[Last Updated: July 5, 2020]
If you have any questions or requests regarding the processing of your Personal Data, or would otherwise like to contact us in connection with this Policy, please send us an email to: firstname.lastname@example.org
The first type of information we collect is aggregated, non-identifiable, non-personal information, which may be made available or gathered via the user's use of the Service (“Non-Personal Data”). We are not aware of the identity of the user from which the Non-Personal Data was collected.
The second type of information is individually identifiable information, namely information that identifies an individual or entity or may with reasonable effort identify an individual (“Personal Data”).
The table below details the data collected by us, how it is used, and our legal basis for data processing. Note that, under the GDPR we are considered of the Data Controller of the data we collect.
|What type of data we collect?||How do we use it?||For EU Individuals
Legal Basis under the GDPR
When you use our Services or visit our website, we will collect certain Online Identifiers such as Agent Id, UDID, Android ID, and your IP address.
|We will use your IP address to provide the VPN Services as well as to extract the approximate geographical location (i.e., country). In addition, we will use other Online Identifiers to provide, enable and enhance operation of our Services and of our website.||Performance of a contract and necessity of processing for the purposes of our legitimate interests.|
|Web Browsing Data We collect the URLs of visited websites and apps as well as search queries (meaning in the event the navigation event occurred on the page of a search engine or a website, the value of a URL’s query parameter responsible for a search term involved into the searching context). Note that, in most cases the data detailed above is aggregated Non-Personal Data, however, sometimes Web Browsing Data contains terms that could be considered as Personal Data. This data is deleted a short period following collection.||We will use this data for the purpose of operating and providing our Services, for example, in order to create a black listing of target websites and provide the “safe browsing” alerts feature, we will need to review the URL history of our users, as well as for internal operation purposes.||Performance of a contrast and necessity of processing for the purposes of our legitimate interests.|
|Contact Information If you voluntarily contact us, you may be required to provide us with certain information such as your name and email address.||We will use this data solely to provide you with the support you have requested or response to your inquiry. We may process the contact history to improve our services, as well as resolve disputes.||Your consent.|
|Technical Data When you use the Service, we will collect Non-Personal Data, such as technical information automatically transmitted by the user's device (for example, type of browser, the type of operating system, access time and date, approximate geographical location, etc.).||We use this data solely to provide and enhance our Services and to enable operation of the Services.||Performance of a contract and necessity of processing for the purposes of our legitimate interests.|
We collect the above data from you, in the following ways:
We do not sell, trade, or rent users' Personal Data to other parties. We may share information solely in the following events:
We may share, sell, or make a commercial use of the aggregated, non-identifiable, non-personal data we collect from your device (e.g. Web Browsing Data) with other business partners, service providers, and data aggregators. In such events, we enter a commercial agreement with the other party which clarifies the purpose of the use of the data, and to exercise that use only in conjunction to the services included in the agreement.
|Data Sets||Retention Period|
|Online Identifiers||IPs collected for location purposes are deleted immediately following to the completion of use (not stored). However, note that, if you use our VPN application, the IP collected is necessary for the purpose of providing the Services, and thus, will be deleted solely following completion of such purpose (meaning when you delete the VPN application and cease use of the Services).|
|Web Browsing Data||Anonymized immediately when data received|
|Contact Detail||Deleted Immediately following the completion of your request.|
|Technical Information||For as long as needed to perform the Services.|
Notwithstanding the above, in some circumstances we may retain the information we collect for longer periods, for example, when we are required to do so in accordance with legal, tax and accounting requirements. In addition, we may also retain your Personal Data for longer periods if we reasonably believe, at our discretion, that we need to obtain an accurate record of your correspondence or any dealing with us, for example, in the event of any complaints, all, in compliance with applicable laws.
Data protection and privacy laws provide you with the ability to exercise some rights regarding your Personal Data that we hold (which might be different in each jurisdiction) such as; right to access your Personal Data; right of rectification; the right to erasure of your Personal Data; right to restrict processing of your Personal Data; the right to object to processing of your Personal Data; data portability; the right to file a complaint to a supervisory authority (in the event you are EEA resident); and, the right to withdraw consent.
If you wish to exercise any or all of the above rights, please send it to our Data Protection Officer at: email@example.com and let us know that you wish to exercise your right of access and specify what Personal Data you would like to receive.
Where we are not able to provide you with the information for which you have asked, we will endeavor to explain the reasoning for this and inform you of your rights, including the right to complain to the supervisor authority. We reserve the right to ask for reasonable evidence to verify your identity before we provide you with any such information in accordance with applicable law. In addition, the process of locating and deleting the data may take up to one (1) month (following the receipt of the validation proof we require) in accordance with applicable law.
Data privacy and related laws in your jurisdiction may provide you with different or additional rights related to the data we collect from you, which may also apply.
Further, in the event of a security incident, in which we discover your Personal Data may be at risk, we will take reasonable efforts to notify you and the applicable authority (if required, subject to applicable laws).
If you become aware or have any reason to believe that a Child has shared any information with us, please contact us (as detailed below) and we will take reasonable steps to ensure that such information is immediately deleted from our files.
