URBAN PRIVACY POLICY

[Last Updated: March 19, 2024]

First and foremost, before we dive into the legal details of our privacy policy, we wish to make it clear- We do not want to know your identity and we do not collect data to try and figure out who you are. We don’t require registration of any kind in order to use our services. Of course, we do provide all of the regular privacy policy information to which you are entitled, and we will get to that in a minute. But in case you do not have the time or patience to read through the whole policy, we want to repeat and make that point perfectly clear: We do not want to know your identity, preferences or any information about you personally. Any data collected from you simply by your use of our product will never be used to figure out who you are or to send you targeted ads.

This Privacy Policy (“Privacy Policy”) governs the manner in which we, Urban Cyber Security Inc. (“Urban”, “we” or “us”) process information collected from our users (“you“, “your” or “user“) in connection with their access to or use of our website, available at: https://www.urban-vpn.com (“Website”) and our products (“Products”): (i) Urban VPN browser extensions, Urban Adblocker browser extensions, Urban Shield browser extension and Urban Anti-Malware Safe Browsing extension (collectively “Extensions”); (ii) Urban VPN mobile application available on iOS and Android as a free and paid based versions(“Mobile App”) and (iii) Urban VPN Desktop EXE software for Windows and Mac (“Desktop App”) all as detailed and defined in our Terms of Use (“Terms”), and how Urban Ltd. may share this information with Urban’s affiliated company, that processed certain raw data (as further detailed below) to create Insights (as defined below) . These Insights are commercially used and shared with Business Partners. For more information, please see the BiScience Privacy Policy

All capitalized terms used but not otherwise defined herein shall have the meaning ascribed to them in the Terms. This Privacy Policy explains what information we may collect, how such information may be used or shared with others, how we safeguard it and how you may exercise your rights related to your Personal Data (as such term is defined below), among others, and where applicable, as required according to the EU General Data Protection Regulation (“GDPR”).

The use of information received from Google API will adhere to the Chrome Web Store User Data Policy including the Limited Use requirements.

1. PRIVACY NOTICE

   1. Amendments

Except as otherwise described herein, we may at our sole discretion and at any time amend the terms of this Privacy Policy. Such changes shall be effective upon publication of the amended terms in this Privacy Policy. Your continued use of the Services, following the amendment of the Privacy Policy, constitutes your acknowledgement and consent of such amendments to the Privacy Policy. The last revision will be reflected in the “Last Updated” heading above. In the event of a material change we will make a reasonable effort to provide a notification of such change. We recommend that you periodically review this Privacy Policy, as it may be subject to amendments from time to time.

1. 2. Controller Contact Information

Urban is the controller (as such term defined under the GDPR) or the “business” as defined under the California Consumer Privacy Act (“CCPA”) of the Personal Data, following are the applicable contact information:

Urban Cyber Security Inc.

 501 Fifth Avenue, New York, NY, 10036.

You can also contact our privacy team at: privacy@urban-vpn.com.

Representative for data subjects in the EU and UK:

We value your privacy and your rights as a data subject and have therefore appointed Prighter Group with its local partners as our privacy representative and your point of contact.
Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data). If you want to contact us via our representative, Prighter or make use of your data subject rights, please visit the following website. https://prighter.com/q/13252349120

3. Data We Collect and Purpose of Use

The first type of information we collect is aggregated, non-identifiable, non-personal information, which may be made available or gathered via the user’s use of the Service (“Non-Personal Data”). We are not aware of the identity of the user from which the Non-Personal Data was collected. Non-Personal Data may include technical information automatically transmitted by the user’s device such as, type of browser, the type of operating system, access time and date, approximate geographical location, etc.

The second type of information is individually identifiable information, namely information that identifies an individual or entity or may with reasonable effort identify an individual (“Personal Data”).

The table below details the Personal Data collected by us, how it is used, and our legal basis for data processing. Note that, under the GDPR we are considered the Data Controller of the data we collect.

