Privacy Policy

In this privacy policy, we describe the personal data we collect and process to pursue our purposes. Please refer to the table in Section 5 for a summary of these activities. We strive to be a responsible business partner and data privacy is important to us. Milestone seeks to respect all universally recognized human rights in our global operations and relationships. We have recognized privacy as among the most salient rights for our business. As an information technology company, we access, rely on, and build from data. That is critical in many parts of our business and we wish to do so responsibly. We recognize that the right to privacy enables the fulfilment and protecting of many other rights and is central to upholding democratic societies. Please see our human rights policy for more information about our commitment to human rights due diligence in our business activities and relationships.

Find more information in our GDPR Privacy Guide and our EuroPriSe GDPR-ready certification  specific to Milestone XProtect®. Here you can also find information on how you can work with privacy when using XProtect.

1. What personal data we process

Personal data is information about an identifiable, natural person. Typically, this includes the person’s contact information such as name, title, email address, physical address, and phone number.

Milestone Systems is a company that sells video management software solutions. Primarily, we interact with other legal persons that are businesses and entities. Therefore, ordinary business contact information is at the center of our processing activities. In rarer cases, we may sell or make available our products to individual natural persons or sole proprietorships. In such cases, it is typical for us to process ordinary information.

Please refer to the table in Section 5 for information on the personal data, we process in connection to our defined purposes.

2. Categories of persons

Milestone processes the personal data of our partners in sales channels (distributors, resellers), technology partners, end-users, knowledge partners, and suppliers, as well as the users of our website, recipients of marketing material and potential leads.

3. Sources we get personal data from

We source personal data from multiple sources such as directly from the person, or from a third party such as our partners, end-users, suppliers, third-party contractors, and public authorities.

4. How we process personal data

Our processing activities are basically any of our activities that involve personal data. Hence, an activity of processing covers the collection, recording, structuring, storage, alteration, retrieval, disclosure, and erasure of data, etc.

Essentially, we process personal data in order to conduct our business, sell our products, research and develop of our products, deliver products and services, submit invoices and to perform our due diligence on customers and partners ensuring compliance with legal obligations, export controls and customs, and enforcing our contractual agreements and exercising or defending legal claims. Our processing activities are limited to what is necessary for the specific purpose. In Section 5, we have outlined the purposes and the legal basis on which we base our processing activities.

5. The purpose and legal basis for our processing of personal data

Where we have based our processing activity on your consent, you have the right to withdraw your consent at any time. Please find our contact details in Section 9.







Legal basis




When we conduct business with you, whether as part of prospective or ongoing dealings, as a partner, technology partner or  end-user.

We conduct our business, sell our products, and we answer questions and process inquiries.

We collect the personal data with the purpose of having contact with our customers, partners, and suppliers.

We also provide technical support on our products with the purpose of supporting the performance of the products.

Customers and partners who are natural persons, employees of our customers and partners and visitors to our website.

Contact details, including names, email addresses, IP addresses, company association, addresses and telephone numbers, type of supplier, country or region and other information depending on the nature of the inquiry.

Point (b) of article 6(1) of the GDPR, regarding our customers and partners who are natural persons.

Point (f) of article 6(1) of the GDPR, regarding other natural persons, as we pursue our legitimate interest in answering questions, make contact to potential customers and partners.

Milestone Group companies, affiliates, our partners, and our local offices.

Our global logistics partners, for the purpose of shipping our hardware products.

We keep personal data for as long as we have a collaboration with the customer,  partner,  technology partner, or supplier and up to five years after the end of the collaboration period.


When you visit our website.

Cookies and third-party services.

Keeping statistics on how many users use our sites and how they use them with the purpose of maintenance and optimization our websites.

Milestone has implemented the service Cookiebot provided by Cybot to manage the cookie consent/settings.

Please refer to our cookie policy  

Natural persons who interact with our website.

Visitors to our website.

IP addresses when placing cookies.

Activity and preferences.

