Welcome to PuppyShield VPN! As a company that promises security, we recognise the importance of our customers fully understanding what Personal Data we collect, store and process. Our systems are designed with your privacy and the principle of data minimisation in mind.
This Privacy Policy describes how we processes the Personal Data you provide to us in accordance with the requirements of the Texas Privacy Act (TPA) and the General Data Protection Regulation (GDPR).
We have done our best to make this policy as clear and simple as possible so that you understand everything without having to wade through many pages of boring legal text.
We do NOT log your VPN sessions, browsing behaviour, the websites you visit, or any other activity related to your VPN connection. In addition, we NEVER store VPN connection logs and timestamps that associate your incoming and outgoing IP address or session duration.
What does this policy cover?
This policy applies where we act as a data controller in relation to the Personal Data of visitors and service users; in other words, where we determine the purposes and means of processing that Personal Data. This includes when you use our services, when you use our App.
Where this Privacy Policy applies
This Privacy Policy applies to the Astro VPN App. When the word “we” is used, it describes the controller (us) and includes the relevant service providers that help us to make the services available to you. When designing the app, we have made sure that no information that directly identifies you is collected.
As however some countries including the EU have a broader definition of Personal Data this policy covers it. In this sense we would need to first of all explore the definition of Personal Data.
"Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Legal basis for processing
Our legal basis for collecting and using your Personal Data as described in this Privacy Policy depends on the Personal Data involved and the specific context in which we collect it. Generally, your Personal Data will be collected and processed by us on one or more of the following legal bases:
- Your consent,
- Compliance with contractual obligations,
- Compliance with legal obligations, and
- On the basis of our legitimate interests.
If you have any questions or need more information about the legal basis for the collection of your Personal Data, please contact us.
Your rights
You can exercise the following rights:
- Right to information
- Right to rectification
- Right to object to processing
- Right to deletion
- Right to information
- Right to data portability
- Right of objection
- Right to withdraw consent
- Right to complain to a supervisory authority
- Right not to be subject to a decision based solely on automated processing.
If you have any questions about the nature of the Personal Data we hold about you, or if you wish to request the erasure or rectification of Personal Data we hold about you, or to exercise any of your other rights as a data subject, please contact us.
Updating your information
If you believe that the information, we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion, or object to its processing, please do so by contacting us.
Withdrawing your consent
You can revoke consents you have given at any time by contacting us. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
Access Request
In the event that you wish to make a Data Subject Access Request, you may inform us in writing of the same. We will respond to requests regarding access and correction as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days after receiving your request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to provide you with any Personal Data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the respective legal regulations mentioned above).
What Personal Data do we collect and store?
If you contact us, your enquiry including all Personal Data resulting from it (name, email, message) will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent. The processing of this data is based on Art. 6 (1) lit. b GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested. The data you send us via contact requests will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies. (e.g., after your request has been processed).
What information do we collect and store?
When you connect to our VPN service
We have deliberately and consistently chosen not to log all other data in order to limit our legal liability. We do, however, log the Connection status, bandwidth consumption so that we can bill you properly and maintain a high quality of service. All usage data is anonymised and not linked to your real, public IP address.
Access Authorisations and Push messages
We may request access or permission to certain functions from your device (Internet Connection and Network, VPN configuration and push notifications). The legal basis for data processing is our legitimate interest (Art. 6 para. 1 p. 1 lit. f GDPR) and the provision of contractual or pre-contractual measures (Art. 6 para. 1 p. 1 lit. b GDPR).
When you use the APP, you will receive so-called push messages from us, even if you are not currently using the App. These are messages that we send you as part of the performance of the contract. You can adjust or stop receiving push messages at any time via the device settings of your device.