What type of data we collect?	How do we use it?	Lawful Basis
Approximate Location: When using the VPN, we need to process your IP address.	We extract the approximate geographical location (i.e., country). We need this information to provide the VPN services.	Performance of a contract.
Online Identifiers: When you access and interact with our website, we collect certain online identifiers such as Cookie ID, IP address or similar unique online identifiers generated, advertising ID, tags (“Online Identifiers”).	We process such data through our or third party cookies and tracking technologies for analytic, marketing purposes. In addition, we process such data for operation, security and fraud prevention purposes. ·	Where we collect such data for analytic and advertising purposes, we process the data based on your consent which we will obtain through our cookie notice and consent management.  You may withdraw consent at any time by using the cookie preference settings. Where we collect such data for operation and security, we process your data based on our legitimate interest.
Browsing Data and Insights: In case you are user of our free version Mobile App we may collect your web browsing data, which includes search engine results page, the web pages you visited, clicked stream data, information about the content that you viewed (the ad campaign), information about where you viewed the content (website or the app or extension) and the products viewed, searched, added to the cart, and purchased. This will include information, regarding the price, product name, currency, quantity, taxes, delivery details (regular or express) payment method, discount value of the product you viewed and searched. (“Web Browsing Data”).   Note that, in most cases the data detailed above is aggregated Non-Personal Data, however, sometimes Web Browsing Data contains terms that could be considered as Personal Data, this is why we filter and scrape this data to remove any Personal Data before it is used.   We do not track or collect information about users’ activities across sites or applications, meaning we do not cross information from different apps, websites, your computer, tablet or mobile device.   We share the Web Browsing Data with our affiliated company.	We will use this data for the purpose of operating and providing our Services, for example, in order   to create a black listing of target websites and provide the “Safe Browsing Mode” alerts feature, blocking ads, as well as for internal operation purposes and enhancing the Services.   We will further use filtered Web Browsing Data in an aggregated, anonymized manner, for marketing research and commercial use. It is important you understand, we are not interested in knowing who you are, target or profile you. Instead, we are interested in creating aggregated marketing insights on how ads and web pages are viewed and whether and when they are clicked (“Insights”) and we share these Insights with our Business Partners for commercial use (as detailed below).   These Insights help our Business Partners in their online marketing strategies. For example, it helps them to understand how certain ads on certain websites are engaged. Our interest is not to produce insights on your specific browser usage on an individual level.	The Web Browsing Data is used for performance of a contract.   The Web Browsing Data is shared with our affiliated company based on consent. You can withdraw consent at any time through the app settings  or by contacting us, as detailed below.   The Insights do not contain any Personal Data and thus do not require a lawful basis. We do not (and cannot) identify, or attempt to identify, the individuals we derived the Insights from. However, we seek your consent to process the Web Browsing Data to share and create the Insights through a pop in notice on the apps or extensions.
Communication: If you voluntarily contact us, you may be required to provide us with certain information such as your name and email address.	We will use this data solely to provide you with the support you have requested or response to your inquiry. We may process the contact history to improve our services, as well as resolve disputes.   We may send you email marketing materials regarding the Services you are currently using or any services we may offer in the future (“Direct Marketing”).	General quires are processed based on legitimate interests, customer support is subject to fulfilling out contract with you.   Direct Marketing is subject to our legitimate interest, you may opt-out at any time from certain correspondence.
Transaction Information: ·         when you purchase a Subscription through our App, all payment are in-app payments and are subject to the applicable app stores terms and privacy policy: Google Pay: Google Pay – Learn What the Google Pay App Is & How To Use It which its privacy policy is available here ·         Apple Pay: https://www.apple.com/apple-pay/ which its privacy policy is available here	We use third party payment processors; the payment information is solely processed by the applicable app store provider. We do not store nor process any Personal Data when you process the payment. We receive an order number which is connected to a user ID which was generated when installing the app (non identifiable).	The Payment Information is processed to perform our contract with you to provide you our Services.
Android Permissions: In case you are user of our free version Mobile App and you choose to use our active “safe browsing” feature available on our Mobile App you will be required to enable the accessibility permission (“Permission”). can disable the Permission at any time	“Safe Browsing Mode” by enabling us to block unwanted websites or apps.	To access the Permission, you will need to actively and explicitly enable it through an in-app permission or the mobile settings. You, therefore the lawful basis is consent.  You may withdraw your consent at any time but please note if you disable, the “Safe Mode” feature will not operate properly.

