“We”, “us”, “ZenVPN” means ZenV Solutions, Corp.
“You”, “your” means you as an individual user of our Services and/or Website.
“Website” means https://zenvpn.net and our other websites on which this Policy appears.
“Services” means our services provided to you according to the Terms.
“Terms” means our Terms of Service.
“Personal Information” means, if not otherwise defined in the applicable law, information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. If you cannot be identified (e.g., when Personal Information has been aggregated and anonymized), then this Policy does not apply.
2. Applicability of this Policy
When we act as a processor
Our Services are intended to be used both by organizations (legal entities, businesses) and individuals. Where we provide our Services to an organization (e.g., to your employer) that organization controls the information processed in relation to the use of the Services. This organization is the controller of the information, including your Personal Information, and is responsible for the accounts used to access the Services.
If this is the case:
- this Policy does not apply to our interactions with you, since in this context we act solely as a processor of your data on behalf of controller (e.g. organization you work with/for);
- we are not responsible for the privacy or security practices of a controller's organization, which may be different than this Policy; and
- you need to direct your data privacy questions and requests to your organization, as your access to our Services is subject to that organization's policies.
When we act as a controller
This Policy applies when you use our Services as an individual and not as an employee, contractor or representative of an organization, or when we, not your organization, determine the purposes and means of the processing, including collection, of your Personal Information.
3. What Data We Collect and How We Do That
First of all, we would like to assure you that we have not sold and do not sell your Personal Information.
When you visit our Website, use our Services or contact us directly we collect and process your Personal Information. The ways we collect it can be broadly categorized into the following:
Information you provide to us directly
When you use some parts of our Services we might ask you to provide Personal Information to us. For example, you will provide your email address and your first and last name when you create an account with us. We may collect information from you when you contact us, including for support, or provide feedback.
Information we collect automatically
As is true of most online services, we or third-party services that we utilize may automatically collect certain information about the devices you use to access the Services and Website. As described further below, we may collect and analyze (i) device information such as IP addresses, unique device identifiers, screen resolution, time zone, browser types, browser version, browser language, operating system, device make and model, and (ii) information related to the ways in which you interact with the Website and Services, such as referring and exit web pages and URLs, platform type, number of clicks, domain names, landing pages, pages and content viewed and the order of those pages, statistical information about the use of the Website and Services, the amount of time spent on particular pages, the date and time you used the Website or Services, the frequency of your use of the Website and Services, error logs, and other similar information. We may use third-party analytics services and technologies such as Google Analytics to assist in collecting this information. Information collected by various technologies, including cookies and similar tools, will be collected directly by these service providers, who use the information, for example, to evaluate your use of the Services and Website, including by analyzing usage trends.
Cookies and similar tracking technologies
A cookie is a small piece of text sent to your browser by a website you visit.
We use only strictly necessary cookies that let you use the Website and its essential features, including:
- to recognize you when you visit the Website
- to remember your preferences;
- to allow us to link your actions during a browser session (e.g. sessionid),
- to perform security measures (e.g. CSRF).
We also use ‘local storage’ and ‘session storage,’ which are used to store data in your web browser. Local storage supports persistent data storage, similar to cookies but with an enhanced capacity and no information stored in the HTTP request header. Session storage is purged when you close the browser.
As mentioned earlier, third parties whose tools and services we use can serve their cookies when you use the Website and Services (third-party cookies).
Third-party services may use the following types of cookies:
Performance and Analytics Cookies. These cookies are used, for example, to count how many visitors we receive to a page, to understand from what sources users come to the Website or to help us analyze how the Website and Services are used. For more information on Google Analytics cookies, visit https://policies.google.com. To opt-out of being tracked by Google Analytics across all websites visit https://tools.google.com/dlpage/gaoptout.
Targeting Cookies and Other Tools. Such cookies, tags or pixels are set by third-party advertising services. These cookies can be used to create a user profile and display relevant ads on other sites (remarketing tags). These cookies identify the browser and the device.
Functional Cookies. These cookies are used to remember your preferences and settings, for example, to keep a chat with customer support after a page reload.
Social Media Cookies. These cookies relate to services provided by third parties, such as "Like" and "Share" buttons. They are used to provide you with services or to remember your sharing preferences for social networks. Social networks that provide the button may use it to identify you, even if you have not used the button when browsing our Website.
