Privacy Policy

Privacy Policy

SpyOFF is committed to protecting online privacy. Therefore, we encrypt and anonymize the Internet connection of our users according to military standards. Our entire system has been designed to capture only the bare minimum of data needed to provide a world-class VPN service.

We attach great importance to understanding what information we collect, which information we DO NOT collect and what we use your information for.

The highest priority for us is data protection. There is no data retention in San Marino. So we can guarantee our no-log-policy (https://www.spyoff.com/en/no-logs). Once a user uses our VPN software, their Internet data is encrypted and their activities become invisible to ISPs, snoopers and criminals thanks to the latest security technologies. Users and their activities will at no time be monitored, logged, recorded, stored or shared with third parties while using our software.

I. Name and address of the person responsible

The person responsible within the meaning of the basic data protection regulation and other national data protection laws of the member states as well as other data protection regulations is the:

Sareta S.r.l., Serravalle (R.S.M.)

10 Cardio Street

47899 Serravalle

Repubblica San Marino

Tel .: 0044 203 519 2251

E-mail: support@spyoff.com

II. General information on data processing

  1. Scope of processing of personal data

In principle, we process personal data of you only insofar as this is necessary for the provision of a functional website and our content and services. The processing of personal data of our users is basically only after the user’s consent. An exception applies in cases in which prior consent is not possible and the processing of the data is provided for by law.

 

  1. Legal basis for the processing of personal data

Insofar as we obtain your consent for processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) as legal basis.

In the processing of personal data required to fulfill a contract of which you are a party, Art. 6 para. 1 lit. b DSGVO as legal basis. This also applies to processing operations required to carry out pre-contractual actions.

Insofar as processing of personal data is required to fulfill a legal obligation that is subject to our company, Art. 6 para. 1 lit. c DSGVO as legal basis.

 

In the event that vital interests of you or another natural person require the processing of personal data, Art. 6 (1) lit. d DSGVO as legal basis.

If the processing is necessary to safeguard the legitimate interests of our company or a third party and if the interests, fundamental rights and freedoms of yours do not outweigh the former interest, Art. 6 para. 1 lit. f DSGVO as legal basis for processing.

 

  1. Data deletion and storage duration

The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage is deleted. In addition, such storage may be provided for by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject. Blocking or deletion of the data also takes place when a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for conclusion of a contract or fulfillment of the contract.

III. Provision of the website

  1. Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the calling computer.

The following data is collected here:

– Date and time of access

– Number, duration and order of page impressions on the website (Impressions)

A storage of this data together with other personal data of you will NOT take place.

  1. Legal basis for data processing

The legal basis for the temporary storage of data is Art. 6 para. 1 lit. f DSGVO

  1. Purpose of the data processing

The temporary storage of the data is necessary to enable delivery of the website to your computer, to ensure the functionality of the website, to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

For these purposes, our legitimate interest in the processing of data according to Art. 6 para. 1 lit. f DSGVO.

  1. Duration of storage

The data will be deleted as soon as it is no longer necessary for the purpose of its collection.

  1. Opposition and removal possibility

 

 

The collection of the data for the provision of the website and the storage of the data is essential for the operation of the website. There is therefore no contradiction on your part.

IV. Use of cookies

  1. Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the Internet browser or on the Internet browser on your computer system. When you visit a website, a cookie may be stored on your operating system. This cookie contains a characteristic string that allows the browser to be uniquely identified when the website is reopened.

We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser be identified even after a page break.

The following data is stored and transmitted in the cookies:

– Language settings

– Articles in a shopping cart

– Log-in information

– Websites from which the system of the user reaches our website

When you visit our website you will be informed by an info banner about the use of cookies for analysis purposes and referred to this privacy policy. In this context, there is also an indication of how the storage of cookies in the browser settings can be prevented.

  1. Legal basis for data processing

The legal basis for the processing of personal data using cookies is Article 6 (1) lit. f DSGVO.

  1. Purpose of the data processing

The purpose of using technically necessary cookies is to facilitate the use of websites for you. Some features of our website can not be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page break.

We require cookies for the following applications:

– Shopping cart

– Acceptance of language settings

The user data collected through technically necessary cookies will not be used to create user profiles.

For these purposes, our legitimate interest in the processing of personal data pursuant to Art. 6 para. 1 lit. f DSGVO.

  1. Duration of storage, objection and disposal options

 

 

 

Cookies are stored on your computer and transmitted by it to our site. Therefore, you also have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Already saved cookies can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may not be possible to use all the functions of the website to the full.

