Privacy Policy

This privacy policy explains how ICT collects, uses, and shares your personal information, and what rights you have. It applies when you visit ICT’s blog, website(s) (including the training section of the website), applications (apps’), or otherwise contact ICT.

When this policy refers to ‘ICT’, it means Integrated Control Technology Ltd (ICT). ICT is a world leading manufacturer of unified and intelligent electronic access control and security solutions that enable organizations to protect their people, operations and information. ICT’s headquarters are in Auckland, New Zealand, and ICT have offices in Denver (USA), Toronto (Canada), Melbourne (Australia), Dubai, United Kingdom and Hong Kong. ICT is the data controller in relation to the personal information you provide when you visit ICT’s blog, website, or apps, or contact ICT. ICT’s contact details are set out at the end of this privacy policy. 

Please read this statement before using ICT’s website or submitting any personal information to ICT, as it contains important information on who we are and how and why we collect, store, use and share any information relating to you (your personal information) in connection with your use of our apps. It also explains your rights in relation to your personal information and how to contact us or a relevant regulator in the event you have a complaint.
 
When we collect, use and are responsible for certain personal information about you, we are the controller of personal information obtained via our apps, meaning we are the organization legally responsible for deciding how and for what purposes it is used. When you are usually resident in the United Kingdom (UK) or European Economic Area (EEA), we are subject to the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (EU GDPR).

Given the nature of our app and the service and products we provide, we do not expect to collect the personal information of anyone under 13 years old. If you are aware that any personal information of anyone under 13 years old has been shared with our apps, please let us know so that we can delete that data.

This privacy policy may change from time to time. Where the changes are material, ICT will endeavor to contact you (if ICT holds your contact details). For non-material changes, ICT will alert you that changes have been made by indicating the date that this Policy was last updated. 

What personal information does ICT collect? 

The term ‘personal information’ or ‘personal data’ means information that relates to an identified or identifiable person. Personal information does not include aggregate information: for instance, data ICT collects about the use of ICT’s website, from which any personal information has been removed. 

ICT collects information from you when you register on ICT’s site, place an order, subscribe to a newsletter, open a Support Ticket or enter information on ICT’s site. When ordering or registering on ICT’s site, as appropriate, you may be asked to provide your personal information, such as your name, email address, phone number or other details to help you with your experience. Refer to ICT’s Data Processing Addendum and Data Management Overview, which explain how ICT will process your personal data.

Our lawful bases for processing personal information.

Under data protection law, when you are usually resident in the UK or EEA, we can only use your personal information if we have a proper reason, e.g.:

• where you have given consent;
• to comply with our legal and regulatory obligations;
• for the performance of a contract with you or to take steps at your request before entering into a contract, or;
• for our legitimate interests or those of a third party.

A legitimate interest is when we have a business or commercial reason to use your personal data, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own.

Where ICT processes your personal information on the basis of legitimate interests, we have balanced your rights and freedoms against ICT’s legitimate interests, or those of any third parties, and determined your rights are not infringed. ICT’s legitimate interests relate to ICT’s commercial interests and the need to operate ICT’s business.

Some examples of ICT’s legitimate interests include maintaining the security of ICT’s system, conducting data analytics, responding to your communications, managing ICT’s business relationship with you, enhancing, modifying, or improving ICT’s services and identifying usage trends. You can obtain details of this assessment by contacting us.

Who does ICT share your personal information with? 

From time to time, ICT needs to share your personal information with third parties, such as:

• Suppliers, including those who help ICT to manage the website, app and other IT systems, or who send marketing emails on ICT’s behalf.
• Third parties providing professional services to ICT (for instance, ICT’s auditors or legal advisors).
• Law enforcement bodies, government agencies, regulators, courts, where ICT is required or permitted to do so.

For further information, see the Data Management Overview. Where ICT shares your personal information with third parties, ICT takes steps to ensure that they protect your personal information and treat it carefully.

Your personal information may also be transferred to other third parties (where permitted under applicable law) if ICT sells, merges, purchases or transfers any part or all of ICT’s business or assets.

Where does ICT store your personal information? 

ICT stores your personal information with third-party service providers in various countries. More information about the service providers and host countries can be found in the Data Management Overview.

In the case of transfers to third parties based outside of New Zealand, the EEA and the UK, transfers are made in compliance with safeguards. 

Transferring your personal information out of the UK and EEA if you are usually resident in those regions.

The EEA, UK and other countries outside the EEA and the UK have differing data protection laws, some of which may provide lower levels of protection of privacy.

It is sometimes necessary for us to transfer your personal information to countries outside the UK and EEA. In those cases, we will comply with applicable UK and EEA laws designed to ensure the privacy of your personal data.

