PRIVATE INTERNET ACCESS PRIVACY POLICY

This privacy policy (“Privacy Policy” or “Policy”) sets forth the privacy practices of Private Internet Access, Inc., (collectively, ‘We,’ ‘Us,’ ‘Data Controller,’ ‘Company,’ or 'PIA’) and applies to users (“User(s)” or “You”) of the PIA’s services, including, inter alia, the PIA VPN service (“Service”) and PIA website at www.privateinternetaccess.com (“Website”).

The processing of personal data, such as the e-mail address or payment information of a data subject shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to PIA. By means of this data protection declaration and Privacy Policy, we are informing the general public of the nature, scope, and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed, by means of this data protection declaration, of the rights to which they are entitled.

As the data controller for personal data, we administer strict policies safeguarding your privacy and security. By agreeing herein, you also signify your acceptance of, and agree to be bound by this Policy interpreted in line with the Terms of Service, the Cookie Policy, the Digital Millennium Copyright Act (DMCA) policy which are hereby incorporated herein by reference (the DMCA policy, Terms of Service, and the Privacy Policy are sometimes referred to collectively as the “Policies") into this Privacy Policy.

TABLE OF CONTENTS


Personal Information we Collect
Non-Personal Data
Uses of Personal Data Collected by Us
Website Registration
Disclosure and Use of Personal Data
Data Retention
CalOPPA Statement
Name and Address of Data Protection Officer and Name and Address of Data Controller
CCPA Statement
Maintaining the Security of Your Personal Information
How We Transfer Information Collected Internationally
COPPA Disclosure
Rights of the Data Subject
Changes to this Privacy Policy

PERSONAL INFORMATION WE COLLECT (“PERSONAL DATA”)


Personal Data means any information that relates or may be associated to an identifiable person. The personal Data will collect vary depending on your use of PIA’s Website or Service, as follows:

From Clients of our Service
  • E-mail Address for the purposes of account management and protection from abuse.
  • Payment Data for the purposes of processing payments as required by our third-party payment processors. Note that we do not save your full credit card details.
  • Cookie identifiers (see our Cookie Policy);
  • State or Territory of origin and zip code.
From visitors to the PIA website and Email
  • Information included in any submissions on the 'Contact Us' page.
  • The email address of any e-mails we receive.

NON-PERSONAL DATA


Non-personal Data is not associated with or linked to your Personal Information. Thus, Non-personal Data does not permit the identification of individual persons. Non personal data we collect include:

  • Google analytics data (this data is anonymized).
  • Internationalisation (i18n).
  • System information.

USES OF PERSONAL DATA COLLECTED BY US


  • We collect your name and e-mail address to send you subscription information, payment confirmation, customer correspondence and PIA promotional offers only
  • (to the extent you accept or subscribe to our marketing list). Additionally, we may collect state, and zip code to ensure compliance with our statutory tax obligations and for fraud detection.
  • Furthermore, we may collect payment data to manage client signups, payments, and cancellations. We may also process the above data in compliance with valid legal process, to comply with statutory obligations and to comply with contractual obligations.
The above-mentioned Personal Data is not, at any point, associated with any kind of activity done by the user inside the Private Internet Access VPN which is NOT recorded, logged or stored at all.

WEBSITE REGISTRATION


You have the option to register on PIA website by inserting your username and password. The Personal Data entered is collected and stored exclusively for internal use by PIA, and for its own purposes. By registering on the website, the payment method, login ID, date and time of the registration are also stored. The storage of this data takes place against the background that this is the only way to prevent the misuse of our services, and, if necessary, to make it possible to investigate committed offenses. Insofar, the storage of this data is necessary to secure the controller. This data is not passed on to third parties except as stated herein. Through registering on PIA’s website, you may exercise your rights as indicated below, through the website.

The registration of your data is intended to enable the controller to offer the data subject contents or services that may only be offered to registered users.

DISCLOSURE AND USE OF PERSONAL DATA


PIA strives to protect the privacy rights of our clients. We do not share, sell, rent or trade your Personal Data with third parties other than as disclosed within this Privacy Policy. We may disclose your Personal Data to any member of our group of companies (this means our subsidiaries, our ultimate holding company and all its subsidiaries) insofar as reasonably necessary for the purposes set out in this Policy.

Additionally, although we will comply with all valid subpoena requests, our legal team scrutinizes each and every legal request that we receive for compliance with both the "spirit" and letter of the law. For invalid or overly broad subpoenas, we will often question or attempt to narrow the scope of any subject matter sought. Moreover, when it is possible and a valid option, we will provide the user an opportunity to object to any requested disclosures. PIA will not participate with any law enforcement request that is unconstitutional.

