Last updated: 26 October 2020
Your privacy is important to us. Whether you are browsing our Site or using our Services we want you to understand what information we collect about you and how this information is used. Our main principle is to collect only the minimal data required to provide our Service and for our users to remain as anonymous as possible. It is therefore our policy to not log or store any unnecessary data about our users. Hence, we do not collect or store logs of your activity, including no logging of browsing history, traffic destination, connection time stamps, DNS queries, IP addresses (neither allocated IP nor connected IP), data content or bandwidth.
Information we collect
PrivateVPN does not collect or log any traffic or use of the Service. If you are browsing our Site, you do not have to give us any identifiable information. We do not track any activities outside of our Site. For more information about browsing our Site, see the “Cookies” section below. The following section describes what information that we collect from you, i.e. what personal data we are using. Please note that you might submit more personal data to us without it being a request from us, e.g. when asking questions in our online chat or otherwise communicating with us.
Information related to you and your account
To be able to use our Service you need to register an account at our Site. To register an account, you need to provide us with an e-mail address and a password. The e-mail address is your username.
Purpose and legal basis
The personal data we collect about you when using our Service is used to create your account after registration and thereafter for the purpose of the performance of the contract with you. We also use the personal data to identify and communicate with you primarily for customer support. This section further describes the purposes and legal basis for our processing of your personal data.
Information related to you and your account
Processing of your e-mail is mainly for the purpose of (i) providing you with our Service, or (ii) to answer questions, resolve problems or provide general support to our users. The legal basis for the processing is that the processing is necessary for the performance of a contract with you, or that the processing is based on a legitimate interest where our rights to process the data for such interest overrides your rights to your personal data.
Payment information is mainly processed for the purpose of (i) providing you with our Service, (ii) to pay out refunds, and (iii) for accounting purposes. The legal basis for the processing of payment data for purpose (i)-(ii) is that the processing is necessary for the performance of a contract with you, or that the processing is based on a legitimate interest where our rights to process the data for such interest overrides your rights to your personal data. The legal basis for the processing of payment data for purpose (iii) is that the processing is necessary for compliance with a legal obligation to which we are subject.
Some of the personal data we collect might also be processed for the purpose of:
The legal basis for the processing mentioned above is that the processing is necessary for the performance of a contract with you, or that the processing is based on a legitimate interest where our rights to process the data for such interest overrides your rights to your personal data.
Sharing of information
We will not disclose your personal data to any third party, except where (i) it has been agreed between PrivateVPN and you, (ii) it is necessary within the scope of our contract, (iii) it is necessary in order to fulfil a statutory obligation, comply with a decision of a public authority or court of law or (iv) in cases where we engage an external service provider or business partner who perform services on our behalf. We will never sell your personal data to third parties.
Transfers of personal data outside the EU/EEA are only carried out in accordance with applicable data protection laws and for the purposes specified above. Transfers may occur to countries outside the EU/EEA within the scope of a certain contract, but only to the extent necessary for the performance of our contract with you. In case of such third country transfer, we make sure to take all steps necessary to ensure your privacy. Transfer of personal data will only occur if the country to which the personal data will be transferred has been granted a European Commission adequacy decision or we have put in place appropriate safeguards in respect of the transfer, for example if we have entered into EU standard contractual clauses with the recipient, or the recipient is a party to binding corporate rules.
Storage of information
The personal data is not saved longer than necessary given the purpose of the processing, unless a longer storage time is required or permitted by law. The data might be kept longer if required for tax, accounting, payment processing purposes, to ensure we would be able to defend or raise a claim, or where we have a specific need - though we will generally not keep personal data for longer than two years following the last date of communication with you, unless the data is necessary in order to provide the Service.
Your rights as a data subject
You have the following rights in relation to our processing of your personal data:
Right to access (register transcript) – the right to obtain confirmation of and information about the processing of your personal data, and your rights as a data subject.
Right to rectification – the right to have your personal data corrected.
Right to erasure – known as “the right to be forgotten”, meaning the right to have your personal data erased. This right is not absolute and only applies in certain circumstances, e.g. when the processing is no longer necessary for its initial purpose or when we are processing the data based on your consent and you withdraw such consent.
Right to object – the right to object against our processing if the legal ground for the processing is based on our legitimate interests or if it is used for direct marketing.
Right to restrict data processing – the right to demand that the processing of personal data is restricted, e.g. if you oppose the correctness of the data. While the matter is investigated, PrivateVPN’s access to the data in question is restricted.
Right to data portability – the right to request that your personal data is transferred from one data controller to another. This right is restricted to the personal data that you have submitted to us.
Please note that if you request your personal data to be restricted or deleted, we may not continue to be able to fulfil our contractual obligations towards you.
If you have any objections or complaints regarding our processing of your personal data, you are entitled to contact or file complaints with a supervisory authority, in Sweden currently the Swedish Data Protection Authority (Sw. Datainspektionen). You can also file a complaint with the supervisory authority in the country where you live or work.
Our Site is protected by security measures that are consistent with the industry standard. These measures are to protects your personal data from theft, misuse, or loss. We continuously review our information collection, storage, and processing practices, including physical security measures, to prevent unauthorized access to our systems.
We restrict the access to personal data to our employees, contractors, and service providers who need the information in order to process it. Anyone with access to the information is informed and educated in how our security measures work and how we protect you as a user of our Service. We have chosen to work with well-known companies, and we make sure to collaborate with third parties that have a good reputation and will protect your personal data.
We might use your e-mail address to send you promotional or marketing information about products or services related to our Service. You can choose to unsubscribe from these e-mails by contacting us at email@example.com. Please write “Unsubscribe” in the subject section.
Our Site and the Service we provide are not intended for anyone under the age of 18. When you subscribe to our Service, you warrant that you are at least 18 years of age. We do not use the Service to knowingly solicit data from children under the age of 18.
Privat Kommunikation Sverige AB, Reg. No. 556895-1486, Bygdevägen 5 lgh 1301, SE-191 48 Sollentuna, Sweden is the controller of the personal data processing as described above. This means that we are responsible for ensuring that the personal data is processed correctly and in accordance with applicable data protection laws.
If you have any questions regarding our processing of your personal data, please e-mail us at: firstname.lastname@example.org. We try to answer all e-mail inquiries within 24 hours.