PRIVACY POLICY

‌INTRODUCTION

‌INTERPRETATION AND DEFINITION

1. ‌Interpretation. The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.
2. ‌Definitions. For the purposes of this Privacy Policy:
   • ‌"Account" means a unique account created for You to access our Service or parts of our Service.
   • ‌"Application” or “App" means the software program provided by the Company downloaded by You on any electronic device, named Privacy Pro VPN.
   • ‌"Company" (referred to as either the “Company", "We", "Us" or "Our" in this Agreement) refers to TGASOFT LLC.
   • ‌"Country" refers to the United States of America.
   • ‌"Cookies" are small files that are placed on Your computer, mobile device or any other device by a website, containing the details of Your browsing history on that website among its many uses.
   • ‌"Device" means any device that can access the Service such as a computer, a cell phone or a digital tablet.
   • ‌"Personal Information” or “Data" is any information that relates to an identified or identifiable individual.
   • ‌“Program” is any financial incentive provided by the Company on the App in exchange for the collection of user data.
   • ‌"Service" refers to the VPN Service provided to you by the Company through the Application.
   • ‌"Service Provider" means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analyzing how the Service is used.
   • ‌"Usage Data" refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
   • ‌“VPN” refers to the creation of a Virtual Private Network to establish a protected network connection when using public networks.
   • ‌"You" means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

‌NAME AND ADDRESS OF THE CONTROLLER

‌NAME & CONTACT DETAILS OF REPRESENTATIVE

1. ‌EU Representative: Email: support@tgasoft.pro ‌Address: 23/2 Yervand Qochar street, Yerevan, RA, 0070

   ‌UK Representative: Email: support@tgasoft.pro ‌Address: 23/2 Yervand Qochar street, Yerevan, RA, 0070 For any inquiries or communication related to data protection matters, you may contact the appropriate representative based on your location. We are dedicated to facilitating communication and ensuring compliance with data protection requirements.

‌CONTACT DETAILS OF DATA PROTECTION OFFICER

‌SUPERVISORY AUTHORITY

‌HOW WE USE YOUR PERSONAL DATA

‌INFORMATION COLLECTED

1. ‌How We Collect Data. We collect data that:
   • ‌You voluntarily share with us through the use of the application such as personal data; and
   • ‌Is automatically collected through your use of the application such as usage data and device data.
   
   
2. ‌What We Collect Data.
   • ‌Personal Data. Information such as name, email, contact details or any other information that you voluntarily provide to us.
   • ‌Usage Data. Information automatically collected when using the app, such as connection timestamps, amount of data transmitted, Number of downloads, Product interaction, Performance data, and error reports.
   • ‌Device Data. Information about your device, including device type, Device models, Country of download, operating system, and app version.
   
   
3. ‌Why We Collect Data. We use the collected data for the following purposes:
   • ‌To provide and maintain our services.
   • ‌To process transactions and send purchase confirmations.
   • ‌To improve our app and services through analytics.
   • ‌To process your inquiries and to respond to your requests.
   • ‌To understand how you use the application.
   • ‌In our legitimate interest to prevent fraud or harm to us or to any third party, and ensure security.
   • ‌To comply with legal obligations.
   • ‌To communicate with you regarding updates, offers, and service-related information.

‌SHARING OF DATA

1. ‌Categories of third parties we may receive your data from. Our application does not integrate with other applications. Users do not need to enter any logins or passwords to use our app, as authorization is not required.
2. ‌Categories of third parties we may share your data with. We only share your data with Appsflyer Cloud, a cloud-based mobile attribution and marketing analytics platform that upholds all privacy requirements. All data remains strictly within the parameters set by this policy. For additional information on Appsflyer Cloud click on this link.
3. ‌Purpose of Sharing Data. The data shared with Appsflyer Cloud is utilized exclusively for marketing purposes. This includes analyzing user interactions, targeting advertising campaigns, and enhancing user engagement through personalized marketing strategies. The goal is to improve the overall user experience by providing relevant content and offers based on user preferences and behaviors.
4. ‌Sale of Data. The Company firmly asserts that it does not engage in the sale of personal information. This commitment means that we do not exchange, rent, release, disclose, disseminate, make available, transfer, or otherwise communicate personal information to another business or third party in return for monetary payment or any other form of valuable consideration. Our practices strictly adhere to this policy, ensuring the privacy and security of your personal data.
5. ‌International  Transfer. Personal Information will not be transferred internationally without the explicit consent of the user. This ensures that users are fully aware of and agree to the transfer of their data to other countries, which may have different data protection laws than their own. We take all necessary measures to protect the integrity and confidentiality of personal information during any such transfer, in compliance with applicable legal standards.
6. ‌Opt Out of Sale of Data. Users have the right to opt out of the sale of their personal data. If a user chooses to exercise this right, they can notify the Company through the provided opt-out mechanism. The Company will promptly process the request and ensure that the user's personal data is no longer sold to third parties. This option is part of our commitment to respecting user preferences and maintaining transparent data handling practices.