Downloading the APP
The APP can be downloaded from the "Google Playstore" a service offered by Google Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, US, if you are resident outside the EU and Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland if you are a resident within the EU, or the Apple App service "App Store" a service of Apple Inc., 1 Infinite Loop, Cupertino, CA 95014, US, if you are resident outside the EU and Apple Distribution International Ltd, Hollyhill Industrial Estate, Hollyhill Ln, Knocknaheeney, Cork, Ireland, if you are a resident within the EU, to install our APP. Downloading it may require prior registration with the respective App store and/or installation of the respective App store software.
Google and Apple may collect information from and about the device(s) you use to access the APP, including hardware and software information such as IP address, device ID and type, device-specific and APP settings and properties, APP crashes, advertising IDs (AAID), information about your wireless and mobile network connection such as your service provider and signal strength; information about device sensors such as accelerometer, gyroscope, and compass.
Purchases
When you make In-app purchases, we (Google and Apple on our behalf) may collect the following data from you to process the purchase:
- Android or Apple user ID
- Email address
- Payment confirmation from the payment data collected by Apple or Google; and
- Device IP and device serial number to link the story history to the device.
Advertising
Our App is build using the Freemium Model. As such, the APP uses third-party advertising networks service to display ads. In order to provide personalized advertisements to our users, Apple or Google use device information that include personal and non-personal data, such as advertising (or ad) identifiers, IP address regarding the delivery of advertisements and your interaction with them and/or other tracking technologies to enable and optimize its advertising procedure.
Advertisers and third parties also may collect information about your activity on our APP, on devices associated with you, and on third-party sites and applications using tracking technologies. Tracking data collected by these advertisers and third parties is used to decide which ads you see both on our APP and on third-party sites and applications.
Ads are personalized and based on the device you are using. You can disable this via the settings on your device. You can also opt out on the Digital Advertising Alliance (DAA) if you wish not to receive targeted advertising. In addition, you may also choose to control targeted advertising you receive within applications by using the settings and controls on your devices.
Retention
Your Personal Data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the processing of a data subject access request, this is three years after the end of the respective process. You have the possibility at any time to object to the processing of your Personal Data in the context of the processing of a data subject access request for the future. In this case, however, we will not be able to further process your request. The documentation of the legally compliant processing of the respective data subject access request is mandatory. Consequently, there is no possibility for you to object.
International transfers
We usually do not transfer your Personal Data to other companies and/or business partners. However, when doing so we have contractual arrangements regarding such transfers to provide adequate protection for your Personal Data when it is transferred. We will also take all reasonable technical and organizational measures to protect the Personal Data we transfer.
Sharing of Personal Data by us
With your consent, we may disclose your Personal Data for any purpose. In addition, we may disclose your Personal Data: in connection with law enforcement, fraud prevention or other legal proceedings; as required by law or regulation; if Astro VPN (or a part of Astro VPN) is sold to or merged with another company; or if Astro VPN has reason to believe that disclosure is necessary to protect Astro VPN, its clients or the public. In all cases other than those described above, Personal Data will not be disclosed by us to third parties for their own marketing purposes without your consent.
Security measures
We take appropriate technical and organisational measures in accordance with Article 32 of the GDPR, taking into account the state of the art, the costs of implementation and the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk; the measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access to, input of, disclosure of, assurance of availability of, and separation of, the data relating to them. We also have procedures in place to ensure the exercise of data subjects' rights, deletion of data and response to data compromise.
Furthermore, we already take the protection of Personal Data into account during the development and selection of hardware, software, and procedures, in accordance with the principle of data protection through technology design and through data protection-friendly default settings (Art. 25 GDPR). The security measures include in particular the encrypted transmission of data between your device and our server and the connection to our service is protected by industry standard encryption.
Automated decision-making
We do not use automated decision-making or profiling.
Do Not Sell
We do not sell information that directly identifies you.
Changes
This policy and our commitment to protecting the privacy of your Personal Data can result in changes to this policy. Please regularly review this policy to keep up to date with any changes.
Queries and Complaints
If you have any questions, please do not hesitate to contact us at ZAVEENM@GMAIL.COM