Under data protection laws, we will only transfer your personal data to a country outside the UK and EEA where:

• in the case of transfers subject to UK data protection law, the UK government has decided the particular country ensures an adequate level of protection of personal data (known as an ‘adequacy regulation’) further to Article 45 of the UK GDPR.
• in the case of transfers subject to EEA data protection laws, the European Commission has decided that the particular country ensures an adequate level of protection of personal data (known as an ‘adequacy decision’) further to Article 45 of the EU GDPR.
• there are appropriate safeguards in place, together with enforceable rights and effective legal remedies for you, or
• a specific exception applies under relevant data protection law

In the event we cannot or choose not to continue to rely on either of those mechanisms at any time we will not transfer your personal data outside the UK or EEA unless we can do so on the basis of an alternative mechanism or exception provided by applicable data protection law and reflected in an update to this policy.

Any changes to the destinations to which we send personal data or in the transfer mechanisms we rely on to transfer personal data internationally will be notified to you in accordance with the section on ‘Changes to ICT’s privacy policy’ below.

You can contact ICT if you would like further information about these safeguards.

How long will your personal information be retained for?

ICT will retain your personal information for as long as required to perform the purposes for which the data was collected, as more fully set out in the Data Management Overview (ict.co/data-management-overview)

In addition, ICT may be required to retain personal information in order to comply with tax and company laws and regulations, as well as statute of limitation periods.

Following the end of the of the relevant retention period, we will delete or anonymise your personal information.

In some instances, you may also withdraw your consent from ICT keeping your personal information or request deletion of your personal information gathered from the site, and ICT may delete data on that basis (See the “Your Data Rights” section below).

We will always treat your personal information with the utmost respect and never sell or share it with other organizations outside the ICT Group for marketing purposes or otherwise.

How does ICT protect your information?

ICT endeavors to secure your personal information from unauthorized access, use or disclosure by putting appropriate safeguard procedures in place. For example, ICT uses regular vulnerability scanning, and ICT’s customer-facing sites are protected by web application firewalls.

Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems and are required to keep the information confidential. In addition, all sensitive and credit card information you supply is encrypted via Secure Socket Layer (SSL) technology.

ICT implements a variety of security measures when a user places an order, or enters, submits, or accesses their information to maintain the safety of your personal information. All credit and debit card transactions are processed securely via our payment gateway provider and are not stored or processed on ICT's servers. However, other personal data — such as name, email address, and order details — may be collected and stored as part of your order process.

To protect the confidentiality of your personal information, you must keep your password confidential and not disclose it to any other person. You are responsible for all uses of the site by any person using your password. Please advise ICT immediately by emailing ICT at privacy@ict.co if you believe your password has been misused. You should also note that email is not secure, and you should not send any confidential or sensitive information to ICT via an unsecured email.

Does ICT use 'cookies'?

ICT collects information using cookies. Cookies are small files that a site or its service provider transfers to your computer's hard drive through your Web browser (if you allow) that enable the site or service provider's systems to recognize your browser and capture and remember certain information.

For example, ICT uses cookies to:

• Remember and process the items in the shopping cart.
• Understand and save user's preferences for future visits.

Compile aggregate data about site traffic and site interaction so that ICT can offer better site experiences and tools in the future.

If you are usually resident in the UK or EEA, you can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies using the cookie control manager on our apps. You will still be able to use the site without cookies, but some features will be disabled.
You can also disable cookies through your browser settings, but this may affect your ability to browse our apps and also use other websites. 

See ICT’s Cookie Policy for more information.

Third-party links

ICT does not include or offer third-party products or services on ICT’s website.

Your Data Rights

Marketing Communications:

We may use your personal information to send you updates (by email, text message, telephone or post) about our products and services, including exclusive offers, promotions or new products or services.
If you are usually resident in the UK or EEA, please note that we have a legitimate interest in using your personal data for marketing purposes.

This means we do not need your consent to send you marketing information. If we change our marketing approach in the future so that consent is needed, we will ask for this separately and clearly.

• Wherever you are based, you may “opt out” of receiving marketing or promotional communications from ICT or from allowing ICT to share personal information with ICT’s marketing partners by emailing ICT at privacy@ict.co or updating your preferences on ICT’s subscriptions page.

We may ask you to confirm or update your marketing preferences if you ask us to provide further products or services in the future, or if there are changes in the law, regulation, or the structure of our business. 

Depending on your location, you may also have the following rights:

• Right to access and/or correct your personal information: You have the right to request access to a copy of the personal information ICT holds about you. You also have the right to request correction of any inaccurate information ICT holds about you.
• Right to request deletion of your personal information: You have the right to request that ICT delete your personal information, particularly where ICT no longer needs to retain it. You may also delete certain information by closing your account.
• Right to withdraw your consent: You can withdraw your consent at any time (although it is important to note that withdrawing consent does not affect ICT’s use of your personal information before that point).