Please refer to our cookie policy

Point (a) of article 6(1) of the GDPR.

Point (a) of article 49(1) of the GDPR with respect to the transfer to third countries.

Milestone Group companies and our local offices

Microsoft ARRAffinity, USA

Google cookies analytics, Google tag manager and adds Google Analytics

YouTube which is also a Google company




We use Cookiebot from Cybot for management of consent/settings.

Please refer to our cookie policy 


When you use our mobile Application/Web client, and/or when you use XProtect with internet connectivity, or when you use Milestone Smart Map.


We analyze usage data of our mobile applications with the purpose of gaining insights into their usage.

We send push-notifications to the user with the purpose of delivery of our video management software.

When you use XProtect with internet connectivity, we collect telemetry data for the purpose of analyzing performance of the software, optimization, fix any bugs.

Customers and partners who are natural persons, as well as employees of our customers and partners.

Logs and telemetry system data.

Device ID

Identifier for mobile clients – globally unique identifier and registration token. Other similar tokens that connects users to systems.

Point (a) of article 6(1) of the GDPR with respect to the processing.

Point (a) of article 49(1) of the GDPR with respect to the transfer to third countries.

You can withdraw your consent at any time by making changes in the settings within the app.

Apple via the Apple Push Notification Service.

Google via the Google Firebase Cloud Messaging, USA.

The push notification goes to the Milestone mobile Application user via Milestone’s Online Service (ONS), hosted on Microsoft Azure.

Two months after ended usage, or as long as Milestone has a consent,


When you receive our newsletters.

We distribute newsletters for the purpose of marketing.

Recipients of our newsletters.

Contact information, including names, email addresses and, if relevant, associated company.

Point (a) of article 6(1) of the GDPR. You can withdraw your consent at any time.

We do not disclose or transfer this personal data outside our group companies.

We keep the personal data on our “newsletter lists” as long as your consent is valid.


When you participate in our events, including courses, exhibitions, presentations, competition, or research studies.

We plan events and distribute invitations to participants. 

We take and edit photographs and record videos and audio, including live streaming with the purpose of making global and public marketing materials, and to improve our products.

We issue product specific Milestone Certificates to Participants in our Partner Program upon their completion of our product specific training modules.

Persons who participate in our events. 

Contact information, including names and email addresses,

Depending on the event, we may process images and voice.

Other types of personal information depending on the nature of the event.

Point (a) of article 6(1) of the GDPR. You can withdraw your consent at any time.

We may share contact information with venues, co-organizers and sponsors.  

We keep data for up to five years after the event.


When you file a whistleblower concern, or if we receive a concern in which you are mentioned.

We are obligated to have a whistleblower scheme which is available here.

Persons who are either raising a concern through the whistleblower system, or persons who are mentioned in concerns raised by others.

Contact details including names and job titles, and other information that we receive in relation to the reported concerns.

This may include information on criminal offences.

Article 8 of the EU directive on protection of persons who report breaches under Union Law and section 9 of the Danish Whistleblower Act.

We may share the raised concerns with our external legal counsel.

We may be obligated to disclose necessary information to law enforcement.

As long as necessary and appropriate for our management of the raised concern.


When you are recorded by our surveillance cameras.

We monitor our locations with the purpose of physical security, and the prevention and investigation of criminal offences.

Persons who are caught on our cameras and appear on the surveillance recordings.

Images and related individual physical appearance, geographical location, and place.

Generic data:

Point (f) of article 6(1) of the GDPR. Where we pursue our legitimate interest in being able to enable our physical security measures by monitoring our entry areas, corridors etc.  

Criminal offences: Section 8 of the DPA.

Under relevant circumstances we may disclose video recordings to law enforcement agencies. 

We keep the video recording for up to 30 days in accordance with the Danish CC TV Act.



