For the purposes of the General Data Protection Regulation 2016/679 (hereinafter: the GDPR), NodeVPN OÜ (hereinafter: the Company) is the data controller of your personal data (hereinafter: the Information). The Company is registered at The Registrar of Companies for Estonia, registered office address: Pirni str. 6a-40, 10617 Tallinn, Estonia.
The Company provides you with access and usage of the NodeVPN Platform. The Platform represents a Virtual Private Network (VPN) solution with a blockchain based certification authentication (hereinafter: the Platform).
The Company respects your privacy and is committed to protecting your personal data as defined by the GDPR. The Company complies with the principles of the GDPR and aims to maintain consistently high levels of protection and legal compliance in its processing of your Information.
By using the Company’s website (nodevpn.io) (hereinafter: the Site), the Platform and related services you consent to the Company’s collection and use of your Information as described in this Policy. If the Company makes changes to the Policy and/or procedures, the Company will post those changes on the Company’s Platform and/or Company’s Site, as well as inform you via email to keep you aware of what Information it collects, how it uses it and under what circumstances it may disclose it.
Your continued use of the Site or Platform and services after this Policy has been amended shall be deemed to be your continued acceptance of the terms and conditions of this Policy, as amended. The Company encourages you to bookmark this Web page and review this Policy regularly.
What information does the company collect?
First things first. It is important that you know what types of personal data we are processing.
All your Information will be held and used in accordance with the GDPR where applicable. When you visit the Company’s Site and use the Company’s Platform you will either be prompted to provide the Company with your Information on a voluntary basis, or the Information will be collected through your use of the Platform.
(a) Information you voluntarily provide to the Company:
The Company collects and maintains Information that you voluntarily submit to it during your use of the Company’s Site or the Platform:
- when you wish to select a Subscription Plan on the Site and use the Platform, you may provide the Company with certain Information including your billing details such as email address, street address, phone number, town/city, postcode/ZIP, country/region, account username, account password that you create, and credit/debit card details (number, cardholder name, expiration date, etc.).
- During your use of the Platform, you may submit Financial & Tax Information. Aside from credit/debit card details, we may process information about your purchase history and tax identification numbers.
- In order to use the Platform properly, you may provide us with Account Authentication Information such as: account usernames/identifiers, required security code, access code or password, Credential hits, Security questions (e.g. mother’s maiden name, etc.);
- You may provide The Company with Information in the course of email interactions and customer contact/support. You may choose to provide feedback to the Platform, for example through email. The comments in your feedback, as well as your contact information like your email, may be kept on record. The feedback that you choose to provide is valuable in helping The Company make improvements to its service to you. To follow-up on the feedback you have chosen to provide, The Company may correspond with you using the contact information that you have provided.
You provide your information to the Company voluntarily and you can choose not to provide the Company with certain Information, however this may present a basis for the Company to prevent you from gaining access to the Service or limit the features of the Service that you can use on the Platform.
(b) Information that the Company processes automatically during your use of the Platform:
In the course of your use of the Platform, we may process your device information such as: Unique Device Identifier (e.g. IMEI), IP Address, Clickstream/Online Website Tracking, Cookie Identifiers, Resettable Identifiers (e.g. IDFAs, Ad IDs, etc.), and market area code. We do not process special categories of personal data.
Basis for processing
Every piece of information we process, we do so according to specific legal basis stipulated by the GDPR.
The legal basis for the processing of your personal information is the necessity to provide you services and to perform the Company’s obligations in accordance with any contract that the Company may have with you. The Company may also process your information to the extent the Company is required by law. Certain information you provide to the Company may be processed based on your consent.
Information the company receives from third parties
Sometimes we receive information from other companies, because in certain cases we need a little help to provide you with the best possible service.
The Company may also combine online and/or offline information received from third parties with your data.
The third party information is used for a variety of purposes including the information provided to us by Stripe (https://stripe.com/en-gb-us), which is integrated to our system as a payment service provider (hereinafter: PSP). Please note that once you decide to purchase our services you will be redirected to our PSP’s website to execute the purchase, therefore your personal data may be processed by PSP, according to their data privacy terms.