‌RIGHTS OF THE DATA SUBJECT UNDER GDPR

1. ‌Right of confirmation. Under European legislation, every Data Subject has the right to obtain from the controller confirmation as to whether or not their personal data are being processed. If a Data Subject wishes to exercise this right of confirmation, they can contact us or another employee of the controller at any time.
2. ‌Right of access. Data Subjects, in accordance with European legislation, have the right to obtain from the controller free information about their personal data stored at any time and a copy of this information. This right includes access to the following details:
   • ‌Purposes of the processing.
   • ‌Categories of personal data involved.
   • ‌Recipients or categories of recipients, including those in third countries or international organizations.
   • ‌Envisaged storage period or, if not possible, the criteria used to determine that period.
   • ‌Right to request rectification, erasure, or restriction of processing, and the right to object.
   • ‌Right to file a complaint with a supervisory authority.
   • ‌Source of personal data if not collected from the Data Subject.
   • ‌The existence of automated decision-making, including profiling, with meaningful information about the logic involved and the envisaged consequences for the Data Subject. ‌Additionally, the Data Subject has the right to know whether personal data are transferred to a third country or an international organization, along with information about the appropriate safeguards for the transfer. To exercise this right of access, the Data Subject can contact the Company at any time.
3. ‌Right to rectification. Under European legislation, Data Subjects have the right to obtain from the controller the rectification of inaccurate personal data concerning them without undue delay. Considering the purposes of the processing, the Data Subject also has the right to have incomplete personal data completed, which may include providing a supplementary statement. If a Data Subject wishes to exercise the right to rectification, they can contact us or another employee of the controller at any time.
4. ‌Right to erasure (Right to be forgotten). Data subjects, in accordance with European legislation, have the right to obtain from the controller the erasure of their personal data without undue delay. The controller is obligated to erase personal data without undue delay when one of the following grounds applies, provided the processing is not necessary:
   • ‌Personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
   • ‌The Data Subject withdraws consent, and there is no other legal ground for processing.
   • ‌The Data Subject objects to processing, and there are no overriding legitimate grounds, or the Data Subject objects to processing under specific circumstances.
   • ‌The personal data have been unlawfully processed.
   • ‌Erasure is required for compliance with a legal obligation.
   • ‌The personal data were collected in relation to information society services. ‌If any of the above reasons apply, and a Data Subject wishes to request the erasure of personal data stored by the Company, they can contact us or another employee of the controller at any time. The Company or another employee will promptly ensure compliance with the erasure request. If the controller has made personal data public and is obliged to erase them, reasonable steps, including technical measures, will be taken to inform other controllers processing the personal data about the erasure request. The Company or another employee will coordinate the necessary measures in individual cases.
5. ‌Right  of  restriction  of  processing. Data Subjects, under European legislation, have the right to obtain from the controller a restriction of processing in the following circumstances:
   • ‌The accuracy of personal data is contested by the Data Subject, allowing the controller time to verify its accuracy.
   • ‌The processing is unlawful, and the Data Subject opposes the erasure of the personal data, requesting instead the restriction of their use.
   • ‌The controller no longer needs the personal data for processing, but the Data Subject requires them for the establishment, exercise, or defense of legal claims.
   • ‌The Data Subject has objected to processing under Article 21(1) of the GDPR pending verification of whether the legitimate grounds of the controller override those of the Data Subject. ‌If any of the above conditions are met, and a Data Subject wishes to request the restriction of processing of their personal data stored by Privacy Pro VPN, they can contact us or another employee of the controller at any time. The Company or another employee will facilitate the restriction of processing.
6. ‌Right to data portability. Data subjects, as granted by European legislation, have the right to receive their personal data in a structured, commonly used, and machine-readable format. This data can be transmitted to another controller without hindrance, provided the processing is based on consent, a contract, or automated means, and is not necessary for the performance of a task in the public interest or the exercise of official authority. When exercising the right to data portability, the Data Subject has the additional right to have personal data transmitted directly from one controller to another, where technically feasible and without adversely affecting the rights and freedoms of others. To assert the right to data portability, the Data Subject may contact the Company or another employee at any time.
7. ‌Right to object. Data subjects, under European legislation, have the right to object, based on their particular situation, at any time to the processing of personal data concerning them, if such processing is based on Article 6(1) (e) or (f) of the GDPR, including profiling. If an objection is raised, the Company will cease processing the personal data unless compelling legitimate grounds override the Data Subject's interests, rights, and freedoms or for the establishment, exercise, or defence of legal claims. For personal data processed for direct marketing purposes, the Data Subject can object at any time, leading to the cessation of processing for such purposes, including related profiling. Additionally, the Data Subject has the right to object to the processing of personal data for scientific, historical, or statistical purposes unless such processing is necessary for reasons of public interest. To exercise the right to object, the Data Subject can directly contact the Company or another employee. Furthermore, within the context of information society services, the Data Subject is free to use automated means, notwithstanding Directive 2002/58/EC, to exercise their right to object through technical specifications.
8. ‌Automated individual decision-making, including profiling. Data Subjects possess the right, as conferred by European legislation, not to be subjected to decisions based solely on automated processing, including profiling, if such decisions result in legal or similarly significant effects on them. This right is upheld unless the decision is necessary for a contract between the Data Subject and the data controller, authorized by applicable law with measures safeguarding the Data Subject's rights, or based on explicit consent. Suppose the decision falls within the exceptions mentioned above, such as contractual necessity or explicit consent. In that case, the Company will implement measures to protect the Data Subject's rights, including the right to human intervention, the expression of their viewpoint, and the ability to contest the decision. To exercise rights regarding automated decision-making, the Data Subject can directly contact the Company or another employee of the data controller.
9. ‌Right to withdraw data protection consent. Data Subjects have the right, as granted by European legislation, to withdraw their consent for the processing of personal data at any time. To exercise this right, the Data Subject can directly contact the Company or another employee of the data controller.

