IEDN Privatinstitut zur Förderung und Entwicklung öffentlicher digitaler Netze gGmbH

Josef-Orlopp-Strasse 54, 10365 Berlin, Deutschland.

§ 1. GENERAL PROVISIONS AND DEFINITIONS

1. IEDN Privatinstitut zur Förderung und Entwicklung öffentlicher digitaler Netze gGmbH, registration

files under the following number: HRB 236015 B is the Controller of the personal data collected by

Service.

2. Controller may be contacted via email at pleasereply@vpngen.org.

3. Definitions:

1) Personal data –information about an identified or identifiable natural person. An identifiable natural

person is a person that may be directly or indirectly identified;

2) Processing –means an operation or a set of operations performed on personal data or sets of

personal data in an automated or non-automated manner, such as collection, recording, organising,

arranging, storage, adaptation or modification, downloading, viewing, use, disclosure by transmission,

distribution or any other means of making available, matching or merging, limiting, deleting or

destroying;

3) Service –electronic services for downloading software application(s), available

at https://gate19.org, being provided according to Terms and Conditions;

4) Device –an electronic device that allows software application(s) to be downloaded, such as a

smartphone, tablet, and mobile phone used by the User;

5) User – an entity who downloads software applications(s) to the benefit of whom services may be

provided by electronic means in accordance with the law or with whom a contract on the provision of

services by electronic means may be concluded.

6) Terms and Conditions –refer to the document that sets out the terms and conditions of use of the

Service, available at https://vpngen.org/docs/Privacy_policy_IEDN.pdf

4. The use of Service does NOT require any identification of any User, of collections of any personal

data of anyone. Thus, Controller does NOT collect, stores or otherwise processes any personal data

unless explicitly mentioned and/or described in this Privacy Policy.

§ 2. LEGAL BASIS AND PURPOSES OF USER’S DATA PROCESSING

1. Personal data collected by Controller shall be processed in accordance with the provisions of the

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the

protection of natural persons with regard to the processing of personal data and on the free movement

of such data, and repealing Directive 95/46/EC (hereinafter referred to as “GDPR”), the Act of 10 May

2018 on the protection of personal data (Journal of laws from 2019, item 1781) and the Act of 18 July

2002 on the provision of services by electronic means (OJ L 2020, item 344).

2. Controller only processes data made available by User in connection with the use of Service, for the

purposes of:

1) establishing connections that allows downloading of software applications (scope of data: IP

addresses) - pursuant to Article 6(1)(b) of the GDPR, i.e. due to the fact that the processing is

necessary for the performance of an implied contract, to which the data subject is a party,

2) the fulfilment of the legal obligations incumbent on Controller in connection with running a business

activity (scope of data: any and all data received from the User) - pursuant to Article 6(1)(c) of the

GDPR, i.e. due to the fact that the processing is necessary to fulfil the legal obligation incumbent on

Controller.

No other data shall be processed by Controller, unless previously agreed with User and for processing

of which the explicit consent was given by User.

§ 3. DATA COLLECTED BY CONTROLLER

1. Controller collects or may collect the following data through Service:

● User’s IP address

● Destination IP-address

● App’s usage metrics

2. Controller may also collect other data voluntarily provided by User when contacting Controller,

including his contact details and other data not listed above.

3. Browsing the content of Service does not require User to provide personal data other than the

automatically retrieved connection parameters.

§ 4. THE PROCESSING TIME OF PERSONAL DATA

1. Personal data will be processed for the period of time:

1) necessary for provision of services as defined in Terms and Conditions;

2) until the revocation of the consent granted or the objection to the processing of data - in cases where

the personal data of the User have been processed on the basis of separate consent.

2. Controller shall also store the personal data of the Users when it is necessary to maintain security,

prevent fraud and abuse, especially duties arising from the Act on Combating Money Laundering and

the Financing of Terrorism of 1 march 2018.

§ 5. USER RIGHTS

1. Controller shall ensure that Uses may exercise the rights referred to in item 2 below. In order to

exercise the rights, User shall send an appropriate demand (an appropriate request) via e-mail

to: pleasereply@vpngen.org.

2. User shall have the right:

1) of access to the data content - pursuant to Article 15 of the GDPR,

2) to rectify/update the data - pursuant to Article 16 of the GDPR,

3) to erasure of the data- pursuant to Article 17 of the GDPR,

4) of restriction of processing of the data - pursuant to Article 18 of the GDPR,

5) to transfer the data - pursuant to Article 20 of the GDPR,

6) to object to the data processing - pursuant to Article 21 of the GDPR,

7) to withdraw the consent granted at any time, provided that the withdrawal of consent shall not affect

the lawfulness of the processing, which has been done on the basis of the consent prior to its

withdrawal - pursuant to Article 7(3) of the GDPR,

8) to file a complaint to the supervisory authority, i.e. the President of the Office for the Protection of

Personal Data - pursuant to Article 77 of the GDPR.

3. Controller shall process the requests without undue delay, however not later than within one month

from their receipt.

§ 6. NECESSITY OF DATA PROVISION

1. Submission of personal data through Service is voluntary and is NOT necessary to benefit from the

full functionality of Service, unless specified in this Privacy Policy.

2. Where any data are provided for the purpose of using Service, failure to provide such data mayl

disable the possibility to download the software applications.

§ 7. DATA SHARING

1. Controller shall not share data collected from Users with any third party, unless otherwise is

prescribed by applicable law.

§ 8. TECHNICAL MEASURES

1. Controller shall use its best efforts to secure and protect User data from any actions by third parties,

and shall supervise the data safety throughout the entire period of owning such data in such a manner

as to protect the data against unauthorised access, damage, distortion, destruction or loss.

2. Controller uses the necessary server, connection, and website security measures. Nevertheless, the

actions taken by Controller may not be sufficient if User does not follow the security rules.

§ 9. DATA PROCESSORS ACTING ON BEHALF OF THE CONTROLLER

1. The personal data of the Users may be entrusted to Google Analytics for statistical purposes. All

data protection obligations of Controller remain unaffected.

§ 10. CHANGE OF THE PRIVACY POLICY

1. Controller has the right to change this document and Users shall be notified of any such changes in a

manner allowing Users to familiarise themselves with the changes before they enter into force, for

example by posting the relevant information on Controller's website.

2. Should User have any objections to the changes made, User may request the deletion of their

personal data on Service. The continued use of Service after the publication or notification of changes

to this document shall be considered to be consent to the collection, use and sharing of User personal

data according to the updated content of the document.

3. This Privacy Policy shall not restrict any rights granted to User in accordance with generally

applicable laws.