In addition, if you are in the UK and EEA, you may specifically have the following rights:

• Right to object to ICT’s use of your personal information: For instance, you may object to ICT’s use of your personal information for marketing purposes, and you can request that ICT stop using your personal information for this purpose.
• Right to restrict ICT’s use of your personal information: For instance, if you believe that personal information ICT holds about you is inaccurate, you can request that ICT do not use your personal information until ICT has verified the accuracy or corrected your personal information.
• Right to request data portability: You can request that ICT transmit to another organization all personal information you have provided to ICT in a structured, commonly used, and machine-readable format, where technically feasible.
• Not to be subject to decisions without human involvement: You can request to exercise the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you. Note we do not make any such decisions based on data collected by our apps.

If you wish to exercise the rights described above (if they are applicable to you, based on your location), please contact ICT at privacy@ict.co. Please note that ICT may not always be in a position to comply with your request. In certain circumstances, ICT may not be able to remove or change certain information, even in the event an account is closed.

For example, ICT may be required to retain certain information, such as billing information, for a certain period of time, and it may be necessary to retain certain information in order to complete any services or transactions with ICT.

Finally, you have the right to complain to the data privacy regulator in the country where you live:  

• In New Zealand, you can contact the Office of the Privacy Commissioner: https://www.privacy.org.nz/  
• In Australia, you can contact the Office of the Australian Information Commissioner: https://www.oaic.gov.au/ 
• In the United Kingdom, you can contact the Information Commissioner’s Office: https://ico.org.uk/
• In the EU, you can contact the data protection regulator in the country in which you reside: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm

Individuals in California: California Online Privacy Protection Act

Users can visit ICT’s site anonymously and ICT will adhere to the requirements set out in the CalOPPA when collecting personal information. See more at: https://consumercal.org/california-online-privacy-protection-act-caloppa/#sthash.0FdRbT51.dpuf.

Individuals in the United States: COPPA (Children Online Privacy Protection Act)

ICT does not specifically market to children under the age of 13 years old and ICT, when collecting personal information from children under the age of 13, adheres to the provisions set out in COPPA.

Fair Information Practices

ICT will adhere to the provisions set out in the Fair Trading Practices when collecting personal information, and ICT will take responsive action should a data breach occur, by notifying you via email within 7 business days.

ICT also agrees to the Individual Redress Principle which requires that individuals have the right to legally pursue enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors.

Individuals in Canada: CAN SPAM Act

ICT will adhere to the CAN-SPAM Act.

ICT may collect your email address in order to:

• Send information and respond to inquiries and/or other requests.
• Process orders and send information and updates pertaining to orders.
• Send you additional information related to your product and/or service.
• Market to ICT’s mailing list or continue to send emails to ICT’s clients after the original transaction has occurred.

To be in accordance with CANSPAM, ICT agrees to the following:

• Not use false or misleading subjects or email addresses.
• Identify the message as an advertisement in some reasonable way.
• Include the physical address of ICT’s business or site headquarters.
• Monitor third-party email marketing services for compliance, if one is used.
• Honor opt-out/unsubscribe requests quickly.
• Allow users to unsubscribe by using the link at the bottom of each email.

Unsubscribe or removal of your data

• To unsubscribe from marketing email communications or set your email preferences, follow the instructions at the bottom of any ICT marketing email. 
• If you are a mobile app user, you can delete your mobile app account from the account settings page. 
• To request removal of your data from the Protege GX, Protege WX or Protege X system, contact your system administrator. Be aware that this will also remove your access to the building or site where the system is installed. 
• To request removal of any other data held by ICT, contact the Privacy Officer via privacy@ict.co. 

Changes to ICT’s Privacy Policy

You will be notified of any Privacy Policy changes on ICT’s Privacy Policy page.

You can request an update to your personal data:

• By emailing ICT
• By logging into your account
• By chatting with ICT 
• By sending ICT a support ticket

How does ICT’s site handle Do Not Track signals?

ICT honors Do Not Track signals and does not track, save cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place, in so far as possible.

Does ICT’s site allow third-party behavioral tracking?

ICT does not allow third-party behavioral tracking.

How can you obtain additional information?

If you have an enquiry about this Privacy Policy or a complaint about the way ICT handles your personal information, or you seek to exercise your privacy rights over the personal information ICT holds about you, please contact ICT via email (privacy@ict.co) or by calling +64 9 4767124. You can also write to Privacy Officer, Integrated Control Technology Limited, 4 John Glenn Ave, Auckland 0632, New Zealand.

 

Last updated on 17 November 2025