Welcome To SpinupVPN’s Privacy Statement
- When we say ‘we’, ‘us’ or ‘SpinupVPN’ it’s because that’s who we are and we own and run the Sites.
The type of personal information we collect
- We collect certain personal information about visitors and users of our Sites.
- The most common types of information we collect include things like: user-names, member names, email addresses, IP addresses, other contact details, survey responses, blogs, photos, payment information such as payment agent details, transactional details, tax information, support queries via ticket, chat and email, forum comments, content you direct us to make available on our Sites (such as support tickets or product descriptions if you’re a vendor) and web analytics data. We will also collect personal information from job applications (such as, your resume or CV, the application form itself, cover letter and interview notes).
Information that we do NOT collect
5.1 We DO NOT collect, store, archive, share or sell your connection, browsing or other personal identifiable activity information from your VPN servers!
To be clear, while we do not collect your information from your VPN server, your ISP might log that connection. Or our cloud provider (Digital Ocean, Amazon etc.) will likely be doing it as well as you make the initial connection to the VPN server. They do this for network management reasons and to prevent bad actors (such as spammers) from using the cloud network.
How we collect personal information
- We collect personal information directly when you provide it to us, automatically as you navigate through the Sites (but not your personal VPN servers), or through other people when you use services associated with the Sites.
- We collect your personal information when you provide it to us when you complete membership registration and buy or provide items or services on our Sites, subscribe to a newsletter, email list, submit feedback, enter a contest, fill out a survey, or send us a communication.
Personal information we collect about you from others
- Although we generally collect personal information directly from you, on occasion, we also collect certain categories of personal information about you from other sources. In particular:
- financial and/or transaction details from payment providers located in the US, UK, EU, Australia and other countries in order to process a transaction;
- third party service providers (like Google, Facebook, Twitter and others) who are located in the US, UK, EU and other countries, which may provide information about you when you link, connect, or login to your account with the third party provider and they send us information such as your registration and profile from that service. The information varies and is controlled by that service provider or as authorized by you via your privacy settings at that service provider; and
- other third party sources/ and or partners from other countries, whereby we receive additional information about you (to the extent permitted by applicable law), such as demographic data or fraud detection information, and combine it with information we have about you. For example, fraud warnings from service providers like identity verification service. We also receive information about you and your activities on and off the SpinupVPN platform through partnerships, or about your experiences and interactions from our partner ad networks. We also receive information about you as a rights holder from our third party authors. For example, information in the form of a model release when your image is used in an item made available on our Sites.
How we use personal information
- We will use your personal information:
- To fulfill a contract, or take steps linked to a contract: in particular, in facilitating and processing transactions that take place on the Sites, like where you purchase an item from our store. This includes sending your data to companies such as STRIPE and PAYPAL to process payments.
- Where this is necessary for purposes which are in our, or third parties, legitimate interests. These interests include:
- operating the Sites;
- providing you with services described on the Sites;
- verifying your identity when you sign in to any of our Sites;
- responding to support tickets, and helping facilitate the resolution of any disputes;
- updating you with operational news and information about our Sites and services e.g. to notify you about changes to our Sites, website disruptions or security updates;
- carrying out technical analysis to determine how to improve the Sites and services we provide;
- monitoring activity on the Sites, e.g. to identify potential fraudulent activity and to ensure compliance with the user terms that apply to the Sites;
- managing our relationship with you, e.g. by responding to your comments or queries submitted to us on the Sites or asking for your feedback or whether you want to participate in a survey;
- managing our legal and operational affairs (including, managing risks relating to content and fraud matters);
- training SpinupVPN staff about how to best serve our user community;
- improving our products and services.
- providing general administrative and performance functions and activities; and
- processing your job application to SpinupVPN.
- Where you give us consent:
- providing you with marketing information about products and services which we feel may interest you; and
- For purposes which are required by law.
- For the purpose of responding to requests by government, a court of law, or law enforcement authorities conducting an investigation.
When we disclose your personal information
- We will disclose personal information to the following recipients:
- companies that are in the SpinupVPN group which are located in the US and other countries
- authors of any items or services made available to you, so they can facilitate support and license validation, who maybe located in any of the countries our products are available in;
- subcontractors and service providers who assist us in connection with the ways we use personal information (as set out above), in particular: website hosting providers ; technical and customer support services; recruitment agencies; marketing and analytics services; security and fraud prevention services; subscription management services; payment processing services; identification verification services; and operational tooling services. Noting that our subcontractors and services providers may also transfer and access such information from other countries in which they have operations.
- our professional advisers (lawyers, accountants, financial advisers etc.) ;
- regulators and government authorities in connection with our compliance procedures and obligations or to comply with a valid and reasonably scoped legal subpoena;
- a purchaser or prospective purchaser of all or part of our assets or our business, and their professional advisers, in connection with the purchase;
- a third party to respond to requests relating to a criminal investigation or alleged or suspected illegal activity;
- a third party, in order to enforce or defend our rights, or to address financial or reputational risks;
- a rights holder in relation to an allegation of intellectual property infringement or any other infringement; and
- other recipients where we are authorized or required by law to do so.
- Indirectly as a result of your browsing our sites while 3rd party scripts are installed (such as Google Analytics, Facebook Pixels, Bing Tags, Linked-in Tags, Mouseflow tags and other similar scripts)
At this time we have not received any legal requests for a customer’s information – January 2020.
Where we transfer and/or store your personal information
- Our headquarters are located in the United States so your data will usually be initially processed in the US. Some of the recipients we have described in section 10 above, and to whom we disclose your personal information, are based outside the United States. We do this on the basis of your consent to this policy. In order to protect your information, we take care where possible to work with subcontractors and service providers who we believe maintain an acceptable standard of data security compliance.
