Privacy Policy

This policy is effective as of 9 June 2026.

Protecting your personal information is a priority of Acre Operating Group, LLC and its affiliates and subsidiaries (collectively, "Acre Security"). This Privacy Policy governs how Acre Security collects, transfers, uses, and discloses Personal Information.

This Privacy Policy is intended to be comprehensive and to meet the requirements of applicable global data protection laws, including the EU/EEA General Data Protection Regulation (GDPR), the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), and all other relevant privacy regulations worldwide.

Summary

This policy applies to:

• Visitors to our websites ("Sites").
• Customers, Resellers, Distributors.
• Users of our products and services.

The purpose of this Privacy Policy is to let you know how we collect, use, store, share, retain, transfer, and process your Personal Information.

What Personal Information We Collect

We may collect various types of information depending on how you interact with us. The Personal Information we may collect includes:

• Identity Information: full name, job title, organisation, email address, telephone numbers, and mailing address.
• Account and Access Credentials: username, authentication credentials, and security management details.
• Biometric and Physical Security Data: Where your organisation has enabled biometric features in Acre products (such as facial recognition or fingerprint access control), Acre may process biometric data including facial geometry templates, fingerprint data, or iris patterns. This is Special Category data under applicable law and is processed only with your organisation's explicit configuration choice and, where required by law, with individual informed written consent.
• Talent and Recruitment Information: information submitted in connection with employment inquiries or applications.
• Professional and Organisational Contact Details: information relating to individuals acting on behalf of a business entity.
• Marketing and Communication Preferences: subscription choices and communication preferences.
• Payment and Billing Information: financial and billing-related details necessary to complete transactions.
• Export Control and Compliance Information: nationality and citizenship details.
• Commerce and Transaction Records: details associated with inquiries, purchases, or service requests.
• Event and Enrolment Information: information you provide when signing up for events, training sessions, or demonstrations.
• Feedback and User Input: any information you choose to share regarding your experience with our products.

We may also collect certain information automatically through the use of cookies and other digital tracking tools (see the Cookies section below).

How We Use Your Information

• Business and Professional Interactions: to communicate with individuals acting on behalf of customers, partners, and suppliers.
• Service Delivery and Transaction Support: to provide the services you request and to complete transactions you initiate.
• Physical Security Product Data: Where you use Acre's physical security products, Acre may process access event data, credential data, and security logs to: (a) enable physical access control and identity management functions; (b) generate security alerts and operational insights, including through AI-powered features; (c) support incident investigation and forensic review where requested; and (d) meet legal obligations including data retention requirements. This data is not used for marketing purposes or sold to third parties.
• Site Management and Security: to maintain, monitor, and secure our Sites and digital services.
• Enhancing Products and Services: to better understand how our Sites, products, and services are used.
• Communications, Marketing, and Outreach: where permitted by applicable law, to share relevant news and updates.
• Recruitment and Talent Acquisition: to assess suitability for employment and manage applications.
• Compliance, Enforcement, and Protection: to detect, investigate, or respond to potential violations, suspected fraud, or security threats.

Use of Artificial Intelligence in Our Products and Services

Internal Use

We use AI tools internally to support business functions and operational efficiency. Where these tools interact with personal information, such processing is carried out in accordance with this Privacy Policy and applicable data protection law.

AI in Our Products

Certain Acre Security products incorporate optional AI functionality designed to enhance the capabilities of those products. The decision to enable and use these AI features is entirely the customer's. Acre Security does not use data processed through these AI features to train AI models without a lawful basis, appropriate safeguards, and explicit customer approval.

Automated Decision-Making

Acre Security does not make decisions about individuals based solely on automated processing that produce legal or similarly significant effects. Should this change, we will update this policy and provide appropriate notice in accordance with applicable law.

How Long We Retain Your Information

We retain Personal Information only for as long as necessary to fulfil the purpose for which it was collected, or as required or permitted by applicable law.

Cookies and Other Tracking Technologies

Cookies are small files stored on your web browser when you visit our website. If you would like to opt out of cookies, you may change your browser settings. More information about how we use cookies is available in our Cookie Notice at acresecurity.com.

Your Rights Regarding Access to and Control over Personal Information

If you reside in the EU/EEA or the United Kingdom, you have the following rights:

• Right of information and access: You have the right to access your Personal Information and receive a copy.
• Right to rectification: You have the right to correct or update inaccurate Personal Information.
• Right of erasure: You have the right to request that your Personal Information be permanently deleted.
• Right to restrict processing: You have the right to restrict the processing of your Personal Information.
• Right to object to processing: You have the right to object to specific types of processing.
• Right to portability: You may ask to receive a portable copy of your personal information.
• Right not to be subject to solely automated decisions: Acre Security does not currently make decisions about individuals based solely on automated processing that produce legal or similarly significant effects.
• Right to notify data protection authority: You have the right to complain to the Irish Data Protection Commission (info@dataprotection.ie), Acre Security's lead supervisory authority. Our DPO can be contacted at privacy@acresecurity.com.
• Right to withdraw consent: You may withdraw consent at any time.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

If you wish to exercise any of these rights, please submit a request to privacy@acresecurity.com.

Information for California Residents

The California Consumer Privacy Act (CCPA) applies to information collected from California residents. Residents of California have the following rights:

• Right to Know and Access Information: California residents may submit a verifiable request regarding the information we have collected, the types of sources, the purposes, and the specific information collected about them. We will respond within 45 days of a verified request.
• Right to Have Personal Information Deleted: You may request that we delete personal information we have collected from you, subject to certain exceptions (e.g. where retention is required for legal compliance, security research, or to complete a transaction). Contact privacy@acresecurity.com to submit a verified deletion request.
• Right to Portability: You may request a copy of your personal information in a portable, machine-readable format. Contact privacy@acresecurity.com.
• Right to Correct: You have the right to request that we correct inaccurate personal information we hold about you.
• Right to Limit Use of Sensitive Personal Information: Contact privacy@acresecurity.com to exercise this right.
• Right to Non-Discrimination: We will not discriminate against you for exercising these rights.

We do not sell Personal Information to third parties as defined under CCPA/CPRA.

Contact Us

If you have any questions about this privacy policy, or if you want to exercise your privacy rights, please contact us at:

privacy@acresecurity.com
acresecurity.com/contact-us

• Data Protection Officer: privacy@acresecurity.com
• Lead Supervisory Authority (EU/EEA): Irish Data Protection Commission, info@dataprotection.ie
• UK Supervisory Authority: Information Commissioner's Office, www.ico.org.uk