Privacy Policy of IntelliVPN service

Last updated: 25 May 2018

Effective date: 25 May 2018


The ALTESSA SOLUTIONS L.P. ("we," "us," or "our") respects your privacy and is committed to protecting the Personal Data it collects.

The Privacy Policy applies to Personal Data which we may obtain when you use websites, services, and software of IntelliVPN service ("Service").

This Privacy Policy (the "Policy") describes the purposes of collection, storage and processing of Personal Data, ways of protecting it, and transferring it to third parties.

By using our service, you authorise us to use your information according to United Kingdom laws, regardless of which country you are located in.

If you do not understand any aspects or if you have questions regarding this Privacy Policy, please contact us by visiting our support portal or contact us at legal@altessa.uk.

We DO NOT collect Personal Data from users under 16 years of age. If you believe that a child under the age of 16 provided us with Personal Data, please contact us at legal@altessa.uk.

1. Definitions

For the purposes of this Privacy Policy:

"personal data" is meant any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

"processing" is meant any operation or set of operations which are performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

"restriction of processing" is meant the marking of stored personal data with the aim of limiting their processing in the future;

"profiling" is meant any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;

"pseudonymisation" is meant the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;

"controller" is meant the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

"processor" is meant a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

"recipient" is meant a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;

"third party" is meant a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;

"consent" of the data subject is meant any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by explicit affirmative action, signifies agreement to the processing of personal data relating to him or her;

"personal data breach" is meant a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;

"supervisory authority" is meant an independent public authority;

"application" is meant proprietary application known as "IntelliVPN" for the provision of the Service on your devices and available for download at Google Play, App Store and (or) our websites;

"user" is meant natural person, an individual entrepreneur or legal entity (a representative of a legal entity) use of our Service;

"device" is meant personal computer, tablet, mobile phone, smart-phone and other that allows using the Service in accordance with its functional purpose;

2. Personal Data collection

We DO NOT collect and retain any information about the applications, services, browsing history, traffic data, visited websites and (or) DNS-queries.

We DO NOT retain real IP addresses of users, and we never retain relationship between real IP and Personal Data.

We may collect and receive Personal Data of user from various sources, including: (i) information you provide through your user account in the Service; (ii) from websites of Service; (iii) from mobile ad (or) desktop applications of Service; and (iv) from third-party websites, services, and partners.

2.1. Account Data

When you create and (or) update your account in the Service, we collect and retain "Account Data".

The Account Data includes:

Data Goal / Basis for processing
Login Required for grant access to the Service, providing technical support service.
E-mail Required for grant access to the Service, general communications, send purchase receipts, reset password.
Password Required for grant to the Service.
Name (optional) Necessary for providing personalised service.

During registration, you only provide login, password, and e-mail. The name is optional and may be provided for additional functions of the Service, such as personalised service, 2-factor authorisation.

2.2. Application Data

When you use our applications, we may collect and retain "Application Data" required to operate the Service.

The Application Data includes:

Data Goal / Basis for processing
OS version and build Required for providing technical support, troubleshooting, analytics, develop, improve the Service.
IntelliVPN App version Required for providing technical support, troubleshooting.
Device identifier Required for grant to the Service.
Device name Required for providing technical support, troubleshooting.
Device model Required for providing technical support, troubleshooting, analytics, develop, improve the Service.
Device manufacturer Required for providing technical support, troubleshooting, analytics, develop, improve the Service.

Besides, in case our application crashes, we receive information about your device, which allows us to identify and fix bugs.

Device identifier – unique, random string generated by the Service in login and stored in a device. The device identifier is not a serial number and is not be able to be used for unambiguous identification of a natural person.

2.3. Log files

2.3.1. Log files from devices

When you submit requests to our support team from the application, that request may contain log files. Log files may include technical information of connection process and help us troubleshooting. Log files are not retained but can be viewed by our support team.

Log files may include the following data:

Data Goal / Basis for processing
Internal device IP Required for providing technical support, troubleshooting.
DNS servers IP Required for providing technical support, troubleshooting.
Connections type (Wi-Fi, Cellular, Ethernet) Required for providing technical support, troubleshooting.
Network interface name Required for providing technical support, troubleshooting.
Operation type (connect, disconnect) Required for providing technical support, troubleshooting.
VPN server address Required for providing technical support, troubleshooting.