 

4. How We Collect Your Information?

We collect the above data from you, in the following ways:

• When you voluntarilychoose to provide us with information, e.g., when you contact us.
• Automatically, when you use our Services, for example, when you use the Website, we may assign your device with a Java Script code and when you use our free version of our Mobile App (for Android), and wish to use the “Safe Browsing Mode” we may collect your Web Browsing Data through the Android accessibility services feature as described below.

 

5. With Whom Do We Share Information?

We share your data with third parties, including our service providers that help us provide our Services. You can find here information about the categories of such third-party recipients.

CATEGORY OF RECIPIENT	DATA THAT WILL BE SHARED	PURPOSE OF SHARING
B.I Science (2009) Ltd., our affiliated company	Web Browsing Data	We share the Web Browsing Data with our affiliated company that then users this aggregated raw data to create the Insights. For more information, please see the BiScience Privacy Policy.
companies active in the advertising and marketing sector such as data analytics, market measurement and marketing companies (“Business Partners”)	Insights	We will share the Insights we produce with our Business Partners for commercial use. The data we share for this purpose shall not include any Personal Data and will include only aggregated data.
Service Providers	All data	We may disclose Personal Data to our trusted agents (such as legal counsel) and service providers (including, but not limited to, our Cloud Service Provider, Analytics Service Provider, fraud and security detection providers etc.) so that they can perform the requested services on our behalf. These providers are prohibited from using your Personal Data for any purposes other than providing us with requested services. When we share information with services providers, we ensure they only have access to such information that is strictly necessary for us to provide the Services. These parties are required to secure the data they receive and to use the data for pre-agreed purposes only while ensuring compliance with all applicable data protection regulations (such service providers may use other non-personal data for their own benefit).
Any acquirer of our business	All data	We may share Personal Data, in the event of a corporate transaction (e.g., sale of a substantial part of our business, merger, consolidation or asset sale). In the event of the above, our affiliated companies or acquiring company will assume the rights and obligations as described in this Policy.
Legal and law enforcement	Subject to law enforcement authority request.	We may disclose certain data to law enforcement, governmental agencies, or authorized third parties, in response to a verified request relating to terror acts, criminal investigations or alleged illegal activity or any other activity that may expose us, you, or any other user to legal liability, and solely to the extent necessary to comply with such purpose.

 

We reserve the right to use, disclose or transfer (for business purposes or otherwise) aggregated and processed Non-Personal Data to third parties, including, inter alia, affiliates and Business Partners, for various purposes including commercial use. This information may be collected, processed and analyzed by us and transferred in a combined, collectively and aggregated manner (i.e., your information is immediately aggregated with other users) to third parties.

6. Cookies & Tracking Technologies

When you use our Website, we or our third-party service providers may use cookies and other similar tracking technologies or methods of web and mobile analysis to gather, store, and track certain information related to your access of, activity and interaction with our Website.  You can find out more information about cookies at www.allaboutcookies.org.

A “cookie” is a small piece of information that a website assigns to your device while you access such website. Cookies are very helpful and may be used for a variety of different purposes. These purposes include help customize your experience, provide us with analytics and for advertising purposes (including personalized advertising).

Note that we do not combine the information collected through the use of third-party tools with any Personal Data collected from you. You may remove Cookies by following the instructions on your device governing the setting of your preferences. Our Cookies do not enable any access to or inspection of other information on your device. If you wish to be notified of when Cookies are placed on your device, you may set your web browser to provide such notices.

