionality of our services.

14. Data sharing

X-Guard shares personal data only under the following circumstances:

  • after obtaining explicit and informed consent;
  • with domain administrators, if your account is managed by such an administrator;
  • with external processors, provided they demonstrably act under our instructions and provide appropriate safeguards;
  • if necessary to comply with a legal obligation.

Anonymized or non-personally identifiable data may be shared for statistical and analytical purposes, such as trend reports.

If a party wishes to receive a signed Data Processing Agreement (DPA), it can be formally requested via: https://privacy.x-guard.nl/request-signed-dpa/.

15. Data security

To protect the data we process, X-Guard implements a range of technical and organizational measures, including:

  • end-to-end encryption of data transport and storage using SSL/TLS;
  • periodic testing and review of internal procedures, including physical security measures;
  • limiting access to personal data to strictly authorized personnel subject to confidentiality agreements and stringent contractual obligations.

16. ISO 27001-norm

X-Guard B.V. is proud to announce that we achieved ISO 27001 certification on October 27, 2025 — the globally recognized standard for Information Security Management Systems (ISMS). This milestone underscores our unwavering commitment to maintaining the highest levels of data security, operational integrity, and privacy-focused service delivery.

Our certification is valid through October 27, 2028, affirming our continued dedication to excellence in information security management.

Download our official certificate here: ISO 27001 Certificate.

17. Access rights and logging

X-Guard consistently applies the principle of least privilege. This means that employees only gain access to data strictly necessary for performing their specific tasks. This minimizes the risk of unauthorized or unintended access.

All access to personal data is also logged. These log files allow us to transparently show which employees had access to which data and at what time. This not only ensures accountability but also enables quick detection and remediation of possible incidents.

18. Staff assessment

X-Guard staff are periodically and systematically evaluated on various dimensions, including competence level, subject-matter knowledge in information security, and compliance with internal policies. In this way, we ensure that employees not only possess the required skills but also act in accordance with applicable standards and guidelines. This substantially contributes to the continuity, reliability, and quality of our services.

19. Compliance and cooperation

  • Periodic audits and checks on compliance with this privacy policy;
  • Active and constructive cooperation with supervisory authorities in case of complaints or investigations.

18. Data Protection Impact Assessment (DPIA)

Where necessary, X-Guard conducts Data Protection Impact Assessments (DPIAs). A DPIA is a legally required analysis under the GDPR when data processing is likely to pose a high risk to the rights and freedoms of data subjects. The goal is to identify and minimize privacy risks at an early stage, in line with the principles of privacy by design and privacy by default.

Our DPIAs include, among other things:

  • a description of the processing and purposes;
  • an assessment of necessity and proportionality;
  • an inventory of possible risks;
  • documentation of measures to mitigate risks (such as encryption, access restriction, and data minimization).

For more details, we refer to our official DPIA page: https://privacy.x-guard.nl/dpia/. This is the only official source with current information on our DPIA approach.

19. Changes to this policy

Changes to this privacy policy will be announced without exception through this page. In the case of substantial changes, users will also be notified separately. Previous versions of this policy are carefully archived and remain available for consultation.

Version date: November 7, 2025

+31 88 126 12 12
Chat
Mailen
Inloggen