Most web browsers allow some control of most cookies through the browser settings.
You may be able to reset your web browser to refuse all cookies or to indicate when a cookie is being sent. However, some features of the Website and Services may not function properly if the ability to accept cookies is disabled.
Information we get from third parties
We might receive Personal Information about you from third parties. For example, Stripe, a payment provider, makes available to us information about the payer’s zip/postal code, IP address, card network type (Visa, MasterCard, American Express, etc.), last 4 digits of the card and its expiration date. Please note that we do not receive any other payment details from payment providers.
4. How We Use Personal Information
Our processing of your Personal Information is necessary for us to provide you with the Services and Website. If we do not process your Personal Information, we may be unable to provide you with all or some features of the Services.
We use your Personal Information for a number of purposes, which may include the following:
- To operate our Services and Website, ensure they work as intended and deliver the Services you have requested.
- To support you, including assisting with the resolution of technical or other issues relating to the Services.
- To enhance our Services and Website, test and develop new features and carry out analysis of our Services and Website so that we can optimize your user experience and provide you and other users with more efficient tools and features.
- To analyze and aggregate data, to prepare statistics, in particular, to produce aggregated analytics and reports, which we may use internally.
- To manage our relationship and communicate with you. This may include (a) operational and transactional communications, like information about changes to our Services, information about new features, security updates or assistance with using our Services; (b) survey requests, feedback collection and follow-up communication if the Terms or the use of the Services has been terminated or suspended; or (c) providing you with the information you have requested from us or information we are required to send to you. These communications are part of the Services we provide to you and in most cases you will not be able to opt out of them. If an opt-out is available, you will find that option within the communication itself or in your profile settings.
- To promote and drive engagement with the Services and Website.
- To send marketing communications that may be of specific interest to you. These communications are aimed at driving engagement and maximizing what you get out of the Services, including information about new services, newsletters, product offers, and promotions we think may be of interest to you. You may opt out of receiving marketing communications from us at any time by clicking an ‘unsubscribe’ link at the bottom of the email or contacting our support team at email@example.com.
- To prevent, detect and report crime, protect you, other users and us, for example, by ensuring network and information security, mitigating security risks, detecting and preventing any fraudulent or malicious activity, and make sure that everyone is using our Services and Website fairly and in accordance with the Terms and applicable regulations.
- To perform legal duties, responsibilities, and obligations; and to comply with laws and regulations that apply to us.
- To exercise our rights set out in the Terms or other agreements with you.
- To disclose information to our contractors on a need-to-know basis or our successors following a restructure.
We may aggregate and/or de-identify information collected through the Services and Website. We may use de-identified and/or aggregated data for any purpose, including without limitation for research and marketing purposes.
5. To Whom We May Disclose Your Personal Information
There will be times when we may need to disclose your Personal Information to third parties. We may disclose your Personal Information to:
- Third-party service providers and partners who assist us in the provision of the Services and Website, for example, (a) those who support delivery of or provide certain features in connection with the Services and Website (e.g. Stripe, a payment services provider); (b) providers of analytics and measurement services (e.g. Google Analytics); (c) providers of technical infrastructure services (e.g. Amazon AWS); (d) providers of customer support services (e.g. Crisp); (e) providers of security solutions (e.g. Cloudflare);
- Law enforcement agencies, government bodies, courts or other third parties, when required by law;
- Professional advisors, such as lawyers, auditors, etc. where necessary in the course of the professional services that they render to us;
- Other persons where we have your consent.
6. Data Retention
Some information you can delete whenever you like, some data is deleted automatically, and some information we retain for longer periods of time when necessary. When the information is being deleted, we make sure that your information is safely and completely removed from our servers or retained only in anonymized form.
Sometimes business and legal requirements oblige us to retain certain information, for specific purposes, for an extended period of time. Reasons we might retain some data for longer periods of time include:
- To ensure that the Services and Website are available to you and other users.
- To protect you, other persons, and us from fraud, abuse, illegal activity and unauthorized access, for example, when we suspect someone is committing fraud.
- To comply with tax, anti-money laundering and other financial regulations, or for accounting purposes.
- To facilitate dispute resolution.
- To meet and comply with applicable law, regulation, legal process or enforceable governmental request, or when we are required to enforce the Terms, including investigation of potential violations.
