Last updated: 02/05/2026 Version: 1.0
IBC SECURITY, LDA, a commercial company with registered office at Urbanização Quinta Verde, Rua Mar, Lote 2, Sítio das Areias, 8135-171 Almancil, Portugal, corporate body no. 507737520, registered under this same number at the Faro Commercial Registry, holder of Private Security Licences no. 171-A and 171-C issued by the Public Security Police; "IBC SECURITY" is committed to fully respecting your privacy and values the relationship it maintains with you.
This Data Protection and Privacy Policy aims to clearly and concisely explain how IBC SECURITY processes your Personal Data in the context of using the IBC Security mobile application for clients (hereinafter referred to as "Application" or "App"), available for Android and iOS devices, and ensures the privacy of your data.
The Application is a digital tool complementary to the private security services provided by IBC SECURITY, allowing the Client and authorised family members to access functionalities related to the contracted security service, including:
a) Creation and management of user account; b) Use of the emergency alert (SOS) feature; c) Personal profile and emergency contacts management; d) Registration and management of family members; e) Receipt of service notifications; f) Technical and commercial requests; g) Consultation of invoices and contractual documentation.
So that you are fully informed and may contact us for any additional information, we believe the following information is essential:
IBC SECURITY is the Controller of your Personal Data collected through the Application, determining for this purpose, without limitation:
The Processing of your Personal Data is carried out in accordance with the general principles set forth in the General Data Protection Regulation ("GDPR"), namely:
Additionally, IBC SECURITY processes your data through the application of technical and organisational measures that ensure Data Protection by Design and by Default, so that your Personal Data are processed in accordance with best practices from the moment of collection until destruction.
Personal Data means any information and/or elements that, regardless of their medium, can identify or render identifiable, directly or indirectly, before IBC SECURITY, in particular by reference to an identifier, such as a name, an identification number, location data and/or online identifiers, or to one or more elements specific to physical, physiological, genetic, mental, economic, cultural or social identity.
Processing of Personal Data means the operation or set of operations performed on Personal Data of Data Subjects, by automated or non-automated means, from data collection until destruction. This cycle includes, among others, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, comparison or interconnection, restriction, erasure.
In the context of the Application, the Data Subject is the IBC SECURITY client who maintains an active contractual relationship for the provision of private security services, as well as the respective family members previously authorised by the account holder.
IBC SECURITY does not request or voluntarily and directly collect personal data of minors through the Application. If IBC SECURITY discovers it has inadvertently collected personal data of a minor under 18 years of age, it will immediately delete the records containing such minor's personal data. We point out, however, that IBC SECURITY may collect personal data of minors when provided by parents or by a legal guardian who expressly consents to such collection (see section 16).
In the context of using the Application, IBC SECURITY processes the following categories of Personal Data:
| Category of Personal Data | Personal Data |
|---|---|
| Personal identification data | Full name |
| Personal contact data | Email address, phone numbers (primary and secondary) |
| Address data | Address of the protected property, property name |
| Emergency contacts data | Name, phone(s) and notes of up to 3 emergency contacts designated by the holder |
| Security credentials data | Email and password (encrypted), access PIN (locally encrypted on device) |
| Category of Personal Data | Personal Data |
|---|---|
| Notification data | FCM identifier (Firebase Cloud Messaging) for sending push notifications |
| Device data | Operating system (Android/iOS), platform |
| Authentication data | User identifier (UID), authentication sessions |
| Technical diagnostic data | Device type, operating system, crash logs (stack traces), anonymous installation identifier, time of failure — collected automatically in the event of unexpected Application errors |
Note on diagnostic data: Technical diagnostic data is collected by the Firebase Crashlytics service (Google LLC) only when technical failures occur in the Application. It does not collect personal usage data nor browsing activity. Its sole purpose is to allow IBC SECURITY to identify and fix technical problems in the Application, improving its stability and security. This data is automatically deleted after 90 days.
| Category of Personal Data | Personal Data | Collection Conditions |
|---|---|---|
| Geographic location data | GPS coordinates (latitude, longitude), accuracy in metres, timestamp | Collected only at the exact moment of triggering an SOS alert, and only if all the following conditions are met: (1) the IBC Guardian One Premium service is active in the contract; (2) the location service is enabled by IBC SECURITY; (3) the user has explicitly accepted location sharing through the consent popup in the Application |
Important note on location: IBC SECURITY does not carry out continuous or periodic tracking of its clients' location. Location is obtained exclusively at the moment of triggering an SOS alert and used solely for emergency response purposes. Location data is stored only in the corresponding SOS alert record and is not used for any other purpose.