How we keep your personal information secure
- We store personal information on secure servers that are managed by us and our service providers, and occasionally hard copy files that are kept in locations we reasonably believe to be secure. Personal information that we store or transmit is protected by security and access controls, including one or more of: username and password authentication, two-factor authentication, and data encryption where appropriate.
How you can access your personal information
- You can access some of the personal information that we collect about you by logging in to your account. You may also have the legal right to make a request to access other personal information we hold about you and to request corrections of any errors in that data. You can also close the account you have with us for any of our Sites at any time. To make an access or correction request, contact our privacy advocate using the contact details at the end of this policy. Note that closing your account with us does not automatically remove data that we already have stored – it just prevents you or anyone else from logging in and using your account in the future.
Marketing Choices regarding your personal information
- Where we have your consent to do so (e.g. if you have subscribed to one of our e-mail lists or have indicated that you are interested in receiving offers or information from us), we send you marketing communications by email about products and services that we feel may be of interest to you. You can ‘opt-out’ of such communications if you would prefer not to receive them in the future by using the “unsubscribe” facility provided in the communication itself.
- You also have choices about cookies, as described below. By modifying your browser preferences, you have the choice to accept all cookies, to be notified when a cookie is set, or to reject all cookies. If you choose to reject cookies some parts of our Sites may not work properly in your case.
Cookies (not the type you eat!) and web analytics
- When you visit our Sites, there’s certain information that’s recorded which is generally anonymous information and does not, by itself, reveal your identity. However, if you’re logged into your account some of this information could be associated with your account and thus become data elements that may be able to be used to reveal your identity in the future. We’re talking about the following kinds of details:
- your IP address or proxy server IP address’;
- the domain name you requested;
- the name of your internet service provider is sometimes captured depending on the configuration of your ISP connection;
- the date and time of your visit to the website;
- the length of your session;
- the pages which you have accessed;
- the number of times you access our site within any month;
- the file URL you look at and information relating to it;
- the website which referred you to our Sites; and
- the operating system which your computer uses.
Information about children
- Our Sites are not suitable for children under the age of 18 years, so if you are under 18 we ask that you do not use our Sites or give us your personal information. It’s the responsibility of parents or guardians to monitor their children’s use of our Sites.
Information you make public or give to others
How long we keep your personal information
When we need to update this policy
- We will need to change this policy from time to time in order to make sure it stays up to date with the latest legal requirements and any changes to our privacy management practices.
- When we do change the policy, it will be posted to this page A copy of the latest version of this policy will always be available on this page.
How you can contact us
- If you have any questions about our privacy practices or the way in which we have been managing your personal information, please contact our privacy advocate in writing at PO Box 10435 chicago, IL 60610 USA or [email protected]
If you’re a user or visitor in the European Economic Area you should be aware of the following:
- We are a 100% US based company with no employees or physical operations on EU soil. As such we are legally governed by US LAW and ONLY US LAW
- In the event of a conflict between EU law and US LAW, US LAW will apply
- In the event of ambiguity between EU law and US LAW, US LAW will apply
This is particularly important in regards to the General Data Protection Regulation 2016/679 (the “GDPR”). While we do attempt to respect the laws of other countries, for all practical purposes you have “crossed the border” into the United States when using this website and are therefore bound by US LAW while using this site or communicating with this site or us.
Here are some of the ways in which we will attempt to respect the spirit of the GDPR:
- For the purposes of applicable EU data protection law (including the General Data Protection Regulation 2016/679 (the “GDPR”), we are a ‘data controller’ for your personal information that is collected directly by us as part of a transaction that you initiate with us.
How you can access your personal information:
- You can ask us to port your personal information (i.e. to transfer in a structured, commonly used and machine-readable format, to you), to erase it, or restrict its processing. You can also object to some processing that is based on our legitimate interests, such as profiling that we perform for the purposes of direct marketing, and, where we have asked for your consent to process your data, to withdraw this consent as more fully described below.
- These rights are limited in some situations – for example, we can demonstrate that we have a legal requirement to process your personal information. In many instances, this means that we may retain some data even if you withdraw your consent.
- Where we require your personal information to comply with legal or contractual obligations, then provision of such data is mandatory: if such data is not provided, then we will not be able to manage our contractual relationship with you, or to meet obligations placed on us. In all other cases, provision of requested personal information is optional.
- If you have unresolved concerns you also complain to data protection authorities. The relevant data protection authority will be the data protection authority of the country: (i) of your habitual residence; (ii) of your place of work; or (iii) in which you consider the alleged infringement has occurred.
How you can erase your personal information:
- You can ask us to remove your information from our data store by contacting our privacy advocate in writing at PO Box 10435 chicago, IL 60610 USA or [email protected]
- In the event we choose to honor your request we might not be able to remove all information. For example we might not be able to remove information on cold storage backups or read-only backups or remove information published to any block-chain based technology.
- The companies and residents of the United States has a history of litigious behavior so we might need to keep your data to use as evidence in the event of litigation. Thus your data might be kept until the statutes of limitations run out though, in certain cases, there are no statute of limitations and thus your data might be kept for far longer.
- Again, if you have unresolved concerns you also complain to data protection authorities. The relevant data protection authority will be the data protection authority of the country: (i) of your habitual residence; (ii) of your place of work; or (iii) in which you consider the alleged infringement has occurred.
January 17th 2020: Updated to reference Mouseflow tags; added legal warrant disclosure paragraph.
January 15th 2020: Updated to reference Bing and Linked-in tags
November 22nd 2019: Complete revamp of policy to more closely reflect the spirit of new privacy legislation.