Our underlying policy is that we want you to remain anonymous when using our service. It is therefore our policy to never store any activity logs or metadata and to have as minimal data retention as possible. However, in some situations we might process your personal data if you, for example, are making a donation to VPN.fail (by bank wire, PayPal, blockchain etc) or are sending an email or reporting a problem to VPN.fail. In those cases, we might process your personal data and the General Data Protection Regulation (“GDPR”) and other data protection laws may apply to the processing.
The purpose and legal basis for each processing
Payment information are processed for the purpose of accepting donations, or for accounting purposes. The processing of payment data is based on a legitimate interest where our rights to process the data for such interest overrides your rights to your personal data. Payment information processed for accounting purposes are necessary for the compliance of a legal obligation to which we are subject.
Processing of e-mails and support reports via our app/client are made for the purpose of answering questions, resolve problems, and provide general support to customers. The processing is necessary for the purpose of the legitimate interests where such interest overrides your rights to your personal data.
How long is the personal data saved?
The time periods for which the personal data will be saved can vary. Certain payment data must be kept for the statutory retention period described in applicable local laws. If not required by law or stated above, the data will be stored for no longer than necessary for the purpose. After the statutory retention periods, the data will be permanently deleted.
After "solving" or "closing" a support case/problem report, all related emails/problem reports are archived (removed from the inbox). After six months, all emails/problem reports sent to our support address are automatically, permanently erased (from inbox, deleted items, sent items, trash, and archives).
Your personal data will only be shared with third party suppliers who are performing services on our behalf and for the purposes stated above. The categories of such recipients are e-mail service providers and payment solution suppliers (which are subject to confidentiality).
Is any transfer made to a third country?
No. We only store your personal data within the EU/EEA. If transfer to a third country occurs in exceptional cases, we will ensure that there is a legal basis for such a transfer and provide you with necessary information.
The rights of individuals
You have the right, in certain situations, to request us to correct or delete incorrect personal data regarding you and/or limit the processing. You also have the right to request for a copy of your personal data and a registry extract. However, we cannot give out payment data for donations since the purpose of the processing of the payment data do not require identification of the data subject and would require disproportionate effort for us to further acquire or process additional information to identify the data subject (article 11 in the GDPR).
The registry extract and the copy of personal data will be provided to the data subject (if the personal data are not subject to article 11 in the GDPR) without undue delay and in any event within one month of receipt of the request. If the request is particularly complex or if we receive number of the requests, the period may be extended where necessary. In this event we will inform the data subject of any such extension within one month of receipt the request together with the reason for the delay.
Where the legal basis for the processing is based on a weighing of interests you are as a data subject entitled to object at any time to the processing of your data.
If you are displeased with our processing of your personal data, please contact us or submit a complaint to the supervisory authority.
If you would like to exercise your rights, please contact us for more information.
Please note that exercising some rights may limit our ability to provide support that requires such information, for example issuing a refund or finding a lost account. We are also unable to approve some request due to legal requirements or that the processing of personal data might be based on a legal basis to which the right do not apply.