With authorisation from the account holder, family members may be registered with the following data:
| Category of Personal Data | Personal Data |
|---|---|
| Identification data | Full name, relationship |
| Contact data | Email, phone(s), notes |
| Security credentials data | Email and password (encrypted) |
| Preference data | Application language (Português, English, Français, Español, Deutsch) |
| Permissions data | Access to SOS, alarm code, technical/commercial requests, invoices (defined by the holder) |
Family members access exclusively the holder's contract data and within the permissions granted to them.
We note that you will not be required to share your Personal Data with IBC SECURITY. However, should you choose not to share your personal information, in some cases, IBC SECURITY may not be able to provide the services you wish or ensure certain functionalities of the Application.
The development and execution of the various activities pursued by IBC SECURITY through the Application means there is a relevant set of specific, explicit and legitimate purposes for processing your Personal Data:
| Purposes | Processing Purposes |
|---|---|
| Account and profile management | Client management for the provision of private security services, authentication and access control to the Application |
| SOS alerts and emergency response | Receipt and processing of emergency alerts, dispatch of fast response teams, monitoring by the Security Centre (Guardian One) |
| Geolocation in emergency | Location of the client at the exact moment of the SOS alert for immediate dispatch of a team to the location (only with explicit consent) |
| Emergency contacts management | Maintenance of contacts designated by the client for emergency situations |
| Family members management | Registration and management of family members' accounts authorised by the holder |
| Service notifications | Sending push notifications regarding alerts, invoices, operational communications |
| Request management | Processing of technical and commercial requests submitted by the client |
| Billing management | Provision and consultation of invoices and contractual documentation |
| Account security | Protection against unauthorised access through PIN, biometrics and automatic lock |
By reference to the «Principle of Lawfulness» enshrined in current and future data protection laws, in the development and performance of its activities through the Application, IBC SECURITY only processes your Personal Data when there is a lawful basis legitimising the processing:
| Lawful Bases | What do they consist of? | Application in the App |
|---|---|---|
| Consent (Art. 6(1)(a) GDPR) | IBC SECURITY will only process your Personal Data if you consent to such Processing through a freely given, specific, informed and unambiguous indication of will, by which you accept that your Personal Data will be subject to Processing. | GPS location in SOS alerts; extension of the service to family members |
| Performance of contract (Art. 6(1)(b) GDPR) | IBC SECURITY may process your Personal Data if necessary for the performance of a contract for the provision of private security services to which you are a party, or to take steps at your request prior to entering into a contract. | Account and profile management, SOS alerts, push notifications, emergency contacts, billing |
| Compliance with legal obligation (Art. 6(1)(c) GDPR) | IBC SECURITY may process your Personal Data to ensure and guarantee compliance with legal obligations to which it is subject. | Retention of invoices and tax documentation |
| Vital interests (Art. 6(1)(d) GDPR) | IBC SECURITY may process your Personal Data to ensure the defence of your vital interests, particularly when such Processing is essential to your life. | SOS alerts and emergency response, emergency contacts |
| Legitimate Interests (Art. 6(1)(f) GDPR) | IBC SECURITY may process your Personal Data provided that such Processing does not override your interests or fundamental rights and freedoms. | Account security (PIN, biometrics), audit logs, technical diagnostics of Application failures |
IBC SECURITY retains your Personal Data only for the period necessary to fulfil the specific purposes for which they were collected. However, IBC SECURITY may be required to retain some Personal Data for a longer period, taking into account factors such as:
| Data Category | Retention Period | Basis |
|---|---|---|
| Account data (name, contacts, address) | Throughout the contract term + period legally required after termination | Contractual and legal obligations |
| SOS alerts (including location) | Period defined by legislation applicable to the private security sector | Legal obligations, potential evidentiary need |
| Emergency contacts | Throughout the contract term | Performance of contract |
| Family members | Throughout the contract term or until revocation by the holder | Consent and performance of contract |
| FCM tokens (notifications) | Until logout, app uninstallation or automatic invalidation | Technical necessity |
| Technical diagnostic data (Crashlytics) | 90 days | Legitimate interest (bug fixing) |
| Invoices and tax documentation | 10 years (Art. 40 of the Commercial Code, Art. 123 of the CIRC) | Legal obligation |
| Audit logs | Period defined by applicable legislation | Legitimate interest and legal obligation |
During the period of Processing your Personal Data, IBC SECURITY ensures that they are processed in accordance with this Data Protection and Privacy Policy. Once your Data are no longer necessary, IBC SECURITY will proceed to delete them in a secure and irreversible manner.