We also respect the “do not track” signals and do not track, do not use cookies, and do not use advertisements when there is a “not tracking” (DNT) browser mechanism.

V. Blog with commentary

  1. a) Description and extent of processing of personal data

At blog.spyoff.com we offer visitors to our website a blog with commentary function including the possibility to subscribe to comments via EmailReminder. To use the blog, the following data is collected:

– name / pseudonym

– E-mail address

– Link

– Comment content

For the processing of the data, your consent is obtained during the registration process and reference is made to this privacy policy.

  1. b) Legal basis for the processing of personal data

The legal basis for processing the data is Art. 6 para. 1 lit. a GDPR.

  1. c) Purpose of the data processing

The collection of data serves to ensure security, as well as use of the blog. The collection of the e-mail address is intended to prevent misuse and the delivery of the e-mail reminder, if desired.

  1. d) Duration of storage

The data will be deleted as soon as it is no longer necessary for the purpose of its collection.

  1. e) Opposition and removal options

The subscription of the comments as well as the registration to the blog and the associated consent to the data processing can be terminated at any time.

For this purpose, we find in every email from us a “unsubscribe link”.

After clicking on the link, the subscription to the comments will be deleted and you will no longer receive any reminder emails.

To delete your pseudonym and your email, please send an e-mail to info@spyoff.com with the appropriate request.

VI. Transfer of personal data to third parties

  1. Third party cookies
  2. a) Description and extent of processing of personal data

Our website uses various third-party cookies for analysis and marketing purposes.

– Google Adwords

For marketing purposes, we use Google Adwords, an advertising program from Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”).

The following functions of the service are used by us:

Remarketing feature: This feature allows us to show you advertisements based on your interests on other websites within the Google Display Network. For this, your behavior on our website is analyzed (for example, interest in certain offers / content) in order to be able to show you targeted advertising even after your visit to other sites. Google uses cookies for this purpose. This number is used to uniquely identify a web browser on a particular computer and not to identify a person; personal information will not be stored.

Conversion Tracking: This will set a conversion tracking cookie on your machine when you click on a Google-served ad. These cookies lose their validity after 30 days, contain no personal data and are thus not used for personal identification. The information gathered using the conversion cookie is only used to generate conversion statistics for AdWords advertisers who have opted for conversion tracking.

You may disable the use of cookies by Google by following the link below and downloading and installing the plug-in provided there: https://www.google.com/settings/ads/plugin.

You can find more information about Google services and Google’s privacy policy here: https://www.google.com/privacy/ads/.

– Double Click

To optimize and display advertising, we use DoubleClick from Google on our website (Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA).

Data is transferred to the DoubleClick server with every impression, click, or other activity. Each of these data transfers triggers a cookie request to your browser. If the browser accepts this request, DoubleClick sets a cookie on your system. The cookie is used, among other things, to serve and display user-relevant advertisements, as well as to generate reports on advertising campaigns or to improve them. Furthermore, the cookie is used to avoid multiple impressions of the same advertising.

DoubleClick uses a cookie ID required to complete the technical process. For example, the cookie ID is needed to display an ad in a browser. DoubleClick can also use the cookie ID to see which ads have already appeared in a browser to avoid duplication. DoubleClick also allows the cookie ID to track conversions. For example, conversions will be tracked if you’ve previously seen a DoubleClick ad, and then you’re making a purchase on the advertiser’s website using the same internet browser.

A DoubleClick cookie does not contain any personally identifiable information. He can, however, additional

 

 

Contains campaign identifiers. This serves to identify the campaigns you have already been in contact with.

Each time you visit our website, which incorporates a DoubleClick component, the Internet browser on your computer is automatically driven by the relevant DoubleClick component to submit data to Google for online advertising and commission billing purposes. In this context, Google is aware of data that Google also used to create commission statements.

You may disable the use of cookies by Google by following the link below and downloading and installing the plug-in provided there: https://www.google.com/settings/ads/plugin.

Additional information and DoubleClick by Google’s applicable privacy policy can be found at https://www.google.com/intl/en/policies/.

 

– Bing ads

For marketing purposes, we use Bing Ads (bingads.microsoft.com), a product of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (“Microsoft”).

