Vee Security Privacy Policy

Structure

This privacy policy is given by Vee Secuirty OÜ, a Estonian company with Register Code 14470896 ("Vee Security", "we", "our", "us"). All our subsidiaries also apply this policy. Our data collection can be categorized as follows: (1) Service data; the data that we automatically process to provide you with the services that you have requested. This also includes the data that you actively submit to us when subscribing to our services. This is explained in this policy. (2) Security data; anonymous data that we need to collect to keep you secure. Such data is processed separately from any other data. This Privacy policy for services describes how we process our customers' personal data. It also complements service-specific privacy statements as well as our license terms and other, shorter notices on case-specific data collection (e.g. support tools). Depending on what our services you use and how much you interact with us, some sections of this policy may not apply to you or may apply to you only in part.

Definitions

This is what we mean when we make certain references within this policy. "Client", "you", refers to a private or corporate user or any other data subjects who buy, register for use, or use our services and who may have submitted personally identifiable information to us. This information may have been submitted through the use of our services (including web solutions), web sites, telephone, e-mail, registration forms, or other similar channels. "Personal data" refers to any information on private individuals and their personal characteristics or circumstances, which are identifiable to them or their family or household members. This information may include names, e-mail and mailing addresses, telephone numbers, billing and account information, and other information incidental to the services and their provisioning. "Services" refer to any services or products that are manufactured or distributed by Vee Security, including software, web solutions, tools, and related support services. "Web site" refers to the veesecurity.com web site or any other web site that Vee Security hosts or controls, including sub-sites and browser-based service portals.

What do we collect?

We typically need to ask at least for your email address, phone number, and name to be able to provide our services. The individual services also collect additional data directly both on our service and from your device and related data traffic. In cases of such automated collection, the focus of data collection is on our services, not on your private data. The adjoining service and interaction-specific policies explain in more detail the personal data collected per service type. If there is no specific policy for a service or interaction, this main ‘privacy policy for services' document shall apply.

What do we do with it?

This list describes the general purposes for the collected personal data:


(1) Customer journey. To identify authorized users and check customer qualifications, process and track transactions such as administering accounts, shipping, invoicing, and managing licenses;

(2) Deliver, fix, and enhance. To deliver our services to you, maintain and develop our services and web sites, and to provide help and support for the services;

(3) Analyze. To track how our services are acquired and used so that we can improve the services, manage your customer relationship, and approach you with relevant messages;

(4) Communicate. To send you information relating to the services, conduct customer surveys, arrange competitions, advertise and market our services to you;

(5) Regulatory. To prevent fraudulent activities, remove or stop sharing of illegal or infringing material, and comply with several legal or regulatory requirements.

The adjoining service and interaction-specific policies explain in more detail the specific purposes for the collected personal data.

Why we need to process your data

By using our services, you are our client. Because of this relationship, we have a right to process relevant personal data. Such data processing may occur when you communicate with us or our business partners relating to our services, install and use our services, fill out a form or survey, register to use our services, submit information through our web solutions, enter a contest or sweepstakes, register your e-mail address with us, or send us e-mail. We need to automatically collect and process relevant personal data for our services to work, to enhance them, and to provide them to you. Due to the nature of our services, it is impossible to completely avoid data collection without preventing the services from functioning. As such processing is inseparable from the services we provide to you, this gives us a valid need to process your data and legal authorization to do so. However, we seek to give you as much control as possible. For example, we may ask you for your separate consent for some data collected or provide a possibility to opt out from non-critical data collection. While some of our services have dedicated privacy policies to help you better understand the data collected by that particular service, we consider you a client of Vee Security, not a client of the individual service. Hence, data collected by different services (e.g. Connecto VPN) and interactions (e.g. contacting support) are combined to your Vee Security account. However, we do not aggregate data against our specific privacy promises (for example, we maintain a hands-off approach to your traffic inside our VPN & Proxy service).

Transfers

We do much ourselves, but also have partners to help us provide our services. This also means that we need to exchange data with our partners. When doing so, we take great care in sharing only the necessary personal data. We have explained below the two main instances of such personal data exchanges.

Subcontracting. We may disclose some of your personal data to subcontractors and Vee group companies who provide parts of our services that you use. Where our clients' personal data needs to be disclosed to our subcontractors, we require, in our contracts with them, that they use such information solely for providing their agreed services (for example, to solve a support case, to send it to logistic partners for product delivery, or to send marketing mails on our behalf). We require such subcontractors to act in a manner consistent with this privacy policy and applicable laws. Whenever possible, we anonymize the data sent.

Sales and marketing. We exchange (both disclose and receive) some of your personal data with our distribution partners (resellers of corporate IT services, operators, webstores, etc,), who market, sell and distribute our services. We provide these companies access to such personal data that they need for their agreed activities. The logic of this data sharing is to provide a seamless customer experience. This includes activities such as customer management, service support and problem resolution, direct marketing, and invoicing. Our distribution partners must also comply with the agreements and legislation when handling your personal data.

Most of our distribution partners may have a pre-existing customer relationship with you and are processing your personal data as an independent entity. In such cases, both Vee Security and the distribution partner have separate customer data entries on your customer relationship that are subject to our respective policies.

International transfers Some of our affiliates, subcontractors, distributors, and partners are located outside the European Economic Area to ensure the global reach and availability of our services. When we transfer personal data outside the European Economic Area, we secure such transfers of personal data according to the requirements of the law. We do this by imposing appropriate technical and contractual safeguards on relevant subcontractors and Vee group companies, for example by using data transfer clauses that are approved by the European Union. We only do global or cross-border data transfers for a good reason and after assessing the resulting privacy risk.