| Entities with whom IBC SECURITY shares your Personal Data | Why we share your Personal Data |
|---|---|
| Security Centre (Control Room) | Your data (name, contacts, address, alarm codes, notes) is accessed by the Security Centre for operational management of the contracted security service. |
| IBC Guardian One | Your data (name, contacts, address, emergency contacts) is accessed by the emergency monitoring platform for receiving and handling SOS alerts. |
| Fast Response Teams | Your data (name, contacts, address) is transmitted via dispatch for on-site intervention in case of alarm or emergency. |
| Administration | All account data is accessed for contract management and billing. |
| Subcontractors | Your Personal Data may be shared with companies entrusted with the provision of IBC SECURITY services. The companies entrusted with service provision are bound to IBC SECURITY by written contract (DPA), and may only process your Personal Data for the specifically established purposes and are not authorised to process your Personal Data, directly or indirectly, for any other purpose, for their own benefit or that of third parties. |
| Competent authorities | In compliance with legal and/or contractual obligations, Personal Data may be transmitted to judicial, administrative (PSP, GNR), supervisory or regulatory authorities, particularly when there is a legal obligation, when necessary to protect vital interests, or when requested in the context of criminal investigation or public security. |
Specific subcontractors:
| Provider | Service | Data Processed | Location | Safeguards |
|---|---|---|---|---|
| Google LLC (Firebase) | Authentication, database (Firestore), storage (Storage), push notifications (FCM) | All account data, FCM tokens | EU (europe-west1) | Google Cloud DPA, Standard Contractual Clauses (SCCs), ISO 27001 certification |
| Google LLC (FCM) | Push notification service | Device tokens, notification metadata | EU/USA | Google Cloud DPA, EU-US Data Privacy Framework |
| Google LLC (Firebase Crashlytics) | Automatic collection of Application crash reports | Stack traces, device model, OS, anonymous installation identifier | EU/USA | Google Cloud DPA, Standard Contractual Clauses (SCCs), EU-US Data Privacy Framework |
Personal data is primarily stored on servers located in the European Union (Google Cloud europe-west1 region).
IBC SECURITY may transfer your Personal Data outside the European Economic Area ("EEA") to the extent that certain Google services may involve processing outside the EEA. However, IBC SECURITY only transfers your Personal Data outside the EEA:
You may request detailed information about the security measures that IBC SECURITY has implemented regarding transfers of Personal Data outside the EEA via email at dpo@rgpdconsultores.pt.
As a Data Subject of Personal Data processed by IBC SECURITY through the Application, you have the following rights, which may be exercised under the terms of this chapter:
| Rights | What do they consist of? |
|---|---|
| Right to be informed | You have the right to obtain clear, transparent and easily understandable information about how IBC SECURITY uses your Personal Data and what your rights are. That is why IBC SECURITY provides you with all this information in this Data Protection and Privacy Policy. |
| Right of access (Art. 15) | You have the right to obtain information about which Personal Data IBC SECURITY processes and certain information about how that Data is processed. IBC SECURITY may refuse to provide the requested information whenever, in doing so, it would have to disclose Personal Data of another person or the information would negatively impact the rights of another person. |
| Right of rectification (Art. 16) | If your Data is incorrect or incomplete (for example, if your name or address is wrong), you may request IBC SECURITY to take reasonable steps to correct it. |
| Right to erasure (Art. 17) | This right is also known as the "right to be forgotten" and allows you to request the erasure or deletion of your data, provided there are no valid grounds for IBC SECURITY to continue using them or their use is unlawful. It is not a generic right to erasure, as exceptions are permitted (for example, whenever such data are necessary for the defence of a right in legal proceedings or for compliance with tax obligations). |
| Right to restriction of processing (Art. 18) | You have the right to "block" or prevent the future use of your Data while IBC SECURITY evaluates a rectification request or as an alternative to erasure. Whenever Processing is restricted, IBC SECURITY may continue to store your data, but may not use them subsequently. |
| Right to data portability (Art. 20) | You have the right to obtain and reuse certain Personal Data for your own purposes. This right applies only to your own Data that you have provided to IBC SECURITY and that IBC SECURITY processes with your consent and which is processed by automated means. |
| Right to object (Art. 21) | You have the right to object to certain types of processing, on grounds relating to your particular situation. IBC SECURITY may continue to process such Data if it can demonstrate "compelling legitimate grounds for the Processing which override your interests, rights and freedoms". |
| Right to lodge a complaint | You have the right to lodge a complaint with the competent supervisory authority, the National Data Protection Commission – CNPD (www.cnpd.pt, Av. D. Carlos I, 134, 1.º, 1200-651 Lisbon, +351 213 928 400, geral@cnpd.pt), if you consider that the Processing of your Personal Data violates your rights and/or applicable data protection laws. |
| Right to withdraw consent | You have the right to withdraw consent at any time, without compromising the lawfulness of the processing previously carried out. This applies in particular to consent for sharing GPS location in SOS alerts. |
You may at any time, in writing, exercise the rights enshrined in the Personal Data Protection Law and other applicable legislation through the following means:
IBC SECURITY will respond to requests within a maximum period of 30 days from receipt, which may be extended for an additional 60 days in cases of complexity, by communication to the data subject. For identity verification purposes, additional documentation may be requested before processing the request.