The third-party cookies used on our Site are as follows:

Cookie	Purpose	Privacy Policy/Opt Out
Google Analytics	Analytical and Performance	www.google.com/policies/privacy/partners https://policies.google.com/technologies/managing?hl=en https://tools.google.com/dlpage/gaoptout For additional information regarding our use of Google products, click here.
Google Ads	Targeting and Advertising	www.google.com/policies/privacy/partners  https://tools.google.com/dlpage/gaoptout. For additional information of our use of Google products, click here.
Hotjar	Analytic, Performance and Targeting and Advertising	https://www.hotjar.com/legal/policies/privacy/ https://help.hotjar.com/hc/en-us/articles/115011789248-Hotjar-Cookies
Facebook	Analytic, Performance and Targeting and Advertising	https://www.facebook.com/about/privacy/?sId=eead84c9-01f3-4402-b1b2-b19dc38ba2e7
Microsoft	Targeting and Advertising	https://privacy.microsoft.com/en-gb/privacystatement
Matomo	Analytic and Performance	https://matomo.org/privacy-policy/
Bing	Targeting and Advertising cookies	https://privacy.microsoft.com/en-gb/privacystatement

 

Most browsers will allow you to erase cookies from your computer’s hard drive, block acceptance of cookies, or receive a warning before a cookie is stored. However, if you block or erase cookies your online experience may be limited.

Please see the following links for more information with respect to how you can block or erase cookies via your particular browser: Google Chrome; Firefox; Internet Explorer; Safari; Edge; Opera.

Most browsers will allow you to erase cookies from your computer’s hard drive, block acceptance of cookies, or receive a warning before a cookie is stored. You may set your browser to block all cookies, including cookies associated with our Services, or to indicate when a cookie is being used by us, by adjusting the privacy and security settings of your web browser. Please refer to the support page of your browser to learn more about how you can adjust your privacy and security settings. Additionally, you may opt out of certain Advertisers’ cookies and browser-enabled, interest-based advertising at the Network Advertising Initiative’s (“NAI”) website- NAI consumer opt-out and the Digital Advertising Alliance’s (“DAA”) website- DAA opt-out page.

We do not support Do Not Track (“DNT“). Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked. You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.

7. Data retention

We retain the information we collect as long as it remains necessary for the purposes set forth above, all in accordance with applicable laws. We may at our sole discretion, delete or amend information from our systems, without providing any notice to you, once we deem it is no longer necessary for our purposes.

8. User Rights

We acknowledge that different people have different privacy concerns and preferences. Our goal is to be clear about what information we collect so that you can make meaningful choices about how it is used. We allow you to exercise certain choices, rights, and controls in connection with your information. Depending on your relationship with us, your jurisdiction and the applicable data protection laws that apply to you, you have the right to control and request certain limitations or rights to be executed.

You may exercise any or all of your above rights in relation to your Personal Data by filling out the Data Subject Request (“DSR”) form available here, and send it to privacy@urban-vpn.com

For additional rights under various jurisdictions, please refer to Section ‎II “Jurisdiction-Specific Notices” herein below

Further, certain rights are available within the App: you may correct, revise and delete information from the App settings at any time, any consent provided may be easily withdraw, therefore we recommend you use the technical solutions we have provided you with to exercise your rights.

9. Data Security

While there are inherent risks involved in all data transmissions over the Internet or wireless networks, and other security risks that apply to stored data, and we therefore cannot guarantee the security of your information, we use our best efforts, using industry-standard encryption and security technologies and methods, to collect and store information collected from you in a secure and safe manner.