The Company processes this information to provide you the services you have requested and perform the Company’s obligations in accordance with any contract that the Company may have with you or to comply with the Company’s legal obligations. It is also in the Company’s legitimate interest to use your personal information in such a way to ensure that the Company provides you with the very best service.
How the company uses your information
It is super important to know what Companies are doing with your data, so please make sure you check this Policy on a regular basis, as the purposes of processing may change from time to time.
The Company will use your Information in the ways described below and as described at the time that the Information is collected:
(a) For the provision of the services through the Platform;
(b) The Company shall use your information as necessary or appropriate for the Company’s business purposes including to:
- create the certificate for your account which you have opened with the Company;
- register you and provide you access to the Platform or services requested by you;
- verify that you meet the requirements for a user of the Platform;
- fulfill your requests for products or services including keeping you informed about the income that you gain through our service;
- respond to inquiries or requests that you direct to us;
- send communications and administrative emails to you about the Platform or other services;
- analyze, benchmark and conduct research on user data and user interactions with the Site and Company’s services;
- allow the Company to process and complete your purchases;
- send you our optional periodical updates;
- if you were to opt for it, send you information about products and services which may be of interest to you.
What rights do I have with regards to the information the company holds on me
Know your rights, always. It is our job to make sure you can exercise these rights anytime and without any hassle.
Under the GDPR you have the right to ask the Company to provide you with all the information it stores on you. You have the right to request a copy of the Information that the Company holds about you, however, if you require additional copies, the Company may need to charge a reasonable fee. The Company may deny you the right to access your information if the Company is under a legal obligation not to disclose information or if such disclosure would reveal an identity of another person.
You also have the right to ask the Company to rectify or delete your personal information, as well as to restrict its use. With regards to Information you provided to the Company based on legal grounds for processing you have the right to have your information ported to another organization. You have the right to request additional information about the handling of your personal data. In order to realize your rights the Company may require two pieces of identification to prove your identity.
Where the Company has asked for consent to process your data, you also have the right to withdraw this consent. After withdrawal of your consent, the Company may also process your information if it still needs to process it to fulfill the Company’s legal obligations or if this is necessary to perform the contract you have concluded with us.
How the company discloses your information to third parties
Sometimes we are required to share the Information we process with third parties so you will be provided with the service you deserve. This is common practice, but nevertheless we want you to know why and how we do it.
The Company may share your Information with third parties as specifically approved by
you or under the circumstances described below.
Disclosure to third party organizations to provide the services:
- Where you use the services available on the Company’s Platform the Company may disclose your Information to relevant third parties with whom you are contracting in order for them to fulfill the terms and conditions of those arrangements. Such disclosure shall only take place following entry into the relevant agreement.
Disclosure will be made in the following scenarios for the following purposes:
- When you make purchases on the Platform;
- To successfully complete your purchases or otherwise implement our terms of service, your personal information is provided as needed to the Platform’s third party product and service providers or other third parties authorized by the Company, if any;
- Disclosure for legal or regulatory reasons;
- The Company may use a number of third-party organizations to help provide a professional level of service to the Company’s users. These organizations act as data processors and are strictly controlled in how they may or may not use your Information and the Company remains responsible for the protection of your Information.
Changes to the company
If the Company changes, your privacy remains our top priority. We want you to know exactly what will happen with your data if the Company goes through a transition in the future.
In the event that the Company goes through a business transition such as a merger, acquisition by another company, or sale of all or a portion of the Company’s assets, your Information may be among the assets transferred. You acknowledge that such transfers may occur and are permitted by this Policy.
In the event that the Company is terminated, the gathered Information shall be permanently deleted, prior to which you will receive an email notice of the exact date and time of the deletion. The deletion of the Information shall only pertain to such information that the Company is legally required to delete in the aforementioned event.
Updating and controlling your information
Knowing your rights is not enough, we want to make sure that you are aware of the ways in which you control your data.
There are a number of ways in which you can control the collection, use, and sharing of your data and update your Information and preferences:
- Canceling your user registration;
- You may at any time choose to close your account with the Company. The Company will then cease processing your information for any new purposes, but such closure shall not affect the Company’s ability to retain and process any Information required for the performance of obligations arising from law or for the completion of any services which are in process;
- When you receive marketing communications from us you will have the opportunity to “opt-out” by following the unsubscribe instructions provided in the marketing e-mail or newsletter.