2.3.2. Log files on servers

Our VPN servers DO NOT log any user's Personal Data and (or) any user's activity. These log files can't be used to identify a person without additional information.

2.5. Cookies

Like most websites and services, we use cookies. A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.

Cookies are used to provide personalised Service, for statistical and research purposes, for marketing purposes to study user's preferences, and to improve Service. The structure of a cookie, its content and technical parameters shall be determined by us and may be changed by the latter unilaterally on its own, without giving prior notice.

Cookies may be either "persistent" cookies or "session" cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.

We use cookies for the following purposes:

  1. authentication - we use cookies to identify you when you visit our websites and as you navigate our sites;
  2. status - we use cookies to help us to determine if you are logged into our sites;
  3. personalisation - we use cookies to store information about your preferences and to personalise our websites for you;
  4. security - we use cookies as an element of the security measures used to protect user accounts, including preventing fraudulent use of login credentials, and to protect our sites and services generally;
  5. analysis - we use cookies to help us to analyse the use and performance of our websites and services;and
  6. cookie consent - we use cookies to store your preferences in relation to the use of cookies more generally.

Cookies do not typically contain any information that personally identifies a user, but Personal Data that we store about you may be linked to the information stored in and obtained from cookies.

2.5.1. Managing cookies

Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via these links:

  1. Safari: https://support.apple.com/kb/PH21411;
  2. Chromehttps://support.google.com/chrome/answer/95647;
  3. Firefoxhttps://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences;
  4. Opera: http://www.opera.com/help/tutorials/security/cookies;
  5. Internet Explorer: https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies; and
  6. Edge: https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy.

If you block cookies, you will not be able to use all the features on our websites.

2.6. Analytics Data

Websites: When you visit sites of the Service we collect anonymous usage information through the use of Google Analytics. Google Analytics may employ third-party tracking cookies to gather anonymous browser, operating system, geographic, and website navigation information. Google provides some additional privacy options regarding its Analytics cookies at http://www.google.com/policies/privacy/partners.

Also, we may use "pixel tags" on our websites. Pixel tags are tiny graphic images with a unique identifier, similar in function to that are used to track online movements of web users. Pixel tags are embedded in web pages and not stored on user's hard drive.

We also store data locally on your device to enhance the user experience on our websites.

User devices: When you use our applications on your devices we collect anonymous usage information through the use of Google Fabric ("Fabric"). This information may include the name and App Store identifier, the bundle identifier and build version, unique device identifiers (e.g. IDFA (iOS), Advertising ID (Android), and Android ID (Android)) and the associated interest-based advertising opt-out preference as applicable, IP addresses, timestamps, device model names, device operating system names and version numbers, the language and country settings of the device (iOS), the number of CPU cores on the device (iOS), whether a device is jailbroken (iOS) or rooted (Android).

2.7. Other data

If you contact us directly, we may also receive additional information about you such as your name, email address, phone number, the contents of the message and (or) attachments you may send us, and any other information you may choose to provide.

You are responsible for the correctness of the Personal Data you provide to us, and we expect you to check the Personal Data you provide us. If any inconsistency takes place, update your Personal Data or report the inconsistency to us..

3. Limitation of liability for the accuracy of received information

We DO NOT verify the accuracy of information provided by you during registration and (or) other actions associated with the use of Services and is not able to evaluate the User's legal capacity.

You are responsible for the correctness of the Personal Data you provide to us, and we expect you to check the Personal Data you provide to us. If any inconsistency takes place, update your Personal Data or report the inconsistency to us.

4. Personal Data processing

We primarily retain and process your Personal Data in the EU/European Economic Area (“EEA”).

We shall process the Personal Data in the following cases:

  1. operate, maintain, enhance and provide features of the Service;
  2. provide services and information that you request, respond to comments and questions;
  3. provide technical support for users;
  4. for our business purposes, such as audits, security, fraud monitoring and prevention;
  5. enforce our Terms of Service or other legal rights;
  6. provision of personalised Services to the user;
  7. statistical and other research on the basis of depersonalised data;
  8. improvement of the quality and user-friendliness of the Service and development of new Services; and
  9. communications with the user (sending of notifications, requests and etc) as well as processing of requests and applications from the user.

We may process Personal Data in using automated and non-automated means.

Only our employees with a business need to know or whose duties require, are granted access to user's Personal Data. All such employees are required as a condition of employment to respect the confidentiality of user's Personal Data.

5. Personal Data protection

We are committed to protecting your information, and we take all necessary and sufficient organisational and technical measures to protect the Personal Data from illegal or accidental access, destruction, alteration, blocking, copying, or distribution, as well as from other unlawful actions with such data. Most of user's Personal Data retains in encrypted form using AES-256 (Advanced Encryption Standard 256-bit) algorithm.

Personal Data stored in encrypted form:

  1. email;
  2. phone number;
  3. transactions and relating details;
  4. payment information; and
  5. authorisation tokens.

User's password is never stored, we only store a hash sum of the password.

For the VPN connections, we do not use your login (or email) and password. Instead, we generate unique tokens pair for each your devices (pseudonymisation). Your real login and password are not to transfer to VPN servers.

All requests and data relating to your inquiries and financial transactions that are sent from your web browser or your devices to our server, or vice versa, are protected by SSL encryption.

Also, data transfer between our servers and services are protected by SSL encryption.

You ought to ensure that your password is not susceptible to being guessed, whether by a person or a computer program. You are responsible for keeping the password you use for accessing our Service confidential, and we do not ask you for your password (except when you log in to our Service). Besides, we ask you not to share a password with anyone.

The transmission of information via the internet services is not entirely secure. Although we do our best to protect your Personal Data, we cannot guarantee the security of your data transmitted to our websites; any transmission is at your own risk. Once we have received your information, we use strict procedures and security features to prevent unauthorised access.

6. VPN security algorithms

To ensure the highest level of data encryption in our Service applies symmetric encryption AES-256 (Advanced Encryption Standard 256-bit.) in CBC mode (Cipher block chaining). Symmetric encryption is used with the temporary private key.

To check the integrity of the data, use HMAC (Hash-Based Message Authentication Code) with the hash algorithm SHA-384 (Secure Hash Algorithm 384-bit.). Checking the data integrity is required for their protection against active attacks.

To establish a secure connection between the user's device and our VPN servers uses a cryptographic algorithm RSA-2048 public key. Exchange temporary keys take place on protocol DH (Diffie-Hellman) Group 14 2048 bits.

7. Third-party links

The Service websites may include links to third-party sites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share your data. We are not to control third-party websites and aren’t responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of any other site you visit.

8. Personal Data access and your rights

As permitted by applicable law, the EU residents may request a copy of the information that we hold about them.

If you are a registered user, you may request a copy of the information associated with you by sending the request at legal@altessa.uk. Upon the request, we provide you with the information regarding the existence, use, and disclosure of your Personal Data. The processing time for your request may vary from 5 up to 30 days. We may charge fee for any request that is manifestly unfounded or excessive.

To protect your privacy and security, we may also take reasonable steps to verify your identity before handling your request. The information you provide us may be archived or stored periodically according to backup processes conducted in the ordinary course of business for disaster recovery purposes.

Your rights under data protection law:

  1. the right to access;
  2. the right to rectification;
  3. the right to erasure;
  4. the right to restrict of processing;
  5. the right to object of processing;
  6. the right to data portability;
  7. the right to complain to a supervisory authority; and
  8. the right to withdraw consent.

The right of access.You have the right to obtain information on whether we process or not your Personal Data and access to the copy of Personal Data, including additional information. That information includes the purposes of the processing, the categories of Personal Data concerned, and the recipients or categories of recipients to whom your Personal Data have been or will be disclosed, etc. This is not an absolute right, and the interests of other natural person may put restrictions on your right of access.

The right to rectification.You have the right to obtain the rectification of inaccurate Personal Data. Depending on the purposes of the processing, you may have the right to have incomplete Personal Data made complete, in particular by providing a supplementary statement.