10. Children Information

You represent and warrant that you are (i) at least sixteen (16) years of age if you are located in the EEA; or (ii) if you are located in any other geography and you are above the age defined as “child” under applicable laws in your jurisdiction (collectively “Child” or “Children”). If you are under 18, please be sure to read the terms of this Privacy Policy with your parents or legal guardians. The Services are not directed or intended for Children, as defined under applicable law, and we do not knowingly collect or solicit information from children. If we later obtain actual knowledge that a user is considered as a Child under applicable law, we will take steps to immediately delete its Personal Data. We request that such individuals do not provide Personal Data through the Services.

If you become aware or have any reason to believe that a Child has shared any information with us, please contact us (as detailed below) and we will take reasonable steps to ensure that such information is immediately deleted from our files.

11. Transfer of Data

We may process or store Personal Data within the EEA, US, and internationally. In the event of data transfer out of your jurisdiction, we will take appropriate measures to ensure that your Personal Data receives an adequate level of protection as required under applicable law. Further, when Personal Data collected within the EU is transferred outside the EU (and not to a recipient in a country that the European Commission has decided provides adequate protection) it shall be transferred in accordance with the provisions of the standard contractual clauses approved by the European Union.

12. Contact Us

If you have any questions or concerns regarding privacy issues, or if you wish to be provided with any other information related to our privacy practices, please contact us at: privacy@urban-vpn.com.

 

JURISDICTION-SPECIFIC NOTICES

1. Additional Notice to California Residents

This section applies only to California residents, pursuant to the California Privacy Act of 2018 (“CCPA”) effective November 2020, and as amended by the California Privacy Rights Act, effective January 1, 2023.

Please see the CCPA Notice here which discloses the categories of personal information collected, purpose of processing, source, categories of recipients with whom the personal information is shared for a business purpose, whether the personal information is sole or shared, the retention period, and how to exercise your rights as a California resident.

2. Additional Notice for Colorado Residents

According to the Colorado Privacy Act (“CPA“), if you reside in Colorado and are engaging solely in a personal or household capacity (excluding any commercial, employment, job applicant, or beneficiary roles related to employment), your personal data rights are outlined below.

“Personal Data” as defined in the CPA means: “information that is linked or reasonably linkable to an identified or identifiable individual” and does not include any of the following: publicly available information, de-identified or aggregated consumer, and information excluded from the CPA scope, such as: Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPPA) or 42 CFR Part 2- “Confidentiality Of Substance Use Disorder Patient Records”, Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or and the Driver’s Privacy Protection Act of 1994, Children’s Online Policy Protection Act of 1998 (COPPA), Family Educational Rights and Privacy Act of 1974, national Security Exchange Act of 1934, higher education data and employment data.

Sensitive Data includes (i) racial or ethnic origin, religious beliefs, mental or physical health condition or diagnosis, sex life or sexual orientation; (ii) Genetic or biometric data that can be processed to uniquely identify an individual; or (iii) child data. We do not process or collect any sensitive data.

Section ‎I.3 ‎“Data We Collect and Purpose of Use” of the Privacy Policy, we describe our collection and processing of personal data, the categories of personal data that are collected or processed, and the purposes. Additionally, in Section ‎I.5 “With whom do we share information?” details the categories of third-parties the controller shares for business purposes.

Your rights under CPA

Herein below, we will detail how consumers can exercise their rights, and appeal such decision.