When you reach our website from a Microsoft Bing ad, Microsoft places a cookie on your machine. So for us Microsoft understands that someone has clicked on an ad, has been redirected to our website and has reached a previously determined landing page (conversion page). We only hear the total number of users who clicked on a Bing ad and were then redirected to the conversion page. Microsoft uses the cookie to collect, process and use information that generates usage profiles using pseudonyms. These usage profiles are used to analyze visitor behavior and are used to display advertisements. No personal information about your identity will be processed.

If you do not agree with this, you can prevent the collection of the data generated by the cookie and related to your use of the website as well as the processing of this data by Microsoft by contradicting the collection and use under the following link: http: // choice. microsoft.com/de-DE/opt-outIhren

 

For more information about privacy and cookies on Microsoft and Bing Ads, visit the Microsoft website https://privacy.microsoft.com/en-us/privacystatement.

 

FriendlyDuck / Affiliate System

For analysis and marketing purposes, as well as for the provision of the website, we use FriendlyDuck (a platform of FriendlyDuck S.r.l., Via XXVIII Luglio, 212, 47893 Borgo Maggiore). FriendlyDuck provides a platform on the Internet at the domain https://affiliate.friendlyduck.com to assist in the online distribution of goods and services. If you visit our website, a standard cookie will be set so that our site will be serviceable. The cookie contains i.a. the information from which website you reach our website (see III. Use of Cookies). For the purpose of commission billing we transfer an anonymous visitor ID to our partner, which will be deleted afterwards.

zendesk live chat:

To provide a live chat with our customer service and to show the conversation, we use the service Zendesk livechat (zendesk.com). There, data is transferred that serves as documentation in customer service. The data collected includes:

– Chat History

– specified name

– IP address

– country of origin

– other personal information, depending on the information provided.

 

This data will not be disclosed to third parties and will only be used to process and document the requests. By using the chat, you agree that you agree.

You can find information about Zendesk’s chat and privacy policy here: https://www.zendesk.com/company/customers-partners/privacy-policy/

 

IXOPAY

For the provision of payment services and payment methods, we use IXOPAY. IXOPAY, an offer of IXOLIT GmbH, Mariahilfer Str. 77-79, 1060 Vienna, is a PCI-DSS Level 1 certified payment platform. It combines a variety of alternative payment methods and credit card acquirers and enables the secure storage of credit and debit card data (PANs). We use this cookie to prevent fraud and increase the security of payment transactions. The moment you reach our website, an anonymous visitor ID is stored in a cookie for this purpose.

 

Dislo

To provide the website, we use the platform www.dislo.com, a product of IXOLIT GmbH, Mariahilfer Straße 77-79, 1060 Vienna.

This cookie helps us to make our website more user-friendly. For this the following data are stored in the cookie:

– Language settings

– Articles in a shopping cart

– Log-in information

For more information, see Dislo’s privacy policy: https://www.dislo.com/en/privacy-policy

To provide and secure this website and to maximize loading times, CloudFlare (a service of CloudFlare Inc., 101 Townsend St., San Francisco, CA 94107) is being used as a “Content Delivery Network” (CDN service). A CDN is a service that helps deliver content from our online offering, especially large media files, such as graphics or scripts, using regionally distributed and Internet-connected servers. For the CDN service, content data is purpose-bound for performance improvement on CloudFlare servers.

Cloudflare is certified under the Privacy Shield Agreement, providing a guarantee to comply with European privacy legislation (https://www.privacyshield.gov/participant?id=a2zt0000000GnZKAA0&status=Active).

For more information, see the Cloudflare Privacy Policy: https://www.cloudflare.com/security-policy.

When you visit our website you will be informed about the use of cookies for analysis purposes and pointed to this privacy policy. In this context, there is also an indication of how the storage of cookies in the browser settings can be prevented.

  1. b) Legal basis for the processing of personal data

The legal basis for data processing is Art. 6 para. 1 lit. f DSGVO.

  1. c) Purpose of the data processing

By using the aforementioned cookies, we aim to improve the performance and enjoyment of our service, as well as to ensure the marketing of our website.

  1. d) Duration of storage

The data will be deleted as soon as it is no longer necessary for the purpose of its collection.

  1. e) Opposition and removal options

You can sign out of Google Analytics through the Google Analytics opt-out page (https://tools.google.com/dlpage/gaoptout?hl=en).

You can disable Google’s use of cookies by visiting the opt-out page of Google Advertising (https://support.google.com/dfp_premium/answer/2839090?hl=en).

You may disable the use of third-party cookies by visiting the opt-out page of the Network Advertising (https://optout.networkadvertising.org/?c=1#!/) initiative.