- If you have directly communicated with us, for example, through a customer support channel or provided feedback or a bug report.
7. Security Measures
We have implemented technical, physical, and organizational security measures to protect against the loss, misuse, and/or alteration of your information. These safeguards vary based on the sensitivity of the information that we collect and store.
Security and privacy third party risk assessment is established as a part of our vendor management process.
8. Information Concerning Children
The Website and Services are not intended for children aged 16 or under. We do not seek to collect Personal Information about children aged 16 or under. If you have any concerns about your child’s privacy in relation to our Services, or if you believe that your child under the age of 16 may have entered Personal Information onto our Website, please contact us at firstname.lastname@example.org. We will delete such Personal Information from our records or seek verifiable parental or legal guardian consent to retain such information within a reasonable time.
9. Third Party Links and Services
We reserve the right, at our sole discretion to modify or revise this Policy at any time by posting the amended Policy on the Website. Please check the most current Policy.
11. Privacy Related Inquiries
If, for any reason, you are concerned with the way that we may be using your Personal Information, you have questions about the privacy aspects of the Services or Website, please, contact us at email@example.com.
12. EU and UK Privacy Notice
If you are an individual in the European Economic Area (EEA) or the United Kingdom the provisions of this section apply to you.
This section applies solely to visitors, users, and others who reside in the EEA and the UK.
Legal Grounds to Process Personal Information
Where we collect Personal Information, we will only process it when we have the legal basis for the processing set out in applicable data protection laws. Such legal bases are:
- The performance of a contract. We may process your Personal Information where we need to take steps at your request prior to entering into a contract or where it is necessary for the performance of a contract.
- The legitimate interests. Your Personal Information may be processed when we, other companies in our group of companies or third parties have a business or commercial reason to process your Personal Information.
- A legal obligation. Various laws and regulations may impose certain obligations on us. To comply with them we have to process your Personal Information.
- Your consent. In certain limited cases we process your Personal Information based on your consent, for example, when it is required for direct marketing purposes and you are not an employee, contractor or representative of an organization that has been interested in our Services or has used our Services.
How We Use Personal Information
Our processing of your Personal Information is necessary for us to provide you with the Website and Services. If we do not process your Personal Information, we may be unable to provide you with all or some features of the Services.
We use your Personal Information for a number of purposes, which may include the following:
|Use of your Personal Information
|To operate our Services and Website
|Performance of a contract
|To support you
|Performance of a contract
|To enhance our Services and Website, test and develop new features and carry out analysis of our Services
|To analyze and aggregate data, to prepare statistics
|To manage our relationship and communicate with you
|Performance of a contract
|To promote and drive engagement with the Services and Website
|To send marketing communications
Your consent (as applicable)
|To prevent, detect and report crime, protect you, other users and us
Performance of a contract
|To perform legal duties, responsibilities, and obligations; and to comply with laws and regulations
|To exercise our rights set out in the Terms
|Performance of a contract
|To disclose information to companies in our group of companies following a restructure or for internal administrative purposes
International Data Transfers
When we process and share data, it may be transferred to, and processed in, countries other than your country. Where Personal Information is processed in another country, we put safeguards in place to ensure your Personal Information remains protected. In particular, third-party service providers mentioned in Section 5 above may be located in countries outside the EEA or the UK, which do not provide an adequate level of data protection as defined by data protection laws in the EEA and the UK. Transfers to third parties located in such third countries take place using valid data transfer mechanisms, such as the European Commission’s Standard Contractual Clauses and/or the U.K. Addendum to such clauses.
Individuals in the EEA and the UK have or may have the following rights with respect to their Personal Information that we process as a controller:
- You have the right to access (and obtain a copy of, if required) your Personal Information.
- You have the right to update your Personal Information or to correct any inaccuracies.
- You may have the right to request that we delete your Personal Information in certain circumstances, such as when it is no longer necessary for the purpose for which it was originally collected.
- You may have the right to request to restrict the use of your Personal Information in certain circumstances, such as when you have objected to our use of your Personal Information but we need to verify whether we have overriding legitimate grounds to use it.
- You have the right to transfer your Personal Information to a third party in a structured, commonly used and machine-readable format, in circumstances where the Personal Information is processed with your consent or by automated means.
- You may have the right to object to the use of your Personal Information in certain circumstances, such as the use of your Personal Information for direct marketing.