Right to Access/ Right to Know	You have the right to confirm whether and know the Personal Data we collected on you	You can exercise your right by reviewing this Privacy Policy, in case you would like to receive the Personal Data please fill in this form to receive a copy of your data
Right to Correction	You have the right to correct inaccuracies in your Personal Data, taking into account the nature of the Personal Data and the purposes of the processing of your Personal Data.	You can exercise this right directly through your account or by filling in this form
Right to Deletion	You have the right to delete the Personal Data, this right is not absolute and in certain circumstances we may deny such request. We may deny your deletion request, in full or in part, if retaining the information is necessary for us or our service provider(s) for any of the following reasons: (1) Complete the transaction for which we collected the Personal Data, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you; (2) Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities; (3)  Debug products to identify and repair errors that impair existing intended functionality; (4) Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law; (5)  Comply with the law or legal obligation; (6) Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent; (7) Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us; (8) Make other internal and lawful uses of that information that are compatible with the context in which you provided it. We will delete or de-identify personal information not subject to one of these exceptions from our records and will direct our processors to take similar action.	If you would like to delete your Personal Data please fill in this form You do not need to create an account with us to submit a request to know or delete.
Right to Portability	You have the right to obtain the personal data in a portable, and to the extent technically feasible, readily usable format that allows you to transmit the data to another entity without hindrance.	If you would like to receive the Personal Data please fill in this form to receive a copy of your data we will select a format to provide your Personal Data that is readily usable and should allow you to transmit the information from one entity to another entity without hindrance.
Right to opt out from selling Personal Data	You have the right to opt out of the sale of your Personal Data for the purposes of targeted advertising, sale to a third party for monetary gain, or for profiling in furtherance of decisions that produce legal or similarly significant effects concerning you or any other consumer. You may authorize another person acting on your behalf to opt out, including by broad technical tools, such as DAA, NAI, etc.	We do not sell your personal information, so we do not offer an opt out. You may opt-out of our sharing of the Insights through our product settings.
Right to opt out from Targeted Advertising
Right to opt out from Profiling		We do not profile you, thus we do not need to provide an opt-out.
Right to Appeal	If we decline to take action on your request, we shall so inform you without undue delay, within 45 days of receipt of your request. The notification will include a justification for declining to take action and instructions on how you may appeal. If we deny the appeal, you may contact the Colorado Attorney General using this link: https://coag.gov/office-sections/consumer-protection/  or (720) 508-6000.	Not more than 60 days after receipt of an appeal we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reason for the decisions.
Duty not to violet the existing laws against discrimination or non-discrimination	Such discrimination may include denying a good or service, providing a different level or quality of service, or charging different prices.	We do not discriminate our users.

How to submit a request under CPA?

Only you, or someone legally authorized to act on your behalf, may make a request to know or delete related to your Personal Data. If the DSR is submitted by someone other than the consumer about whom information is being requested, proof of authorization (such as power of attorney or probate documents) will be required.

We will respond to your request within 45 days after receipt of a verifiable Consumer Request and for no more than twice in a twelve-month period. We reserve the right to extend the response time by an additional 45 days when reasonably necessary and provided consumer notification of the extension is made within the first 45 days. If we refuse to take action on a request, you may appeal our decision within a reasonable period time by contacting us at privacy@urban-vpn.com and specifying you wish to appeal. Within 60 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint as follows: Colorado AG at https://coag.gov/file-complaint/

If you have an account with us, we may deliver our written response to that account or via email at our sole discretion. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. You do not need to create an account for submitting a request.

Any disclosures we provide will only cover the 12-month period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable.

3. Additional Notice to Virginia Residents

Under the Virginia Consumer Data Protection Act, as amended (“VCDPA”) if you are a resident of Virginia acting in an individual or household context (and not in an employment or commercial context), you have the following rights with respect to your Personal Data.

“Personal data” means any information that is linked or reasonably linkable to an identified or identifiable natural person. “Personal data” does not include de-identified data or publicly available information. Personal Data does not include de-identified data or publicly available data, and information excluded from the scope such as: HIPAA, GBPA, non-profit entities, higher education, employment data and FCRA, Driver’s Privacy Protection Act of 1994, Family Educational Rights and Privacy Act, Farm Credit Act.

The VCDPA requires us to disclose the Categories of data processing and the purpose of each category, as detailed in Section ‎I.3 ‎“Data We Collect and Purpose of Use” of the Privacy Policy, the categories of data shared and the third parties with whom it is shared, as detailed in Section ‎I.5 “With whom do we share information?”. Further, the table above under Section II.2 “Additional Notice to Colorado Residents” details the rights you have under VCDPA and how you may exercise your rights.

How to Submit a Request Under VCDPA?