We recommend to allow all cookies on the website, otherwise the functionality may be limited. If you still want to disable cookies, this is how it works:

Chrome:

https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=de

Edge:

https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies

Firefox:

https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen

Safari:

https://support.apple.com/kb/PH21411?locale=de_DE

VI.Website analysis services

  1. a) Description and extent of processing of personal data

Web analytics with Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files that are stored on your computer and that allow an analysis of the use of the website by you. By activating the IP anonymization on this website, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide us with other services related to website activity and internet usage. The IP address provided by Google Analytics as part of Google Analytics will not be merged with other Google data. You can prevent the storage of cookies by setting your browser software accordingly; however, we point out that in this case you may not be able to use all the features of this website in full.

In addition, we have made settings that Google Analytics deletes the last part of the IP addresses of visitors to our website. Hereby we do not come into possession of data that allow us to draw conclusions about your person.

Mixpanel:

In addition, we use the tracking tool from www.mixpanel.com, a web analytics service provided by Mixpanel Inc. Cookies can be used for this purpose. These are small text files that are stored locally on the site visitor’s computer, allowing them to be recognized when revisiting our website. Mixpanel Inc. collects and stores usage data in pseudonymous profiles. The pseudonymous usage profiles are not merged with personal data about the bearer of the pseudonym.

You can view the Privacy Policy of Mixpanel here: https://mixpanel.com/terms.

  1. b) Legal basis for the processing of personal data

The legal basis is Art. 6 para. 1 lit. f DSGVO

  1. c) Purpose of the data processing

 

 

 

 

The use of the website analysis services optimizes the website and our offer. Google and Mixpanel uses the information to evaluate your use of the website, to compile reports on website activity, and to provide other services related to website activity and internet usage to the website operator.

  1. d) Duration of storage

The data will be deleted as soon as it is no longer necessary for the purpose of its collection.

  1. e) Opposition and removal options

You can prevent the storage of cookies by setting your browser software accordingly; However, we point out that in this case you may not be able to use all the features of this website in full.

Google Analytics:

In addition, you may prevent the collection by Google of the data generated by the cookie and related to your use of the website (including your IP address) as well as the processing of this data by Google by downloading the browser plug-in available under the following link and install: https://tools.google.com/dlpage/gaoptout?hl=en. Mobile users can disable Google Analytics at this link.

Mixpanel:

The data collection and storage for the purpose of web analytics, you can at any time object to the future by clicking the service by clicking on “Yes, I would like to opt out” on this page https://mixpanel.com/optout/ In this case, please note that as a result of this a cookie will be set on your device, which will stop you from collecting and evaluating any data, so you should not delete this cookie.

VII. Rights of the data subject

If you process personally identifiable information, you are i.S.d. DSGVO and you have the following rights to the person responsible:

  1. Right to information

You may ask the person in charge to confirm if personal data concerning you is processed by us.

If such processing is available, you can request information from the person responsible about the following information:

(1) the purposes for which the personal data are processed;

(2) the categories of personal data being processed;

(3) the recipients or the categories of recipients to whom the personal data relating to you have been disclosed or are still being disclosed;

(4) the planned duration of the storage of your personal data or, if specific information is not available, criteria for determining the duration of storage;

(5) the right of rectification or deletion of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;

(6) the existence of a right of appeal to a supervisory authority;

(7) all available information on the source of the data if the personal data is not collected from the data subject;

(8) the existence of automated decision-making including profiling under Article 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved, and the scope and intended impact of such processing on the data subject.

You have the right to request information about whether your personal information relates to a third country or an international organization. In this regard, you can ask for the appropriate guarantees in accordance with. Art. 46 GDPR in connection with the transfer.

Right to rectification

You have a right to rectification and / or completion to the controller, if the processed personal data relating to you is incorrect or incomplete. The responsible person must make the correction without delay.

Right to restriction of processing

You may request the restriction of the processing of your personal data under the following conditions:

(1) if you contest the accuracy of your personal information for a period of time that enables the controller to verify the accuracy of your personal information;

(2) the processing is unlawful and you refuse the deletion of personal data and instead demand the restriction of the use of personal data;

(3) the controller no longer requires the personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims; or

(4) if you have filed an objection to the processing pursuant to Art. 21 para. 1 DSGVO and it is not yet certain whether the legitimate reasons of the person responsible outweigh your reasons.

If the processing of personal data concerning you has been restricted, this data may only be used with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public interest Union or a Member State.