‌USER RIGHTS UNDER CCPA AND CPRA

1. ‌Right to Know and Access. Data Subjects have the right to know what personal information the Company collects, uses, and shares about them. This includes (i) Information Collected; (ii) Sources; (iii) Purpose; and (iv) Third Parties.
2. ‌Right to Request Deletion. Data Subjects have the right to request the deletion of personal information that the Company has collected about them, subject to certain exceptions. Upon receiving a verified request, the Company will delete the personal information from our records and direct our service providers to do the same. ‌Exceptions to Deletion. The Company may deny a deletion request if retaining the information is necessary for us or our service providers to (i) Complete a Transaction; (ii) Security; (iii) Detect security incidents; (iv) Errors; (v) Legal Obligations; and (vi) Other Exceptions such as engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, enable solely internal uses that are reasonably aligned with the expectations of the Data Subject based on their relationship with Company, or otherwise use the data internally in a lawful manner that is compatible with the context in which the Data Subject provided the information.
3. ‌Right  to  Opt-Out  of  Sale. The Company does not sell any personal information. However, to ensure transparency and compliance with applicable regulations, the Company provides a "Do Not Sell My Personal Information" link and an opt-out mechanism on the Website. This allows Data Subjects to easily opt out of any potential sale of their personal information. ‌Opt-Out Mechanism. Data Subjects can exercise their right to opt-out of the sale of their personal information by:
   • ‌Using  the  Platform  Link. Clicking on the "Do Not Sell My Personal Information" link available on the Website.
   • ‌Contacting  Us  Directly. Reaching out to the Controller or Company to request the opt-out. Contact details are provided below. ‌By using either method, Data Subjects can ensure that their personal information is not sold. The Company will honour these requests promptly and ensure that the personal information is excluded from future sales activities.
4. ‌Right to Non-Discrimination. The Company will not discriminate against any Data Subject for exercising their rights under the California Consumer Privacy Act (CCPA). This includes but is not limited to (i) Access to Services; (ii) Pricing; and (iii) Service Quality. Exercising CCPA rights will not result in any adverse treatment or penalties.
5. ‌Right to Designate an Authorized Agent. Data Subjects may designate an authorized agent to exercise some of their rights. To protect the security of personal information, the authorized agent must follow the same authentication procedures required if the Data Subject exercises their rights directly. The Company will verify requests made through authorized agents to ensure the safety of the Data Subject's subscription and to comply with our policies and procedures.
6. ‌Right  to  Notice. Data Subjects have a right to receive notice of our practices at or before collection of personal information.
7. ‌Right to Correct. Data Subjects have the right to request that Company correct any inaccurate personal data held about them. Upon receiving a verified request, Company will take appropriate steps to correct the inaccurate information in our records.
8. ‌Additional information on exercising your rights. Data Subjects under CCPA and CPRA have the right to access, delete, opt out of the sale of, non- discriminate, correct, or verify the specific pieces of personal information the Company has collected about them in the past 12 months.