We shall respond to your request within 45 days of receipt. We reserve the right to extend the response time by an additional 45 days when reasonably necessary and provided consumer notification of the extension is made within the first 45 days. If we refuse to take action on a request, you may appeal our decision within a reasonable period time by contacting us at privacy@1clickvpn.com and specifying you wish to appeal.  Within 60 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint as follows: Virginia Attorney General at https://www.oag.state.va.us/consumercomplaintform

We shall provide information in response to your request free of charge, up to twice annually, unless requests are manifestly unfounded, excessive or repetitive. If we are unable to authenticate your request using commercially reasonable efforts, we may request additional information reasonably necessary to authenticate you and your request. If we cannot authenticate you and your request we will not be able to grant your request.

4. Additional Notice to Connecticut Residents

Under the Connecticut Data Privacy Act, Public Act. No. 22-14 (the “CDPA”) if you are a resident of Connecticut, acting in an individual or household context (and not in a commercial or employment context or as a representative of business, non-profit or governmental entity), your rights with respect to your personal data are described below.

“Personal data” means any information that is linked or reasonably linkable to an identified or identifiable individual. It does not include de-identified data or publicly available information. If further does not include information excluded from the scope such as: HIPAA, GBPA, non-profit entities, higher education, employment data and FCRA, Driver’s Privacy Protection Act of 1994, Family Educational Rights and Privacy Act, Farm Credit Act.

The categories of personal data processed, purpose of processing, are detailed in Section ‎I.3 ‎“Data We Collect and Purpose of Use”, categories of personal data shared with third parties, categories of third parties with whom data is shared, are detailed in Section ‎I.5 “With whom do we share information?”.

Instructions on how to exercise your rights are detailed in the table above under Section II.2 “Additional Notice to Colorado Residents” details the rights you have under CDPA and how you may exercise your rights.

How to Submit a Request Under CDPA?

We shall respond to your request within 45 days of receipt. The response period may be extended once by 45 additional days when reasonably necessary, taking into account the complexity and number of requests and we inform you of such extension within the initial 45 days response period, together with the reason for the extension.

If we decline to take action on your request, we shall so inform you without undue delay, within 45 days of receipt of your request. The notification will include a justification for declining to take action and instructions on how you may appeal. Within 60 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint to the Connecticut Attorney General at link: https://www.dir.ct.gov/ag/complaint/ or (860) 808-5318.

We shall provide information in response to your request free of charge, up to twice annually, unless requests are manifestly unfounded, excessive or repetitive. If we are unable to authenticate your request using commercially reasonable efforts, we may request additional information reasonably necessary to authenticate you and your request. If we cannot authenticate you and your request, we will not be able to grant your request.

5. Additional Notice to Utah Residents (effective January 2024)

Under the Utah Consumer Privacy Act (the “UCPA”) if you are a resident of Utah, acting in an individual or household context (and not in a commercial or employment context) your rights with respect to your personal data are described below. “Personal Data” refers that is linked or reasonably linkable to an identifiable individual, and does not include de-identified data and publicly available data.

The categories of personal data processed, purpose of processing, are detailed in Section ‎I.3 ‎“Data We Collect and Purpose of Use”, categories of personal data shared with third parties, categories of third parties with whom data is shared, are detailed in Section ‎I.5 “With whom do we share information?”.

Further, the table above under Section II.2 “Additional Notice to Colorado Residents” details the rights you have under CDPA and how you may exercise your rights.

6. Notice to Nevada Residents

Nevada law allows Nevada residents to opt out of the sale of certain types of personal information. Subject to several exceptions, Nevada law defines “sale” to mean the exchange of certain types of personal information for monetary consideration to another person. We currently do not sell personal information as defined in the Nevada law. However, if you are a Nevada resident, you still may submit a verified request to opt out of sales and will record your instructions and incorporate them in the future if our policy changes. You may send opt-out requests to privacy@urban-vpn.com.