If the limitation of the processing after the o.g. If conditions are restricted, you will be instructed by the person in charge before the restriction is lifted.

Right to delete

  1. a) deletion of duty

You may require the controller to delete your personal information without delay, and the controller is required to delete that information immediately if one of the following is true:

(1) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.

(2) You revoke your consent to the processing gem. Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. DSGVO and there is no other legal basis for processing.

(3) You lay gem. Art. 21 para. 1 DSGVO objection to the processing and there are no prior justifiable reasons for processing, or you submit gem. Art. 21 para. 2 DSGVO Opposition to processing.

(4) Your personal data has been processed unlawfully.

(5) The deletion of personal data concerning you is required to fulfill a legal obligation under Union law or the law of the Member States to which the person responsible is subject.

(6) The personal data concerning you were collected in relation to information society services offered pursuant to Art. 8 (1) GDPR.

Information to third parties

If the person in charge has made the personal data relating to you public and is in accordance with. Article 17 (1) of the GDPR, with due regard to available technology and implementation costs, shall take appropriate measures, including technical means, to inform data controllers who process the personal data that you are affected Persons requesting deletion of all links to such personal data or of copies or replications of such personal data.

Exceptions:

The right to erasure does not exist if the processing is necessary

(1) to exercise the right to freedom of expression and information;

(2) to fulfill a legal obligation required by the law of the Union or of the Member States to which the controller is subject, or to carry out a task which is in the public interest or in the exercise of official authority conferring on the controller has been;

(3) for reasons of public interest in the field of public health pursuant to Art. 9 (2) lit. h and i and Art. 9 (3) GDPR;

(4) for archival purposes of public interest, scientific or historical research purposes or for statistical purposes acc. Article 89 (1) GDPR, to the extent that the law referred to in subparagraph (a) is likely to render impossible or seriously affect the achievement of the objectives of that processing, or

(5) to assert, exercise or defend legal claims.

Right to information

If you have asserted the right of rectification, erasure or restriction of the processing to the controller, he / she is obliged to notify all recipients to whom the personal data relating to you have been corrected or deleted or processing restricted, unless: this proves to be impossible or involves a disproportionate effort.

You have a right to the person responsible to be informed about these recipients.

Right to data portability

You have the right to receive the personal information that you provide to the controller in a structured, common and machine-readable format. You also have the right to transfer this information to another person without hindrance by the person responsible for the personal data provided, provided that

(1) the processing on a consent acc. Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a DSGVO or on a contract acc. Art. 6 para. 1 lit. b DSGVO is based and

(2) the processing is done by automated means.

In exercising this right, you also have the right to obtain that personal data relating to you be transmitted directly from one person responsible to another person responsible, as far as this is technically feasible. Freedoms and rights of other persons may not be affected.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the controller.

right to

You have the right at any time, for reasons that arise from your particular situation, against the processing of personal data concerning you, which, pursuant to Art. 6 para. 1 lit. e or f DSGVO takes an objection; this also applies to profiling based on these provisions.

The controller will cease to process personal data concerning you unless he can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is intended to assert, exercise or defend legal claims.

If the personal data relating to you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data relating to you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct mail.

If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

Regardless of Directive 2002/58 / EC, you have the option, in the context of the use of information society services, of exercising your right to opt-out by means of automated procedures that use technical specifications.

Right to revoke the data protection consent declaration

You have the right to revoke your privacy statement at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.

Automated decision on an individual basis including profiling

You have the right not to be subjected to a decision based solely on automated processing – including profiling – that will have legal effect or similarly affect you in a similar manner. This does not apply if the decision

(1) is required for the conclusion or performance of a contract between you and the controller,

(2) is permissible under Union or Member State legislation to which the controller is subject, and where such legislation contains appropriate measures to safeguard your rights and freedoms and your legitimate interests, or

(3) with your express consent.

However, these decisions must not be based on special categories of personal data under Art. 9 (1) GDPR, unless Art. 9 (2) lit. a or g DSGVO applies and reasonable measures have been taken to protect the rights and freedoms as well as your legitimate interests.

With regard to the cases referred to in (1) and (3), the controller shall take reasonable steps to uphold the rights and freedoms and your legitimate interests, including at least the right to obtain the intervention of a person by the controller, to express his / her own position and heard on challenge of the decision.

Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of its residence, place of work or place of alleged infringement, if you believe that the processing of your personal data is against the DSGVO violates.

The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.