6.To whom we disclose personal data

In general, we only disclose personal data when required by law, or where disclosure is necessary for the purposes described in the table above. We strive to be a socially responsible player in the video surveillance industry. Due to the nature of our product and its potential adverse impact on the right to privacy if misused, we rely on our commitment to the United Nations Guiding Principles for Business and Human Rights. These principles guide our data disclosure in areas of operation identified as presenting higher levels of human rights risks. For more information, please refer to our human rights policy.

Recipients we disclose data to could be:

  • public authorities,
  • Milestone Group Companies and our local offices
  • partners via Our Partner network
  • third-party providers who, as data processors, are processing personal data on our behalf. For example, by providing our IT systems including hosting, backup, and support.

Transfers to third countries

In certain cases, we transfer personal data to recipients outside the EU and EEA. The typical recipients could be our customers and our sales channel partners, but recipients may also include our technology partners, our data processors, or third-party providers.

With recipients located outside the EU or the EEA, we enter into EU standard contractual clauses, which have been approved by the European Commission, before the transfer of the personal data. If you wish a list of our recipients, please contact us. Our contact information is found in section 9. Regardless of entering into data processing agreements and model clauses with our third-party providers’ European entities, it is necessary to inform you that the EU Court of Justice has in general found (Schrems II) that, from an EU perspective (please see latest status here), for US owned companies there are not an adequacy decision nor appropriate safeguards in place in the US, as they may possibly be required to give data access to the United States Intelligence Community without any judicial review. This means that, depending on the circumstance, Milestone also collects and transfers your personal data to the US either based on your consent, and for Milestone also based on Milestone’s legitimate interest (see Microsoft section above).

7. How long we keep personal data

We store personal data for the period necessary for the purpose(s) for which the personal data was collected. Please refer to the above table for the specific retention periods for each of the outlined purposes. Our internal guidelines outline our concrete deletion processes which are determined on either functionality or requirements deriving from applicable law, including demonstrations and auditing requirements.  

8. Your rights

If you wish to exercise your rights, please reach out to us at

According to the GDPR, you have the following rights:

  • The right of access: You have the right to view which personal data we process about you.
  • The right to rectification: You have the right to have inaccurate data about you corrected.
  • The right to erasure: In particular cases, you have the right to have your data erased before we erase such data based on our retention and erasure period.  
  • The right to restriction of processing: In particular cases, you have the right to have the processing of your personal data restricted. If this is the case, we will limit our processing to activities based on (i) your consent, (ii) for the establishment, exercise, or defense of a legal claim or for (iii) the protection of a person or important public interests. Regardless, we may still store your personal data.   
  • Right to object: In particular cases, you have the right to object to our otherwise lawful processing of your personal data.
  • Right to data portability: In some cases, you have the right to receive your personal data in a structured, commonly used, and machine-readable format and to have such personal data transferred from one controller to another.

You can read more about your rights here: 

The Danish Data Protection Agency

Your Europe

9. Contact us

The legal entity responsible for the processing of your personal data is:


Milestone Systems A/S

Company Registration No: 20341130

Banemarksvej 50

2605 Brøndby, Denmark

Tel.: +45 88 30 03 00


If you have any questions or concerns about our processing of personal data or wish to withdraw your consent, please reach out to us.

10. Making a complaint to the authorities

If you wish to complain about our processing of your personal data, you have the right to submit a complaint to the relevant supervisory authority. In Denmark, the relevant authority is the Danish Data Protection Agency:



Carl Jacobsensvej 35

DK-2500 Valby


phone + 45 33 19 32 00


Please visit for more information.

For other relevant European supervisory authorities, please visit Your Europe.

11. Changes to this privacy policy

We update our privacy policy on a regular basis. We recommend that customers, partners, and visitors to our website re-visit this Privacy Policy on occasion to learn of new privacy practices or changes to our Privacy Policy.

This privacy policy was last updated on June 07, 2023.

You will be logged out in
5 minutes and 0 seconds
For your security, sessions automatically end after 15 minutes of inactivity unless you choose to stay logged in.