We may process or store Personal Data within the EEA, US, and internationally, therefore you hereby accept and agree that by accessing and using our Services from outside the United States, your information may be transferred to, stored, and processed in the United States. If you are a resident of the European Economic Area ("EEA") we will take appropriate measures to ensure that your Personal Data receives an adequate level of data protection upon its transfer outside of the EEA.
Our Service does not respond to Do Not Track signals. For more information about Do Not Track signals, please see: http://www.allaboutdnt.com
Urban Cyber Security Inc.
501 Fifth Avenue, New York, NY, 10036.
[Last Updated: July 5, 2020]
Under the CCPA, “Personal Information” is defined as any information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household or device. The categories of Personal Information that we collect (and has collected within the last 12 months), are detailed in the table below.
Please note that, under the CCPA Personal Information does not include: publicly available information from government records and deidentified or aggregated consumer information, information excluded from the CCPA’s scope (e.g., health or medical information covered by applicable laws such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA)); and information covered by certain sector-specific privacy laws (e.g., the California Financial Information Privacy Act (FIPA)).
|A. Identifiers.||A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.||Yes|
|B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).||A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.||No|
|C. Protected classification characteristics under California or federal law.||Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).||Yes|
|D. Commercial information.||Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.||Yes|
|E. Biometric information.||Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.||No|
|F. Internet or other similar network activity.||Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.||Yes|
|G. Geolocation data.||Physical location or movements.||Yes|
|H. Sensory data.||Audio, electronic, visual, thermal, olfactory, or similar information.||No|
|I. Professional or employment-related information.||Current or past job history or performance evaluations.||No|
|J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).||Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.||No|
|K. Inferences drawn from other personal information.||Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.||No|
Depending on the nature of your interaction with us, we may collect the above detailed information from you, as follows: (i) directly from you, for example, if you contact us; (ii) indirectly from you, for example, from observing your actions when you use our Services; (iii) from third-party business partners such as analytics providers.
We may use, or disclose the Personal Information we collect for one or more of the following business purposes:
We will not collect additional categories of Personal Information or use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
In the preceding twelve (12) months, the Company has disclosed the following categories of Personal Information for a business purpose:
In the preceding twelve (12) months, Company has not sold Personal Information.
The CCPA provides consumers with specific rights regarding their Personal Information. Please review our User Rights Overview regarding your rights under applicable law.
[Last Updated: July 5, 2020]
Urban Cyber Security Inc. (“Company” or “we”) is committed to provide transparency regarding the security measures which it has implemented in order to secure and protect Personal Data (as defined under applicable data protection law, including without limitations, the EU General Data Protection Regulation (“GDPR”) and the upcoming California Consumer Privacy Act (“CCPA”) (collectively “Data Protection Regulation”) processed by the Company for the purpose of providing its services.
This information security policy outlines the Company’s security, technical and organizational practices.
As part of our data protection compliance process we have implemented technical, physical and administrative security measures to protect the Personal Data.
The Company ensures the protection of the physical access to the data servers which store the Personal Data for The Company. The data processed by the Company are stored in our data centers. Further, the Company secures the physical access to its offices to ensure that solely authorized individuals such as employees and authorized external parties (maintenance staff, visitor, etc.) can access the Company’s offices.
Access to the Company’s database is highly restricted to ensure that solely the appropriate prior approved personnel can access the Company’s database. Safeguards related to remote access and wireless computing capabilities are in implemented therein. Employee are assigned private passwords that allows strict access or use related to Personal Data all in accordance with position, and solely to the extent such access or use is required. There is constant monitoring of the access to the data and the passwords used to gain login access.
There are restrictions in place in order to ensure that the access to the Personal Data is restricted to employees which have a permission to access it, all in order to ensure that Personal Data shall not be accessed, modified, copied, used, transferred or deleted without specific authorization. The access to the Personal Data, as well as any action performed involving the use of the Personal Data requires a password and username, which is routinely changed, as well as blocked when applicable. Each employee can perform actions solely according to the permissions determined by the Company. Each access is logged and monitored, and any unauthorized access is automatically reported. Further, the Company has ongoing review of which employees’ have authorizations, to assess whether access is still required. Company revokes access immediately upon termination of employment.
The Company invests a multitude of efforts and resources to ensure compliance with the Company’s security practices, as well as continuously provides employees training. The Company strives to raise awareness to the risk involved in the processing of Personal Data. In addition, the Company implemented applicable safeguards for its hardware and software, including firewalls and anti-virus software on applicable Company hardware and software, in order to protect against malicious software.
All transfer of Personal Data between the client side and the Company’s servers is protected using encryption safeguards. In addition, to the extent applicable, the Company’s business partners execute an applicable Data Processing Agreement, all in accordance with applicable laws.
The Company’s servers include an automated backup procedure daily.
Personal Data are retained for as long as needed to provide the services or as required under applicable laws.
All the Company’s employees are required to execute an employment agreement which includes confidentiality provisions as well as applicable provisions binding them to comply with applicable data security practices. In addition, employees undergo a screening process applicable per regional law. In the event of a breach of an employee’s obligation or non-compliance with the Company’s policies, the Company includes repercussions to ensure compliance with the Company’s policies.
Surf safely & anonymously with Urban Free Extension for Chrome, Edge & Firefox, Free Android app and Windows software: