US & CCPA PRIVACY NOTICE – Urban VPN Proxy
[Last Modified: June 17, 2024]
applicability: The California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 effective January 1, 2023 (collectively “CCPA”), any other California privacy laws, and this US & CCPA Notice apply to visitors, employees, users, applicants for employment, and independent contractors, and others who are California residents (“consumers” or “you”). Any terms defined in the CCPA and CPRA have the same meaning when used in this US & CCPA Notice. This US & CCPA Notice applies to California residents’ Personal Information, which we collect directly or indirectly while using our service or in order to provide our services, or employee and business-to-business Personal Information.
This US & CCPA Notice is an integral part of our Privacy Policy, and thus, definitions used herein shall have the same meaning as defined in the Privacy Policy.
To learn more about your California privacy rights, please visit https://oag.ca.gov/privacy/privacy-laws.
PART I: A COMPREHENSIVE DESCRIPTION OF THE INFORMATION PRACTICES:
- CATEGORIES of PERSONAL information WE COLLECT
We collect Personal Information which is defined under the CCPA as any information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household or device, all as detailed in the table below.
Personal Information further includes Sensitive Personal Information (“SPI”) as detailed in the table below.
Personal Information does not include: Publicly available information that is lawfully made available from government records, that a consumer has otherwise made available to the public; De-identified or aggregated consumer information; Information excluded from the CCPA’s or CPRA’s scope, such as: Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPPA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data; Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA) and the Driver’s Privacy Protection Act of 1994.
We have collected the following categories of personal information within the last twelve (12) months:
| Category | Example | Collected |
| A. Identifiers. | A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers. | Yes: online identifier; Internet Protocol address. |
| B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). | A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.
Some personal information included in this category may overlap with other categories. |
Yes: A Name. |
| C. Protected classification characteristics under California or federal law. | Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). | No. |
| D. Commercial information. | Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | No. |
| E. Biometric information. | Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. | No. |
| F. Internet or other similar network activity. | Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. | Yes: web browsing data; search engine results page; web pages visited; clicked stream data; content viewed (ad campaign); information about where you viewed the content (“Web Browsing Data”). |
| G. Geolocation data. | Physical location, approximate location derived from IP address or movements. | Yes: approximate location derived from IP address. |
| H. Sensory data. | Audio, electronic, visual, thermal, olfactory, or similar information. | No. |
| I. Professional or employment-related information. | Current or past job history or performance evaluations. | No. |
| J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). | Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. | No.
|
| K. Inferences drawn from other personal information. | Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. | No.
|
| L. Sensitive personal information. | Government-issued identifying numbers, financial account details, genetic data, precise geolocation, race or ethnicity, religious or philosophical beliefs, union membership, mail, email, text messages, biometric data, health data, and sexual orientation or sex life. | No. |
- categories of Sources of Personal Information
- Directly and indirectly from activity on our website: For example, directly from you when you inquire about our Services via our website, or indirectly, we collect your usage data automatically from measurement tools.
- Indirectly from activity using our Services: when you use and engage with any of our Products(as defined in our Terms of Use) we will collect from you the Internet or other similar network activity as detailed above
- Directly from you: For example, when you contact us or when you purchase one of our products.
- From third-parties: For example, from vendors who assist us in performing services for consumers, internet service providers, data analytics providers, etc.
- USE OF PERSONAL INFORMATION
We may use the Personal Information collected as identified above, for the following purposes: To fulfill or meet the reason you provided the Personal Information (support, respond to a query, etc.); monitor and improve our services; provide the services; marketing our services; analyzing our services and your use of the services and website; respond to law enforcement; or otherwise as detailed in our Privacy Policy.
We will not collect additional categories of personal information or use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
- DISCLOSURES OF PERSONAL INFORMATION FOR A BUSINESS PURPOSE
We may disclose your Personal Information to a contractor or service provider for a business purpose. When we disclose Personal Information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract. We further restrict the contractor and service provider from selling or sharing your Personal Information. In the preceding twelve (12) months, we disclosed the following categories of Personal Information for a business purpose:
| Business Purpose (as defined under CCPA) | Category (corresponding with the table above) | Category of Recipient |
| Helping to ensure security and integrity of our properties to the extent the use of your Personal Information is reasonably necessary and proportionate for these purposes. | Category A
Category B Category F Category G |
Operational partner, security and fraud prevention providers, operating systems. |
| Debugging to identify and repair errors that impair existing intended functionality. | Category A
Category B Category F |
Analytic providers, operational partner, security and fraud prevention providers, operating systems. |
| Performing services on our behalf or service provider, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing advertising or marketing services, providing analytic services, or providing similar services on our behalf or service provider | Category A
Category B Category F Category G
|
Affiliated companies, operating systems, customer support, cloud computing and storage vendors, etc. |
| Undertaking internal research for technological development and demonstration. | Category A
Category B Category F Category G |
Developers, operating systems, cloud and hosting providers, SaaS platforms for task management and development, customer support and optimization tools. |
| Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, or controlled by us, and to improve, upgrade, or enhance the service or device that is owned or controlled by us. | Category A
Category B Category F |
Developers, operating systems, cloud and hosting providers, SaaS platforms for task management and development, customer support and optimization tools. |
- SALE OR SHARE OF PERSONAL INFORMATION
In the preceding twelve (12) months, we didn’t “sell” or “share” any Personal Information.
- CHILDREN UNDER AGE 16
We do not knowingly collect information from children under the age of 16.
- DATA RETENTION
The retention periods are determined according to the following criteria:
- For as long as it remains necessary in order to achieve the purpose for which the Personal Information was initially processed. For example: if you contacted us, we will retain your contact information at least until we will address your inquiry.
- To comply with our regulatory obligations.
- To resolve a claim we might have or a dispute with you, including any legal proceeding between us, until such dispute will be resolved, and following, if we find it necessary, in accordance with applicable statutory limitation periods.
Please note that except as required by applicable law, we will not be obligated to retain your data for any particular period, and we may delete it for any reason and at any time, without providing you with prior notice if our intention to do so.
Online identifiers are usually kept for a few days. Other information usually will not be retained for more than 24-months.
When we destroy your Personal Information, we do so in a way that prevents that information from being restored or reconstructed.
PART II: EXPLANATION OF YOUR RIGHTS UNDER THE CCPA and how to exercise them
- YOUR RIGHTS UNDER THE CCPA
If you are a California resident, you may exercise certain privacy rights related to your Personal Information. You may exercise these rights free of charge except as otherwise permitted under applicable law. We may limit our response to your exercise of these privacy rights as permitted under applicable law, all as detailed herein and in the Data Subject Request Form available here:
| California Privacy Right | Details |
| The right to know what Personal Information the business has collected. | The right to know what Personal Information the business has collected about the consumer, including the categories of personal information, the categories of sources from which the Personal Information is collected, the business or commercial purpose for collecting, selling, or sharing Personal Information, the categories of third parties to whom the business discloses Personal Information, and the specific pieces of Personal Information the business has collected about the consumer. |
| Deletion Rights. | The right to delete Personal Information that the business has collected from the consumer, subject to certain exceptions. |
| Correct Inaccurate Information | The right to correct inaccurate Personal Information that a business maintains about a consumer |
| Opt-Out of Sharing as part of our cross-context behavioral advertising and Insights | You have the right to opt-out of the “sharing” of your personal information for cross-context behavioral advertising or for the Insights we provide |
| Opt-out from selling | the right to opt-out of the sale or sharing of Personal Information by the business |
| Limit the Use or Disclosure of SPI | Under certain circumstances, If the business uses or discloses SPI , the right to limit the use or disclosure of SPI by the business. |
| Opt-Out of the Use of Automated Decision Making | In certain circumstances, you have the right to opt-out of the use of automated decision making in relation to your Personal Information. |
| Non-Discrimination | The right not to receive discriminatory treatment by the business for the exercise of privacy rights conferred by the CCPA, including an employee’s, applicants, or independent contractor’s right not to be retaliated against for the exercise of their CCPA rights, denying a consumer goods or services, charging different prices or rates for goods or services, providing you a different level or quality of goods or services, etc. We may, however, charge different prices or rates, or provide a different level or quality of goods or services, if that difference is reasonably related to the value provided to us by your Personal Information. |
| Data Portability | You may request to receive a copy of your Personal Information, including specific pieces of Personal Information, including, where applicable, to obtain a copy of the Personal Information you provided to us in a portable format. |
To learn more about your California privacy rights, please visit https://oag.ca.gov/privacy/privacy-laws.
- HOW CAN YOU EXERCISE THE RIGHTS?
Please submit a request to exercise your rights using the Data Subject Request Form available here and sending the form to privacy@urban-vpn.com
The Instructions for submitting, the general description of the process, verification requirements, when applicable, including any information the consumer or employee must provide are all detailed in the Data Subject Request Form available here.
- AUTHORIZED AGENTS
“Authorized agents” may submit opt out requests on a consumer’s behalf. If you have elected to use an authorized agent, or if you are an authorized agent who would like to submit requests on behalf of a consumer, the following procedures will be required prior to acceptance of any requests by an authorized agent on behalf of a California consumer. Usually, we will accept requests from qualified third parties on behalf of other consumers, regardless of either the consumer or the authorized agent’s state of residence, provided that the third party successfully completes the following qualification procedures:
- When a consumer uses an authorized agent to submit a request to know or a request to delete, a business may require that the consumer do the following:
- Provide the authorized agent signed permission to do so or power of attorney.
- Verify their own identity directly with the business.
- Directly confirm with the business that they provided the authorized agent permission to submit the request.
- A business may deny a request from an authorized agent that does not submit proof that they have been authorized by the consumer to act on their behalf.
- Notice of Financial Incentive
Option A: We do not offer financial incentives to consumers for providing Personal Information.
Option B: our freemium users may enjoy our full VPN services by allowing us use the web browsing data in an aggregated anonymized matter as part of the Insights.
CONTACT US:
If you have any questions or concerns regarding privacy issues, or if you wish to be provided with any other information related to our privacy practices, please contact us at:
Urban Cyber Security Inc.
501 Fifth Avenue, New York, NY, 10036.
You can also contact our privacy team at: privacy@urban-vpn.com.
UPDATES:
This notice was last updated on June 17, 2024. As required under the CCPA, we will update our CCPA Notice every 12 months. The last revision date will be reflected in the “Last Modified” heading at the top of this Privacy Policy.
PART III: OTHER CALIFORNIA OBLIGATIONS
Do Not Track Settings: Cal. Bus. And Prof. Code Section 22575 also requires us to notify you how we deal with the “Do Not Track” settings in your browser. As of the effective date listed above, there is no commonly accepted response for Do Not Track signals initiated by browsers. Therefore, we so not respond to the Do Not Track settings. Do Not Track is a privacy preference you can set in your web browser to indicate that you do not want certain information about your web page visits tracked and collected across websites. For more details, including how to turn on Do Not Track, visit: www.donottrack.us.
California’s “Shine the Light” law (Civil Code Section § 1798.83): permits employees that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send us the Data Subject Request Form available here.
PART IV: ADDITIONAL NOTICE FOR US RESIDENTS
Residents of certain U.S. states (depending on the applicable state law, acting in an individual or household context and not in a commercial or employment context or as a representative of business), including Colorado, Connecticut, Virginia, and Utah, may have additional rights under applicable privacy laws and be entitled to additional disclosures.
“Personal Data” under applicable US privacy laws, generally means any information that is linked or reasonably linkable to an identified or identifiable individual (and usually does not include publicly available information that is lawfully made available from government records, or that a consumer has otherwise made available to the public; de-identified or aggregated consumer information; or information excluded from the states laws scope, such as: HIPAA, GBPA, non-profit entities, etc.)
“Sensitive Data” means data revealing racial or ethnic origin, religious beliefs, mental or physical health condition or diagnosis, sex life, sexual orientation, citizenship, or immigration status; The processing of genetic or biometric data for the purpose of uniquely identifying an individual; Personal Data collected from a known child; Precise geolocation data.
We are required to provide you with a clear and accessible privacy notice that includes the categories of Personal Data processed, purpose of processing, instructions for exercising consumer rights and appealing decisions, categories of Personal Data shared with third parties, categories of third parties with whom data is shared, and any sale of data or targeted advertising.
Categories of Personal Data & Categories of third parties with whom Personal Data is shared:
Under Section 3 of this Privacy Policy “Data we Collect and the Purpose of Use”, we describe our collection and processing of Personal Data, the categories of Personal Data that are collecting and processing, and the purposes for which Personal Data is processed, stored or used.
Additionally, we detail and disclose the categories of third parties we share Personal Data with for business purposes. We will not collect additional categories of Personal Data or use the Personal Data we collected for a materially different, unrelated, or incompatible purpose without obtaining your consent.
“Sale” of Personal Data:
Under US privacy laws, in principal, the term “sale” is referring to disclosing or making available Personal Data to a third-party in exchange for monetary or other valuable consideration, including for targeted advertising purposes. We do not sell your Personal Data.
Consumer Rights:
Residents of certain U.S. states, including Colorado, Connecticut, Virginia, and Utah, may have additional rights under applicable privacy laws, subject to certain limitations, which may include:
- Access – the right to confirm whether we are processing their Personal Data and to obtain a copy of their Personal Data in a portable and, to the extent technically feasible, readily usable format.
- Delete – the right to delete their Personal Data provided to or obtained by us.
- Correct – the right to correct inaccuracies in their Personal Data, taking into account the nature and purposes of the processing of the Personal Data.
- Opt-Out – to opt out of certain types of processing, including: (i) to opt out of the “sale” of their Personal Data; (ii) to opt out of targeted advertising by us; and (iii) to opt out of any processing of Personal Data for purposes of making decisions that produce legal or similarly significant effects.
Exercising Your Privacy Rights:
You may submit a request to exercise most of your privacy rights under U.S. state privacy laws by contacting us at: privacy@urban-vpn.com.
When you submit a request, we will take steps to verify your identity and your request by matching the information provided by you with the information we have in our records. In some cases, we may request additional information to verify your identity, or where necessary to process your request. If we are unable to verify your identity after a good faith attempt, we may deny the request and, if so, will explain the basis for denial and how to remedy any deficiencies, where applicable.
Authorized agents may initiate a request on behalf of another individual by contacting us at privacy@urban-vpn.com; authorized agents will be required to provide proof of their authorization and we may also require that the relevant consumer directly verify their identity and the authority of the authorized agent.
If we decline to take action on your request, we shall so inform you without undue delay, within the timeframe set out under applicable law. Our notification will include a justification for declining to take action and instructions on how you may appeal. Within the timeframe set out under applicable law of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint to the applicable authority or Attorney General of your jurisdiction (including – Colorado AG at https://coag.gov/file-complaint/; Connecticut Attorney General at: https://www.dir.ct.gov/ag/complaint/ or (860) 808-5318; Virginia Attorney General at https://www.oag.state.va.us/consumercomplaintform).