Retention of your information
Knowing how long and for what reasons we process your data is particularly important. We do it primarily to enable you to use our Platform and to comply with our legal obligations.
The Company will retain your Information only for as long as it is necessary for the purposes set out in this Policy and for the provision of the Company’s services. The Company may retain and use your Information to the extent necessary to comply with the Company’s legal obligations, resolve disputes, and enforce the Company’s agreements.
Please note that:
- even if you delete your information, the Company may retain your information in conformance with the Company’s data retention policy; and
- the Company is not responsible for updating or removing your information contained in the lists or databases of third parties who have been provided with your Information as
permitted by this Policy.
Third party links and services
Watch out for third party links. Despite the fact that we choose our partners very carefully, keep in mind that they are not part of our organization, so they have their own data processing rules.
Please remember that when you use a link to go from the Company’s Site to another Site or you request a service from a third party, the Company’s Policy no longer applies. Your browsing and interactions on any other Site or your dealings with any other third party service providers, is subject to that Site’s or third party service provider’s own rules and policies. The Company does not monitor, control, or endorse the information collection or privacy practices of any third parties.
The Company encourages you to become familiar with the privacy practices of every Site you visit or third party service provider that you deal with and to contact them if you have any questions about their privacy policies and practices. This Policy applies solely to information collected by the Company through its Platform and does not apply to these third party Sites and third party service providers.
Where the company stores your information
Your data is stored in London UK.
The Information that the Company collects from you will be transferred to and stored in London UK, a destination outside the European Economic Area (hereinafter: EEA). Your Information may be processed by staff operating outside the EEA who work for the Company or for one of its suppliers. Countries where your Information may be transferred may offer different levels of data protection laws to the country from where you submitted your Information.
The Company will take all steps reasonably necessary to ensure that your Information is treated securely and in accordance with this Policy and the GDPR. Where this is required by local laws, the Company will make arrangements with entities receiving your Information that they shall ensure that security measures are in place, and that your Information is processed only in accordance with EU Data Protection laws.
If your Information is transferred to a jurisdiction outside the EEA, it will be done so under agreements with the Company’s counterparts, which contain standard data protection contract clauses (so called “Model Clauses” adopted by the European Commission). Such clauses provide safeguards for your Information that is transferred outside of Europe. In addition, the transfer may be undertaken on the basis of an adequacy decision, as prescribed by the GDPR.
Security of your information
We don’t protect your data just ‘’on paper’’, we implement security measures provided in this Policy. However, please do not get carried away too much, your privacy depends on you as well.
The Company follows appropriate security procedures in the storage and disclosure of your Information to prevent unauthorized access by third parties. the Company also require those parties to whom the Company transfer personal information to comply with the same. Unfortunately, the transmission of information via the internet is not completely secure. To that end, the Company cannot ensure the security of your Information transmitted by you to the Company via the internet. Any such transmission is at your own risk, and you acknowledge and agree that the Company shall not be responsible for any unauthorized use, distribution, damage or destruction of your Information, except to the extent the Company is required to accept such responsibility by the GDPR. Once the Company has received your Information the Company will use security procedures and features to prevent unauthorized access to it. The Company uses FIPS 140-2 Level, and measures provided by ISO 27001. The Information is stored on the servers which are owned by the Company within a secure location.
You can play your part in safeguarding your personal information by never disclosing your login password or account information to anybody. Whenever you log in as a member on the Platform, particularly on somebody else’s computer or on public internet terminals, you should always log out at the end of your session. Your assistance will help us protect the privacy of your personal information.
The Company cannot be held responsible for lapses in security caused by third party accesses to information as a result of your failure to keep your personal information private. Please notify us immediately if there is any unauthorized use of your account by any other internet user or any other breach of security.
Our job does not end here, we encourage you to contact us if you are not satisfied with the way we process and safeguard your data. We believe we are doing a good job, but we can always do better with your help.
If you wish to make a compliant about how your personal data is being processed by us or the Company’s partners, you have the right to complain to firstname.lastname@example.org. If you do not receive a response within 30 days you can complain to the Information Commissioner’s Office.