9. ‌Contact Us. To exercise their rights under CCPA, and CPRA Data Subject may contact us at support@tgasoft.pro or this Contact Form. The Company will, however, for additional security, be required to verify the Data Subject's identity before providing the information and may request further identification proof to accommodate such request. Data Subjects may enforce these rights free of charge or penalty, but we may limit the number of requests you make or charge reasonable fees as legally permitted. The Company commits to responding to requests within 45 days upon receipt. Should additional time be necessary, the Company reserves the right to extend the response period by an additional 45 days. Requestors will be promptly notified in writing regarding the reason for the extension and the revised timeframe.

‌HOW TO EXERCISE USER RIGHTS

1. ‌Initial Request. When a Data Subject submits a request, they must provide:
   • ‌Full name
   • ‌Contact information (e.g., email address or phone number)
   • ‌Details of the request (e.g., access, deletion, correction)
2. ‌Identity Verification
   • ‌For Online Accounts. If the Data Subject has an online account with the Company, they must log in to their account to verify their identity before submitting the request.
   • ‌For Non-Account Holders. If the Data Subject does not have an online account, they must provide two or more pieces of personal information that we have on file (e.g., billing address, last transaction amount, last order number).
3. ‌Additional  Verification  Steps. The Company may request additional information or documentation, such as a government-issued ID, to confirm the identity of the Data Subject if the initial verification is insufficient. For requests made by authorized agents, the Company will require proof of the agent's authorization (e.g., a signed authorization letter) and may contact the Data Subject directly to confirm the request.
4. ‌Confirmation. Once the Data Subject's identity has been verified, the Company will process the request. The Company will inform the Data Subject of the outcome of their request within the legally required time frame.
5. ‌Denial  of  Requests. If the Company cannot verify the identity of the requestor, we will deny the request and inform the Data Subject of the reason for the denial. The Data Subject will be given the opportunity to provide additional information to verify their identity.

‌FINANCIAL INCENTIVES

1. ‌Program. May provide financial incentives in exchange for the collection of data in the future, the Program. In the event the Program is created and made effective additional Program Terms and Conditions shall apply.
2. ‌Right to Withdraw. User shall always have the right and option to withdraw from such Program. Additional details on the procedure of withdrawal and the verification process will be mentioned in the Program Terms and Conditions.

‌DATA RETENTION

1. ‌Data  Disposal. Upon the expiration of the applicable retention periods, personal data is securely disposed of to prevent unauthorized access or disclosure.
2. ‌The criteria used to determine the period of storage of personal data is the respective statutory retention period. After the expiration of that period, the corresponding data is routinely deleted, as long as it is no longer necessary for the fulfilment of the contract or the initiation of a contract. If the Data Subject requests for termination or terminates their Privacy Pro VPN subscription, the personal data shall be retained for a period of 12 months from the date of termination or as statutorily obligated. It is important to note that the obligation to provide personal data is communicated transparently to individuals before or at the time of data collection. If there are uncertainties about the specific obligations related to the provision of personal data, individuals are encouraged to contact us for clarification.

‌SECURITY MEASURES

• Encryption. Protects your data during transmission and storage.
• Secure Servers. Data is stored on secure servers with restricted access.
• Regular Security Assessments. Conduct regular security audits to ensure the highest level of data protection.

‌DATA TRANSFER

‌COOKIES AND TRACKING TECHNOLOGIES

‌THIRD-PARTY LINKS AND SERVICES

‌PERSONS UNDER THE AGE OF 18

‌DATA COLLECTED IN 12 MONTHS

1. ‌Identifiers. Name, alias, postal address, unique personal identifier, online identifier, IP address, email address, account name, social security number, driver's license number, passport number, or other similar identifiers.
2. ‌Personal Records. Birthdate, age, education, employment history, or other similar personal records.
3. ‌Professional  or  Employment-Related  Information. Current or past job history or performance evaluations.
4. ‌Internet or Electronic Network Activity Information. Information regarding a consumer's interaction with a website, application, or advertisement.
5. ‌Commercial  Information. Records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

‌CHANGES TO THIS PRIVACY POLICY

‌CONTACT US