The right to erasure ('right to be forgotten'). In some circumstances, you have the right to the erasure of your Personal Data without undue delay. Those circumstances include: (i) the Personal Data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; (ii) you withdraw consent to consent-based processing; (iii) you object to the processing under certain rules of applicable data protection law; (iv) the processing is for direct marketing purposes; (v) and the personal data have been unlawfully processed. However, there are exclusions of the right to erasure.

The right to restrict of processing. In some circumstances, you have the right to restrict the processing of your Personal Data. Those circumstances are: you contest the accuracy of the Personal Data; processing is unlawful, but you oppose erasure; we no longer need the Personal Data for the purposes of our processing, but you require Personal Data for the establishment, exercise or defence of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your Personal Data.

The right to object of processing. You have the right to object our processing of your Personal Data relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.

You have the right to object our processing of your Personal Data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we cease to process your Personal Data for this purpose.

The right to data portability. You have the right to receive your Personal Data with certain additional information, which you have provided us with, in a structured, commonly used, and machine-readable format, and to transmit these personal data to another entity. However, this right does not apply where it would adversely affect the rights and freedoms of others.

The right to complain to the supervisory authority. If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.

The right to withdraw consent. To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing before the withdrawal.

These rights can be exercised via the email address legal@altessa.uk.

9. Personal Data disclosures and transfer

We may disclose your Personal Data to any member of our group of companies (this means our subsidiaries, our ultimate holding company, and all its subsidiaries) insofar as reasonably necessary for the purposes, and on the legal bases, set out in this policy.

Also, we shall be entitled to transfer the user's Personal Data to third parties in the following cases:

  1. the transfer shall be performed in course of sale or another handover of the business (in full or in part) or universal succession (e.g., reorganisation), in which case the acquirer/legal successor inherits all obligations to comply with the terms of this Policy as applicable to the Personal Data it receives;
  2. the transfer shall be performed in the course of the sale or another handover of the business (in full or in part) or universal succession (e.g., reorganisation), in which case the acquirer/legal successor inherits all obligations to comply with the terms of this Policy as applicable to the Personal Data it receives;
  3. the transfer shall be performed for payment processing; and
  4. the transfer shall be performed to providing technical support service.

In other cases, we DO NOT disclose any information to other commercial parties under any circumstance.

9.1. International transfers

The ALTESSA SOLUTIONS L.P. is a global business, and our Service is also global. To provide service, we may transfer Personal Data to countries other than the country in which the data was initially collected. These countries may not have the same data protection laws as the country in which you initially provided the information.

The Personal Data may also be processed by staff operating outside the EU who work for us or for one of our suppliers. This includes staff engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services.

Between our VPN servers, we transfer only unique tokens pair (as described above) and subscription data. That information uses for establishing VPN connection. No other Personal Data is transmitted between servers.

10. Personal Data Retention

We retain Personal Data as long as an account is active, the Personal Data is required to provide the Service or to fulfil our legal obligations.

If you wish to erase your account or limit the usage of your Personal Data, contact us at legal@altessa.uk.

After the Personal Data is erased, we may have copies of your Personal Data in application logs, weblogs, and (or) backups. These backups will not be accessible as separately delineated information. Also, we may retain your Personal Data where such a retention is required for compliance with a legal obligation to which we are the subject, or in order to protect your vital interests or the vital interests of another natural person.

11. Our details

The ALTESSA SOLUTIONS L.P. registered in Scotland, UK under registration number SL031108. Our registered office is at 272 Bath Street, Glasgow, G2 4JR, Scotland, UK.

You can contact us:

  1. by post, to the postal address given above;
  2. by email info@altessa.uk;
  3. via support service, visiting https://support.intellivpn.net or using the email address support@intellivpn.net;

12. Privacy Policy changes

We may change this Privacy Policy from time to time, so please be sure to check for it periodically. We will publish any changes to this Privacy Policy on our websites.

Making any changes to this Privacy Policy that materially affect our practices with the regard to the Personal Data, we previously collected from you, we will endeavour to provide you with an advance notice of such change.