- If you are not happy with how we are processing your Personal Information, please let us know by sending an email to firstname.lastname@example.org. We will review and investigate your complaint, and try to get back to you within a reasonable time frame. You have the right to complain to your local data protection authority. This right may not be available to you if there is no authority dealing with data protection in your country.
Please note that we will be able to assist you in exercising your rights only when we are the controller of your Personal Information (e.g., when we use your information for marketing communications or when you have contacted us not as an employee or representative of an organization). You can exercise your rights at any time by sending an email to email@example.com. In all other cases, please direct your data privacy questions and requests to your organization.
We may require evidence of and be satisfied as to your identity before we take any requested action.
13. California Privacy Notice
Notwithstanding the fact that the California Consumer Privacy Act (CCPA) does not currently apply to us due to its scope limitation, we strive to voluntarily comply with the CCPA’s key principles.
This section applies solely to visitors, users, and others who reside in the State of California.
Categories of Personal Information Collected
Personal Information that we may collect, or may have collected from you in the preceding twelve months, fall into the following categories established by the CCPA:
- identifiers, such as your name, email address, or IP address;
- commercial information, such as your subscription purchase history;
- Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with a website, application, or advertisement.
- geolocation data, such as the location of your device or computer; and
- inference data, such as information about your preferences.
Categories of Sources of Personal Information
In the past twelve months, we have collected Personal Information relating to California residents from the sources described above in section “What Data We Collect and How We Do That”.
Categories of Third Parties to Whom We Disclose Personal Information
We disclose Personal Information to the categories of third parties described above in section “To Whom We May Disclose Your Personal Information”.
Categories of Personal Information Disclosed for a Business Purpose
Personal Information that we may have disclosed about consumers for a business purpose in the preceding twelve months fall into the following categories established by the CCPA:
- identifiers, such as your name, email address, or IP address, for example if we use a third-party customer support services;
- commercial information, such as the details of a product or service you have purchased if a third party service provider is assisting to provide that product or service to you; and
- geolocation data and Internet or other electronic network activity information, if we use a third-party service provider to help us with analytics, marketing or advertising.
For more information about Personal Information we may disclose to third parties for a business purpose, please visit section “How We Share Your Personal Information” above.
Business and Commercial Purposes for Collecting Personal Information
We use Personal Information we collect for business and commercial purposes described above in section “How We Use Personal Information”. We may also use Personal Information relating to California residents for one or more of the specific “business purposes” listed in the CCPA.
Categories of Personal Information Shared
We do not share and have not shared in the preceding twelve months your Personal Information with certain of these third-party providers who may use it for online or “cross-context” behavioral advertising, which meets the definition of “share” under the CCPA.
You have the following right under the CCPA:
- To request that we disclose to you Personal Information we have collected about you.
- To request further information about our collection, use, disclosure, or sale of your Personal Information such as a list of the categories of personal information collected about you, and other related information such as the source of the information, categories of information shared or sold to third parties, and the purpose for such sharing.
- To request correction of inaccurate Personal Information.
- To request to delete your Personal Information, in some circumstances.
- To designate an authorized agent to exercise some of your rights.
If you wish to do any of these things, please contact us at firstname.lastname@example.org, via contact form on the Website, or the Website’s customer support widget. Please be aware that we do not accept or process requests through other means (e.g., via fax, social media, etc.).
We will review the information provided and may request additional information to ensure we are interacting with the correct individual. Please also be aware that making any such request does not ensure complete or comprehensive removal or deletion of Personal Information, and there may be circumstances in which the law does not require or allow us to fulfill your request.
To the extent we receive requests directly from end users or employees of our business customers regarding their Personal Information, we will work with such business customers to comply with its obligations under the CCPA.
No Sale of Personal Information
In the preceding twelve months we have not sold any Personal Information of consumers, as those terms are defined under the CCPA.
We will not discriminate against you for exercising your rights under the CCPA.
14. Other U.S. State Privacy Laws
Although the Virginia Consumer Data Protection Act, the Colorado Privacy Act, the Connecticut Data Privacy Act and the Utah Consumer Privacy Act do not currently apply to us due to their scope of applicability limitations, we are committed to voluntarily adhering to the fundamental principles of these laws. Please, contact us at email@example.com if you have any data privacy requests.