IBC SECURITY has appointed a Data Protection Officer (DPO), who plays a fundamental role within IBC SECURITY in monitoring data processing activities and ensuring legal compliance.
The Data Protection Officer has the following functions:
You may at any time, in writing, contact IBC SECURITY's Data Protection Officer for any questions related to data protection and your privacy via email at dpo@rgpdconsultores.pt.
Your Personal Data will be processed by IBC SECURITY, in the context of the purposes identified in this Policy, in accordance with the policy and internal standards of IBC SECURITY and using appropriate technical and organisational measures to promote their security and integrity, particularly in relation to unauthorised or unlawful processing of your personal data and accidental loss, destruction or damage thereto.
However, since the transmission of information over the Internet is not completely secure, IBC SECURITY cannot guarantee the security of your Data when transmitted over an open network.
IBC SECURITY acknowledges that the information you provide may be confidential. IBC SECURITY does not sell, rent, distribute, nor make commercially available or otherwise disclose Personal Data to any third party, except in cases where it needs to share information with Service Providers for the purposes set out in this Data Protection and Privacy Policy. IBC SECURITY preserves the confidentiality and integrity of your Data and protects them in compliance with this Policy and all applicable laws.
The Application provides a Quick Access SOS button that allows triggering an emergency alert without requiring prior authentication (login). This feature has been designed to ensure that, in a situation of imminent danger, the user can request help immediately.
When an SOS alert is triggered, the following data is transmitted to the IBC SECURITY Security Centre:
SOS alerts are received and handled by:
The Application implements a security mechanism (sliding slider) to prevent accidental triggers. There is also a minimum 60-second cooldown between consecutive alerts to avoid duplicates.
The Application offers the possibility of biometric authentication (fingerprint or facial recognition) as an alternative to the access PIN. This biometric data is:
IBC SECURITY has no access, at any time, to the user's biometric data.
The Application is not intended for minors under 18 years of age. IBC SECURITY does not intentionally collect personal data of minors. In the case of family members under 18 years of age, registration must be carried out by the account holder (legal representative), who is responsible for managing the minor's account.
Under Law no. 58/2019 of 8 August, the processing of personal data of minors under 13 years of age requires the consent of their legal representatives.
The Application uses the Firebase Cloud Messaging (FCM) service to send push notifications regarding:
Push notifications can be deactivated at any time through device settings (Android: Settings → Apps → IBC Security → Notifications; iOS: Settings → Notifications → IBC Security).
Deactivating push notifications does not affect the operation of the SOS feature nor the receipt of emergency alerts triggered by the user themselves.
If you have any question or wish to obtain more information about how we process your Personal Data or about our information security practices, please do not hesitate to contact us through the following contact addresses:
IBC SECURITY, LDA Urbanização Quinta Verde, Rua Mar, Lote 2, Sítio das Areias, 8135-171 Almancil, Portugal Private Security Licences: 171-A / 171-C Tax ID: 507 737 520
Email for exercising rights: rgpd@ibcsecurity.com Data Protection Officer email: dpo@rgpdconsultores.pt
IBC SECURITY may periodically update this Data Protection and Privacy Policy, as well as any other specific data protection and privacy declaration. When changes are made to this Policy, a new date will be added at the beginning thereof.
Any significant changes will be communicated to the user through:
Continued use of the Application after the communication of changes constitutes acceptance of the updated Policy. The user may, at any time, consult the most recent version of this Policy in the settings section of the Application.
This Data Protection and Privacy Policy is governed by the following legislation:
This Data Protection and Privacy Policy has been drafted in accordance with Regulation (EU) 2016/679 (GDPR), Law no. 58/2019 and the guidelines of the National Data Protection Commission (CNPD).
The Portuguese version of this Privacy Policy is the legally binding version. This English translation is provided for convenience.