More importantly, we store more sensitive customer data within the European Economic Area and keep it under our own control.

Other disclosures There are circumstances not covered by this privacy policy where the use or disclosure of personal data may be justified or permitted, or where we may be obligated by applicable laws to disclose information without acquiring your consent or independent of service provisioning. One example includes complying with a court order or a warrant issued by the authorities in the relevant jurisdiction to compel the production of information. We weigh each disclosure requirement carefully and take the possibility of such disclosure requests into account when deciding where and how we store your personal data. Disclosing your personal data may also be justified to protect ourselves against liability or to prevent fraudulent activity, or where it is necessary to solve or contain an ongoing problem. In any such action, we will act according to the applicable laws. We may also need to transfer your personal data as part of a corporate transaction, such as a sale, merger, spin-off, or other corporate reorganization of Vee Security, where the information is provided to the new controlling entity in the regular course of business. We may also disclose your personal data to our insurers and to governmental regulatory agencies if so required by applicable laws.

Retention

We retain your personal data in our databases in line with our data retention practices. The default rule under Estonian – and many other applicable – laws, is that personal data should be deleted or anonymized once we no longer need it for the purpose it was collected. Consequently, we store the personal data of our customers for varying durations, depending on the type of data. This also means that we may retain your personal data beyond the end of your client relationship with us, but only as long as we continue to have a valid reason. Typical reasons include: to allow us to pursue available remedies or to limit any damages that we may sustain (e.g. due to an ongoing dispute or investigation) to solve or contain a recurring problem or to have enough information to respond to future issues (e.g. your support ticket related to a problem that was not permanently corrected during your customership) to uphold agreements between you and us (e.g. you continue to subscribe to our other services) to prevent fraudulent activity (e.g. to enforce a ban on our community) if applicable laws require us to store the data (e.g. to keep track of your purchase and the payment of our services) to communicate with you (e.g. keeping your personal data stored for the grace period after the end of your subscription or sending you communications after your customership if you have elected to receive them). We do not seek to store your customer account data indefinitely. Once there has been no activity in any of our services related with your customer account or in our community for a set time, we delete your account. We will contact you in advance of such deletion so that we do not delete your account against your wishes. For more sensitive data relating to specific services, we have separate retention practices. Data that does not contain personal data (e.g. security data and aggregate analytical data) is retained as long as such data is needed and is useful for the purpose it was collected.

Data security

We apply strict security measures to protect the confidentiality and integrity of your personal data when transferring, storing or processing it. We use physical, administrative and technical security measures to reduce the risk of loss, misuse or unauthorized access, disclosure or modification of your personal data. We store your personal data on secure servers that are located either at our offices, at the offices of our subcontractors, or at fully classed data centers. Only authorized personnel can access the information on these servers. Where our clients' personal data needs to be disclosed to our subcontractors, we require them to process and protect personal data in a manner consistent with this privacy policy and applicable laws. If you contact us through our web site or via e-mail, be aware that any information that is sent via the Internet might not be secure.

Your rights

We seek to keep your personal data accurate, complete, and up to date. Some of our services portals allow you to update your customer information. For such, you should update any changes to your personal data, for example, change of address or e-mail address. If you cannot update the changes yourself, you may inform us of the necessary changes. You can contact us for more details about how your personal data is processed or to cancel your consent. Our contact information is included in this policy. You can unsubscribe from receiving marketing messages by following the instructions that are included in each message. You have the right to ask us what personal data we have on you. If you wish to minimize the data we collect when providing our services to you, we provide you the possibility to opt out from non-critical data collection. The same applies to our communications.

Third parties

Our services and websites may embed or interoperate with third-party services. The most prevalent such scenarios are the following: (1) Webstore. Our webstore is partially run by a third-party reseller. While the data you enter in the registration phase is handled under Vee Security policies, our webstore providers' policies apply to the actual purchase and related activities. (2) External features. Where the third-party service is a visible, separately branded part of your user experience, such third-party services' privacy policies apply in lieu of this policy.

Sources

While we collect the majority of the above-mentioned data directly from you or your device, we also receive data from our affiliates, distribution partners (such as operators), and corporate entities from whom you have purchased the services. Such entities may be our resellers, but also include our external webstore partners. We also acquire some basic personal data (order data on purchases) and aggregate analytical data from app stores in which our services are sold. Such other sources may further include subcontractors who have provided you with support services, or advertising partners who have assisted us in conducting our marketing activities. We do this to create a seamless customer experience and to have the necessary information for solving support cases. Typical examples of this kind of "third-party collection" are: collection of your data from registration information that you have submitted to our external webstore, we acquire your contact data from previous sign-in data from our operator reseller partner providing our service to you, and when you use your social media account to register to our services, we collect the e-mail address from your account to enable us to authenticate your registration and to contact you.

Changes

This version of the policy clarifies, updates, and replaces the previous policy. To continue keeping this policy up to date, we will make changes and additions to this from time to time also in the future. We will publish the changed privacy policy on our web site. If the changes are significant, we may also notify you by other means, such as posting a notice on our home page or sending an e-mail. Any changes will apply starting from the date that we publish the revised privacy policy on our web site.

Contact information

If you have any questions or concerns about the matters discussed in this privacy policy, please contact:

Vee Security OÜ
Narva mnt. 5

10117 Tallinn, Harjumaa
Estonia

Copyright © 2018 Vee Security OÜ. All rights reserved.
Vee Security OÜ., Narva mnt. 5, Tallinn, Harjumaa 10117, Estonia.