Furthermore, we may share your personal information with third part service provides that we may engage to improve the Service. In particular, in order to assist you if you have questions while using our Website or regarding your order and provide comprehensive customer support, we offer the possibility of online chat. For the use of such online chat, you will be requested to provide Personal Data such as name and email. Our online chat is offered through Zendesk that will have access to collect and proses such Personal Data solely for the purpose of facilitating communication with you and record-keeping (https://www.zendesk.com/company/customers-partners/eu-data-protection/).

PIA itself does not process any orders or payments. We work exclusively with payment processors such as Stripe, Amazon payments, Bitpay and Paypal. You can find information about the payment services providers' privacy policies and practices at https://stripe.com/us/privacy (Stripe), https://pay.amazon.com/help/201212430 (Amazon), https://bitpay.com/about/privacy/ (Bitpay), and https://www.paypal.com/us/webapps/mpp/ua/privacy-full (Paypal). The payment processors privacy policy governs the collection and use of the information collected during the check-out process which we recommend you review prior to placing an order or providing any information.

DATA RETENTION


We may rectify, replenish or remove incomplete or inaccurate information, at any time and at our own discretion as detailed above. Please note that unless you instruct us otherwise, we retain the information we collect for as long as needed to provide the Service and to comply with our legal obligations, resolve disputes and enforce our agreements.

CalOPPA STATEMENT


The State of California requires us to post specific language related to our Privacy Policy. By default, PIA does not share your Personal Data with any third parties aside from the disclosures already made in this Privacy Policy. However, if you wish to inquire into how PIA does not share our user's Personal Data with third parties for direct marketing purposes, you may contact:

NAME AND ADDRESS OF DATA PROTECTION OFFICER AND NAME AND ADDRESS OF CONTROLLER


Our current data protection officer can be reached at the following information below.

Dr. Venetia Argyropoulou
Private Internet Access, Inc.
5555 DTC Parkway
Suite 360
Greenwood Village, CO 80111
United States (347)586-9467 (Ext. 904)
[email protected]

CALIFORNIA CONSUMER PRIVACY ACT (“CCPA”) STATEMENT


Pursuant to California Civil Code Section 1798.83, if you live in the State of California and your business relationship with us is mainly for personal, family or household purposes, you may ask PIA about the information we release to other organizations for their marketing purposes. To make such a request, please send an email to [email protected] with “CCPA privacy request” as the subject. You are allowed under California law to request this information one time each calendar year. We will email you a list of categories of Personal Data we may have revealed to any third parties in the last calendar year, along with their names and addresses. Not all Personal Data shared in this form is included under Section 1798.83 of the California Civil Code. Please also see this California specific privacy notice for more details related to your rights as a California resident under the CCPA.

MAINTAINING THE SECURITY OF YOUR PRIVATE INFORMATION


Only key employees of PIA and PIA’s Group with a need to administer or process Personal Data are granted access to the servers and information where Personal Data is stored. Personal Data is maintained in an encrypted form.

HOW WE TRANSFER INFORMATION COLLECTED INTERNATIONALLY


We collect information globally and primarily store that information in the United States. If we transfer your Personal Data from the United States, we will request your consent.

COPPA DISCLOSURE - About Children’s Online Privacy


The Children’s Online Privacy Protection Act (COPPA) was passed to give parents increased control over what information is collected from their children online and how such information is used. The law applies to websites and services directed to, and which knowingly collect information from, children under the age of 13. Our online services are not directed to children under the age of 13, nor is information knowingly collected from them. For additional information on COPPA protections, please see the FTC website at: https://www.consumer.ftc.gov/articles/0031-protecting-your-childs-privacy-online

RIGHTS OF THE DATA SUBJECT


Your principal rights under data protection law in relation to your Personal Data are:

  • (a) the right to access and information which is provided to you through your account;
  • (b) the right to rectification;
  • (c) the right to erasure;
  • (d) the right to restrict processing;
  • (e) the right to object to processing;
  • (f) the right to data portability;
  • (g) the right to complain to a supervisory authority; and
  • (h) the right to withdraw consent.

We provide you with the ability to exercise the above rights along with certain choices and controls in connection with our treatment of your Personal Data. To exercise your rights through your account please contact our Data Protection Officer (“DPO”) at:

Dr. Venetia Argyropoulou
Private Internet Access, Inc.
5555 DTC Parkway
Suite 360
Greenwood Village, CO 80111
United States (347)586-9467 (Ext. 904)
[email protected]

In the event you make such request, note that we may require certain information from you in order to verify your identity and locate your data and that the process of locating and deleting the data may take reasonable time and effort. Data privacy and related laws in your jurisdiction may provide you with different or additional rights related to the data we collect from you, which may also apply.

CHANGES TO THIS PRIVACY POLICY


Last revised Jul 07th, 2020